Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://hacdct-my.sharepoint.com/:f:/g/personal/dmarra_hacdct_org/El0CfhNMVMNNuzPj6QGnrSQBywVLNW96w_XrX10UdRlfmQ?email=dhodder%40haigroup.com&e=d37USF&xsdata=MDV8MDJ8am1ja2lubGV5QGhhaWdyb3VwLmNvbXwyYzYxNmM3ZDhlNmU0YWM5MDJlMjA4ZGQyZTYzYjFmMnw4MjgxNWI4YzM3NzU0NTk5OTdjNzJiODc1MjhlNmY4M3wwfDB8NjM4NzE3Nz

Overview

General Information

Sample URL:https://hacdct-my.sharepoint.com/:f:/g/personal/dmarra_hacdct_org/El0CfhNMVMNNuzPj6QGnrSQBywVLNW96w_XrX10UdRlfmQ?email=dhodder%40haigroup.com&e=d37USF&xsdata=MDV8MDJ8am1ja2lubGV5QGhhaWdyb3VwLmNvbXwyYz
Analysis ID:1584845
Infos:

Detection

HTMLPhisher
Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected BlockedWebSite
Detected suspicious crossdomain redirect
HTML page contains hidden javascript code
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 6796 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 7020 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1976,i,17775890486648256168,7618865636179673741,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 4784 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://hacdct-my.sharepoint.com/:f:/g/personal/dmarra_hacdct_org/El0CfhNMVMNNuzPj6QGnrSQBywVLNW96w_XrX10UdRlfmQ?email=dhodder%40haigroup.com&e=d37USF&xsdata=MDV8MDJ8am1ja2lubGV5QGhhaWdyb3VwLmNvbXwyYzYxNmM3ZDhlNmU0YWM5MDJlMjA4ZGQyZTYzYjFmMnw4MjgxNWI4YzM3NzU0NTk5OTdjNzJiODc1MjhlNmY4M3wwfDB8NjM4NzE3NzMyNjY3MjIxNDQzfFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXw0MDAwfHx8&sdata=bXM5KzduUjdVc3RFaFJsU1ZBR1d1enMxT3I3VitIdmc4MUlhZ25WT3dmWT0%3d" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
dropped/chromecache_120JoeSecurity_BlockedWebSiteYara detected BlockedWebSiteJoe Security

    HTML

    SourceRuleDescriptionAuthorStrings
    0.0.pages.csvJoeSecurity_BlockedWebSiteYara detected BlockedWebSiteJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      No Suricata rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      Phishing

      barindex
      Yara detected BlockedWebSite
      Source: Yara matchFile source: 0.0.pages.csv, type: HTML
      Source: Yara matchFile source: dropped/chromecache_120, type: DROPPED
      Source: https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhacdct-my.sharepoint.com%2F%3Af%3A%2Fg%2Fpersonal%2Fdmarra_hacdct_org%2FEl0CfhNMVMNNuzPj6QGnrSQBywVLNW96w_XrX10UdRlfmQ%3Femail%3Ddhodder%2540haigroup.com%26e%3Dd37USF&data=05%7C02%7Cjmckinley%40haigroup.com%7C2c616c7d8e6e4ac902e208dd2e63b1f2%7C82815b8c3775459997c72b87528e6f83%7C0%7C0%7C638717733773919628%7CBad%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyLCJBUCI6eyJGSWQiOiIxOTM5NjUiLCJGTGJsIjoiVVNfMzQyX0NvbnRlbnQiLCJHZW8iOiJOQU0iLCJSZXFJZCI6ImNlZTU3NGExLTUwNDMtNzAwMC02ZmUzLTQ3ZTAzZDAwZmNhZCIsIk1JZCI6Ijc3OTgzMjQiLCJNTmFtZSI6IlVTUjE5Mzk2NS05MDEiLCJDbGllbnRJUCI6IjguNDYuMTIzLjE4OSIsIkNsaWVudC1BZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTcuMC4wLjAgU2FmYXJpLzUzNy4zNiIsIkNJRC1PcmlnaW4iOiJTUE8ifX0%3D%7C1%7CMmM2MTZjN2QtOGU2ZS00YWM5LTAyZTItMDhkZDJlNjNiMWYy%7C0d63eec6f40a40a61eb008dd2e65114f%7Cd0e574a1301370006fe347f95...HTTP Parser: Base64 decoded: nstanceID> <xmpMM:DerivedFrom rdf:parseType="Resource"> <stRef:instanceID>xmp.iid:dc367036-9ff1-4136-a5bd-ad1cd2b8e5f9</stRef:instanceID> <stRef:documentID>adobe:docid:photoshop:f258af37-86a5-117a-b4d5-dc1df99d265f</stRef:document...
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: hacdct-my.sharepoint.com to https://nam12.safelinks.protection.outlook.com/?url=https%3a%2f%2fhacdct-my.sharepoint.com%2f%3af%3a%2fg%2fpersonal%2fdmarra_hacdct_org%2fel0cfhnmvmnnuzpj6qgnrsqbywvlnw96w_xrx10udrlfmq%3femail%3ddhodder%2540haigroup.com%26e%3dd37usf&data=05%7c02%7cjmckinley%40haigroup.com%7c2c616c7d8e6e4ac902e208dd2e63b1f2%7c82815b8c3775459997c72b87528e6f83%7c0%7c0%7c638717733773919628%7cbad%7ctwfpbgzsb3d8eyjfbxb0eu1hcgkionrydwusilyioiiwljaumdawmcisilaioijxaw4zmiisikfoijoitwfpbcisilduijoylcjbuci6eyjgswqioiixotm5njuilcjgtgjsijoivvnfmzqyx0nvbnrlbnqilcjhzw8ioijoqu0ilcjszxfjzci6imnlztu3ngexltuwndmtnzawmc02zmuzltq3ztazzdawzmnhzcisik1jzci6ijc3otgzmjqilcjntmftzsi6ilvtuje5mzk2ns05mdeilcjdbgllbnrjuci6ijgundyumtizlje4osisiknsawvudc1bz2vudci6ik1vemlsbgevns4wichxaw5kb3dzie5uidewlja7ifdpbjy0oyb4njqpiefwcgxlv2vis2l0lzuzny4zniaos0hutuwsigxpa2ugr2vja28pienocm9tzs8xmtcumc4wljagu2fmyxjplzuzny4zniisiknjrc1pcmlnaw4ioijtue8ifx0%3d%7c1%7cmmm2mtzjn2qtogu2zs00ywm5ltayztitmdhkzdjlnjnimwyy%7c0d63eec6f40a40a61eb008dd2e65114f%7cd0e574a1301370006fe347f95fd4de68&sdata=1uyeb4w3m4xttj0nea6%2fawyvf0oy0zlxjxddkbsrur4%3d&reserved=0
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
      Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
      Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
      Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
      Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
      Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
      Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
      Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 2.22.50.131
      Source: unknownTCP traffic detected without corresponding DNS query: 2.22.50.131
      Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
      Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
      Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
      Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.71
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /:f:/g/personal/dmarra_hacdct_org/El0CfhNMVMNNuzPj6QGnrSQBywVLNW96w_XrX10UdRlfmQ?email=dhodder%40haigroup.com&e=d37USF&xsdata=MDV8MDJ8am1ja2lubGV5QGhhaWdyb3VwLmNvbXwyYzYxNmM3ZDhlNmU0YWM5MDJlMjA4ZGQyZTYzYjFmMnw4MjgxNWI4YzM3NzU0NTk5OTdjNzJiODc1MjhlNmY4M3wwfDB8NjM4NzE3NzMyNjY3MjIxNDQzfFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXw0MDAwfHx8&sdata=bXM5KzduUjdVc3RFaFJsU1ZBR1d1enMxT3I3VitIdmc4MUlhZ25WT3dmWT0%3d HTTP/1.1Host: hacdct-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /?url=https%3A%2F%2Fhacdct-my.sharepoint.com%2F%3Af%3A%2Fg%2Fpersonal%2Fdmarra_hacdct_org%2FEl0CfhNMVMNNuzPj6QGnrSQBywVLNW96w_XrX10UdRlfmQ%3Femail%3Ddhodder%2540haigroup.com%26e%3Dd37USF&data=05%7C02%7Cjmckinley%40haigroup.com%7C2c616c7d8e6e4ac902e208dd2e63b1f2%7C82815b8c3775459997c72b87528e6f83%7C0%7C0%7C638717733773919628%7CBad%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyLCJBUCI6eyJGSWQiOiIxOTM5NjUiLCJGTGJsIjoiVVNfMzQyX0NvbnRlbnQiLCJHZW8iOiJOQU0iLCJSZXFJZCI6ImNlZTU3NGExLTUwNDMtNzAwMC02ZmUzLTQ3ZTAzZDAwZmNhZCIsIk1JZCI6Ijc3OTgzMjQiLCJNTmFtZSI6IlVTUjE5Mzk2NS05MDEiLCJDbGllbnRJUCI6IjguNDYuMTIzLjE4OSIsIkNsaWVudC1BZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTcuMC4wLjAgU2FmYXJpLzUzNy4zNiIsIkNJRC1PcmlnaW4iOiJTUE8ifX0%3D%7C1%7CMmM2MTZjN2QtOGU2ZS00YWM5LTAyZTItMDhkZDJlNjNiMWYy%7C0d63eec6f40a40a61eb008dd2e65114f%7Cd0e574a1301370006fe347f95fd4de68&sdata=1UyEb4w3m4XTtJ0Nea6%2FAwYVF0Oy0zLXJxdDKbSRUR4%3D&reserved=0 HTTP/1.1Host: nam12.safelinks.protection.outlook.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /Content/Scripts/safelinksv2.css HTTP/1.1Host: nam12.safelinks.protection.outlook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhacdct-my.sharepoint.com%2F%3Af%3A%2Fg%2Fpersonal%2Fdmarra_hacdct_org%2FEl0CfhNMVMNNuzPj6QGnrSQBywVLNW96w_XrX10UdRlfmQ%3Femail%3Ddhodder%2540haigroup.com%26e%3Dd37USF&data=05%7C02%7Cjmckinley%40haigroup.com%7C2c616c7d8e6e4ac902e208dd2e63b1f2%7C82815b8c3775459997c72b87528e6f83%7C0%7C0%7C638717733773919628%7CBad%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyLCJBUCI6eyJGSWQiOiIxOTM5NjUiLCJGTGJsIjoiVVNfMzQyX0NvbnRlbnQiLCJHZW8iOiJOQU0iLCJSZXFJZCI6ImNlZTU3NGExLTUwNDMtNzAwMC02ZmUzLTQ3ZTAzZDAwZmNhZCIsIk1JZCI6Ijc3OTgzMjQiLCJNTmFtZSI6IlVTUjE5Mzk2NS05MDEiLCJDbGllbnRJUCI6IjguNDYuMTIzLjE4OSIsIkNsaWVudC1BZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTcuMC4wLjAgU2FmYXJpLzUzNy4zNiIsIkNJRC1PcmlnaW4iOiJTUE8ifX0%3D%7C1%7CMmM2MTZjN2QtOGU2ZS00YWM5LTAyZTItMDhkZDJlNjNiMWYy%7C0d63eec6f40a40a61eb008dd2e65114f%7Cd0e574a1301370006fe347f95fd4de68&sdata=1UyEb4w3m4XTtJ0Nea6%2FAwYVF0Oy0zLXJxdDKbSRUR4%3D&reserved=0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /Content/Scripts/site.js HTTP/1.1Host: nam12.safelinks.protection.outlook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhacdct-my.sharepoint.com%2F%3Af%3A%2Fg%2Fpersonal%2Fdmarra_hacdct_org%2FEl0CfhNMVMNNuzPj6QGnrSQBywVLNW96w_XrX10UdRlfmQ%3Femail%3Ddhodder%2540haigroup.com%26e%3Dd37USF&data=05%7C02%7Cjmckinley%40haigroup.com%7C2c616c7d8e6e4ac902e208dd2e63b1f2%7C82815b8c3775459997c72b87528e6f83%7C0%7C0%7C638717733773919628%7CBad%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyLCJBUCI6eyJGSWQiOiIxOTM5NjUiLCJGTGJsIjoiVVNfMzQyX0NvbnRlbnQiLCJHZW8iOiJOQU0iLCJSZXFJZCI6ImNlZTU3NGExLTUwNDMtNzAwMC02ZmUzLTQ3ZTAzZDAwZmNhZCIsIk1JZCI6Ijc3OTgzMjQiLCJNTmFtZSI6IlVTUjE5Mzk2NS05MDEiLCJDbGllbnRJUCI6IjguNDYuMTIzLjE4OSIsIkNsaWVudC1BZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTcuMC4wLjAgU2FmYXJpLzUzNy4zNiIsIkNJRC1PcmlnaW4iOiJTUE8ifX0%3D%7C1%7CMmM2MTZjN2QtOGU2ZS00YWM5LTAyZTItMDhkZDJlNjNiMWYy%7C0d63eec6f40a40a61eb008dd2e65114f%7Cd0e574a1301370006fe347f95fd4de68&sdata=1UyEb4w3m4XTtJ0Nea6%2FAwYVF0Oy0zLXJxdDKbSRUR4%3D&reserved=0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /Content/images/cross.png HTTP/1.1Host: nam12.safelinks.protection.outlook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhacdct-my.sharepoint.com%2F%3Af%3A%2Fg%2Fpersonal%2Fdmarra_hacdct_org%2FEl0CfhNMVMNNuzPj6QGnrSQBywVLNW96w_XrX10UdRlfmQ%3Femail%3Ddhodder%2540haigroup.com%26e%3Dd37USF&data=05%7C02%7Cjmckinley%40haigroup.com%7C2c616c7d8e6e4ac902e208dd2e63b1f2%7C82815b8c3775459997c72b87528e6f83%7C0%7C0%7C638717733773919628%7CBad%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyLCJBUCI6eyJGSWQiOiIxOTM5NjUiLCJGTGJsIjoiVVNfMzQyX0NvbnRlbnQiLCJHZW8iOiJOQU0iLCJSZXFJZCI6ImNlZTU3NGExLTUwNDMtNzAwMC02ZmUzLTQ3ZTAzZDAwZmNhZCIsIk1JZCI6Ijc3OTgzMjQiLCJNTmFtZSI6IlVTUjE5Mzk2NS05MDEiLCJDbGllbnRJUCI6IjguNDYuMTIzLjE4OSIsIkNsaWVudC1BZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTcuMC4wLjAgU2FmYXJpLzUzNy4zNiIsIkNJRC1PcmlnaW4iOiJTUE8ifX0%3D%7C1%7CMmM2MTZjN2QtOGU2ZS00YWM5LTAyZTItMDhkZDJlNjNiMWYy%7C0d63eec6f40a40a61eb008dd2e65114f%7Cd0e574a1301370006fe347f95fd4de68&sdata=1UyEb4w3m4XTtJ0Nea6%2FAwYVF0Oy0zLXJxdDKbSRUR4%3D&reserved=0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /Content/Scripts/site.js HTTP/1.1Host: nam12.safelinks.protection.outlook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /Content/images/cross.png HTTP/1.1Host: nam12.safelinks.protection.outlook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficDNS traffic detected: DNS query: hacdct-my.sharepoint.com
      Source: global trafficDNS traffic detected: DNS query: nam12.safelinks.protection.outlook.com
      Source: global trafficDNS traffic detected: DNS query: www.google.com
      Source: chromecache_120.1.drString found in binary or memory: https://hacdct-my.sharepoint.com/:f:/g/personal/dmarra_hacdct_org/El0CfhNMVMNNuzPj6QGnrSQBywVLNW96w_
      Source: chromecache_120.1.drString found in binary or memory: https://nam12.safelinks.protection.outlook.com
      Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
      Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
      Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
      Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
      Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
      Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49696
      Source: unknownNetwork traffic detected: HTTP traffic on port 49696 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
      Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
      Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
      Source: classification engineClassification label: mal48.phis.win@21/24@8/6
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1976,i,17775890486648256168,7618865636179673741,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://hacdct-my.sharepoint.com/:f:/g/personal/dmarra_hacdct_org/El0CfhNMVMNNuzPj6QGnrSQBywVLNW96w_XrX10UdRlfmQ?email=dhodder%40haigroup.com&e=d37USF&xsdata=MDV8MDJ8am1ja2lubGV5QGhhaWdyb3VwLmNvbXwyYzYxNmM3ZDhlNmU0YWM5MDJlMjA4ZGQyZTYzYjFmMnw4MjgxNWI4YzM3NzU0NTk5OTdjNzJiODc1MjhlNmY4M3wwfDB8NjM4NzE3NzMyNjY3MjIxNDQzfFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXw0MDAwfHx8&sdata=bXM5KzduUjdVc3RFaFJsU1ZBR1d1enMxT3I3VitIdmc4MUlhZ25WT3dmWT0%3d"
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1976,i,17775890486648256168,7618865636179673741,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
      Registry Run Keys / Startup Folder      		1
      Process Injection      		1
      Masquerading      		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
      Registry Run Keys / Startup Folder      		1
      Process Injection      		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
      Non-Application Layer Protocol      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
      Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
      Ingress Tool Transfer      		Traffic DuplicationData Destruction

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      https://hacdct-my.sharepoint.com/:f:/g/personal/dmarra_hacdct_org/El0CfhNMVMNNuzPj6QGnrSQBywVLNW96w_XrX10UdRlfmQ?email=dhodder%40haigroup.com&e=d37USF&xsdata=MDV8MDJ8am1ja2lubGV5QGhhaWdyb3VwLmNvbXwyYzYxNmM3ZDhlNmU0YWM5MDJlMjA4ZGQyZTYzYjFmMnw4MjgxNWI4YzM3NzU0NTk5OTdjNzJiODc1MjhlNmY4M3wwfDB8NjM4NzE3NzMyNjY3MjIxNDQzfFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXw0MDAwfHx8&sdata=bXM5KzduUjdVc3RFaFJsU1ZBR1d1enMxT3I3VitIdmc4MUlhZ25WT3dmWT0%3d0%Avira URL Cloudsafe

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      https://hacdct-my.sharepoint.com/:f:/g/personal/dmarra_hacdct_org/El0CfhNMVMNNuzPj6QGnrSQBywVLNW96w_0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      dual-spo-0005.spo-msedge.net
      		13.107.136.10
      		truefalse
        		high
        nam12.safelinks.eop-tm2.outlook.com
        		104.47.55.156
        		truefalse
          		high
          www.google.com
          		142.250.185.228
          		truefalse
            		high
            nam12.safelinks.protection.outlook.com
            		unknown
            		unknownfalse
              		high
              hacdct-my.sharepoint.com
              		unknown
              		unknownfalse
                		unknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                https://nam12.safelinks.protection.outlook.com/Content/images/cross.pngfalse
                  		high
                  https://www.google.com/async/ddljson?async=ntp:2false
                    		high
                    https://www.google.com/async/newtab_promosfalse
                      		high
                      https://nam12.safelinks.protection.outlook.com/Content/Scripts/safelinksv2.cssfalse
                        		high
                        https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                          		high
                          https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0false
                            		high
                            https://hacdct-my.sharepoint.com/:f:/g/personal/dmarra_hacdct_org/El0CfhNMVMNNuzPj6QGnrSQBywVLNW96w_XrX10UdRlfmQ?email=dhodder%40haigroup.com&e=d37USF&xsdata=MDV8MDJ8am1ja2lubGV5QGhhaWdyb3VwLmNvbXwyYzYxNmM3ZDhlNmU0YWM5MDJlMjA4ZGQyZTYzYjFmMnw4MjgxNWI4YzM3NzU0NTk5OTdjNzJiODc1MjhlNmY4M3wwfDB8NjM4NzE3NzMyNjY3MjIxNDQzfFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXw0MDAwfHx8&sdata=bXM5KzduUjdVc3RFaFJsU1ZBR1d1enMxT3I3VitIdmc4MUlhZ25WT3dmWT0%3dfalse
                              		unknown
                              https://nam12.safelinks.protection.outlook.com/Content/Scripts/site.jsfalse
                                		high

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                https://hacdct-my.sharepoint.com/:f:/g/personal/dmarra_hacdct_org/El0CfhNMVMNNuzPj6QGnrSQBywVLNW96w_chromecache_120.1.drfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://nam12.safelinks.protection.outlook.comchromecache_120.1.drfalse
                                  		high

                                  World Map of Contacted IPs

                                  • No. of IPs < 25%
                                  • 25% < No. of IPs < 50%
                                  • 50% < No. of IPs < 75%
                                  • 75% < No. of IPs

                                  Public IPs

                                  IPDomainCountryFlagASNASN NameMalicious
                                  142.250.185.228
                                  		www.google.comUnited States
                                  		15169GOOGLEUSfalse
                                  13.107.136.10
                                  		dual-spo-0005.spo-msedge.netUnited States
                                  		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                  239.255.255.250
                                  		unknownReserved
                                  		unknownunknownfalse
                                  104.47.55.156
                                  		nam12.safelinks.eop-tm2.outlook.comUnited States
                                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                  104.47.66.28
                                  		unknownUnited States
                                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

                                  Private

                                  IP
                                  192.168.2.16

                                  General Information

                                  Joe Sandbox version:41.0.0 Charoite
                                  Analysis ID:1584845
                                  Start date and time:2025-01-06 16:15:45 +01:00
                                  Joe Sandbox product:CloudBasic
                                  Overall analysis duration:0h 3m 16s
                                  Hypervisor based Inspection enabled:false
                                  Report type:full
                                  Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                  Sample URL:https://hacdct-my.sharepoint.com/:f:/g/personal/dmarra_hacdct_org/El0CfhNMVMNNuzPj6QGnrSQBywVLNW96w_XrX10UdRlfmQ?email=dhodder%40haigroup.com&e=d37USF&xsdata=MDV8MDJ8am1ja2lubGV5QGhhaWdyb3VwLmNvbXwyYzYxNmM3ZDhlNmU0YWM5MDJlMjA4ZGQyZTYzYjFmMnw4MjgxNWI4YzM3NzU0NTk5OTdjNzJiODc1MjhlNmY4M3wwfDB8NjM4NzE3NzMyNjY3MjIxNDQzfFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXw0MDAwfHx8&sdata=bXM5KzduUjdVc3RFaFJsU1ZBR1d1enMxT3I3VitIdmc4MUlhZ25WT3dmWT0%3d
                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                  Number of analysed new started processes analysed:16
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:0
                                  Technologies:
                                  • HCA enabled
                                  • EGA enabled
                                  • AMSI enabled
                                  Analysis Mode:default
                                  Analysis stop reason:Timeout
                                  Detection:MAL
                                  Classification:mal48.phis.win@21/24@8/6
                                  EGA Information:Failed
                                  HCA Information:
                                  • Successful, ratio: 100%
                                  • Number of executed functions: 0
                                  • Number of non-executed functions: 0

                                  Warnings

                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                                  • Excluded IPs from analysis (whitelisted): 142.250.185.227, 142.250.185.174, 142.250.110.84, 142.250.185.238, 142.250.185.142, 172.217.16.206, 142.250.186.174, 172.217.23.110, 216.58.212.174, 142.250.185.99, 142.250.185.206, 142.250.186.131, 172.217.18.14, 184.28.90.27, 4.175.87.197, 2.23.227.221
                                  • Excluded domains from analysis (whitelisted): www.bing.com, clients1.google.com, fs.microsoft.com, accounts.google.com, 193965-ipv4v6e.farm.dprodmgd105.sharepointonline.com.akadns.net, slscr.update.microsoft.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com, www.gstatic.com
                                  • Not all processes where analyzed, report is missing behavior information
                                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                  • VT rate limit hit for: https://hacdct-my.sharepoint.com/:f:/g/personal/dmarra_hacdct_org/El0CfhNMVMNNuzPj6QGnrSQBywVLNW96w_XrX10UdRlfmQ?email=dhodder%40haigroup.com&e=d37USF&xsdata=MDV8MDJ8am1ja2lubGV5QGhhaWdyb3VwLmNvbXwyYzYxNmM3ZDhlNmU0YWM5MDJlMjA4ZGQyZTYzYjFmMnw4MjgxNWI4YzM3NzU0NTk5OTdjNzJiODc1MjhlNmY4M3wwfDB8NjM4NzE3NzMyNjY3MjIxNDQzfFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXw0MDAwfHx8&sdata=bXM5KzduUjdVc3RFaFJsU1ZBR1d1enMxT3I3VitIdmc4MUlhZ25WT3dmWT0%3d

                                  Simulations

                                  Behavior and APIs

                                  No simulations

                                  Joe Sandbox View / Context

                                  IPs

                                  No context

                                  Domains

                                  No context

                                  ASNs

                                  No context

                                  JA3 Fingerprints

                                  No context

                                  Dropped Files

                                  No context

                                  Created / dropped Files

                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jan 6 14:16:16 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                  Category:dropped
                                  Size (bytes):2673
                                  Entropy (8bit):3.985915450858605
                                  Encrypted:false
                                  SSDEEP:48:80dUTY8oH2idAKZdA1FehwiZUklqehLy+3:8THVMy
                                  MD5:FD4A91FFA91E2757B1C9E2EB8BA25646
                                  SHA1:2421E7DC1DCEE300A00333233A93A3AE62B35EEA
                                  SHA-256:7CDF64ACA03C5F00C880B75B312BAA5A0B0FF6C21494A9734779769AAFF905C0
                                  SHA-512:DA44ADC498D6C7BC1281F01B71BDC1930B81AAC14A2CAA34263C548FE8875C53A6912F4A8AA1924FA331210C6BCD007DA885E1665146C28B93CAFF960E4A1DBF
                                  Malicious:false
                                  Reputation:low
                                  Preview:L..................F.@.. ...$+.,....|.V.M`..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I&Z.y....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V&Z.z....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V&Z.z....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V&Z.z..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V&Z.z...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........5."n.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jan 6 14:16:16 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                  Category:dropped
                                  Size (bytes):2675
                                  Entropy (8bit):4.005279536603836
                                  Encrypted:false
                                  SSDEEP:48:8BdUTY8oH2idAKZdA1seh/iZUkAQkqeh8y+2:8YHL9Q5y
                                  MD5:97AF7387793D6E4CAD089E07E6FF1FFB
                                  SHA1:5006F8A953D48D98A0F302EDBA728F635A2265ED
                                  SHA-256:C824A610F418B1AC264DA9E204CD03194F2FADCD4BE7C7EF85F75305767D1FB9
                                  SHA-512:0A6D3AB579586E23465D84621298A43345BD67531251DF95CE4D199A6F5358A6809F56A8A4BDB75B4A231101C17E7B3D97A0E1A575F5C095319281B827A44E2C
                                  Malicious:false
                                  Reputation:low
                                  Preview:L..................F.@.. ...$+.,......K.M`..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I&Z.y....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V&Z.z....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V&Z.z....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V&Z.z..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V&Z.z...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........5."n.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                  Category:dropped
                                  Size (bytes):2689
                                  Entropy (8bit):4.012992172001406
                                  Encrypted:false
                                  SSDEEP:48:8qdUTY8AH2idAKZdA14meh7sFiZUkmgqeh7sKy+BX:8xHXnwy
                                  MD5:7034A6FED29DE684AE2112AAA59F8F33
                                  SHA1:95BFB5DBB2EFC8C11174679DA00C749E19F16C00
                                  SHA-256:ED59750161EC37F5E02A7999CE9473D3995DAE482414C4C24CD530581D3E8871
                                  SHA-512:B00DE499CAF68362E68D62805995FD352F1389980ECC5A834A9E023834AAE73CF072A104EBB297743F74C1C105D81C37D02AC653134EF1248463C49F47C1618D
                                  Malicious:false
                                  Reputation:low
                                  Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I&Z.y....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V&Z.z....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V&Z.z....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V&Z.z..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........5."n.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jan 6 14:16:16 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                  Category:dropped
                                  Size (bytes):2677
                                  Entropy (8bit):4.002065699992449
                                  Encrypted:false
                                  SSDEEP:48:8zdUTY8oH2idAKZdA1TehDiZUkwqehoy+R:8aHYiy
                                  MD5:2E451E6F03956B929D995CCB310008E7
                                  SHA1:CF1E765C8BA2B4D5A54AFC3B9C6943987DECD9E0
                                  SHA-256:BBE911406CE06A3973F05FB3A3DEED9A1809C9546676D24F9A20D51AAF0E464C
                                  SHA-512:D2E97D68CBFE1C2E0DFE1E678309FA84D194C99B9EA6CBA8597EA7C4EB300801B0B37E9306C54C4ABA5BE39169A71D03F88FAED6D72E1839484EBFF814089779
                                  Malicious:false
                                  Reputation:low
                                  Preview:L..................F.@.. ...$+.,....}.E.M`..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I&Z.y....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V&Z.z....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V&Z.z....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V&Z.z..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V&Z.z...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........5."n.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jan 6 14:16:16 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                  Category:dropped
                                  Size (bytes):2677
                                  Entropy (8bit):3.987827314083026
                                  Encrypted:false
                                  SSDEEP:48:8bdUTY8oH2idAKZdA1dehBiZUk1W1qehuy+C:8SHo9Oy
                                  MD5:3CEE28C7BD9B67502BBF9D045049916A
                                  SHA1:D7927D533D1E36D15DB1EAC255DD027882992C67
                                  SHA-256:99CF090CAB6F3968E06320A437775936B1B2601E2D3AB8FA9342E966146DF6BF
                                  SHA-512:51D014040E5BF8A879928CD977D11245E9615BFA6B5820F5336CEAFD798FB31C3A734682681EB74656EBDB26CD6FF460DE74766A45D855537EE8983684849BE7
                                  Malicious:false
                                  Reputation:low
                                  Preview:L..................F.@.. ...$+.,.....bP.M`..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I&Z.y....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V&Z.z....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V&Z.z....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V&Z.z..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V&Z.z...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........5."n.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jan 6 14:16:16 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                  Category:dropped
                                  Size (bytes):2679
                                  Entropy (8bit):4.00303187847032
                                  Encrypted:false
                                  SSDEEP:48:89dUTY8oH2idAKZdA1duTeehOuTbbiZUk5OjqehOuTbwy+yT+:8EHaTfTbxWOvTbwy7T
                                  MD5:86E3825B9937E0C1DE2C2EDE9865069C
                                  SHA1:FDA123249789ED741A04458A1FCA27358F5B48AA
                                  SHA-256:157A29830FF777A11A7C4DE622ED9A3F27573D36F34A848698BCCAEFAFE37204
                                  SHA-512:99133BDBDBC679C03052E0DF5E6542411462C02E6B2030DA8E91EA2AD389B9E048434F854A44DA6CD1FDB9D5EA2B813A6761571F5E850C893CAC2CBEFF06A47D
                                  Malicious:false
                                  Reputation:low
                                  Preview:L..................F.@.. ...$+.,....!.<.M`..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I&Z.y....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V&Z.z....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V&Z.z....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V&Z.z..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V&Z.z...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........5."n.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                  Chrome Cache Entry: 114

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1588
                                  Entropy (8bit):5.174121809218917
                                  Encrypted:false
                                  SSDEEP:48:9pZigAOvzbYdvG2AumPBqykF1KdpwGFKcjeA5mkxofP:piFVmPBq/OI9GGP
                                  MD5:3AF1FDB9A3F664A6683D212F4787733A
                                  SHA1:59063D49B723A1988236C8D39C2804C6EBC5FF95
                                  SHA-256:A9CE4840FF0D613B456081DEA64E46EB717A1F8BFA5AFB05D3BD058F294E416C
                                  SHA-512:F8872E0C875BE6037C14480630E461FC1ADFA2049DB03BAE5D8CB6B320A2C084D4B266AEB02E24009B4BA84821E216690CA875B165164447FE8329B48C9E261F
                                  Malicious:false
                                  Reputation:low
                                  Preview:window.onload = function OnLoadHandler(){...if (window.history.length <= 1) {....document.getElementById("close").style.display = "none";...}..}....var theme = null;..try {.. (function (URLSearchParams, str) {.. if (!new URLSearchParams(window.location.search).get(str)){....throw URLSearchParams;...}....var urlParams = new URLSearchParams(window.location.search);....if (urlParams.has(str)){.....theme = String(urlParams.get(str));....}.. }(URLSearchParams, "theme"));..} catch(URLSearchParams){...var params = {}...var parts = window.location.search.substring(1).split('&');...for (var i = 0; i < parts.length; i++) {....var val = parts[i].split('=');....if (!val[0]) continue;....params[val[0]] = val[1] || true;...}...theme = params["theme"];...}....// Load theme specific css..if (theme === "dark"){...AddCSS("Safelinksv2-dark.css");..}..else if (theme === "contrast"){...AddCSS("Safelinksv2-highcontrast.css")..}....// Add CSS based on theme..function AddCSS(fileName){... var ss = docume

                                  Chrome Cache Entry: 115

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:ASCII text, with very long lines (822)
                                  Category:downloaded
                                  Size (bytes):827
                                  Entropy (8bit):5.160065596193499
                                  Encrypted:false
                                  SSDEEP:24:xI21ZlpI5cTauCBHslgT9lCuABATSquoB7HHHHHHHYqmffffffo:x9lpI5cTwKlgZ01BAuquSEqmffffffo
                                  MD5:B6FD4DCBA31FE2224D686D95CA628AB5
                                  SHA1:64CC6F86C4A0C602CBCD5BEDDF3DEAD88435618C
                                  SHA-256:C737C2742C89264F7A92FD5ED5DB8515A51087D04064E56EA3FD01398247B976
                                  SHA-512:7BB468E792BEC9D05AF3BCEEE095FD5B1438A18CF1BA82D93AD5E9C0DBE7E30FA2C33B69DEE3FD05B6E4331320F1A9AACB06B2443F04B7BE2C820580E4D91F86
                                  Malicious:false
                                  Reputation:low
                                  URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                  Preview:)]}'.["",["tiktok banned","epiphany house blessing catholic","amtrak train cancellations winter storm","college basketball rankings","nvidia geforce rtx 5090","ohio snow emergency levels","starlink united airlines","streaming movies"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggesteventid":6742409602423894456,"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

                                  Chrome Cache Entry: 116

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:ASCII text
                                  Category:downloaded
                                  Size (bytes):29
                                  Entropy (8bit):3.9353986674667634
                                  Encrypted:false
                                  SSDEEP:3:VQAOx/1n:VQAOd1n
                                  MD5:6FED308183D5DFC421602548615204AF
                                  SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                                  SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                                  SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                                  Malicious:false
                                  Reputation:low
                                  URL:https://www.google.com/async/newtab_promos
                                  Preview:)]}'.{"update":{"promos":{}}}

                                  Chrome Cache Entry: 117

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:PNG image data, 186 x 200, 8-bit/color RGBA, non-interlaced
                                  Category:dropped
                                  Size (bytes):25664
                                  Entropy (8bit):4.972505404550475
                                  Encrypted:false
                                  SSDEEP:384:OXE05KiOBf35OPGJulcJBzzdtKUmpZKfWve:E35Ki7PGJNJBZOpZKeve
                                  MD5:FF4FEDB556605288FEC259EE6B8D5981
                                  SHA1:BBC525AB65E54999044F14FF8F31CF25EEDB7754
                                  SHA-256:2809B6F62DC341D238F02C33C7347A7BA714F10B6F075BDD39A1CD7C68CE9807
                                  SHA-512:9EAE6F8D1822A1EF91B909B0D6A8826BFB323BD34FA76FBF0A2DCA99B5F580BA09173ECD2068F393979EBAE248BF5FF1FC592C5D43D5EEB33E0EC6DDE93E8349
                                  Malicious:false
                                  Reputation:low
                                  Preview:.PNG........IHDR............._..;....pHYs...%...%.IR$....OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                  Chrome Cache Entry: 118

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:ASCII text, with very long lines (65531)
                                  Category:downloaded
                                  Size (bytes):132739
                                  Entropy (8bit):5.436843691170839
                                  Encrypted:false
                                  SSDEEP:3072:fvkJQ7O4N5dTm+syHEt4W3XdQ4Q6CuSr/nUW2i6o:fqQ7HTt/sHdQ4Q6CDfUW8o
                                  MD5:98901095402B7B751F01F1C06D7A74C2
                                  SHA1:DD7D6BFDE41C3404AD958052FE25B85787D9834D
                                  SHA-256:E4C6FA2101612C35F4512AEF15C7E9B307E9A1A2ECE996CB424D08830A8BA186
                                  SHA-512:10DE7668B07EBEB166A0DC6E694A3E471D5D4502839C123F59442FFD72CB03DD9AC46F89375A569C8EF7E726E87C09786243DA1EB2DE050895C6AF995892E18C
                                  Malicious:false
                                  Reputation:low
                                  URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                  Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

                                  Chrome Cache Entry: 119

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:downloaded
                                  Size (bytes):1588
                                  Entropy (8bit):5.174121809218917
                                  Encrypted:false
                                  SSDEEP:48:9pZigAOvzbYdvG2AumPBqykF1KdpwGFKcjeA5mkxofP:piFVmPBq/OI9GGP
                                  MD5:3AF1FDB9A3F664A6683D212F4787733A
                                  SHA1:59063D49B723A1988236C8D39C2804C6EBC5FF95
                                  SHA-256:A9CE4840FF0D613B456081DEA64E46EB717A1F8BFA5AFB05D3BD058F294E416C
                                  SHA-512:F8872E0C875BE6037C14480630E461FC1ADFA2049DB03BAE5D8CB6B320A2C084D4B266AEB02E24009B4BA84821E216690CA875B165164447FE8329B48C9E261F
                                  Malicious:false
                                  Reputation:low
                                  URL:https://nam12.safelinks.protection.outlook.com/Content/Scripts/site.js
                                  Preview:window.onload = function OnLoadHandler(){...if (window.history.length <= 1) {....document.getElementById("close").style.display = "none";...}..}....var theme = null;..try {.. (function (URLSearchParams, str) {.. if (!new URLSearchParams(window.location.search).get(str)){....throw URLSearchParams;...}....var urlParams = new URLSearchParams(window.location.search);....if (urlParams.has(str)){.....theme = String(urlParams.get(str));....}.. }(URLSearchParams, "theme"));..} catch(URLSearchParams){...var params = {}...var parts = window.location.search.substring(1).split('&');...for (var i = 0; i < parts.length; i++) {....var val = parts[i].split('=');....if (!val[0]) continue;....params[val[0]] = val[1] || true;...}...theme = params["theme"];...}....// Load theme specific css..if (theme === "dark"){...AddCSS("Safelinksv2-dark.css");..}..else if (theme === "contrast"){...AddCSS("Safelinksv2-highcontrast.css")..}....// Add CSS based on theme..function AddCSS(fileName){... var ss = docume

                                  Chrome Cache Entry: 120

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:HTML document, ASCII text, with very long lines (12057), with CRLF line terminators
                                  Category:downloaded
                                  Size (bytes):17327
                                  Entropy (8bit):6.088560548995963
                                  Encrypted:false
                                  SSDEEP:384:QPlaFHPxlzYfVOnDPh5tqig89E+RiDku+TWZ:rZk2DvpK+RiQuIM
                                  MD5:095432EE068229F3D4732B439720971C
                                  SHA1:5464FFFE757584BC7D1DC11077E1489C5DA88BD5
                                  SHA-256:5FF7928EA05DC8B5E3D0BA251863D6FD7A4168B2B09F7A9DA714609E501494D9
                                  SHA-512:0C3A6A3139E9D89F0D2D0089241B5F6E52B1B1A3BD7B03326D605E729A57B22F35EA5669260CBE2279C54FB28BA1B9AA6A88C21710123D73F0597145837FD157
                                  Malicious:false
                                  Reputation:low
                                  URL:https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhacdct-my.sharepoint.com%2F%3Af%3A%2Fg%2Fpersonal%2Fdmarra_hacdct_org%2FEl0CfhNMVMNNuzPj6QGnrSQBywVLNW96w_XrX10UdRlfmQ%3Femail%3Ddhodder%2540haigroup.com%26e%3Dd37USF&data=05%7C02%7Cjmckinley%40haigroup.com%7C2c616c7d8e6e4ac902e208dd2e63b1f2%7C82815b8c3775459997c72b87528e6f83%7C0%7C0%7C638717733773919628%7CBad%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyLCJBUCI6eyJGSWQiOiIxOTM5NjUiLCJGTGJsIjoiVVNfMzQyX0NvbnRlbnQiLCJHZW8iOiJOQU0iLCJSZXFJZCI6ImNlZTU3NGExLTUwNDMtNzAwMC02ZmUzLTQ3ZTAzZDAwZmNhZCIsIk1JZCI6Ijc3OTgzMjQiLCJNTmFtZSI6IlVTUjE5Mzk2NS05MDEiLCJDbGllbnRJUCI6IjguNDYuMTIzLjE4OSIsIkNsaWVudC1BZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTcuMC4wLjAgU2FmYXJpLzUzNy4zNiIsIkNJRC1PcmlnaW4iOiJTUE8ifX0%3D%7C1%7CMmM2MTZjN2QtOGU2ZS00YWM5LTAyZTItMDhkZDJlNjNiMWYy%7C0d63eec6f40a40a61eb008dd2e65114f%7Cd0e574a1301370006fe347f95fd4de68&sdata=1UyEb4w3m4XTtJ0Nea6%2FAwYVF0Oy0zLXJxdDKbSRUR4%3D&reserved=0
                                  Preview:<!doctype html>..<html>..<head>.. <meta charset="UTF-8">.. <title>Microsoft Defender for Office 365</title>.. <meta name="referrer" content="same-origin" />.. <meta name="robots" content="noindex,nofollow" />.. <link rel="icon" href="data:,">.... <base href="https://nam12.safelinks.protection.outlook.com">.... <link href="/Content/Scripts/safelinksv2.css" rel="stylesheet" />.. <script src="/Content/Scripts/site.js" type="text/javascript"></script>..</head>..<body>.. <div id="header_container_branding" style="background-color: #004786;">.. <div id="header_branding">.. <a href="https://haigroup.sharepoint.com/"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAABYCAYAAABPucoWAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAACxEAAAsRAX9kX5EAAAW6aVRYdFhNTDpjb20uYWRvYmUueG1wAAAAAAA8P3hwYWNrZXQgYmVnaW49Iu+7vyIgaWQ9Ilc1TTBNcENlaGlIenJlU3pOVGN6a2M5ZCI/Pg0KPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iQW

                                  Chrome Cache Entry: 121

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:downloaded
                                  Size (bytes):3932
                                  Entropy (8bit):5.202197618496175
                                  Encrypted:false
                                  SSDEEP:96:W1nWD5QBnuxm32TPv1YyZvtcpcJcLCmzYzMz4ChX5xQFMXpSgfsHjrAwn:MmmqvWCiLfxpSgfsHjrAwn
                                  MD5:BBAD95C4A0BE4E5775B7D5B409FBF602
                                  SHA1:FAD598750B15C207DFEF6E1FEA3C072BAEAC2B66
                                  SHA-256:41F78D15AE18C36B84C819D9AF3511C342C180F0ABA8F91DC1CCF4046B56B308
                                  SHA-512:4006994F240E4DAB7134F1B716E51E4FFC0DD495EAF3269165FB0C27D89B2F19063AF17086553B39507199D62DBCD8BA6F07F34770BCAF15C40CF5EF06419631
                                  Malicious:false
                                  Reputation:low
                                  URL:https://nam12.safelinks.protection.outlook.com/Content/Scripts/safelinksv2.css
                                  Preview:@charset "UTF-8";../* CSS Document */....body{...margin:0px;...padding:0px;..}....div{.. text-align:left;..}....#recommendation_container{...width:100%;..}....#icon img {...margin-left: 40px;...margin-top: 45px;..}....#url {height: 32px;..background-color: #f4f4f4;..margin-left: 40px;..margin-right: 40px;..margin-bottom: 20px;..margin-top: 0px;..font-family: Segoe, "Segoe UI", "DejaVu Sans", "Trebuchet MS", Verdana, "sans-serif";..display: inline-block;..}....#url p {...margin:4px 12px;..}......#close {height: 32px;..background-color: #0078d7;..margin-left: 40px;..margin-right:40px;..margin-top:20px;..padding: 4px 12px 8px 12px;..font-family: Segoe, "Segoe UI", "DejaVu Sans", "Trebuchet MS", Verdana, "sans-serif";..width: auto;..display: inline-block;..color: #fff;..border: 0;...font-size:100%;..}....#text {...margin-left:40px;...margin-right: 40px;...margin-top: 0px;...font-family: Segoe, "Segoe UI", "DejaVu Sans", "Trebuchet MS", Verdana, "sans-serif";..}....#tips {...margin-left:

                                  Chrome Cache Entry: 122

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:PNG image data, 186 x 200, 8-bit/color RGBA, non-interlaced
                                  Category:downloaded
                                  Size (bytes):25664
                                  Entropy (8bit):4.972505404550475
                                  Encrypted:false
                                  SSDEEP:384:OXE05KiOBf35OPGJulcJBzzdtKUmpZKfWve:E35Ki7PGJNJBZOpZKeve
                                  MD5:FF4FEDB556605288FEC259EE6B8D5981
                                  SHA1:BBC525AB65E54999044F14FF8F31CF25EEDB7754
                                  SHA-256:2809B6F62DC341D238F02C33C7347A7BA714F10B6F075BDD39A1CD7C68CE9807
                                  SHA-512:9EAE6F8D1822A1EF91B909B0D6A8826BFB323BD34FA76FBF0A2DCA99B5F580BA09173ECD2068F393979EBAE248BF5FF1FC592C5D43D5EEB33E0EC6DDE93E8349
                                  Malicious:false
                                  Reputation:low
                                  URL:https://nam12.safelinks.protection.outlook.com/Content/images/cross.png
                                  Preview:.PNG........IHDR............._..;....pHYs...%...%.IR$....OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                  Chrome Cache Entry: 123

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:ASCII text
                                  Category:downloaded
                                  Size (bytes):19
                                  Entropy (8bit):3.6818808028034042
                                  Encrypted:false
                                  SSDEEP:3:VQRWN:VQRWN
                                  MD5:9FAE2B6737B98261777262B14B586F28
                                  SHA1:79C894898B2CED39335EB0003C18B27AA8C6DDCD
                                  SHA-256:F55F6B26E77DF6647E544AE5B45892DCEA380B7A6D2BFAA1E023EA112CE81E73
                                  SHA-512:29CB8E5462B15488B0C6D5FC1673E273FB47841E9C76A4AA5415CA93CEA31B87052BBA511680F2BC9E6543A29F1BBFBA9D06FCC08F5C65BEB115EE7A9E5EFF36
                                  Malicious:false
                                  Reputation:low
                                  URL:https://www.google.com/async/ddljson?async=ntp:2
                                  Preview:)]}'.{"ddljson":{}}

                                  Static File Info

                                  No static file info

                                  Network Behavior

                                  Network Port Distribution

                                  TCP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  Jan 6, 2025 16:16:14.015644073 CET49673443192.168.2.16204.79.197.203
                                  Jan 6, 2025 16:16:14.319300890 CET49673443192.168.2.16204.79.197.203
                                  Jan 6, 2025 16:16:14.925327063 CET49673443192.168.2.16204.79.197.203
                                  Jan 6, 2025 16:16:16.130366087 CET49673443192.168.2.16204.79.197.203
                                  Jan 6, 2025 16:16:16.157689095 CET49706443192.168.2.1613.107.136.10
                                  Jan 6, 2025 16:16:16.157727957 CET4434970613.107.136.10192.168.2.16
                                  Jan 6, 2025 16:16:16.157793999 CET49706443192.168.2.1613.107.136.10
                                  Jan 6, 2025 16:16:16.158020973 CET49707443192.168.2.1613.107.136.10
                                  Jan 6, 2025 16:16:16.158061981 CET4434970713.107.136.10192.168.2.16
                                  Jan 6, 2025 16:16:16.158119917 CET49707443192.168.2.1613.107.136.10
                                  Jan 6, 2025 16:16:16.158242941 CET49706443192.168.2.1613.107.136.10
                                  Jan 6, 2025 16:16:16.158256054 CET4434970613.107.136.10192.168.2.16
                                  Jan 6, 2025 16:16:16.158371925 CET49707443192.168.2.1613.107.136.10
                                  Jan 6, 2025 16:16:16.158385992 CET4434970713.107.136.10192.168.2.16
                                  Jan 6, 2025 16:16:16.749789000 CET4434970713.107.136.10192.168.2.16
                                  Jan 6, 2025 16:16:16.750067949 CET49707443192.168.2.1613.107.136.10
                                  Jan 6, 2025 16:16:16.750094891 CET4434970713.107.136.10192.168.2.16
                                  Jan 6, 2025 16:16:16.750566006 CET4434970613.107.136.10192.168.2.16
                                  Jan 6, 2025 16:16:16.750797987 CET49706443192.168.2.1613.107.136.10
                                  Jan 6, 2025 16:16:16.750808001 CET4434970613.107.136.10192.168.2.16
                                  Jan 6, 2025 16:16:16.751063108 CET4434970713.107.136.10192.168.2.16
                                  Jan 6, 2025 16:16:16.751132011 CET49707443192.168.2.1613.107.136.10
                                  Jan 6, 2025 16:16:16.751725912 CET4434970613.107.136.10192.168.2.16
                                  Jan 6, 2025 16:16:16.751780033 CET49706443192.168.2.1613.107.136.10
                                  Jan 6, 2025 16:16:16.752121925 CET49707443192.168.2.1613.107.136.10
                                  Jan 6, 2025 16:16:16.752197027 CET4434970713.107.136.10192.168.2.16
                                  Jan 6, 2025 16:16:16.752270937 CET49707443192.168.2.1613.107.136.10
                                  Jan 6, 2025 16:16:16.752278090 CET4434970713.107.136.10192.168.2.16
                                  Jan 6, 2025 16:16:16.752547979 CET49706443192.168.2.1613.107.136.10
                                  Jan 6, 2025 16:16:16.752604961 CET4434970613.107.136.10192.168.2.16
                                  Jan 6, 2025 16:16:16.802319050 CET49706443192.168.2.1613.107.136.10
                                  Jan 6, 2025 16:16:16.802328110 CET4434970613.107.136.10192.168.2.16
                                  Jan 6, 2025 16:16:16.802934885 CET49707443192.168.2.1613.107.136.10
                                  Jan 6, 2025 16:16:16.850328922 CET49706443192.168.2.1613.107.136.10
                                  Jan 6, 2025 16:16:17.486650944 CET4434970713.107.136.10192.168.2.16
                                  Jan 6, 2025 16:16:17.486696959 CET4434970713.107.136.10192.168.2.16
                                  Jan 6, 2025 16:16:17.486723900 CET49707443192.168.2.1613.107.136.10
                                  Jan 6, 2025 16:16:17.486753941 CET4434970713.107.136.10192.168.2.16
                                  Jan 6, 2025 16:16:17.486783028 CET4434970713.107.136.10192.168.2.16
                                  Jan 6, 2025 16:16:17.486828089 CET49707443192.168.2.1613.107.136.10
                                  Jan 6, 2025 16:16:17.487149000 CET49707443192.168.2.1613.107.136.10
                                  Jan 6, 2025 16:16:17.487168074 CET4434970713.107.136.10192.168.2.16
                                  Jan 6, 2025 16:16:17.497987986 CET49708443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:17.498027086 CET44349708104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:17.498142004 CET49708443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:17.498332024 CET49708443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:17.498346090 CET44349708104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:18.095451117 CET44349708104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:18.095721960 CET49708443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:18.095740080 CET44349708104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:18.096755028 CET44349708104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:18.096815109 CET49708443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:18.097768068 CET49708443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:18.097827911 CET44349708104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:18.097978115 CET49708443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:18.098001957 CET44349708104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:18.141318083 CET49708443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:18.141330957 CET44349708104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:18.189348936 CET49708443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:18.540333033 CET49673443192.168.2.16204.79.197.203
                                  Jan 6, 2025 16:16:20.044259071 CET49710443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:16:20.044301033 CET44349710142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:16:20.044384003 CET49710443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:16:20.044605017 CET49710443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:16:20.044619083 CET44349710142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:16:20.706588030 CET44349710142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:16:20.706851959 CET49710443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:16:20.706877947 CET44349710142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:16:20.707933903 CET44349710142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:16:20.708005905 CET49710443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:16:20.709043980 CET49710443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:16:20.709105015 CET44349710142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:16:20.753335953 CET49710443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:16:20.753349066 CET44349710142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:16:20.801347017 CET49710443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:16:22.179727077 CET49678443192.168.2.1620.189.173.10
                                  Jan 6, 2025 16:16:22.436975956 CET44349708104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:22.437002897 CET44349708104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:22.437011003 CET44349708104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:22.437026024 CET44349708104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:22.437033892 CET44349708104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:22.437036991 CET44349708104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:22.437103033 CET49708443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:22.437124968 CET44349708104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:22.437155962 CET49708443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:22.437186003 CET49708443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:22.437187910 CET44349708104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:22.437232018 CET49708443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:22.437973022 CET49708443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:22.437994003 CET44349708104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:22.460093021 CET49713443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:22.460144997 CET44349713104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:22.460228920 CET49713443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:22.460539103 CET49713443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:22.460560083 CET44349713104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:22.464123011 CET49714443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:22.464186907 CET44349714104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:22.464291096 CET49714443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:22.464505911 CET49714443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:22.464521885 CET44349714104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:22.483354092 CET49678443192.168.2.1620.189.173.10
                                  Jan 6, 2025 16:16:23.039304972 CET44349713104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:23.039593935 CET49713443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:23.039611101 CET44349713104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:23.039963007 CET44349713104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:23.040258884 CET49713443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:23.040319920 CET44349713104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:23.040405035 CET49713443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:23.040457010 CET44349713104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:23.080832005 CET44349714104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:23.081094027 CET49714443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:23.081121922 CET44349714104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:23.081468105 CET44349714104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:23.081794977 CET49714443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:23.081861973 CET44349714104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:23.081943035 CET49714443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:23.081964970 CET44349714104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:23.086353064 CET49678443192.168.2.1620.189.173.10
                                  Jan 6, 2025 16:16:23.134349108 CET49714443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:23.149549007 CET44349713104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:23.149575949 CET44349713104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:23.149643898 CET49713443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:23.149655104 CET44349713104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:23.149883032 CET44349713104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:23.149930954 CET49713443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:23.149962902 CET49713443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:23.150774002 CET49713443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:23.150785923 CET44349713104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:23.152851105 CET49715443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:23.152873993 CET44349715104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:23.152945995 CET49715443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:23.153271914 CET49715443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:23.153283119 CET44349715104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:23.195446014 CET44349714104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:23.195467949 CET44349714104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:23.195514917 CET49714443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:23.195527077 CET44349714104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:23.195552111 CET44349714104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:23.195616007 CET49714443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:23.196113110 CET49714443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:23.196125031 CET44349714104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:23.208657980 CET49716443192.168.2.16104.47.66.28
                                  Jan 6, 2025 16:16:23.208688021 CET44349716104.47.66.28192.168.2.16
                                  Jan 6, 2025 16:16:23.208923101 CET49716443192.168.2.16104.47.66.28
                                  Jan 6, 2025 16:16:23.209126949 CET49716443192.168.2.16104.47.66.28
                                  Jan 6, 2025 16:16:23.209137917 CET44349716104.47.66.28192.168.2.16
                                  Jan 6, 2025 16:16:23.342353106 CET49673443192.168.2.16204.79.197.203
                                  Jan 6, 2025 16:16:23.762079954 CET44349715104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:23.762335062 CET49715443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:23.762352943 CET44349715104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:23.762698889 CET44349715104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:23.763060093 CET49715443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:23.763123989 CET44349715104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:23.763570070 CET49715443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:23.763597965 CET44349715104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:23.804136992 CET49715443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:23.881150961 CET44349715104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:23.881233931 CET44349715104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:23.881243944 CET44349715104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:23.881253004 CET44349715104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:23.881282091 CET44349715104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:23.881304979 CET49715443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:23.881329060 CET44349715104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:23.881362915 CET49715443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:23.881397009 CET49715443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:23.966613054 CET44349715104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:23.966661930 CET44349715104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:23.966708899 CET49715443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:23.966722965 CET44349715104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:23.966770887 CET49715443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:23.966974974 CET44349715104.47.55.156192.168.2.16
                                  Jan 6, 2025 16:16:23.966983080 CET49715443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:23.967044115 CET49715443192.168.2.16104.47.55.156
                                  Jan 6, 2025 16:16:23.972007990 CET49717443192.168.2.16104.47.66.28
                                  Jan 6, 2025 16:16:23.972045898 CET44349717104.47.66.28192.168.2.16
                                  Jan 6, 2025 16:16:23.972136021 CET49717443192.168.2.16104.47.66.28
                                  Jan 6, 2025 16:16:23.972318888 CET49717443192.168.2.16104.47.66.28
                                  Jan 6, 2025 16:16:23.972332001 CET44349717104.47.66.28192.168.2.16
                                  Jan 6, 2025 16:16:24.013410091 CET44349716104.47.66.28192.168.2.16
                                  Jan 6, 2025 16:16:24.013648033 CET49716443192.168.2.16104.47.66.28
                                  Jan 6, 2025 16:16:24.013664961 CET44349716104.47.66.28192.168.2.16
                                  Jan 6, 2025 16:16:24.014542103 CET44349716104.47.66.28192.168.2.16
                                  Jan 6, 2025 16:16:24.014595985 CET49716443192.168.2.16104.47.66.28
                                  Jan 6, 2025 16:16:24.014911890 CET49716443192.168.2.16104.47.66.28
                                  Jan 6, 2025 16:16:24.014962912 CET44349716104.47.66.28192.168.2.16
                                  Jan 6, 2025 16:16:24.015021086 CET49716443192.168.2.16104.47.66.28
                                  Jan 6, 2025 16:16:24.015028000 CET44349716104.47.66.28192.168.2.16
                                  Jan 6, 2025 16:16:24.058387995 CET49716443192.168.2.16104.47.66.28
                                  Jan 6, 2025 16:16:24.257237911 CET44349716104.47.66.28192.168.2.16
                                  Jan 6, 2025 16:16:24.257255077 CET44349716104.47.66.28192.168.2.16
                                  Jan 6, 2025 16:16:24.257311106 CET44349716104.47.66.28192.168.2.16
                                  Jan 6, 2025 16:16:24.257324934 CET49716443192.168.2.16104.47.66.28
                                  Jan 6, 2025 16:16:24.257359028 CET49716443192.168.2.16104.47.66.28
                                  Jan 6, 2025 16:16:24.258255959 CET49716443192.168.2.16104.47.66.28
                                  Jan 6, 2025 16:16:24.258274078 CET44349716104.47.66.28192.168.2.16
                                  Jan 6, 2025 16:16:24.297369003 CET49678443192.168.2.1620.189.173.10
                                  Jan 6, 2025 16:16:24.759068966 CET44349717104.47.66.28192.168.2.16
                                  Jan 6, 2025 16:16:24.759377956 CET49717443192.168.2.16104.47.66.28
                                  Jan 6, 2025 16:16:24.759412050 CET44349717104.47.66.28192.168.2.16
                                  Jan 6, 2025 16:16:24.760457039 CET44349717104.47.66.28192.168.2.16
                                  Jan 6, 2025 16:16:24.760570049 CET49717443192.168.2.16104.47.66.28
                                  Jan 6, 2025 16:16:24.760876894 CET49717443192.168.2.16104.47.66.28
                                  Jan 6, 2025 16:16:24.760936975 CET44349717104.47.66.28192.168.2.16
                                  Jan 6, 2025 16:16:24.761034966 CET49717443192.168.2.16104.47.66.28
                                  Jan 6, 2025 16:16:24.761042118 CET44349717104.47.66.28192.168.2.16
                                  Jan 6, 2025 16:16:24.808361053 CET49717443192.168.2.16104.47.66.28
                                  Jan 6, 2025 16:16:25.058871031 CET44349717104.47.66.28192.168.2.16
                                  Jan 6, 2025 16:16:25.058893919 CET44349717104.47.66.28192.168.2.16
                                  Jan 6, 2025 16:16:25.058906078 CET44349717104.47.66.28192.168.2.16
                                  Jan 6, 2025 16:16:25.058921099 CET44349717104.47.66.28192.168.2.16
                                  Jan 6, 2025 16:16:25.058957100 CET44349717104.47.66.28192.168.2.16
                                  Jan 6, 2025 16:16:25.058990955 CET49717443192.168.2.16104.47.66.28
                                  Jan 6, 2025 16:16:25.059011936 CET44349717104.47.66.28192.168.2.16
                                  Jan 6, 2025 16:16:25.059034109 CET49717443192.168.2.16104.47.66.28
                                  Jan 6, 2025 16:16:25.059098959 CET49717443192.168.2.16104.47.66.28
                                  Jan 6, 2025 16:16:25.093530893 CET44349717104.47.66.28192.168.2.16
                                  Jan 6, 2025 16:16:25.093569040 CET44349717104.47.66.28192.168.2.16
                                  Jan 6, 2025 16:16:25.093626022 CET44349717104.47.66.28192.168.2.16
                                  Jan 6, 2025 16:16:25.093650103 CET49717443192.168.2.16104.47.66.28
                                  Jan 6, 2025 16:16:25.093719006 CET49717443192.168.2.16104.47.66.28
                                  Jan 6, 2025 16:16:25.093867064 CET49717443192.168.2.16104.47.66.28
                                  Jan 6, 2025 16:16:25.093882084 CET44349717104.47.66.28192.168.2.16
                                  Jan 6, 2025 16:16:26.653542995 CET4968080192.168.2.16192.229.211.108
                                  Jan 6, 2025 16:16:26.701386929 CET49678443192.168.2.1620.189.173.10
                                  Jan 6, 2025 16:16:26.957396984 CET4968080192.168.2.16192.229.211.108
                                  Jan 6, 2025 16:16:27.563350916 CET4968080192.168.2.16192.229.211.108
                                  Jan 6, 2025 16:16:28.778382063 CET4968080192.168.2.16192.229.211.108
                                  Jan 6, 2025 16:16:30.600693941 CET44349710142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:16:30.600755930 CET44349710142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:16:30.600819111 CET49710443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:16:31.181410074 CET4968080192.168.2.16192.229.211.108
                                  Jan 6, 2025 16:16:31.482372046 CET49710443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:16:31.482398033 CET44349710142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:16:31.512418032 CET49678443192.168.2.1620.189.173.10
                                  Jan 6, 2025 16:16:32.947417974 CET49673443192.168.2.16204.79.197.203
                                  Jan 6, 2025 16:16:35.987412930 CET4968080192.168.2.16192.229.211.108
                                  Jan 6, 2025 16:16:41.117523909 CET49678443192.168.2.1620.189.173.10
                                  Jan 6, 2025 16:16:41.204093933 CET49698443192.168.2.1620.190.159.71
                                  Jan 6, 2025 16:16:41.204205990 CET49698443192.168.2.1620.190.159.71
                                  Jan 6, 2025 16:16:41.208997011 CET4434969820.190.159.71192.168.2.16
                                  Jan 6, 2025 16:16:41.209067106 CET4434969820.190.159.71192.168.2.16
                                  Jan 6, 2025 16:16:41.209079027 CET4434969820.190.159.71192.168.2.16
                                  Jan 6, 2025 16:16:41.209132910 CET4434969820.190.159.71192.168.2.16
                                  Jan 6, 2025 16:16:41.209144115 CET4434969820.190.159.71192.168.2.16
                                  Jan 6, 2025 16:16:41.561486959 CET4434969820.190.159.71192.168.2.16
                                  Jan 6, 2025 16:16:41.561506033 CET4434969820.190.159.71192.168.2.16
                                  Jan 6, 2025 16:16:41.561517000 CET4434969820.190.159.71192.168.2.16
                                  Jan 6, 2025 16:16:41.561528921 CET4434969820.190.159.71192.168.2.16
                                  Jan 6, 2025 16:16:41.561553955 CET49698443192.168.2.1620.190.159.71
                                  Jan 6, 2025 16:16:41.561613083 CET49698443192.168.2.1620.190.159.71
                                  Jan 6, 2025 16:16:41.561639071 CET4434969820.190.159.71192.168.2.16
                                  Jan 6, 2025 16:16:41.561685085 CET4434969820.190.159.71192.168.2.16
                                  Jan 6, 2025 16:16:41.561700106 CET4434969820.190.159.71192.168.2.16
                                  Jan 6, 2025 16:16:41.561722994 CET4434969820.190.159.71192.168.2.16
                                  Jan 6, 2025 16:16:41.561729908 CET49698443192.168.2.1620.190.159.71
                                  Jan 6, 2025 16:16:41.561738968 CET4434969820.190.159.71192.168.2.16
                                  Jan 6, 2025 16:16:41.561767101 CET49698443192.168.2.1620.190.159.71
                                  Jan 6, 2025 16:16:41.562544107 CET4434969820.190.159.71192.168.2.16
                                  Jan 6, 2025 16:16:41.562561035 CET4434969820.190.159.71192.168.2.16
                                  Jan 6, 2025 16:16:41.562580109 CET49698443192.168.2.1620.190.159.71
                                  Jan 6, 2025 16:16:41.606421947 CET49698443192.168.2.1620.190.159.71
                                  Jan 6, 2025 16:16:45.595614910 CET4968080192.168.2.16192.229.211.108
                                  Jan 6, 2025 16:17:01.813551903 CET49706443192.168.2.1613.107.136.10
                                  Jan 6, 2025 16:17:01.813561916 CET4434970613.107.136.10192.168.2.16
                                  Jan 6, 2025 16:17:02.437761068 CET4969580192.168.2.162.22.50.131
                                  Jan 6, 2025 16:17:02.442754030 CET80496952.22.50.131192.168.2.16
                                  Jan 6, 2025 16:17:02.442820072 CET4969580192.168.2.162.22.50.131
                                  Jan 6, 2025 16:17:17.487595081 CET49706443192.168.2.1613.107.136.10
                                  Jan 6, 2025 16:17:17.487694025 CET4434970613.107.136.10192.168.2.16
                                  Jan 6, 2025 16:17:17.487756014 CET49706443192.168.2.1613.107.136.10
                                  Jan 6, 2025 16:17:20.091989040 CET49722443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:20.092017889 CET44349722142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:20.092118025 CET49722443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:20.092375040 CET49722443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:20.092386961 CET44349722142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:20.741847992 CET44349722142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:20.742223978 CET49722443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:20.742238998 CET44349722142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:20.742518902 CET44349722142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:20.742826939 CET49722443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:20.742878914 CET44349722142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:20.796156883 CET49722443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:30.662942886 CET44349722142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:30.663017035 CET44349722142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:30.663198948 CET49722443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:31.478524923 CET49722443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:31.478549004 CET44349722142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:41.214411020 CET49723443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:41.214451075 CET44349723142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:41.214535952 CET49723443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:41.216568947 CET49723443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:41.216582060 CET44349723142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:41.666047096 CET49724443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:41.666099072 CET44349724142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:41.666266918 CET49724443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:41.666527033 CET49724443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:41.666539907 CET44349724142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:41.741198063 CET49725443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:41.741230965 CET44349725142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:41.741316080 CET49725443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:41.741470098 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:41.741509914 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:41.741559029 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:41.748661995 CET49725443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:41.748675108 CET44349725142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:41.748929024 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:41.748944998 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:41.844239950 CET44349723142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:41.845329046 CET49723443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:41.845345020 CET44349723142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:41.845633984 CET44349723142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:41.846694946 CET49723443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:41.846751928 CET44349723142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:41.847352982 CET49723443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:41.895334959 CET44349723142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.142858028 CET44349723142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.145502090 CET44349723142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.145577908 CET49723443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.146691084 CET49723443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.146708965 CET44349723142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.295589924 CET44349724142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.295922041 CET49724443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.295944929 CET44349724142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.296664953 CET44349724142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.296979904 CET49724443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.297133923 CET49724443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.297709942 CET44349724142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.346647024 CET49724443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.377562046 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.377896070 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.377909899 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.378899097 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.378947973 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.379456997 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.379512072 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.379986048 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.379995108 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.399782896 CET44349725142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.400022030 CET49725443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.400041103 CET44349725142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.401057005 CET44349725142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.401120901 CET49725443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.401400089 CET49725443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.401463032 CET44349725142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.401547909 CET49725443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.401556969 CET44349725142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.425692081 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.441679001 CET49725443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.607029915 CET44349724142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.607141018 CET44349724142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.607225895 CET49724443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.608403921 CET49724443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.608423948 CET44349724142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.687768936 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.687820911 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.687855005 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.687890053 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.687891960 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.687910080 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.687932968 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.693523884 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.693593025 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.693603039 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.693650961 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.693697929 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.693703890 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.699843884 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.699917078 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.699923992 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.700634956 CET44349725142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.700830936 CET44349725142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.700889111 CET49725443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.701602936 CET49725443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.701617002 CET44349725142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.703412056 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.703486919 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.703493118 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.758682966 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.774029970 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.777098894 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.777133942 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.777178049 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.777189970 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.777230978 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.783281088 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.789663076 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.789696932 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.789711952 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.789717913 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.789762020 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.796082973 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.802236080 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.802290916 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.802298069 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.808526039 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.808605909 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.808610916 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.814238071 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.814291954 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.814297915 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.820183039 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.820230961 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.820231915 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.820240974 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.820281982 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.825846910 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.831480980 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.831532001 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.831537962 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.831655025 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.831702948 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.831708908 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.837344885 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.837395906 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.837403059 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.860295057 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.860368013 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.860374928 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.860500097 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.860569000 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.860574007 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.863337994 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.863408089 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.863414049 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.869098902 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.869164944 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.869172096 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.874859095 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.874914885 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.874921083 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.880588055 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.880650997 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.880656958 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.886337042 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.886389017 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.886394978 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.892184973 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.892256021 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.892261982 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.897464037 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.897516012 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.897524118 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.902786016 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.902848959 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.902854919 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.908080101 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.908133030 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.908139944 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.913434029 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.913486004 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.913492918 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.918529987 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.918586969 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.918593884 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.923331976 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.923386097 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.923392057 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.927683115 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.927736998 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.927745104 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.931886911 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.931936026 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.931941986 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.936206102 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.936270952 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.936276913 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.940293074 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.940346003 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.940352917 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.944098949 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.944154978 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.944159985 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.948190928 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.948254108 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.948261023 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.951981068 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.952042103 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.952049017 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.955878973 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.955941916 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.955948114 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.958298922 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.958350897 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.958357096 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.960530996 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.960585117 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.960592985 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.962896109 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.962950945 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.962958097 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.965317965 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.965375900 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.965384007 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.967609882 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.967679024 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.967686892 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.969934940 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.969999075 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.970005989 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.972223043 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.972282887 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.972290039 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.974520922 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.974579096 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.974585056 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.976983070 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.977046967 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.977056980 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.977132082 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.977180958 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.977277994 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.977297068 CET44349726142.250.185.228192.168.2.16
                                  Jan 6, 2025 16:17:42.977305889 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:42.977361917 CET49726443192.168.2.16142.250.185.228
                                  Jan 6, 2025 16:17:53.671978951 CET49696443192.168.2.1620.190.159.71
                                  Jan 6, 2025 16:17:53.677083015 CET4434969620.190.159.71192.168.2.16
                                  Jan 6, 2025 16:17:53.677200079 CET49696443192.168.2.1620.190.159.71
                                  Jan 6, 2025 16:17:53.687891006 CET4969780192.168.2.16192.229.221.95
                                  Jan 6, 2025 16:17:53.693069935 CET8049697192.229.221.95192.168.2.16
                                  Jan 6, 2025 16:17:53.693141937 CET4969780192.168.2.16192.229.221.95
                                  Jan 6, 2025 16:17:56.005820036 CET49698443192.168.2.1620.190.159.71
                                  Jan 6, 2025 16:17:56.011185884 CET4434969820.190.159.71192.168.2.16
                                  Jan 6, 2025 16:17:56.011274099 CET49698443192.168.2.1620.190.159.71

                                  UDP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  Jan 6, 2025 16:16:15.273650885 CET53563271.1.1.1192.168.2.16
                                  Jan 6, 2025 16:16:15.388441086 CET53631491.1.1.1192.168.2.16
                                  Jan 6, 2025 16:16:16.111385107 CET5915753192.168.2.161.1.1.1
                                  Jan 6, 2025 16:16:16.111567020 CET5243953192.168.2.161.1.1.1
                                  Jan 6, 2025 16:16:16.408261061 CET53524051.1.1.1192.168.2.16
                                  Jan 6, 2025 16:16:17.490144968 CET6102753192.168.2.161.1.1.1
                                  Jan 6, 2025 16:16:17.490257978 CET5332953192.168.2.161.1.1.1
                                  Jan 6, 2025 16:16:17.497354031 CET53533291.1.1.1192.168.2.16
                                  Jan 6, 2025 16:16:17.497538090 CET53610271.1.1.1192.168.2.16
                                  Jan 6, 2025 16:16:20.036180019 CET5823453192.168.2.161.1.1.1
                                  Jan 6, 2025 16:16:20.036391973 CET5349753192.168.2.161.1.1.1
                                  Jan 6, 2025 16:16:20.043005943 CET53534971.1.1.1192.168.2.16
                                  Jan 6, 2025 16:16:20.043570995 CET53582341.1.1.1192.168.2.16
                                  Jan 6, 2025 16:16:23.200285912 CET6380453192.168.2.161.1.1.1
                                  Jan 6, 2025 16:16:23.200416088 CET5125253192.168.2.161.1.1.1
                                  Jan 6, 2025 16:16:23.208024979 CET53512521.1.1.1192.168.2.16
                                  Jan 6, 2025 16:16:23.208038092 CET53638041.1.1.1192.168.2.16
                                  Jan 6, 2025 16:16:33.295341015 CET53639071.1.1.1192.168.2.16
                                  Jan 6, 2025 16:16:52.372208118 CET53496981.1.1.1192.168.2.16
                                  Jan 6, 2025 16:17:14.894114971 CET53568091.1.1.1192.168.2.16
                                  Jan 6, 2025 16:17:15.184250116 CET53631651.1.1.1192.168.2.16
                                  Jan 6, 2025 16:17:18.353796005 CET138138192.168.2.16192.168.2.255
                                  Jan 6, 2025 16:17:43.059256077 CET53588891.1.1.1192.168.2.16
                                  Jan 6, 2025 16:17:44.658243895 CET53635531.1.1.1192.168.2.16

                                  DNS Queries

                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                  Jan 6, 2025 16:16:16.111385107 CET192.168.2.161.1.1.10xdd52Standard query (0)hacdct-my.sharepoint.comA (IP address)IN (0x0001)false
                                  Jan 6, 2025 16:16:16.111567020 CET192.168.2.161.1.1.10xf061Standard query (0)hacdct-my.sharepoint.com65IN (0x0001)false
                                  Jan 6, 2025 16:16:17.490144968 CET192.168.2.161.1.1.10x2978Standard query (0)nam12.safelinks.protection.outlook.comA (IP address)IN (0x0001)false
                                  Jan 6, 2025 16:16:17.490257978 CET192.168.2.161.1.1.10x7eb6Standard query (0)nam12.safelinks.protection.outlook.com65IN (0x0001)false
                                  Jan 6, 2025 16:16:20.036180019 CET192.168.2.161.1.1.10xc8e4Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                  Jan 6, 2025 16:16:20.036391973 CET192.168.2.161.1.1.10x6b02Standard query (0)www.google.com65IN (0x0001)false
                                  Jan 6, 2025 16:16:23.200285912 CET192.168.2.161.1.1.10xbe8bStandard query (0)nam12.safelinks.protection.outlook.comA (IP address)IN (0x0001)false
                                  Jan 6, 2025 16:16:23.200416088 CET192.168.2.161.1.1.10x84e8Standard query (0)nam12.safelinks.protection.outlook.com65IN (0x0001)false

                                  DNS Answers

                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                  Jan 6, 2025 16:16:16.142092943 CET1.1.1.1192.168.2.160xdd52No error (0)hacdct-my.sharepoint.comhacdct.sharepoint.comCNAME (Canonical name)IN (0x0001)false
                                  Jan 6, 2025 16:16:16.142092943 CET1.1.1.1192.168.2.160xdd52No error (0)hacdct.sharepoint.com10310-ipv4v6e.clump.dprodmgd105.aa-rt.sharepoint.comCNAME (Canonical name)IN (0x0001)false
                                  Jan 6, 2025 16:16:16.142092943 CET1.1.1.1192.168.2.160xdd52No error (0)10310-ipv4v6e.clump.dprodmgd105.aa-rt.sharepoint.com193965-ipv4v6e.farm.dprodmgd105.aa-rt.sharepoint.comCNAME (Canonical name)IN (0x0001)false
                                  Jan 6, 2025 16:16:16.142092943 CET1.1.1.1192.168.2.160xdd52No error (0)193965-ipv4v6e.farm.dprodmgd105.aa-rt.sharepoint.com193965-ipv4v6e.farm.dprodmgd105.sharepointonline.com.akadns.netCNAME (Canonical name)IN (0x0001)false
                                  Jan 6, 2025 16:16:16.142092943 CET1.1.1.1192.168.2.160xdd52No error (0)193965-ipv4v6.farm.dprodmgd105.aa-rt.sharepoint.com.dual-spo-0005.spo-msedge.netdual-spo-0005.spo-msedge.netCNAME (Canonical name)IN (0x0001)false
                                  Jan 6, 2025 16:16:16.142092943 CET1.1.1.1192.168.2.160xdd52No error (0)dual-spo-0005.spo-msedge.net13.107.136.10A (IP address)IN (0x0001)false
                                  Jan 6, 2025 16:16:16.142092943 CET1.1.1.1192.168.2.160xdd52No error (0)dual-spo-0005.spo-msedge.net13.107.138.10A (IP address)IN (0x0001)false
                                  Jan 6, 2025 16:16:16.157211065 CET1.1.1.1192.168.2.160xf061No error (0)hacdct-my.sharepoint.comhacdct.sharepoint.comCNAME (Canonical name)IN (0x0001)false
                                  Jan 6, 2025 16:16:16.157211065 CET1.1.1.1192.168.2.160xf061No error (0)hacdct.sharepoint.com10310-ipv4v6e.clump.dprodmgd105.aa-rt.sharepoint.comCNAME (Canonical name)IN (0x0001)false
                                  Jan 6, 2025 16:16:16.157211065 CET1.1.1.1192.168.2.160xf061No error (0)10310-ipv4v6e.clump.dprodmgd105.aa-rt.sharepoint.com193965-ipv4v6e.farm.dprodmgd105.aa-rt.sharepoint.comCNAME (Canonical name)IN (0x0001)false
                                  Jan 6, 2025 16:16:16.157211065 CET1.1.1.1192.168.2.160xf061No error (0)193965-ipv4v6e.farm.dprodmgd105.aa-rt.sharepoint.com193965-ipv4v6e.farm.dprodmgd105.sharepointonline.com.akadns.netCNAME (Canonical name)IN (0x0001)false
                                  Jan 6, 2025 16:16:17.497354031 CET1.1.1.1192.168.2.160x7eb6No error (0)nam12.safelinks.protection.outlook.comnam12.safelinks.eop-tm2.outlook.comCNAME (Canonical name)IN (0x0001)false
                                  Jan 6, 2025 16:16:17.497538090 CET1.1.1.1192.168.2.160x2978No error (0)nam12.safelinks.protection.outlook.comnam12.safelinks.eop-tm2.outlook.comCNAME (Canonical name)IN (0x0001)false
                                  Jan 6, 2025 16:16:17.497538090 CET1.1.1.1192.168.2.160x2978No error (0)nam12.safelinks.eop-tm2.outlook.com104.47.55.156A (IP address)IN (0x0001)false
                                  Jan 6, 2025 16:16:17.497538090 CET1.1.1.1192.168.2.160x2978No error (0)nam12.safelinks.eop-tm2.outlook.com104.47.66.28A (IP address)IN (0x0001)false
                                  Jan 6, 2025 16:16:17.497538090 CET1.1.1.1192.168.2.160x2978No error (0)nam12.safelinks.eop-tm2.outlook.com104.47.59.156A (IP address)IN (0x0001)false
                                  Jan 6, 2025 16:16:20.043005943 CET1.1.1.1192.168.2.160x6b02No error (0)www.google.com65IN (0x0001)false
                                  Jan 6, 2025 16:16:20.043570995 CET1.1.1.1192.168.2.160xc8e4No error (0)www.google.com142.250.185.228A (IP address)IN (0x0001)false
                                  Jan 6, 2025 16:16:23.208024979 CET1.1.1.1192.168.2.160x84e8No error (0)nam12.safelinks.protection.outlook.comnam12.safelinks.eop-tm2.outlook.comCNAME (Canonical name)IN (0x0001)false
                                  Jan 6, 2025 16:16:23.208038092 CET1.1.1.1192.168.2.160xbe8bNo error (0)nam12.safelinks.protection.outlook.comnam12.safelinks.eop-tm2.outlook.comCNAME (Canonical name)IN (0x0001)false
                                  Jan 6, 2025 16:16:23.208038092 CET1.1.1.1192.168.2.160xbe8bNo error (0)nam12.safelinks.eop-tm2.outlook.com104.47.66.28A (IP address)IN (0x0001)false
                                  Jan 6, 2025 16:16:23.208038092 CET1.1.1.1192.168.2.160xbe8bNo error (0)nam12.safelinks.eop-tm2.outlook.com104.47.59.156A (IP address)IN (0x0001)false
                                  Jan 6, 2025 16:16:23.208038092 CET1.1.1.1192.168.2.160xbe8bNo error (0)nam12.safelinks.eop-tm2.outlook.com104.47.55.156A (IP address)IN (0x0001)false

                                  HTTP Request Dependency Graph

                                  • hacdct-my.sharepoint.com
                                  • nam12.safelinks.protection.outlook.com
                                  • https:
                                  • www.google.com

                                  HTTPS Proxied Packets

                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  0192.168.2.164970713.107.136.104437020C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  2025-01-06 15:16:16 UTC1173OUTGET /:f:/g/personal/dmarra_hacdct_org/El0CfhNMVMNNuzPj6QGnrSQBywVLNW96w_XrX10UdRlfmQ?email=dhodder%40haigroup.com&e=d37USF&xsdata=MDV8MDJ8am1ja2lubGV5QGhhaWdyb3VwLmNvbXwyYzYxNmM3ZDhlNmU0YWM5MDJlMjA4ZGQyZTYzYjFmMnw4MjgxNWI4YzM3NzU0NTk5OTdjNzJiODc1MjhlNmY4M3wwfDB8NjM4NzE3NzMyNjY3MjIxNDQzfFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXw0MDAwfHx8&sdata=bXM5KzduUjdVc3RFaFJsU1ZBR1d1enMxT3I3VitIdmc4MUlhZ25WT3dmWT0%3d HTTP/1.1
                                  Host: hacdct-my.sharepoint.com
                                  Connection: keep-alive
                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                  sec-ch-ua-mobile: ?0
                                  sec-ch-ua-platform: "Windows"
                                  Upgrade-Insecure-Requests: 1
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                  Sec-Fetch-Site: none
                                  Sec-Fetch-Mode: navigate
                                  Sec-Fetch-User: ?1
                                  Sec-Fetch-Dest: document
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-US,en;q=0.9
                                  2025-01-06 15:16:17 UTC2286INHTTP/1.1 302 Found
                                  Cache-Control: private
                                  Content-Length: 1226
                                  Content-Type: text/html; charset=utf-8
                                  Location: https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhacdct-my.sharepoint.com%2F%3Af%3A%2Fg%2Fpersonal%2Fdmarra_hacdct_org%2FEl0CfhNMVMNNuzPj6QGnrSQBywVLNW96w_XrX10UdRlfmQ%3Femail%3Ddhodder%2540haigroup.com%26e%3Dd37USF&data=05%7C02%7Cjmckinley%40haigroup.com%7C2c616c7d8e6e4ac902e208dd2e63b1f2%7C82815b8c3775459997c72b87528e6f83%7C0%7C0%7C638717733773919628%7CBad%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyLCJBUCI6eyJGSWQiOiIxOTM5NjUiLCJGTGJsIjoiVVNfMzQyX0NvbnRlbnQiLCJHZW8iOiJOQU0iLCJSZXFJZCI6ImNlZTU3NGExLTUwNDMtNzAwMC02ZmUzLTQ3ZTAzZDAwZmNhZCIsIk1JZCI6Ijc3OTgzMjQiLCJNTmFtZSI6IlVTUjE5Mzk2NS05MDEiLCJDbGllbnRJUCI6IjguNDYuMTIzLjE4OSIsIkNsaWVudC1BZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTcuMC4wLjAgU2FmYXJpLzUzNy4zNiIsIkNJRC1PcmlnaW4iOiJTUE8ifX0%3D%7C1%7CMmM2MTZjN2QtOGU2ZS00YWM5LTAyZTItMDhkZDJlNjNiMWYy%7C0d63eec6f40a40a61eb008dd2e65114f%7Cd0e574a13013700 [TRUNCATED]
                                  P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                  X-NetworkStatistics: 0,1051136,0,11,2202101,0,1051136,10
                                  X-SharePointHealthScore: 2
                                  Referrer-Policy: no-referrer, strict-origin-when-cross-origin
                                  SharePointError: 0
                                  X-AspNet-Version: 4.0.30319
                                  SPRequestDuration: 584
                                  SPIisLatency: 4
                                  X-DataBoundary: NONE
                                  X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/
                                  X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/
                                  SPRequestGuid: d0e574a1-3013-7000-6fe3-47f95fd4de68
                                  request-id: d0e574a1-3013-7000-6fe3-47f95fd4de68
                                  MS-CV: oXTl0BMwAHBv40f5X9TeaA.0
                                  Alt-Svc: h3=":443";ma=86400
                                  Strict-Transport-Security: max-age=31536000
                                  X-Powered-By: ASP.NET
                                  MicrosoftSharePointTeamServices: 16.0.0.25520
                                  X-Content-Type-Options: nosniff
                                  X-MS-InvokeApp: 1; RequireReadOnly
                                  X-Cache: CONFIG_NOCACHE
                                  X-MSEdge-Ref: Ref A: 34C8D6FC30774F6A87ABD18E38E76781 Ref B: EWR311000106053 Ref C: 2025-01-06T15:16:16Z
                                  Date: Mon, 06 Jan 2025 15:16:16 GMT
                                  Connection: close
                                  2025-01-06 15:16:17 UTC1226INData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6e 61 6d 31 32 2e 73 61 66 65 6c 69 6e 6b 73 2e 70 72 6f 74 65 63 74 69 6f 6e 2e 6f 75 74 6c 6f 6f 6b 2e 63 6f 6d 2f 3f 75 72 6c 3d 68 74 74 70 73 25 33 41 25 32 46 25 32 46 68 61 63 64 63 74 2d 6d 79 2e 73 68 61 72 65 70 6f 69 6e 74 2e 63 6f 6d 25 32 46 25 33 41 66 25 33 41 25 32 46 67 25 32 46 70 65 72 73 6f 6e 61 6c 25 32 46 64 6d 61 72 72 61 5f 68 61 63 64 63 74 5f 6f 72 67 25 32 46 45 6c 30 43 66 68 4e 4d 56 4d 4e 4e 75 7a 50 6a 36 51 47 6e 72 53 51 42 79 77 56 4c 4e 57 39 36 77 5f
                                  Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhacdct-my.sharepoint.com%2F%3Af%3A%2Fg%2Fpersonal%2Fdmarra_hacdct_org%2FEl0CfhNMVMNNuzPj6QGnrSQBywVLNW96w_


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  1192.168.2.1649708104.47.55.1564437020C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  2025-01-06 15:16:18 UTC1731OUTGET /?url=https%3A%2F%2Fhacdct-my.sharepoint.com%2F%3Af%3A%2Fg%2Fpersonal%2Fdmarra_hacdct_org%2FEl0CfhNMVMNNuzPj6QGnrSQBywVLNW96w_XrX10UdRlfmQ%3Femail%3Ddhodder%2540haigroup.com%26e%3Dd37USF&data=05%7C02%7Cjmckinley%40haigroup.com%7C2c616c7d8e6e4ac902e208dd2e63b1f2%7C82815b8c3775459997c72b87528e6f83%7C0%7C0%7C638717733773919628%7CBad%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyLCJBUCI6eyJGSWQiOiIxOTM5NjUiLCJGTGJsIjoiVVNfMzQyX0NvbnRlbnQiLCJHZW8iOiJOQU0iLCJSZXFJZCI6ImNlZTU3NGExLTUwNDMtNzAwMC02ZmUzLTQ3ZTAzZDAwZmNhZCIsIk1JZCI6Ijc3OTgzMjQiLCJNTmFtZSI6IlVTUjE5Mzk2NS05MDEiLCJDbGllbnRJUCI6IjguNDYuMTIzLjE4OSIsIkNsaWVudC1BZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTcuMC4wLjAgU2FmYXJpLzUzNy4zNiIsIkNJRC1PcmlnaW4iOiJTUE8ifX0%3D%7C1%7CMmM2MTZjN2QtOGU2ZS00YWM5LTAyZTItMDhkZDJlNjNiMWYy%7C0d63eec6f40a40a61eb008dd2e65114f%7Cd0e574a1301370006fe347f95fd4de68&sdata=1UyEb4w3m4XTtJ0Nea6%2FAwYVF0 [TRUNCATED]
                                  Host: nam12.safelinks.protection.outlook.com
                                  Connection: keep-alive
                                  Upgrade-Insecure-Requests: 1
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                  Sec-Fetch-Site: none
                                  Sec-Fetch-Mode: navigate
                                  Sec-Fetch-User: ?1
                                  Sec-Fetch-Dest: document
                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                  sec-ch-ua-mobile: ?0
                                  sec-ch-ua-platform: "Windows"
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-US,en;q=0.9
                                  2025-01-06 15:16:22 UTC613INHTTP/1.1 200 OK
                                  Cache-Control: private
                                  Content-Type: text/html; charset=utf-8
                                  Server: Microsoft-IIS/10.0
                                  X-AspNetMvc-Version: 5.2
                                  X-SL-GetUrlReputation-Verdict: Bad
                                  X-Robots-Tag: noindex, nofollow
                                  X-AspNet-Version: 4.0.30319
                                  X-ServerName: BN8NAM12WS065
                                  X-ServerVersion: 15.20.8335.007
                                  X-ServerLat: 4230
                                  X-SafeLinks-Tracking-Id: 072669bc-e627-42c2-0a8b-08dd2e6511ca
                                  X-Powered-By: ASP.NET
                                  X-Content-Type-Options: nosniff
                                  X-UA-Compatible: IE=Edge
                                  Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                  Date: Mon, 06 Jan 2025 15:16:21 GMT
                                  Connection: close
                                  Content-Length: 17327
                                  2025-01-06 15:16:22 UTC15771INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 69 63 72 6f 73 6f 66 74 20 44 65 66 65 6e 64 65 72 20 66 6f 72 20 4f 66 66 69 63 65 20 33 36 35 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 73 61 6d 65 2d 6f 72 69 67 69 6e 22 20 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 2c
                                  Data Ascii: <!doctype html><html><head> <meta charset="UTF-8"> <title>Microsoft Defender for Office 365</title> <meta name="referrer" content="same-origin" /> <meta name="robots" content="noindex,nofollow" /> <link rel="icon" href="data:,
                                  2025-01-06 15:16:22 UTC1556INData Raw: 34 4f 45 72 72 36 49 35 6a 2f 2f 6d 44 30 43 42 4d 47 6a 57 44 31 2f 47 54 62 70 58 63 4c 59 77 30 61 34 76 66 70 69 78 31 70 4a 50 67 69 78 74 56 72 6e 49 2f 77 75 30 59 38 54 65 49 56 64 30 34 34 39 32 66 48 42 4d 44 4f 67 4b 58 79 4c 44 49 37 66 7a 33 43 4c 46 6a 34 30 58 4a 4f 35 63 62 41 59 75 4f 33 68 47 69 2b 6c 33 55 65 53 48 6c 31 7a 42 6c 71 6f 4f 70 78 35 73 2b 4d 39 44 46 4a 44 54 30 6e 71 5a 6e 57 51 78 41 56 67 2f 39 4e 78 31 49 4e 6f 2b 53 70 42 68 44 6b 68 50 51 62 35 51 75 7a 5a 44 55 78 4c 44 79 50 65 48 73 67 30 77 74 4a 67 2b 55 37 75 75 61 73 43 44 56 75 42 76 2f 45 4d 58 76 6b 53 67 4d 61 47 57 2b 6d 4e 36 46 6e 73 48 35 66 45 57 34 6f 32 44 6d 72 62 48 79 2b 4d 59 59 69 55 2b 6e 61 59 62 67 35 32 61 36 71 4a 33 46 58 72 30 49 2f 33
                                  Data Ascii: 4OErr6I5j//mD0CBMGjWD1/GTbpXcLYw0a4vfpix1pJPgixtVrnI/wu0Y8TeIVd04492fHBMDOgKXyLDI7fz3CLFj40XJO5cbAYuO3hGi+l3UeSHl1zBlqoOpx5s+M9DFJDT0nqZnWQxAVg/9Nx1INo+SpBhDkhPQb5QuzZDUxLDyPeHsg0wtJg+U7uuasCDVuBv/EMXvkSgMaGW+mN6FnsH5fEW4o2DmrbHy+MYYiU+naYbg52a6qJ3FXr0I/3


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  2192.168.2.1649713104.47.55.1564437020C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  2025-01-06 15:16:23 UTC1656OUTGET /Content/Scripts/safelinksv2.css HTTP/1.1
                                  Host: nam12.safelinks.protection.outlook.com
                                  Connection: keep-alive
                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                  sec-ch-ua-mobile: ?0
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  sec-ch-ua-platform: "Windows"
                                  Accept: text/css,*/*;q=0.1
                                  Sec-Fetch-Site: same-origin
                                  Sec-Fetch-Mode: no-cors
                                  Sec-Fetch-Dest: style
                                  Referer: https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhacdct-my.sharepoint.com%2F%3Af%3A%2Fg%2Fpersonal%2Fdmarra_hacdct_org%2FEl0CfhNMVMNNuzPj6QGnrSQBywVLNW96w_XrX10UdRlfmQ%3Femail%3Ddhodder%2540haigroup.com%26e%3Dd37USF&data=05%7C02%7Cjmckinley%40haigroup.com%7C2c616c7d8e6e4ac902e208dd2e63b1f2%7C82815b8c3775459997c72b87528e6f83%7C0%7C0%7C638717733773919628%7CBad%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyLCJBUCI6eyJGSWQiOiIxOTM5NjUiLCJGTGJsIjoiVVNfMzQyX0NvbnRlbnQiLCJHZW8iOiJOQU0iLCJSZXFJZCI6ImNlZTU3NGExLTUwNDMtNzAwMC02ZmUzLTQ3ZTAzZDAwZmNhZCIsIk1JZCI6Ijc3OTgzMjQiLCJNTmFtZSI6IlVTUjE5Mzk2NS05MDEiLCJDbGllbnRJUCI6IjguNDYuMTIzLjE4OSIsIkNsaWVudC1BZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTcuMC4wLjAgU2FmYXJpLzUzNy4zNiIsIkNJRC1PcmlnaW4iOiJTUE8ifX0%3D%7C1%7CMmM2MTZjN2QtOGU2ZS00YWM5LTAyZTItMDhkZDJlNjNiMWYy%7C0d63eec6f40a40a61eb008dd2e65114f%7Cd0e574a130137000 [TRUNCATED]
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-US,en;q=0.9
                                  2025-01-06 15:16:23 UTC539INHTTP/1.1 200 OK
                                  Content-Type: text/css
                                  Last-Modified: Sun, 05 Jan 2025 11:35:22 GMT
                                  Accept-Ranges: bytes
                                  ETag: "039a1e7655fdb1:0"
                                  Server: Microsoft-IIS/10.0
                                  X-ServerName: BN8NAM12WS050
                                  X-ServerVersion: 15.20.8335.010
                                  X-ServerLat: 0
                                  X-SafeLinks-Tracking-Id: b30dd47d-ec1b-472d-d7ca-08dd2e6514bb
                                  X-Powered-By: ASP.NET
                                  X-Content-Type-Options: nosniff
                                  X-UA-Compatible: IE=Edge
                                  Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                  Date: Mon, 06 Jan 2025 15:16:22 GMT
                                  Connection: close
                                  Content-Length: 3932
                                  2025-01-06 15:16:23 UTC3932INData Raw: 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0d 0a 2f 2a 20 43 53 53 20 44 6f 63 75 6d 65 6e 74 20 2a 2f 0d 0a 0d 0a 62 6f 64 79 7b 0d 0a 09 6d 61 72 67 69 6e 3a 30 70 78 3b 0d 0a 09 70 61 64 64 69 6e 67 3a 30 70 78 3b 0d 0a 7d 0d 0a 0d 0a 64 69 76 7b 0d 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 3b 0d 0a 7d 0d 0a 0d 0a 23 72 65 63 6f 6d 6d 65 6e 64 61 74 69 6f 6e 5f 63 6f 6e 74 61 69 6e 65 72 7b 0d 0a 09 77 69 64 74 68 3a 31 30 30 25 3b 0d 0a 7d 0d 0a 0d 0a 23 69 63 6f 6e 20 69 6d 67 20 7b 0d 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 34 30 70 78 3b 0d 0a 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 34 35 70 78 3b 0d 0a 7d 0d 0a 0d 0a 23 75 72 6c 20 7b 68 65 69 67 68 74 3a 20 33 32 70 78 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f
                                  Data Ascii: @charset "UTF-8";/* CSS Document */body{margin:0px;padding:0px;}div{ text-align:left;}#recommendation_container{width:100%;}#icon img {margin-left: 40px;margin-top: 45px;}#url {height: 32px;background-co


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  3192.168.2.1649714104.47.55.1564437020C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  2025-01-06 15:16:23 UTC1634OUTGET /Content/Scripts/site.js HTTP/1.1
                                  Host: nam12.safelinks.protection.outlook.com
                                  Connection: keep-alive
                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                  sec-ch-ua-mobile: ?0
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  sec-ch-ua-platform: "Windows"
                                  Accept: */*
                                  Sec-Fetch-Site: same-origin
                                  Sec-Fetch-Mode: no-cors
                                  Sec-Fetch-Dest: script
                                  Referer: https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhacdct-my.sharepoint.com%2F%3Af%3A%2Fg%2Fpersonal%2Fdmarra_hacdct_org%2FEl0CfhNMVMNNuzPj6QGnrSQBywVLNW96w_XrX10UdRlfmQ%3Femail%3Ddhodder%2540haigroup.com%26e%3Dd37USF&data=05%7C02%7Cjmckinley%40haigroup.com%7C2c616c7d8e6e4ac902e208dd2e63b1f2%7C82815b8c3775459997c72b87528e6f83%7C0%7C0%7C638717733773919628%7CBad%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyLCJBUCI6eyJGSWQiOiIxOTM5NjUiLCJGTGJsIjoiVVNfMzQyX0NvbnRlbnQiLCJHZW8iOiJOQU0iLCJSZXFJZCI6ImNlZTU3NGExLTUwNDMtNzAwMC02ZmUzLTQ3ZTAzZDAwZmNhZCIsIk1JZCI6Ijc3OTgzMjQiLCJNTmFtZSI6IlVTUjE5Mzk2NS05MDEiLCJDbGllbnRJUCI6IjguNDYuMTIzLjE4OSIsIkNsaWVudC1BZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTcuMC4wLjAgU2FmYXJpLzUzNy4zNiIsIkNJRC1PcmlnaW4iOiJTUE8ifX0%3D%7C1%7CMmM2MTZjN2QtOGU2ZS00YWM5LTAyZTItMDhkZDJlNjNiMWYy%7C0d63eec6f40a40a61eb008dd2e65114f%7Cd0e574a130137000 [TRUNCATED]
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-US,en;q=0.9
                                  2025-01-06 15:16:23 UTC553INHTTP/1.1 200 OK
                                  Content-Type: application/javascript
                                  Last-Modified: Sat, 04 Jan 2025 08:18:50 GMT
                                  Accept-Ranges: bytes
                                  ETag: "011a348815edb1:0"
                                  Server: Microsoft-IIS/10.0
                                  X-ServerName: BN8NAM12WS062
                                  X-ServerVersion: 15.20.8335.007
                                  X-ServerLat: 0
                                  X-SafeLinks-Tracking-Id: 1656f3bd-9548-47a8-79b0-08dd2e6514c2
                                  X-Powered-By: ASP.NET
                                  X-Content-Type-Options: nosniff
                                  X-UA-Compatible: IE=Edge
                                  Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                  Date: Mon, 06 Jan 2025 15:16:22 GMT
                                  Connection: close
                                  Content-Length: 1588
                                  2025-01-06 15:16:23 UTC1588INData Raw: 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 4f 6e 4c 6f 61 64 48 61 6e 64 6c 65 72 28 29 7b 0d 0a 09 69 66 20 28 77 69 6e 64 6f 77 2e 68 69 73 74 6f 72 79 2e 6c 65 6e 67 74 68 20 3c 3d 20 31 29 20 7b 0d 0a 09 09 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 6c 6f 73 65 22 29 2e 73 74 79 6c 65 2e 64 69 73 70 6c 61 79 20 3d 20 22 6e 6f 6e 65 22 3b 0d 0a 09 7d 0d 0a 7d 0d 0a 0d 0a 76 61 72 20 74 68 65 6d 65 20 3d 20 6e 75 6c 6c 3b 0d 0a 74 72 79 20 7b 0d 0a 20 20 28 66 75 6e 63 74 69 6f 6e 20 28 55 52 4c 53 65 61 72 63 68 50 61 72 61 6d 73 2c 20 73 74 72 29 20 7b 0d 0a 20 20 20 20 69 66 20 28 21 6e 65 77 20 55 52 4c 53 65 61 72 63 68 50 61 72 61 6d 73 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f
                                  Data Ascii: window.onload = function OnLoadHandler(){if (window.history.length <= 1) {document.getElementById("close").style.display = "none";}}var theme = null;try { (function (URLSearchParams, str) { if (!new URLSearchParams(window.locatio


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  4192.168.2.1649715104.47.55.1564437020C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  2025-01-06 15:16:23 UTC1695OUTGET /Content/images/cross.png HTTP/1.1
                                  Host: nam12.safelinks.protection.outlook.com
                                  Connection: keep-alive
                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                  sec-ch-ua-mobile: ?0
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  sec-ch-ua-platform: "Windows"
                                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                  Sec-Fetch-Site: same-origin
                                  Sec-Fetch-Mode: no-cors
                                  Sec-Fetch-Dest: image
                                  Referer: https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhacdct-my.sharepoint.com%2F%3Af%3A%2Fg%2Fpersonal%2Fdmarra_hacdct_org%2FEl0CfhNMVMNNuzPj6QGnrSQBywVLNW96w_XrX10UdRlfmQ%3Femail%3Ddhodder%2540haigroup.com%26e%3Dd37USF&data=05%7C02%7Cjmckinley%40haigroup.com%7C2c616c7d8e6e4ac902e208dd2e63b1f2%7C82815b8c3775459997c72b87528e6f83%7C0%7C0%7C638717733773919628%7CBad%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyLCJBUCI6eyJGSWQiOiIxOTM5NjUiLCJGTGJsIjoiVVNfMzQyX0NvbnRlbnQiLCJHZW8iOiJOQU0iLCJSZXFJZCI6ImNlZTU3NGExLTUwNDMtNzAwMC02ZmUzLTQ3ZTAzZDAwZmNhZCIsIk1JZCI6Ijc3OTgzMjQiLCJNTmFtZSI6IlVTUjE5Mzk2NS05MDEiLCJDbGllbnRJUCI6IjguNDYuMTIzLjE4OSIsIkNsaWVudC1BZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTcuMC4wLjAgU2FmYXJpLzUzNy4zNiIsIkNJRC1PcmlnaW4iOiJTUE8ifX0%3D%7C1%7CMmM2MTZjN2QtOGU2ZS00YWM5LTAyZTItMDhkZDJlNjNiMWYy%7C0d63eec6f40a40a61eb008dd2e65114f%7Cd0e574a130137000 [TRUNCATED]
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-US,en;q=0.9
                                  2025-01-06 15:16:23 UTC541INHTTP/1.1 200 OK
                                  Content-Type: image/png
                                  Last-Modified: Sat, 04 Jan 2025 08:18:32 GMT
                                  Accept-Ranges: bytes
                                  ETag: "07ce83d815edb1:0"
                                  Server: Microsoft-IIS/10.0
                                  X-ServerName: BN8NAM12WS068
                                  X-ServerVersion: 15.20.8335.007
                                  X-ServerLat: 0
                                  X-SafeLinks-Tracking-Id: dac770c3-a803-49e3-76ba-08dd2e65152a
                                  X-Powered-By: ASP.NET
                                  X-Content-Type-Options: nosniff
                                  X-UA-Compatible: IE=Edge
                                  Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                  Date: Mon, 06 Jan 2025 15:16:23 GMT
                                  Connection: close
                                  Content-Length: 25664
                                  2025-01-06 15:16:23 UTC15843INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 ba 00 00 00 c8 08 06 00 00 00 5f e4 fb 3b 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 0a 4f 69 43 43 50 50 68 6f 74 6f 73 68 6f 70 20 49 43 43 20 70 72 6f 66 69 6c 65 00 00 78 da 9d 53 67 54 53 e9 16 3d f7 de f4 42 4b 88 80 94 4b 6f 52 15 08 20 52 42 8b 80 14 91 26 2a 21 09 10 4a 88 21 a1 d9 15 51 c1 11 45 45 04 1b c8 a0 88 03 8e 8e 80 8c 15 51 2c 0c 8a 0a d8 07 e4 21 a2 8e 83 a3 88 8a ca fb e1 7b a3 6b d6 bc f7 e6 cd fe b5 d7 3e e7 ac f3 9d b3 cf 07 c0 08 0c 96 48 33 51 35 80 0c a9 42 1e 11 e0 83 c7 c4 c6 e1 e4 2e 40 81 0a 24 70 00 10 08 b3 64 21 73 fd 23 01 00 f8 7e 3c 3c 2b 22 c0 07 be 00 01 78 d3 0b 08 00 c0 4d 9b c0 30 1c 87 ff 0f ea 42 99 5c 01 80 84 01 c0 74 91 38 4b
                                  Data Ascii: PNGIHDR_;pHYs%%IR$OiCCPPhotoshop ICC profilexSgTS=BKKoR RB&*!J!QEEQ,!{k>H3Q5B.@$pd!s#~<<+"xM0B\t8K
                                  2025-01-06 15:16:23 UTC9821INData Raw: 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                  Data Ascii:


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  5192.168.2.1649716104.47.66.284437020C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  2025-01-06 15:16:24 UTC385OUTGET /Content/Scripts/site.js HTTP/1.1
                                  Host: nam12.safelinks.protection.outlook.com
                                  Connection: keep-alive
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  Accept: */*
                                  Sec-Fetch-Site: none
                                  Sec-Fetch-Mode: cors
                                  Sec-Fetch-Dest: empty
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-US,en;q=0.9
                                  2025-01-06 15:16:24 UTC553INHTTP/1.1 200 OK
                                  Content-Type: application/javascript
                                  Last-Modified: Sat, 04 Jan 2025 08:18:50 GMT
                                  Accept-Ranges: bytes
                                  ETag: "011a348815edb1:0"
                                  Server: Microsoft-IIS/10.0
                                  X-ServerName: MW2NAM12WS003
                                  X-ServerVersion: 15.20.8335.007
                                  X-ServerLat: 0
                                  X-SafeLinks-Tracking-Id: 1be2803f-c3d3-476f-70f5-08dd2e65155f
                                  X-Powered-By: ASP.NET
                                  X-Content-Type-Options: nosniff
                                  X-UA-Compatible: IE=Edge
                                  Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                  Date: Mon, 06 Jan 2025 15:16:23 GMT
                                  Connection: close
                                  Content-Length: 1588
                                  2025-01-06 15:16:24 UTC1588INData Raw: 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 4f 6e 4c 6f 61 64 48 61 6e 64 6c 65 72 28 29 7b 0d 0a 09 69 66 20 28 77 69 6e 64 6f 77 2e 68 69 73 74 6f 72 79 2e 6c 65 6e 67 74 68 20 3c 3d 20 31 29 20 7b 0d 0a 09 09 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 6c 6f 73 65 22 29 2e 73 74 79 6c 65 2e 64 69 73 70 6c 61 79 20 3d 20 22 6e 6f 6e 65 22 3b 0d 0a 09 7d 0d 0a 7d 0d 0a 0d 0a 76 61 72 20 74 68 65 6d 65 20 3d 20 6e 75 6c 6c 3b 0d 0a 74 72 79 20 7b 0d 0a 20 20 28 66 75 6e 63 74 69 6f 6e 20 28 55 52 4c 53 65 61 72 63 68 50 61 72 61 6d 73 2c 20 73 74 72 29 20 7b 0d 0a 20 20 20 20 69 66 20 28 21 6e 65 77 20 55 52 4c 53 65 61 72 63 68 50 61 72 61 6d 73 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f
                                  Data Ascii: window.onload = function OnLoadHandler(){if (window.history.length <= 1) {document.getElementById("close").style.display = "none";}}var theme = null;try { (function (URLSearchParams, str) { if (!new URLSearchParams(window.locatio


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  6192.168.2.1649717104.47.66.284437020C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  2025-01-06 15:16:24 UTC386OUTGET /Content/images/cross.png HTTP/1.1
                                  Host: nam12.safelinks.protection.outlook.com
                                  Connection: keep-alive
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  Accept: */*
                                  Sec-Fetch-Site: none
                                  Sec-Fetch-Mode: cors
                                  Sec-Fetch-Dest: empty
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-US,en;q=0.9
                                  2025-01-06 15:16:25 UTC541INHTTP/1.1 200 OK
                                  Content-Type: image/png
                                  Last-Modified: Sat, 04 Jan 2025 08:18:32 GMT
                                  Accept-Ranges: bytes
                                  ETag: "07ce83d815edb1:0"
                                  Server: Microsoft-IIS/10.0
                                  X-ServerName: MW2NAM12WS011
                                  X-ServerVersion: 15.20.8335.007
                                  X-ServerLat: 0
                                  X-SafeLinks-Tracking-Id: 68cb5ea8-a0c1-41e4-c8c5-08dd2e6515d0
                                  X-Powered-By: ASP.NET
                                  X-Content-Type-Options: nosniff
                                  X-UA-Compatible: IE=Edge
                                  Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                  Date: Mon, 06 Jan 2025 15:16:24 GMT
                                  Connection: close
                                  Content-Length: 25664
                                  2025-01-06 15:16:25 UTC15843INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 ba 00 00 00 c8 08 06 00 00 00 5f e4 fb 3b 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 0a 4f 69 43 43 50 50 68 6f 74 6f 73 68 6f 70 20 49 43 43 20 70 72 6f 66 69 6c 65 00 00 78 da 9d 53 67 54 53 e9 16 3d f7 de f4 42 4b 88 80 94 4b 6f 52 15 08 20 52 42 8b 80 14 91 26 2a 21 09 10 4a 88 21 a1 d9 15 51 c1 11 45 45 04 1b c8 a0 88 03 8e 8e 80 8c 15 51 2c 0c 8a 0a d8 07 e4 21 a2 8e 83 a3 88 8a ca fb e1 7b a3 6b d6 bc f7 e6 cd fe b5 d7 3e e7 ac f3 9d b3 cf 07 c0 08 0c 96 48 33 51 35 80 0c a9 42 1e 11 e0 83 c7 c4 c6 e1 e4 2e 40 81 0a 24 70 00 10 08 b3 64 21 73 fd 23 01 00 f8 7e 3c 3c 2b 22 c0 07 be 00 01 78 d3 0b 08 00 c0 4d 9b c0 30 1c 87 ff 0f ea 42 99 5c 01 80 84 01 c0 74 91 38 4b
                                  Data Ascii: PNGIHDR_;pHYs%%IR$OiCCPPhotoshop ICC profilexSgTS=BKKoR RB&*!J!QEEQ,!{k>H3Q5B.@$pd!s#~<<+"xM0B\t8K
                                  2025-01-06 15:16:25 UTC9821INData Raw: 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                  Data Ascii:


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  7192.168.2.1649723142.250.185.2284437020C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  2025-01-06 15:17:41 UTC627OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                  Host: www.google.com
                                  Connection: keep-alive
                                  X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX
                                  Sec-Fetch-Site: none
                                  Sec-Fetch-Mode: no-cors
                                  Sec-Fetch-Dest: empty
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-US,en;q=0.9
                                  2025-01-06 15:17:42 UTC1266INHTTP/1.1 200 OK
                                  Date: Mon, 06 Jan 2025 15:17:42 GMT
                                  Pragma: no-cache
                                  Expires: -1
                                  Cache-Control: no-cache, must-revalidate
                                  Content-Type: text/javascript; charset=UTF-8
                                  Strict-Transport-Security: max-age=31536000
                                  Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-UGjUBWhI3aKEUDmBKnFfQw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                  Accept-CH: Sec-CH-Prefers-Color-Scheme
                                  Accept-CH: Sec-CH-UA-Form-Factors
                                  Accept-CH: Sec-CH-UA-Platform
                                  Accept-CH: Sec-CH-UA-Platform-Version
                                  Accept-CH: Sec-CH-UA-Full-Version
                                  Accept-CH: Sec-CH-UA-Arch
                                  Accept-CH: Sec-CH-UA-Model
                                  Accept-CH: Sec-CH-UA-Bitness
                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                  Accept-CH: Sec-CH-UA-WoW64
                                  Permissions-Policy: unload=()
                                  Content-Disposition: attachment; filename="f.txt"
                                  Server: gws
                                  X-XSS-Protection: 0
                                  X-Frame-Options: SAMEORIGIN
                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                  Accept-Ranges: none
                                  Vary: Accept-Encoding
                                  Connection: close
                                  Transfer-Encoding: chunked
                                  2025-01-06 15:17:42 UTC124INData Raw: 33 33 62 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 74 69 6b 74 6f 6b 20 62 61 6e 6e 65 64 22 2c 22 65 70 69 70 68 61 6e 79 20 68 6f 75 73 65 20 62 6c 65 73 73 69 6e 67 20 63 61 74 68 6f 6c 69 63 22 2c 22 61 6d 74 72 61 6b 20 74 72 61 69 6e 20 63 61 6e 63 65 6c 6c 61 74 69 6f 6e 73 20 77 69 6e 74 65 72 20 73 74 6f 72 6d 22 2c 22 63 6f 6c 6c 65 67 65 20 62 61 73 6b 65 74 62
                                  Data Ascii: 33b)]}'["",["tiktok banned","epiphany house blessing catholic","amtrak train cancellations winter storm","college basketb
                                  2025-01-06 15:17:42 UTC710INData Raw: 61 6c 6c 20 72 61 6e 6b 69 6e 67 73 22 2c 22 6e 76 69 64 69 61 20 67 65 66 6f 72 63 65 20 72 74 78 20 35 30 39 30 22 2c 22 6f 68 69 6f 20 73 6e 6f 77 20 65 6d 65 72 67 65 6e 63 79 20 6c 65 76 65 6c 73 22 2c 22 73 74 61 72 6c 69 6e 6b 20 75 6e 69 74 65 64 20 61 69 72 6c 69 6e 65 73 22 2c 22 73 74 72 65 61 6d 69 6e 67 20 6d 6f 76 69 65 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a 58 4d 5c 75 30 30 33 64 22
                                  Data Ascii: all rankings","nvidia geforce rtx 5090","ohio snow emergency levels","starlink united airlines","streaming movies"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d"
                                  2025-01-06 15:17:42 UTC5INData Raw: 30 0d 0a 0d 0a
                                  Data Ascii: 0


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  8192.168.2.1649724142.250.185.2284437020C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  2025-01-06 15:17:42 UTC353OUTGET /async/ddljson?async=ntp:2 HTTP/1.1
                                  Host: www.google.com
                                  Connection: keep-alive
                                  Sec-Fetch-Site: none
                                  Sec-Fetch-Mode: no-cors
                                  Sec-Fetch-Dest: empty
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-US,en;q=0.9
                                  2025-01-06 15:17:42 UTC1018INHTTP/1.1 200 OK
                                  Version: 705503573
                                  Content-Type: application/json; charset=UTF-8
                                  X-Content-Type-Options: nosniff
                                  Strict-Transport-Security: max-age=31536000
                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                  Accept-CH: Sec-CH-Prefers-Color-Scheme
                                  Accept-CH: Sec-CH-UA-Form-Factors
                                  Accept-CH: Sec-CH-UA-Platform
                                  Accept-CH: Sec-CH-UA-Platform-Version
                                  Accept-CH: Sec-CH-UA-Full-Version
                                  Accept-CH: Sec-CH-UA-Arch
                                  Accept-CH: Sec-CH-UA-Model
                                  Accept-CH: Sec-CH-UA-Bitness
                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                  Accept-CH: Sec-CH-UA-WoW64
                                  Permissions-Policy: unload=()
                                  Content-Disposition: attachment; filename="f.txt"
                                  Date: Mon, 06 Jan 2025 15:17:42 GMT
                                  Server: gws
                                  X-XSS-Protection: 0
                                  X-Frame-Options: SAMEORIGIN
                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                  Accept-Ranges: none
                                  Vary: Accept-Encoding
                                  Connection: close
                                  Transfer-Encoding: chunked
                                  2025-01-06 15:17:42 UTC25INData Raw: 31 33 0d 0a 29 5d 7d 27 0a 7b 22 64 64 6c 6a 73 6f 6e 22 3a 7b 7d 7d 0d 0a
                                  Data Ascii: 13)]}'{"ddljson":{}}
                                  2025-01-06 15:17:42 UTC5INData Raw: 30 0d 0a 0d 0a
                                  Data Ascii: 0


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  9192.168.2.1649726142.250.185.2284437020C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  2025-01-06 15:17:42 UTC530OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                  Host: www.google.com
                                  Connection: keep-alive
                                  X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX
                                  Sec-Fetch-Site: cross-site
                                  Sec-Fetch-Mode: no-cors
                                  Sec-Fetch-Dest: empty
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-US,en;q=0.9
                                  2025-01-06 15:17:42 UTC1018INHTTP/1.1 200 OK
                                  Version: 705503573
                                  Content-Type: application/json; charset=UTF-8
                                  X-Content-Type-Options: nosniff
                                  Strict-Transport-Security: max-age=31536000
                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                  Accept-CH: Sec-CH-Prefers-Color-Scheme
                                  Accept-CH: Sec-CH-UA-Form-Factors
                                  Accept-CH: Sec-CH-UA-Platform
                                  Accept-CH: Sec-CH-UA-Platform-Version
                                  Accept-CH: Sec-CH-UA-Full-Version
                                  Accept-CH: Sec-CH-UA-Arch
                                  Accept-CH: Sec-CH-UA-Model
                                  Accept-CH: Sec-CH-UA-Bitness
                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                  Accept-CH: Sec-CH-UA-WoW64
                                  Permissions-Policy: unload=()
                                  Content-Disposition: attachment; filename="f.txt"
                                  Date: Mon, 06 Jan 2025 15:17:42 GMT
                                  Server: gws
                                  X-XSS-Protection: 0
                                  X-Frame-Options: SAMEORIGIN
                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                  Accept-Ranges: none
                                  Vary: Accept-Encoding
                                  Connection: close
                                  Transfer-Encoding: chunked
                                  2025-01-06 15:17:42 UTC372INData Raw: 32 64 35 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65
                                  Data Ascii: 2d5d)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
                                  2025-01-06 15:17:42 UTC1390INData Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30
                                  Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
                                  2025-01-06 15:17:42 UTC1390INData Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64
                                  Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
                                  2025-01-06 15:17:42 UTC1390INData Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20
                                  Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
                                  2025-01-06 15:17:42 UTC1390INData Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c
                                  Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
                                  2025-01-06 15:17:42 UTC1390INData Raw: 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 33 30 39 2c 33 37 30 30 39 34 32 2c 33 37 30 31 33 38 34 2c 31 30 32 32 37 38 32 30 35 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61
                                  Data Ascii: enu-content","metadata":{"bar_height":60,"experiment_id":[3700309,3700942,3701384,102278205],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_||{};(function(_){va
                                  2025-01-06 15:17:42 UTC1390INData Raw: 20 63 5c 75 30 30 33 64 41 72 72 61 79 28 62 29 3b 66 6f 72 28 6c 65 74 20 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 62 3b 64 2b 2b 29 63 5b 64 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 5b 5d 7d 3b 47 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 46 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2b 5c 22 3a 5c 22 29 7d 3b 5f 2e 48 64 5c 75 30 30 33 64 67 6c 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 49 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72
                                  Data Ascii: c\u003dArray(b);for(let d\u003d0;d\u003cb;d++)c[d]\u003da[d];return c}return[]};Gd\u003dfunction(a){return new _.Fd(b\u003d\u003eb.substr(0,a.length+1).toLowerCase()\u003d\u003d\u003da+\":\")};_.Hd\u003dglobalThis.trustedTypes;_.Id\u003dclass{constructor
                                  2025-01-06 15:17:42 UTC1390INData Raw: 72 6e 20 61 2e 69 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 7d 3b 5f 2e 58 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 57 64 2e 74 65 73 74 28 61 29 29 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 59 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 49 64 29 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 49 64 29 61 5c 75 30 30 33 64 61 2e 69 3b 65 6c 73 65 20 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 65 6c 73 65 20 61 5c 75 30 30 33 64 5f 2e 58 64 28 61 29 3b 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 5a 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 29 7b 6c 65 74 20 63 2c 64 3b 62 5c 75 30 30 33
                                  Data Ascii: rn a.i;throw Error(\"F\");};_.Xd\u003dfunction(a){if(Wd.test(a))return a};_.Yd\u003dfunction(a){if(a instanceof _.Id)if(a instanceof _.Id)a\u003da.i;else throw Error(\"F\");else a\u003d_.Xd(a);return a};_.Zd\u003dfunction(a,b\u003ddocument){let c,d;b\u003
                                  2025-01-06 15:17:42 UTC1390INData Raw: 33 64 28 62 7c 7c 63 29 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 28 62 5c 75 30 30 33 64 62 7c 7c 63 2c 61 5c 75 30 30 33 64 28 61 3f 62 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 5c 22 2a 5c 22 29 29 5b 30 5d 7c 7c 6e 75 6c 6c 29 29 3b 72 65 74 75 72 6e 20 61 7c 7c 6e 75 6c 6c 7d 3b 5c 6e 5f 2e 6b 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 5f 2e 79 62 28 62 2c 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 79 6c 65 5c 22 3f 61 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64
                                  Data Ascii: 3d(b||c).querySelector(a?\".\"+a:\"\"):(b\u003db||c,a\u003d(a?b.querySelectorAll(a?\".\"+a:\"\"):b.getElementsByTagName(\"*\"))[0]||null));return a||null};\n_.ke\u003dfunction(a,b){_.yb(b,function(c,d){d\u003d\u003d\"style\"?a.style.cssText\u003dc:d\u003d
                                  2025-01-06 15:17:42 UTC129INData Raw: 6e 28 61 29 7b 72 65 74 75 72 6e 20 5f 2e 6d 65 28 64 6f 63 75 6d 65 6e 74 2c 61 29 7d 3b 5f 2e 6d 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 5c 75 30 30 33 64 53 74 72 69 6e 67 28 62 29 3b 61 2e 63 6f 6e 74 65 6e 74 54 79 70 65 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 68 74 6d 6c 2b 78 6d 6c 5c 22 0d 0a
                                  Data Ascii: n(a){return _.me(document,a)};_.me\u003dfunction(a,b){b\u003dString(b);a.contentType\u003d\u003d\u003d\"application/xhtml+xml\"


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  10192.168.2.1649725142.250.185.2284437020C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  2025-01-06 15:17:42 UTC353OUTGET /async/newtab_promos HTTP/1.1
                                  Host: www.google.com
                                  Connection: keep-alive
                                  Sec-Fetch-Site: cross-site
                                  Sec-Fetch-Mode: no-cors
                                  Sec-Fetch-Dest: empty
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-US,en;q=0.9
                                  2025-01-06 15:17:42 UTC933INHTTP/1.1 200 OK
                                  Version: 705503573
                                  Content-Type: application/json; charset=UTF-8
                                  X-Content-Type-Options: nosniff
                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                  Accept-CH: Sec-CH-UA-Form-Factors
                                  Accept-CH: Sec-CH-UA-Platform
                                  Accept-CH: Sec-CH-UA-Platform-Version
                                  Accept-CH: Sec-CH-UA-Full-Version
                                  Accept-CH: Sec-CH-UA-Arch
                                  Accept-CH: Sec-CH-UA-Model
                                  Accept-CH: Sec-CH-UA-Bitness
                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                  Accept-CH: Sec-CH-UA-WoW64
                                  Permissions-Policy: unload=()
                                  Content-Disposition: attachment; filename="f.txt"
                                  Date: Mon, 06 Jan 2025 15:17:42 GMT
                                  Server: gws
                                  X-XSS-Protection: 0
                                  X-Frame-Options: SAMEORIGIN
                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                  Accept-Ranges: none
                                  Vary: Accept-Encoding
                                  Connection: close
                                  Transfer-Encoding: chunked
                                  2025-01-06 15:17:42 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                                  Data Ascii: 1d)]}'{"update":{"promos":{}}}
                                  2025-01-06 15:17:42 UTC5INData Raw: 30 0d 0a 0d 0a
                                  Data Ascii: 0


                                  Statistics

                                  CPU Usage

                                  Click to jump to process

                                  Memory Usage

                                  Click to jump to process

                                  Behavior

                                  Click to jump to process

                                  System Behavior

                                  General

                                  Target ID:0
                                  Start time:10:16:13
                                  Start date:06/01/2025
                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  Wow64 process (32bit):false
                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                                  Imagebase:0x7ff7f9810000
                                  File size:3'242'272 bytes
                                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:low
                                  Has exited:true

                                  General

                                  Target ID:1
                                  Start time:10:16:13
                                  Start date:06/01/2025
                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  Wow64 process (32bit):false
                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1976,i,17775890486648256168,7618865636179673741,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                  Imagebase:0x7ff7f9810000
                                  File size:3'242'272 bytes
                                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:low
                                  Has exited:true

                                  General

                                  Target ID:3
                                  Start time:10:16:14
                                  Start date:06/01/2025
                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  Wow64 process (32bit):false
                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://hacdct-my.sharepoint.com/:f:/g/personal/dmarra_hacdct_org/El0CfhNMVMNNuzPj6QGnrSQBywVLNW96w_XrX10UdRlfmQ?email=dhodder%40haigroup.com&e=d37USF&xsdata=MDV8MDJ8am1ja2lubGV5QGhhaWdyb3VwLmNvbXwyYzYxNmM3ZDhlNmU0YWM5MDJlMjA4ZGQyZTYzYjFmMnw4MjgxNWI4YzM3NzU0NTk5OTdjNzJiODc1MjhlNmY4M3wwfDB8NjM4NzE3NzMyNjY3MjIxNDQzfFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXw0MDAwfHx8&sdata=bXM5KzduUjdVc3RFaFJsU1ZBR1d1enMxT3I3VitIdmc4MUlhZ25WT3dmWT0%3d"
                                  Imagebase:0x7ff7f9810000
                                  File size:3'242'272 bytes
                                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:low
                                  Has exited:true

                                  Disassembly

                                  No disassembly