Edit tour

Windows Analysis Report
https://cdn.ampproject.org/c/s/storage.googleapis.com/64537346863/pdpeulwim8hmijrsur818_q3ijp1j8y4ml6p47_0j2my8bsc.html?lt=t_s_jan_293241770520623800_stage&target=293241770520623800_1&utm_rid=293241770520623800_2

Overview

General Information

Sample URL:https://cdn.ampproject.org/c/s/storage.googleapis.com/64537346863/pdpeulwim8hmijrsur818_q3ijp1j8y4ml6p47_0j2my8bsc.html?lt=t_s_jan_293241770520623800_stage&target=293241770520623800_1&utm_rid=29324177
Analysis ID:1653607
Infos:

Detection

Score:52
Range:0 - 100
Confidence:100%

Signatures

AI detected phishing page
AI detected suspicious Javascript
Creates files inside the system directory
Deletes files inside the Windows folder
HTML title does not match URL

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • chrome.exe (PID: 3520 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 6068 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2028,i,7632261494517681474,106541947582837358,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2096 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 5428 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cdn.ampproject.org/c/s/storage.googleapis.com/64537346863/pdpeulwim8hmijrsur818_q3ijp1j8y4ml6p47_0j2my8bsc.html?lt=t_s_jan_293241770520623800_stage&target=293241770520623800_1&utm_rid=293241770520623800_2" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Source: https://3474889.cfd/?pzu1ue0fb=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/Y2xpZW50X2lkPTIyOWY0ZDYxLTA3ZWItNDU0YS05NDUzLWQyN2JiYTdjYzk1YiZzY29wZT1TZWNyZXRzLlJlYWRXcml0ZS5DcmVhdGVkQnlBcHAuU2VjdXJlK29mZmxpbmVfYWNjZXNzJnJlZGlyZWN0X3VyaT1odHRwcyUzYSUyZiUyZmxvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20lMmZjb21tb24lMmZvYXV0aDIlMmZuYXRpdmVjbGllbnQmcmVzcG9uc2VfdHlwZT1jb2RlJnN0YXRlPSU3YiUyMmlkJTIyJTNhJTIyZmllZGJmZ2NsZWRkbGJjbWdkaWdqZ2RmY2dnamNpb24lMjIlN2QmcmVzcG9uc2VfbW9kZT1xdWVyeSZ1YWlkPTdjNDg2NzA3NzFlYzRhMDE5NTQ5OGZkMzY0YjQ3OWFiJm1zcHJveHk9MSZpc3N1ZXI9bXNvJnRlbmFudD1jb25zdW1lcnMmdWlfbG9jYWxlcz1lbi1VUyZlcGN0PVBBUUFCRGdFQUFBQlZyU3BldVdhbVJhbTJqQUYxWFJRRU5PcGlacHdhejlCaEVrajBaVzZnZG9aUHk1M1ljYno1RXRUUHZ5X0lJMWh6eEZ4MTI5UmhWSzVzSllHOHFHdEdCaGZuOUJ3WmRDYkpjMkJJWGZYWFl1VFBBcTQ2bGNFMmVxZW9kRTZUcW42MGhsa091NHpCa2J0c3hzeHNaTk4xU3pBenJNNUxxRHJzWURSczVLV2FPR25CdVVGWU54dDRVRmRGNWJGWWJpNzBFc0k2cWRHbU1rVjBaZXdKWjNaY2Ixc1pKMDg0ZDFFSy1CUy1YOGFsTXlBQSZqc2hzPTAjJoe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is a well-known global technology company., The legitimate domain for Microsoft is 'microsoft.com'., The provided URL '3474889.cfd' does not match the legitimate domain for Microsoft., The URL uses a '.cfd' domain extension, which is unusual for a well-known brand like Microsoft., The URL does not contain any recognizable elements related to Microsoft, which is suspicious., The presence of input fields for 'Email, phone, or Skype' is typical for phishing attempts targeting Microsoft accounts. DOM: 3.3.pages.csv
Source: 3.6..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://3474889.cfd/?pzu1ue0fb=aHR0cHM6Ly9sb2dpbi5... This script demonstrates high-risk behavior. It attempts to redirect the user to a different domain, which could be a sign of a phishing or malicious attempt. The use of `unescape` and dynamic `document.write` also indicates potential code injection or obfuscation, which are common techniques used in malicious scripts.
Source: https://3474889.cfd/?pzu1ue0fb=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/Y2xpZW50X2lkPTIyOWY0ZDYxLTA3ZWItNDU0YS05NDUzLWQyN2JiYTdjYzk1YiZzY29wZT1TZWNyZXRzLlJlYWRXcml0ZS5DcmVhdGVkQnlBcHAuU2VjdXJlK29mZmxpbmVfYWNjZXNzJnJlZGlyZWN0X3VyaT1odHRwcyUzYSUyZiUyZmxvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20lMmZjb21tb24lMmZvYXV0aDIlMmZuYXRpdmVjbGllbnQmcmVzcG9uc2VfdHlwZT1jb2RlJnN0YXRlPSU3YiUyMmlkJTIyJTNhJTIyZmllZGJmZ2NsZWRkbGJjbWdkaWdqZ2RmY2dnamNpb24lMjIlN2QmcmVzcG9uc2VfbW9kZT1xdWVyeSZ1YWlkPTdjNDg2NzA3NzFlYzRhMDE5NTQ5OGZkMzY0YjQ3OWFiJm1zcHJveHk9MSZpc3N1ZXI9bXNvJnRlbmFudD1jb25zdW1lcnMmdWlfbG9jYWxlcz1lbi1VUyZlcGN0PVBBUUFCRGdFQUFBQlZyU3BldVdhbVJhbTJqQUYxWFJRRU5PcGlacHdhejlCaEVrajBaVzZnZG9aUHk1M1ljYno1RXRUUHZ5X0lJMWh6eEZ4MTI5UmhWSzVzSllHOHFHdEdCaGZuOUJ3WmRDYkpjMkJJWGZYWFl1VFBBcTQ2bGNFMmVxZW9kRTZUcW42MGhsa091NHpCa2J0c3hzeHNaTk4xU3pBenJNNUxxRHJzWURSczVLV2FPR25CdVVGWU54dDRVRmRGNWJGWWJpNzBFc0k2cWRHbU1rVjBaZXdKWjNaY2Ixc1pKMDg0ZDFFSy1CUy1YOGFsTXlBQSZqc2hzPTAjHTTP Parser: Title: Sign in to your Microsoft account does not match URL
Source: https://3474889.cfd/?pzu1ue0fb=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/Y2xpZW50X2lkPTIyOWY0ZDYxLTA3ZWItNDU0YS05NDUzLWQyN2JiYTdjYzk1YiZzY29wZT1TZWNyZXRzLlJlYWRXcml0ZS5DcmVhdGVkQnlBcHAuU2VjdXJlK29mZmxpbmVfYWNjZXNzJnJlZGlyZWN0X3VyaT1odHRwcyUzYSUyZiUyZmxvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20lMmZjb21tb24lMmZvYXV0aDIlMmZuYXRpdmVjbGllbnQmcmVzcG9uc2VfdHlwZT1jb2RlJnN0YXRlPSU3YiUyMmlkJTIyJTNhJTIyZmllZGJmZ2NsZWRkbGJjbWdkaWdqZ2RmY2dnamNpb24lMjIlN2QmcmVzcG9uc2VfbW9kZT1xdWVyeSZ1YWlkPTdjNDg2NzA3NzFlYzRhMDE5NTQ5OGZkMzY0YjQ3OWFiJm1zcHJveHk9MSZpc3N1ZXI9bXNvJnRlbmFudD1jb25zdW1lcnMmdWlfbG9jYWxlcz1lbi1VUyZlcGN0PVBBUUFCRGdFQUFBQlZyU3BldVdhbVJhbTJqQUYxWFJRRU5PcGlacHdhejlCaEVrajBaVzZnZG9aUHk1M1ljYno1RXRUUHZ5X0lJMWh6eEZ4MTI5UmhWSzVzSllHOHFHdEdCaGZuOUJ3WmRDYkpjMkJJWGZYWFl1VFBBcTQ2bGNFMmVxZW9kRTZUcW42MGhsa091NHpCa2J0c3hzeHNaTk4xU3pBenJNNUxxRHJzWURSczVLV2FPR25CdVVGWU54dDRVRmRGNWJGWWJpNzBFc0k2cWRHbU1rVjBaZXdKWjNaY2Ixc1pKMDg0ZDFFSy1CUy1YOGFsTXlBQSZqc2hzPTAjHTTP Parser: Iframe src: https://fpt.live.com?session_id=7c48670771ec4a0195498fd364b479ab&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SI
Source: https://3474889.cfd/?pzu1ue0fb=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/Y2xpZW50X2lkPTIyOWY0ZDYxLTA3ZWItNDU0YS05NDUzLWQyN2JiYTdjYzk1YiZzY29wZT1TZWNyZXRzLlJlYWRXcml0ZS5DcmVhdGVkQnlBcHAuU2VjdXJlK29mZmxpbmVfYWNjZXNzJnJlZGlyZWN0X3VyaT1odHRwcyUzYSUyZiUyZmxvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20lMmZjb21tb24lMmZvYXV0aDIlMmZuYXRpdmVjbGllbnQmcmVzcG9uc2VfdHlwZT1jb2RlJnN0YXRlPSU3YiUyMmlkJTIyJTNhJTIyZmllZGJmZ2NsZWRkbGJjbWdkaWdqZ2RmY2dnamNpb24lMjIlN2QmcmVzcG9uc2VfbW9kZT1xdWVyeSZ1YWlkPTdjNDg2NzA3NzFlYzRhMDE5NTQ5OGZkMzY0YjQ3OWFiJm1zcHJveHk9MSZpc3N1ZXI9bXNvJnRlbmFudD1jb25zdW1lcnMmdWlfbG9jYWxlcz1lbi1VUyZlcGN0PVBBUUFCRGdFQUFBQlZyU3BldVdhbVJhbTJqQUYxWFJRRU5PcGlacHdhejlCaEVrajBaVzZnZG9aUHk1M1ljYno1RXRUUHZ5X0lJMWh6eEZ4MTI5UmhWSzVzSllHOHFHdEdCaGZuOUJ3WmRDYkpjMkJJWGZYWFl1VFBBcTQ2bGNFMmVxZW9kRTZUcW42MGhsa091NHpCa2J0c3hzeHNaTk4xU3pBenJNNUxxRHJzWURSczVLV2FPR25CdVVGWU54dDRVRmRGNWJGWWJpNzBFc0k2cWRHbU1rVjBaZXdKWjNaY2Ixc1pKMDg0ZDFFSy1CUy1YOGFsTXlBQSZqc2hzPTAjHTTP Parser: Iframe src: https://fpt.live.com?session_id=7c48670771ec4a0195498fd364b479ab&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SI
Source: https://3474889.cfd/?pzu1ue0fb=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/Y2xpZW50X2lkPTIyOWY0ZDYxLTA3ZWItNDU0YS05NDUzLWQyN2JiYTdjYzk1YiZzY29wZT1TZWNyZXRzLlJlYWRXcml0ZS5DcmVhdGVkQnlBcHAuU2VjdXJlK29mZmxpbmVfYWNjZXNzJnJlZGlyZWN0X3VyaT1odHRwcyUzYSUyZiUyZmxvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20lMmZjb21tb24lMmZvYXV0aDIlMmZuYXRpdmVjbGllbnQmcmVzcG9uc2VfdHlwZT1jb2RlJnN0YXRlPSU3YiUyMmlkJTIyJTNhJTIyZmllZGJmZ2NsZWRkbGJjbWdkaWdqZ2RmY2dnamNpb24lMjIlN2QmcmVzcG9uc2VfbW9kZT1xdWVyeSZ1YWlkPTdjNDg2NzA3NzFlYzRhMDE5NTQ5OGZkMzY0YjQ3OWFiJm1zcHJveHk9MSZpc3N1ZXI9bXNvJnRlbmFudD1jb25zdW1lcnMmdWlfbG9jYWxlcz1lbi1VUyZlcGN0PVBBUUFCRGdFQUFBQlZyU3BldVdhbVJhbTJqQUYxWFJRRU5PcGlacHdhejlCaEVrajBaVzZnZG9aUHk1M1ljYno1RXRUUHZ5X0lJMWh6eEZ4MTI5UmhWSzVzSllHOHFHdEdCaGZuOUJ3WmRDYkpjMkJJWGZYWFl1VFBBcTQ2bGNFMmVxZW9kRTZUcW42MGhsa091NHpCa2J0c3hzeHNaTk4xU3pBenJNNUxxRHJzWURSczVLV2FPR25CdVVGWU54dDRVRmRGNWJGWWJpNzBFc0k2cWRHbU1rVjBaZXdKWjNaY2Ixc1pKMDg0ZDFFSy1CUy1YOGFsTXlBQSZqc2hzPTAjHTTP Parser: Iframe src: https://fpt.live.com?session_id=7c48670771ec4a0195498fd364b479ab&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SI
Source: https://3474889.cfd/?pzu1ue0fb=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/Y2xpZW50X2lkPTIyOWY0ZDYxLTA3ZWItNDU0YS05NDUzLWQyN2JiYTdjYzk1YiZzY29wZT1TZWNyZXRzLlJlYWRXcml0ZS5DcmVhdGVkQnlBcHAuU2VjdXJlK29mZmxpbmVfYWNjZXNzJnJlZGlyZWN0X3VyaT1odHRwcyUzYSUyZiUyZmxvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20lMmZjb21tb24lMmZvYXV0aDIlMmZuYXRpdmVjbGllbnQmcmVzcG9uc2VfdHlwZT1jb2RlJnN0YXRlPSU3YiUyMmlkJTIyJTNhJTIyZmllZGJmZ2NsZWRkbGJjbWdkaWdqZ2RmY2dnamNpb24lMjIlN2QmcmVzcG9uc2VfbW9kZT1xdWVyeSZ1YWlkPTdjNDg2NzA3NzFlYzRhMDE5NTQ5OGZkMzY0YjQ3OWFiJm1zcHJveHk9MSZpc3N1ZXI9bXNvJnRlbmFudD1jb25zdW1lcnMmdWlfbG9jYWxlcz1lbi1VUyZlcGN0PVBBUUFCRGdFQUFBQlZyU3BldVdhbVJhbTJqQUYxWFJRRU5PcGlacHdhejlCaEVrajBaVzZnZG9aUHk1M1ljYno1RXRUUHZ5X0lJMWh6eEZ4MTI5UmhWSzVzSllHOHFHdEdCaGZuOUJ3WmRDYkpjMkJJWGZYWFl1VFBBcTQ2bGNFMmVxZW9kRTZUcW42MGhsa091NHpCa2J0c3hzeHNaTk4xU3pBenJNNUxxRHJzWURSczVLV2FPR25CdVVGWU54dDRVRmRGNWJGWWJpNzBFc0k2cWRHbU1rVjBaZXdKWjNaY2Ixc1pKMDg0ZDFFSy1CUy1YOGFsTXlBQSZqc2hzPTAjHTTP Parser: Iframe src: https://fpt.live.com?session_id=7c48670771ec4a0195498fd364b479ab&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SI
Source: https://storage.googleapis.com/64537346863/pdpeulwim8hmijrsur818_q3ijp1j8y4ml6p47_0j2my8bsc.html?lt=t_s_jan_293241770520623800_stage&target=293241770520623800_1&utm_rid=293241770520623800_2HTTP Parser: No favicon
Source: https://3474889.cfd/?pzu1ue0fb=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/Y2xpZW50X2lkPTIyOWY0ZDYxLTA3ZWItNDU0YS05NDUzLWQyN2JiYTdjYzk1YiZzY29wZT1TZWNyZXRzLlJlYWRXcml0ZS5DcmVhdGVkQnlBcHAuU2VjdXJlK29mZmxpbmVfYWNjZXNzJnJlZGlyZWN0X3VyaT1odHRwcyUzYSUyZiUyZmxvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20lMmZjb21tb24lMmZvYXV0aDIlMmZuYXRpdmVjbGllbnQmcmVzcG9uc2VfdHlwZT1jb2RlJnN0YXRlPSU3YiUyMmlkJTIyJTNhJTIyZmllZGJmZ2NsZWRkbGJjbWdkaWdqZ2RmY2dnamNpb24lMjIlN2QmcmVzcG9uc2VfbW9kZT1xdWVyeSZ1YWlkPTdjNDg2NzA3NzFlYzRhMDE5NTQ5OGZkMzY0YjQ3OWFiJm1zcHJveHk9MSZpc3N1ZXI9bXNvJnRlbmFudD1jb25zdW1lcnMmdWlfbG9jYWxlcz1lbi1VUyZlcGN0PVBBUUFCRGdFQUFBQlZyU3BldVdhbVJhbTJqQUYxWFJRRU5PcGlacHdhejlCaEVrajBaVzZnZG9aUHk1M1ljYno1RXRUUHZ5X0lJMWh6eEZ4MTI5UmhWSzVzSllHOHFHdEdCaGZuOUJ3WmRDYkpjMkJJWGZYWFl1VFBBcTQ2bGNFMmVxZW9kRTZUcW42MGhsa091NHpCa2J0c3hzeHNaTk4xU3pBenJNNUxxRHJzWURSczVLV2FPR25CdVVGWU54dDRVRmRGNWJGWWJpNzBFc0k2cWRHbU1rVjBaZXdKWjNaY2Ixc1pKMDg0ZDFFSy1CUy1YOGFsTXlBQSZqc2hzPTAjHTTP Parser: No favicon
Source: https://3474889.cfd/?pzu1ue0fb=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/Y2xpZW50X2lkPTIyOWY0ZDYxLTA3ZWItNDU0YS05NDUzLWQyN2JiYTdjYzk1YiZzY29wZT1TZWNyZXRzLlJlYWRXcml0ZS5DcmVhdGVkQnlBcHAuU2VjdXJlK29mZmxpbmVfYWNjZXNzJnJlZGlyZWN0X3VyaT1odHRwcyUzYSUyZiUyZmxvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20lMmZjb21tb24lMmZvYXV0aDIlMmZuYXRpdmVjbGllbnQmcmVzcG9uc2VfdHlwZT1jb2RlJnN0YXRlPSU3YiUyMmlkJTIyJTNhJTIyZmllZGJmZ2NsZWRkbGJjbWdkaWdqZ2RmY2dnamNpb24lMjIlN2QmcmVzcG9uc2VfbW9kZT1xdWVyeSZ1YWlkPTdjNDg2NzA3NzFlYzRhMDE5NTQ5OGZkMzY0YjQ3OWFiJm1zcHJveHk9MSZpc3N1ZXI9bXNvJnRlbmFudD1jb25zdW1lcnMmdWlfbG9jYWxlcz1lbi1VUyZlcGN0PVBBUUFCRGdFQUFBQlZyU3BldVdhbVJhbTJqQUYxWFJRRU5PcGlacHdhejlCaEVrajBaVzZnZG9aUHk1M1ljYno1RXRUUHZ5X0lJMWh6eEZ4MTI5UmhWSzVzSllHOHFHdEdCaGZuOUJ3WmRDYkpjMkJJWGZYWFl1VFBBcTQ2bGNFMmVxZW9kRTZUcW42MGhsa091NHpCa2J0c3hzeHNaTk4xU3pBenJNNUxxRHJzWURSczVLV2FPR25CdVVGWU54dDRVRmRGNWJGWWJpNzBFc0k2cWRHbU1rVjBaZXdKWjNaY2Ixc1pKMDg0ZDFFSy1CUy1YOGFsTXlBQSZqc2hzPTAjHTTP Parser: No favicon
Source: https://3474889.cfd/?pzu1ue0fb=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/Y2xpZW50X2lkPTIyOWY0ZDYxLTA3ZWItNDU0YS05NDUzLWQyN2JiYTdjYzk1YiZzY29wZT1TZWNyZXRzLlJlYWRXcml0ZS5DcmVhdGVkQnlBcHAuU2VjdXJlK29mZmxpbmVfYWNjZXNzJnJlZGlyZWN0X3VyaT1odHRwcyUzYSUyZiUyZmxvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20lMmZjb21tb24lMmZvYXV0aDIlMmZuYXRpdmVjbGllbnQmcmVzcG9uc2VfdHlwZT1jb2RlJnN0YXRlPSU3YiUyMmlkJTIyJTNhJTIyZmllZGJmZ2NsZWRkbGJjbWdkaWdqZ2RmY2dnamNpb24lMjIlN2QmcmVzcG9uc2VfbW9kZT1xdWVyeSZ1YWlkPTdjNDg2NzA3NzFlYzRhMDE5NTQ5OGZkMzY0YjQ3OWFiJm1zcHJveHk9MSZpc3N1ZXI9bXNvJnRlbmFudD1jb25zdW1lcnMmdWlfbG9jYWxlcz1lbi1VUyZlcGN0PVBBUUFCRGdFQUFBQlZyU3BldVdhbVJhbTJqQUYxWFJRRU5PcGlacHdhejlCaEVrajBaVzZnZG9aUHk1M1ljYno1RXRUUHZ5X0lJMWh6eEZ4MTI5UmhWSzVzSllHOHFHdEdCaGZuOUJ3WmRDYkpjMkJJWGZYWFl1VFBBcTQ2bGNFMmVxZW9kRTZUcW42MGhsa091NHpCa2J0c3hzeHNaTk4xU3pBenJNNUxxRHJzWURSczVLV2FPR25CdVVGWU54dDRVRmRGNWJGWWJpNzBFc0k2cWRHbU1rVjBaZXdKWjNaY2Ixc1pKMDg0ZDFFSy1CUy1YOGFsTXlBQSZqc2hzPTAjHTTP Parser: No <meta name="author".. found
Source: https://3474889.cfd/?pzu1ue0fb=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/Y2xpZW50X2lkPTIyOWY0ZDYxLTA3ZWItNDU0YS05NDUzLWQyN2JiYTdjYzk1YiZzY29wZT1TZWNyZXRzLlJlYWRXcml0ZS5DcmVhdGVkQnlBcHAuU2VjdXJlK29mZmxpbmVfYWNjZXNzJnJlZGlyZWN0X3VyaT1odHRwcyUzYSUyZiUyZmxvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20lMmZjb21tb24lMmZvYXV0aDIlMmZuYXRpdmVjbGllbnQmcmVzcG9uc2VfdHlwZT1jb2RlJnN0YXRlPSU3YiUyMmlkJTIyJTNhJTIyZmllZGJmZ2NsZWRkbGJjbWdkaWdqZ2RmY2dnamNpb24lMjIlN2QmcmVzcG9uc2VfbW9kZT1xdWVyeSZ1YWlkPTdjNDg2NzA3NzFlYzRhMDE5NTQ5OGZkMzY0YjQ3OWFiJm1zcHJveHk9MSZpc3N1ZXI9bXNvJnRlbmFudD1jb25zdW1lcnMmdWlfbG9jYWxlcz1lbi1VUyZlcGN0PVBBUUFCRGdFQUFBQlZyU3BldVdhbVJhbTJqQUYxWFJRRU5PcGlacHdhejlCaEVrajBaVzZnZG9aUHk1M1ljYno1RXRUUHZ5X0lJMWh6eEZ4MTI5UmhWSzVzSllHOHFHdEdCaGZuOUJ3WmRDYkpjMkJJWGZYWFl1VFBBcTQ2bGNFMmVxZW9kRTZUcW42MGhsa091NHpCa2J0c3hzeHNaTk4xU3pBenJNNUxxRHJzWURSczVLV2FPR25CdVVGWU54dDRVRmRGNWJGWWJpNzBFc0k2cWRHbU1rVjBaZXdKWjNaY2Ixc1pKMDg0ZDFFSy1CUy1YOGFsTXlBQSZqc2hzPTAjHTTP Parser: No <meta name="author".. found
Source: https://3474889.cfd/?pzu1ue0fb=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/Y2xpZW50X2lkPTIyOWY0ZDYxLTA3ZWItNDU0YS05NDUzLWQyN2JiYTdjYzk1YiZzY29wZT1TZWNyZXRzLlJlYWRXcml0ZS5DcmVhdGVkQnlBcHAuU2VjdXJlK29mZmxpbmVfYWNjZXNzJnJlZGlyZWN0X3VyaT1odHRwcyUzYSUyZiUyZmxvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20lMmZjb21tb24lMmZvYXV0aDIlMmZuYXRpdmVjbGllbnQmcmVzcG9uc2VfdHlwZT1jb2RlJnN0YXRlPSU3YiUyMmlkJTIyJTNhJTIyZmllZGJmZ2NsZWRkbGJjbWdkaWdqZ2RmY2dnamNpb24lMjIlN2QmcmVzcG9uc2VfbW9kZT1xdWVyeSZ1YWlkPTdjNDg2NzA3NzFlYzRhMDE5NTQ5OGZkMzY0YjQ3OWFiJm1zcHJveHk9MSZpc3N1ZXI9bXNvJnRlbmFudD1jb25zdW1lcnMmdWlfbG9jYWxlcz1lbi1VUyZlcGN0PVBBUUFCRGdFQUFBQlZyU3BldVdhbVJhbTJqQUYxWFJRRU5PcGlacHdhejlCaEVrajBaVzZnZG9aUHk1M1ljYno1RXRUUHZ5X0lJMWh6eEZ4MTI5UmhWSzVzSllHOHFHdEdCaGZuOUJ3WmRDYkpjMkJJWGZYWFl1VFBBcTQ2bGNFMmVxZW9kRTZUcW42MGhsa091NHpCa2J0c3hzeHNaTk4xU3pBenJNNUxxRHJzWURSczVLV2FPR25CdVVGWU54dDRVRmRGNWJGWWJpNzBFc0k2cWRHbU1rVjBaZXdKWjNaY2Ixc1pKMDg0ZDFFSy1CUy1YOGFsTXlBQSZqc2hzPTAjHTTP Parser: No <meta name="author".. found
Source: https://3474889.cfd/?pzu1ue0fb=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/Y2xpZW50X2lkPTIyOWY0ZDYxLTA3ZWItNDU0YS05NDUzLWQyN2JiYTdjYzk1YiZzY29wZT1TZWNyZXRzLlJlYWRXcml0ZS5DcmVhdGVkQnlBcHAuU2VjdXJlK29mZmxpbmVfYWNjZXNzJnJlZGlyZWN0X3VyaT1odHRwcyUzYSUyZiUyZmxvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20lMmZjb21tb24lMmZvYXV0aDIlMmZuYXRpdmVjbGllbnQmcmVzcG9uc2VfdHlwZT1jb2RlJnN0YXRlPSU3YiUyMmlkJTIyJTNhJTIyZmllZGJmZ2NsZWRkbGJjbWdkaWdqZ2RmY2dnamNpb24lMjIlN2QmcmVzcG9uc2VfbW9kZT1xdWVyeSZ1YWlkPTdjNDg2NzA3NzFlYzRhMDE5NTQ5OGZkMzY0YjQ3OWFiJm1zcHJveHk9MSZpc3N1ZXI9bXNvJnRlbmFudD1jb25zdW1lcnMmdWlfbG9jYWxlcz1lbi1VUyZlcGN0PVBBUUFCRGdFQUFBQlZyU3BldVdhbVJhbTJqQUYxWFJRRU5PcGlacHdhejlCaEVrajBaVzZnZG9aUHk1M1ljYno1RXRUUHZ5X0lJMWh6eEZ4MTI5UmhWSzVzSllHOHFHdEdCaGZuOUJ3WmRDYkpjMkJJWGZYWFl1VFBBcTQ2bGNFMmVxZW9kRTZUcW42MGhsa091NHpCa2J0c3hzeHNaTk4xU3pBenJNNUxxRHJzWURSczVLV2FPR25CdVVGWU54dDRVRmRGNWJGWWJpNzBFc0k2cWRHbU1rVjBaZXdKWjNaY2Ixc1pKMDg0ZDFFSy1CUy1YOGFsTXlBQSZqc2hzPTAjHTTP Parser: No <meta name="author".. found
Source: https://3474889.cfd/?pzu1ue0fb=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/Y2xpZW50X2lkPTIyOWY0ZDYxLTA3ZWItNDU0YS05NDUzLWQyN2JiYTdjYzk1YiZzY29wZT1TZWNyZXRzLlJlYWRXcml0ZS5DcmVhdGVkQnlBcHAuU2VjdXJlK29mZmxpbmVfYWNjZXNzJnJlZGlyZWN0X3VyaT1odHRwcyUzYSUyZiUyZmxvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20lMmZjb21tb24lMmZvYXV0aDIlMmZuYXRpdmVjbGllbnQmcmVzcG9uc2VfdHlwZT1jb2RlJnN0YXRlPSU3YiUyMmlkJTIyJTNhJTIyZmllZGJmZ2NsZWRkbGJjbWdkaWdqZ2RmY2dnamNpb24lMjIlN2QmcmVzcG9uc2VfbW9kZT1xdWVyeSZ1YWlkPTdjNDg2NzA3NzFlYzRhMDE5NTQ5OGZkMzY0YjQ3OWFiJm1zcHJveHk9MSZpc3N1ZXI9bXNvJnRlbmFudD1jb25zdW1lcnMmdWlfbG9jYWxlcz1lbi1VUyZlcGN0PVBBUUFCRGdFQUFBQlZyU3BldVdhbVJhbTJqQUYxWFJRRU5PcGlacHdhejlCaEVrajBaVzZnZG9aUHk1M1ljYno1RXRUUHZ5X0lJMWh6eEZ4MTI5UmhWSzVzSllHOHFHdEdCaGZuOUJ3WmRDYkpjMkJJWGZYWFl1VFBBcTQ2bGNFMmVxZW9kRTZUcW42MGhsa091NHpCa2J0c3hzeHNaTk4xU3pBenJNNUxxRHJzWURSczVLV2FPR25CdVVGWU54dDRVRmRGNWJGWWJpNzBFc0k2cWRHbU1rVjBaZXdKWjNaY2Ixc1pKMDg0ZDFFSy1CUy1YOGFsTXlBQSZqc2hzPTAjHTTP Parser: No <meta name="copyright".. found
Source: https://3474889.cfd/?pzu1ue0fb=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/Y2xpZW50X2lkPTIyOWY0ZDYxLTA3ZWItNDU0YS05NDUzLWQyN2JiYTdjYzk1YiZzY29wZT1TZWNyZXRzLlJlYWRXcml0ZS5DcmVhdGVkQnlBcHAuU2VjdXJlK29mZmxpbmVfYWNjZXNzJnJlZGlyZWN0X3VyaT1odHRwcyUzYSUyZiUyZmxvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20lMmZjb21tb24lMmZvYXV0aDIlMmZuYXRpdmVjbGllbnQmcmVzcG9uc2VfdHlwZT1jb2RlJnN0YXRlPSU3YiUyMmlkJTIyJTNhJTIyZmllZGJmZ2NsZWRkbGJjbWdkaWdqZ2RmY2dnamNpb24lMjIlN2QmcmVzcG9uc2VfbW9kZT1xdWVyeSZ1YWlkPTdjNDg2NzA3NzFlYzRhMDE5NTQ5OGZkMzY0YjQ3OWFiJm1zcHJveHk9MSZpc3N1ZXI9bXNvJnRlbmFudD1jb25zdW1lcnMmdWlfbG9jYWxlcz1lbi1VUyZlcGN0PVBBUUFCRGdFQUFBQlZyU3BldVdhbVJhbTJqQUYxWFJRRU5PcGlacHdhejlCaEVrajBaVzZnZG9aUHk1M1ljYno1RXRUUHZ5X0lJMWh6eEZ4MTI5UmhWSzVzSllHOHFHdEdCaGZuOUJ3WmRDYkpjMkJJWGZYWFl1VFBBcTQ2bGNFMmVxZW9kRTZUcW42MGhsa091NHpCa2J0c3hzeHNaTk4xU3pBenJNNUxxRHJzWURSczVLV2FPR25CdVVGWU54dDRVRmRGNWJGWWJpNzBFc0k2cWRHbU1rVjBaZXdKWjNaY2Ixc1pKMDg0ZDFFSy1CUy1YOGFsTXlBQSZqc2hzPTAjHTTP Parser: No <meta name="copyright".. found
Source: https://3474889.cfd/?pzu1ue0fb=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/Y2xpZW50X2lkPTIyOWY0ZDYxLTA3ZWItNDU0YS05NDUzLWQyN2JiYTdjYzk1YiZzY29wZT1TZWNyZXRzLlJlYWRXcml0ZS5DcmVhdGVkQnlBcHAuU2VjdXJlK29mZmxpbmVfYWNjZXNzJnJlZGlyZWN0X3VyaT1odHRwcyUzYSUyZiUyZmxvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20lMmZjb21tb24lMmZvYXV0aDIlMmZuYXRpdmVjbGllbnQmcmVzcG9uc2VfdHlwZT1jb2RlJnN0YXRlPSU3YiUyMmlkJTIyJTNhJTIyZmllZGJmZ2NsZWRkbGJjbWdkaWdqZ2RmY2dnamNpb24lMjIlN2QmcmVzcG9uc2VfbW9kZT1xdWVyeSZ1YWlkPTdjNDg2NzA3NzFlYzRhMDE5NTQ5OGZkMzY0YjQ3OWFiJm1zcHJveHk9MSZpc3N1ZXI9bXNvJnRlbmFudD1jb25zdW1lcnMmdWlfbG9jYWxlcz1lbi1VUyZlcGN0PVBBUUFCRGdFQUFBQlZyU3BldVdhbVJhbTJqQUYxWFJRRU5PcGlacHdhejlCaEVrajBaVzZnZG9aUHk1M1ljYno1RXRUUHZ5X0lJMWh6eEZ4MTI5UmhWSzVzSllHOHFHdEdCaGZuOUJ3WmRDYkpjMkJJWGZYWFl1VFBBcTQ2bGNFMmVxZW9kRTZUcW42MGhsa091NHpCa2J0c3hzeHNaTk4xU3pBenJNNUxxRHJzWURSczVLV2FPR25CdVVGWU54dDRVRmRGNWJGWWJpNzBFc0k2cWRHbU1rVjBaZXdKWjNaY2Ixc1pKMDg0ZDFFSy1CUy1YOGFsTXlBQSZqc2hzPTAjHTTP Parser: No <meta name="copyright".. found
Source: https://3474889.cfd/?pzu1ue0fb=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/Y2xpZW50X2lkPTIyOWY0ZDYxLTA3ZWItNDU0YS05NDUzLWQyN2JiYTdjYzk1YiZzY29wZT1TZWNyZXRzLlJlYWRXcml0ZS5DcmVhdGVkQnlBcHAuU2VjdXJlK29mZmxpbmVfYWNjZXNzJnJlZGlyZWN0X3VyaT1odHRwcyUzYSUyZiUyZmxvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20lMmZjb21tb24lMmZvYXV0aDIlMmZuYXRpdmVjbGllbnQmcmVzcG9uc2VfdHlwZT1jb2RlJnN0YXRlPSU3YiUyMmlkJTIyJTNhJTIyZmllZGJmZ2NsZWRkbGJjbWdkaWdqZ2RmY2dnamNpb24lMjIlN2QmcmVzcG9uc2VfbW9kZT1xdWVyeSZ1YWlkPTdjNDg2NzA3NzFlYzRhMDE5NTQ5OGZkMzY0YjQ3OWFiJm1zcHJveHk9MSZpc3N1ZXI9bXNvJnRlbmFudD1jb25zdW1lcnMmdWlfbG9jYWxlcz1lbi1VUyZlcGN0PVBBUUFCRGdFQUFBQlZyU3BldVdhbVJhbTJqQUYxWFJRRU5PcGlacHdhejlCaEVrajBaVzZnZG9aUHk1M1ljYno1RXRUUHZ5X0lJMWh6eEZ4MTI5UmhWSzVzSllHOHFHdEdCaGZuOUJ3WmRDYkpjMkJJWGZYWFl1VFBBcTQ2bGNFMmVxZW9kRTZUcW42MGhsa091NHpCa2J0c3hzeHNaTk4xU3pBenJNNUxxRHJzWURSczVLV2FPR25CdVVGWU54dDRVRmRGNWJGWWJpNzBFc0k2cWRHbU1rVjBaZXdKWjNaY2Ixc1pKMDg0ZDFFSy1CUy1YOGFsTXlBQSZqc2hzPTAjHTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 142.251.32.100:443 -> 192.168.2.7:49688 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.65.225:443 -> 192.168.2.7:49689 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.65.225:443 -> 192.168.2.7:49690 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.251.35.161:443 -> 192.168.2.7:49691 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.251.40.196:443 -> 192.168.2.7:49698 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.251.32.100:443 -> 192.168.2.7:49699 version: TLS 1.2
Source: unknownHTTPS traffic detected: 5.255.106.15:443 -> 192.168.2.7:49701 version: TLS 1.2
Source: unknownHTTPS traffic detected: 5.255.106.15:443 -> 192.168.2.7:49702 version: TLS 1.2
Source: unknownHTTPS traffic detected: 5.255.117.88:443 -> 192.168.2.7:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 5.255.117.88:443 -> 192.168.2.7:49705 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.209.72.31:443 -> 192.168.2.7:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.40:443 -> 192.168.2.7:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.72.243.62:443 -> 192.168.2.7:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 5.255.117.88:443 -> 192.168.2.7:49724 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 23.199.215.203
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.98.62
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 23.199.215.203
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.98.62
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.72.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.72.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.72.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.72.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.72.99
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.72.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.72.99
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /c/s/storage.googleapis.com/64537346863/pdpeulwim8hmijrsur818_q3ijp1j8y4ml6p47_0j2my8bsc.html?lt=t_s_jan_293241770520623800_stage&target=293241770520623800_1&utm_rid=293241770520623800_2 HTTP/1.1Host: cdn.ampproject.orgConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /c/s/storage.googleapis.com/64537346863/pdpeulwim8hmijrsur818_q3ijp1j8y4ml6p47_0j2my8bsc.html?lt=t_s_jan_293241770520623800_stage&target=293241770520623800_1&utm_rid=293241770520623800_2 HTTP/1.1Host: storage-googleapis-com.cdn.ampproject.orgConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /images/icons/product/cloud_storage-32.png HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIk6HLAQiKo8sBCIWgzQEI9s/OAQiB1s4BCMnczgEIhODOAQii5M4BCK/kzgEI6eTOAQ==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://storage.googleapis.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /images/icons/product/cloud_storage-32.png HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIk6HLAQiKo8sBCIWgzQE=Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /dashboard/?app=c3RlZmZlbi5ldWxpdHpAbmlwcG9uZ2FzZXMuY29t&utm_id=aHR0cHM6Ly9jZG4uYW1wcHJvamVjdC5vcmcvYy9zL3ZyYm8uY29tL2F1dGgvdWkvbG9naW4/NTgyMzU=&ut_adi_h1j6TQ=aHR0cHM6Ly9jZG4uYW1wcHJvamVjdC5vcmcvYy9zL3ZyYm8uY29tL2F1dGgvdWkvbG9naW4/NTgyMzU= HTTP/1.1Host: session-auth.5436245745.infoConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://storage.googleapis.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: session-auth.5436245745.infoConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://session-auth.5436245745.info/dashboard/?app=c3RlZmZlbi5ldWxpdHpAbmlwcG9uZ2FzZXMuY29t&utm_id=aHR0cHM6Ly9jZG4uYW1wcHJvamVjdC5vcmcvYy9zL3ZyYm8uY29tL2F1dGgvdWkvbG9naW4/NTgyMzU=&ut_adi_h1j6TQ=aHR0cHM6Ly9jZG4uYW1wcHJvamVjdC5vcmcvYy9zL3ZyYm8uY29tL2F1dGgvdWkvbG9naW4/NTgyMzU=Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /?xbytndgh HTTP/1.1Host: 3474889.cfdConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://session-auth.5436245745.info/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /__//eqpuwogtu/qcwvj2/x2.0/cwvjqtkbg?tgurqpug_varg=eqfg&ueqrg=Ugetgvu.TgcfYtkvg.EtgcvgfDaCrr.Ugewtg%20qhhnkpg_ceeguu&enkgpv_kf=229h4f61-07gd-454c-9453-f27ddc7ee95d&tgfktgev_wtk=jvvru%3C%2H%2Hnqikp.oketquqhvqpnkpg.eqo%2Heqooqp%2Hqcwvj2%2Hpcvkxgenkgpv&tgurqpug_oqfg=swgta&uvcvg=%7D%22kf%22%3C%22hkgfdhiengffndeoifkilifheiilekqp%22%7F HTTP/1.1Host: 3474889.cfdConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://session-auth.5436245745.info/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=ZRd2Aq8R9E7Y; qPdM.sig=1Gz8890DSV4sFKAGLvvfSWi3PBA
Source: global trafficHTTP traffic detected: GET /?pzu1ue0fb=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/Y2xpZW50X2lkPTIyOWY0ZDYxLTA3ZWItNDU0YS05NDUzLWQyN2JiYTdjYzk1YiZzY29wZT1TZWNyZXRzLlJlYWRXcml0ZS5DcmVhdGVkQnlBcHAuU2VjdXJlK29mZmxpbmVfYWNjZXNzJnJlZGlyZWN0X3VyaT1odHRwcyUzYSUyZiUyZmxvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20lMmZjb21tb24lMmZvYXV0aDIlMmZuYXRpdmVjbGllbnQmcmVzcG9uc2VfdHlwZT1jb2RlJnN0YXRlPSU3YiUyMmlkJTIyJTNhJTIyZmllZGJmZ2NsZWRkbGJjbWdkaWdqZ2RmY2dnamNpb24lMjIlN2QmcmVzcG9uc2VfbW9kZT1xdWVyeSZ1YWlkPTdjNDg2NzA3NzFlYzRhMDE5NTQ5OGZkMzY0YjQ3OWFiJm1zcHJveHk9MSZpc3N1ZXI9bXNvJnRlbmFudD1jb25zdW1lcnMmdWlfbG9jYWxlcz1lbi1VUyZlcGN0PVBBUUFCRGdFQUFBQlZyU3BldVdhbVJhbTJqQUYxWFJRRU5PcGlacHdhejlCaEVrajBaVzZnZG9aUHk1M1ljYno1RXRUUHZ5X0lJMWh6eEZ4MTI5UmhWSzVzSllHOHFHdEdCaGZuOUJ3WmRDYkpjMkJJWGZYWFl1VFBBcTQ2bGNFMmVxZW9kRTZUcW42MGhsa091NHpCa2J0c3hzeHNaTk4xU3pBenJNNUxxRHJzWURSczVLV2FPR25CdVVGWU54dDRVRmRGNWJGWWJpNzBFc0k2cWRHbU1rVjBaZXdKWjNaY2Ixc1pKMDg0ZDFFSy1CUy1YOGFsTXlBQSZqc2hzPTAj HTTP/1.1Host: 3474889.cfdConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://session-auth.5436245745.info/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=ZRd2Aq8R9E7Y; qPdM.sig=1Gz8890DSV4sFKAGLvvfSWi3PBA; fpc=AuofijWSgx5NumVd2zxYrUU; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEkjpUyoimXwOLYnVPPygXTiZZrBSMa_-VJyX3Vh9AeBiMqo0h_SnAN9Nx7lFgLFtlMJOXKqCMFsyUkN7BnG1bhHw3x4hx0bdqs_AfN-PyFrPg3X6n_0OFVIRiDkr0W02_4QbHaWFV9BqQO-zkOeY9eRNiuug9c14p9kaVw7frjUIgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global trafficHTTP traffic detected: GET /?session_id=7c48670771ec4a0195498fd364b479ab&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SI HTTP/1.1Host: fpt.live.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://3474889.cfd/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /GetExperimentAssignments.srf HTTP/1.1Host: 3474889.cfdConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=ZRd2Aq8R9E7Y; qPdM.sig=1Gz8890DSV4sFKAGLvvfSWi3PBA; fpc=AuofijWSgx5NumVd2zxYrUU; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEkjpUyoimXwOLYnVPPygXTiZZrBSMa_-VJyX3Vh9AeBiMqo0h_SnAN9Nx7lFgLFtlMJOXKqCMFsyUkN7BnG1bhHw3x4hx0bdqs_AfN-PyFrPg3X6n_0OFVIRiDkr0W02_4QbHaWFV9BqQO-zkOeY9eRNiuug9c14p9kaVw7frjUIgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; MSPRequ=id=N&lt=1743506793&co=1; uaid=7c48670771ec4a0195498fd364b479ab; MSPOK=$uuid-5e85ee6d-c02f-49fb-bd00-7b43719bd627; OParams=11O.DlMeEeSvIIp4Z48xfcF!KVpmIdE*XZ85q*Cxh*tH6vm6Ak707OaMVc7mm8AazVLvCGs!lt7k7DymYaWmBs6sASCOS4JpVLqmtrpU8Z7BhfF3AMBzNKepp8QX*Hk8SSlGbANjAtNiXdPWufIHxncu46LS5*cuJhbuezzqEn06*G4m443dTAAF4iP15w*qIgwZxg5pEFJTpH4qMG8xCyNz5bUChWLVgsyd1P2Y0oEXoo0yKPgWmeqd!NjOQufXmsAtKLhEz1cYDsBJ7EnrMazwkKTuOBIOmc*3ZaiPxq6l6RuejerTUoTfq!X!L2*uLSZVeglCIR6gFk67y*L64XE8lyjJ71VhQ9Xn7cYahyyOgf5nK8gRCjA6BtYGfXYgHwAT6nI5UvnyCX37r*8XpXQ9DQt78FHUEpC2uO9AOg39mi!rHyjmYfuJsTrNwWumuxrpbrESoCeGUhOTfvzVc!yG9WoFbAn3W0SRmvwnsO8D!ev1WFkaFgUrQnupe0nbMT3rfX35TeyP!KGhrUCEeb2mm9RXEP0y4v!5t6aBcsutg5ysFRcZvhzo9jy9qAkZCP6f0PfZk7k2QMuJ1iu2w51d21h45WH!YEOHAJK9u5rShoz9FGQjdkIdgnx1mlHXqjA8HpJ8Z8KwBTXnLzRajoh3gtzkLUBv7UXo5zVwzrPOsKnMOpDedLJYMjCsVqHpwtrHFQ7bWScRE1XyCtzIrs3!lqqKv8MwoyfJsLlJny66kg!57r5G9HDFMVSG93uiCsoEGCcHCqnzBUaTdUU32*W8wkXmPqMSLUsygJPMUrmfP!NsTK1hNP3kuLOU!IfP07vyYDAufomQqnzE1XI4IgtZuZc$; MicrosoftApplicationsTelemetryDeviceId=249c523e-c99b-41a1-963c-cb1115b0cbd0; ai_session=Mc3/5GKzMULMs38HcksbUP|1743506796878|1743506796878
Source: global trafficHTTP traffic detected: GET /Images/Clear.PNG?ctx=jscb1.0&session_id=7c48670771ec4a0195498fd364b479ab&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&esi=YnVhPU1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMzQuMC4wLjAgU2FmYXJpLzUzNy4zNiZvcz1XaW4zMiZscHJvYz00Jm9sPXRydWUmcnR0PTI1MCZjaHJtPXRydWUmcHJvc3ViPTIwMDMwMTA3JmV2YWw9MzMmYXBwdj01LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEzNC4wLjAuMCBTYWZhcmkvNTM3LjM2JmxzPXRydWUmZG09OCZtdHA9MCZuYz04MiZwcj0xJnNyPTEyODB4MTAyNCZzY2Q9MjQmYXNyPTEyODB4OTg0JnR6PS0zMDAmZHN0PTYwJnR6bz0tMjQwJmJsPWVuLVVTJm10aD0yN2Y1MWQzMTQ5ZTZiZjIwOWI2NmJkMzg3YjBhZjNjNCZtdG49MiZwbj01JnBoPWYzYWMyMmFjNTljNmRjYjg3NDEwOWQwOTNjNTI1NWU4JnA9cGx1Z2luX2ZsYXNoJTNEZmFsc2UlMjZwbHVnaW5fd2luZG93c19tZWRpYV9wbGF5ZXIlM0RmYWxzZSUyNnBsdWdpbl9hZG9iZV9hY3JvYmF0JTNEZmFsc2UlMjZwbHVnaW5fc2lsdmVybGlnaHQlM0RmYWxzZSUyNnBsdWdpbl9xdWlja3RpbWUlM0RmYWxzZSUyNnBsdWdpbl9zaG9ja3dhdmUlM0RmYWxzZSUyNnBsdWdpbl9yZWFscGxheWVyJTNEZmFsc2UlMjZwbHVnaW5fdmxjX3BsYXllciUzRGZhbHNlJTI2cGx1Z2luX2RldmFsdnIlM0RmYWxzZSUyNnBsdWdpbl9zdmdfdmlld2VyJTNEZmFsc2UlMjZwbHVnaW5famF2YSUzRGZhbHNlJmZoPTJhMjk4NDlhZjA3ZGQxNjFkZGM3MzA0MGJlMjVmM2YwJmZuPTExMiZsaD1odHRwcyUzQSUyRiUyRmZwdC5saXZlLmNvbSUyRiUzRnNlc3Npb25faWQlM0Q3YzQ4NjcwNzcxZWM0YTAxOTU0OThmZDM2NGI0NzlhYiUyNkN1c3RvbWVySWQlM0QzM2UwMTkyMS00ZDY0LTRmOGMtYTA1NS01YmRhZmZkNWUzM2QlMjZQYWdlSWQlM0RTSSZkcj1odHRwcyUzQSUyRiUyRjM0NzQ4ODkuY2ZkJTJGJnc9OERENzExMDExODAyNDg0JmlkPWY5NzhjYjk5LWJmMDktZDQzNy1iY2I3LTJiYmY0ZTVkMWMzZiZhPSZjPTRlNDA4YzVhNzUzZmU0NTM3OWJkOTZkMTNlMDRhOTc4&eci=eyJ1dmRyIjoiR29vZ2xlIEluYy4gKEdvb2dsZSkiLCJ1cmRyIjoiQU5HTEUgKEdvb2dsZSwgVnVsa2FuIDEuMy4wIChTd2lmdFNoYWRlciBEZXZpY2UgKFN1Ynplcm8pICgweDAwMDBDMERFKSksIFN3aWZ0U2hhZGVyIGRyaXZlcikiLCJ2ZHIiOiJXZWJLaXQiLCJyZHIiOiJXZWJLaXQgV2ViR0wiLCJpZHVoIjoiOTA0ZGQ5YjYyOTk4ZTc0ZjBhNGQxYzhmM2U1MjM3ZDUifQ==&PageId=SI&u1=&u3=10.0.0&u4=x86&u5=64&u2=(Chromium%2C134.0.6998.36)%2C(Not%3AA-Brand%2C24.0.0.0)%2C(Google%20Chrome%2C134.0.6998.36) HTTP/1.1Host: fpt.live.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://fpt.live.com/?session_id=7c48670771ec4a0195498fd364b479ab&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SIAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /GetCredentialType.srf?opid=B9D4FAAB0E60CB96&id=294521&client_id=000000004C372D0D&client_id=229f4d61-07eb-454a-9453-d27bba7cc95b&mkt=EN-US&lc=1033&uaid=7c48670771ec4a0195498fd364b479ab HTTP/1.1Host: 3474889.cfdConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=ZRd2Aq8R9E7Y; qPdM.sig=1Gz8890DSV4sFKAGLvvfSWi3PBA; fpc=AuofijWSgx5NumVd2zxYrUU; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEkjpUyoimXwOLYnVPPygXTiZZrBSMa_-VJyX3Vh9AeBiMqo0h_SnAN9Nx7lFgLFtlMJOXKqCMFsyUkN7BnG1bhHw3x4hx0bdqs_AfN-PyFrPg3X6n_0OFVIRiDkr0W02_4QbHaWFV9BqQO-zkOeY9eRNiuug9c14p9kaVw7frjUIgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; MSPRequ=id=N&lt=1743506793&co=1; uaid=7c48670771ec4a0195498fd364b479ab; OParams=11O.DlMeEeSvIIp4Z48xfcF!KVpmIdE*XZ85q*Cxh*tH6vm6Ak707OaMVc7mm8AazVLvCGs!lt7k7DymYaWmBs6sASCOS4JpVLqmtrpU8Z7BhfF3AMBzNKepp8QX*Hk8SSlGbANjAtNiXdPWufIHxncu46LS5*cuJhbuezzqEn06*G4m443dTAAF4iP15w*qIgwZxg5pEFJTpH4qMG8xCyNz5bUChWLVgsyd1P2Y0oEXoo0yKPgWmeqd!NjOQufXmsAtKLhEz1cYDsBJ7EnrMazwkKTuOBIOmc*3ZaiPxq6l6RuejerTUoTfq!X!L2*uLSZVeglCIR6gFk67y*L64XE8lyjJ71VhQ9Xn7cYahyyOgf5nK8gRCjA6BtYGfXYgHwAT6nI5UvnyCX37r*8XpXQ9DQt78FHUEpC2uO9AOg39mi!rHyjmYfuJsTrNwWumuxrpbrESoCeGUhOTfvzVc!yG9WoFbAn3W0SRmvwnsO8D!ev1WFkaFgUrQnupe0nbMT3rfX35TeyP!KGhrUCEeb2mm9RXEP0y4v!5t6aBcsutg5ysFRcZvhzo9jy9qAkZCP6f0PfZk7k2QMuJ1iu2w51d21h45WH!YEOHAJK9u5rShoz9FGQjdkIdgnx1mlHXqjA8HpJ8Z8KwBTXnLzRajoh3gtzkLUBv7UXo5zVwzrPOsKnMOpDedLJYMjCsVqHpwtrHFQ7bWScRE1XyCtzIrs3!lqqKv8MwoyfJsLlJny66kg!57r5G9HDFMVSG93uiCsoEGCcHCqnzBUaTdUU32*W8wkXmPqMSLUsygJPMUrmfP!NsTK1hNP3kuLOU!IfP07vyYDAufomQqnzE1XI4IgtZuZc$; MicrosoftApplicationsTelemetryDeviceId=249c523e-c99b-41a1-963c-cb1115b0cbd0; ai_session=Mc3/5GKzMULMs38HcksbUP|1743506796878|1743506796878; MSFPC=GUID=fbcccfa8d8374487b579da754f3aa8ee&HASH=fbcc&LV=202504&V=4&LU=1743506801456; MSPOK=$uuid-5e85ee6d-c02f-49fb-bd00-7b43719bd627$uuid-0e3ab224-45e8-41f3-bf9c-abeee5c91680
Source: global trafficHTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficHTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: cdn.ampproject.org
Source: global trafficDNS traffic detected: DNS query: storage-googleapis-com.cdn.ampproject.org
Source: global trafficDNS traffic detected: DNS query: session-auth.5436245745.info
Source: global trafficDNS traffic detected: DNS query: 3474889.cfd
Source: global trafficDNS traffic detected: DNS query: acctcdn.msftauth.net
Source: global trafficDNS traffic detected: DNS query: logincdn.msftauth.net
Source: global trafficDNS traffic detected: DNS query: fpt.live.com
Source: unknownHTTP traffic detected: POST /GetExperimentAssignments.srf HTTP/1.1Host: 3474889.cfdConnection: keep-aliveContent-Length: 870correlationId: 7c48670771ec4a0195498fd364b479absec-ch-ua-platform: "Windows"hpgid: 37sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"hpgact: 0sec-ch-ua-mobile: ?0client-request-id: 7c48670771ec4a0195498fd364b479abUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/jsonContent-Type: application/json; charset=utf-8Origin: https://3474889.cfdSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://3474889.cfd/?pzu1ue0fb=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/Y2xpZW50X2lkPTIyOWY0ZDYxLTA3ZWItNDU0YS05NDUzLWQyN2JiYTdjYzk1YiZzY29wZT1TZWNyZXRzLlJlYWRXcml0ZS5DcmVhdGVkQnlBcHAuU2VjdXJlK29mZmxpbmVfYWNjZXNzJnJlZGlyZWN0X3VyaT1odHRwcyUzYSUyZiUyZmxvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20lMmZjb21tb24lMmZvYXV0aDIlMmZuYXRpdmVjbGllbnQmcmVzcG9uc2VfdHlwZT1jb2RlJnN0YXRlPSU3YiUyMmlkJTIyJTNhJTIyZmllZGJmZ2NsZWRkbGJjbWdkaWdqZ2RmY2dnamNpb24lMjIlN2QmcmVzcG9uc2VfbW9kZT1xdWVyeSZ1YWlkPTdjNDg2NzA3NzFlYzRhMDE5NTQ5OGZkMzY0YjQ3OWFiJm1zcHJveHk9MSZpc3N1ZXI9bXNvJnRlbmFudD1jb25zdW1lcnMmdWlfbG9jYWxlcz1lbi1VUyZlcGN0PVBBUUFCRGdFQUFBQlZyU3BldVdhbVJhbTJqQUYxWFJRRU5PcGlacHdhejlCaEVrajBaVzZnZG9aUHk1M1ljYno1RXRUUHZ5X0lJMWh6eEZ4MTI5UmhWSzVzSllHOHFHdEdCaGZuOUJ3WmRDYkpjMkJJWGZYWFl1VFBBcTQ2bGNFMmVxZW9kRTZUcW42MGhsa091NHpCa2J0c3hzeHNaTk4xU3pBenJNNUxxRHJzWURSczVLV2FPR25CdVVGWU54dDRVRmRGNWJGWWJpNzBFc0k2cWRHbU1rVjBaZXdKWjNaY2Ixc1pKMDg0ZDFFSy1CUy1YOGFsTXlBQSZqc2hzPTAjAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=ZRd2Aq8R9E7Y; qPdM.sig=1Gz8890DSV4sFKAGLvvfSWi3PBA; fpc=AuofijWSgx5NumVd2zxYrUU; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEkjpUyoimXwOLYnVPPygXTiZZrBSMa_-VJyX3Vh9AeBiMqo0h_SnAN9Nx7lFgLFtlMJOXKqCMFsyUkN7BnG1bhHw3x4hx0bdqs_AfN-PyFrPg3X6n_0OFVIRiDkr0W02_4QbHaWFV9BqQO-zkOeY9eRNiuug9c14p9kaVw7frjUIgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; MSPRequ=id=N&lt=1743506793&co=1; uaid=7c48670771ec4a0195498fd364b479ab; MSPOK=$uuid-5e85ee6d-c02f-49fb-bd00-7b43719bd627; OParams=11O.DlMeEeSvIIp4Z48xfcF!KVpmIdE*XZ85q*Cxh*tH6vm6Ak707OaMVc7mm8AazVLvCGs!lt7k7DymYaWmBs6sASCOS4JpVLqmtrpU8Z7BhfF3AMBzNKepp8QX*Hk8SSlGbANjAtNiXdPWufIHxncu46LS5*cuJhbuezzqEn06*G4m443dTAAF4iP15w*qIgwZxg5pEFJTpH4qMG8xCyNz5bUChWLVgsyd1P2Y0oEXoo0yKPgWmeqd!NjOQufXmsAtKLhEz1cYDsBJ7EnrMazwkKTuOBIOmc*3ZaiPxq6l6RuejerTUoTfq!X!L2*uLSZVeglCIR6gFk67y*L64XE8lyjJ71VhQ9Xn7cYahyyOgf5nK8gRCjA6BtYGfXYgHwAT6nI5UvnyCX37r*8XpXQ9DQt78FHUEpC2uO9AOg39mi!rHyjmYfuJsTrNwWumuxrpbrESoCeGUhOTfvzVc!yG9WoFbAn3W0SRmvwnsO8D!ev1WFkaFgUrQnupe0nbMT3rfX35TeyP!KGhrUCEeb2mm9RXEP0y4v!5t6aBcsutg5ysFRcZvhzo9jy9qAkZCP6f0PfZk7k2QMuJ1iu2w51d21h45WH!YEOHAJK9u5rShoz9FGQjdkIdgnx1mlHXqjA8HpJ8Z8KwBTXnLzRajoh3gtzkLUBv7UXo5zVwzrPOsKnMOpDedLJYMjCsVqHpwtrHFQ7bWScRE1XyCtzIrs3!lqqKv8MwoyfJsLlJny66kg!57r5G9HDFMVSG93uiCsoEGCcHCqnzBUaTdUU32*W8wkXmPqMSLUs
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 01 Apr 2025 11:26:29 GMTServer: Apache/2.4.52 (Ubuntu)Content-Length: 291Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: chromecache_72.1.drString found in binary or memory: https://3474889.cfd/?xbytndgh
Source: chromecache_80.1.drString found in binary or memory: https://fpt.live.com/
Source: chromecache_71.1.drString found in binary or memory: https://storage.googleapis.com/64537346863/pdpeulwim8hmijrsur818_q3ijp1j8y4ml6p47_0j2my8bsc.html?lt
Source: chromecache_71.1.drString found in binary or memory: https://storage.googleapis.com/64537346863/pdpeulwim8hmijrsur818_q3ijp1j8y4ml6p47_0j2my8bsc.html?lt=
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49691 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49691
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49690
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49689 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49689
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49688
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49690 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49688 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49672
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 142.251.32.100:443 -> 192.168.2.7:49688 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.65.225:443 -> 192.168.2.7:49689 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.65.225:443 -> 192.168.2.7:49690 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.251.35.161:443 -> 192.168.2.7:49691 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.251.40.196:443 -> 192.168.2.7:49698 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.251.32.100:443 -> 192.168.2.7:49699 version: TLS 1.2
Source: unknownHTTPS traffic detected: 5.255.106.15:443 -> 192.168.2.7:49701 version: TLS 1.2
Source: unknownHTTPS traffic detected: 5.255.106.15:443 -> 192.168.2.7:49702 version: TLS 1.2
Source: unknownHTTPS traffic detected: 5.255.117.88:443 -> 192.168.2.7:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 5.255.117.88:443 -> 192.168.2.7:49705 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.209.72.31:443 -> 192.168.2.7:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.40:443 -> 192.168.2.7:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.72.243.62:443 -> 192.168.2.7:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 5.255.117.88:443 -> 192.168.2.7:49724 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir3520_1310667460Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir3520_1310667460Jump to behavior
Source: classification engineClassification label: mal52.phis.win@26/40@24/10
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2028,i,7632261494517681474,106541947582837358,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2096 /prefetch:3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cdn.ampproject.org/c/s/storage.googleapis.com/64537346863/pdpeulwim8hmijrsur818_q3ijp1j8y4ml6p47_0j2my8bsc.html?lt=t_s_jan_293241770520623800_stage&target=293241770520623800_1&utm_rid=293241770520623800_2"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2028,i,7632261494517681474,106541947582837358,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2096 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Drive-by Compromise
Windows Management Instrumentation1
Browser Extensions
1
Process Injection
1
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion
Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer
Traffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1653607 URL: https://cdn.ampproject.org/... Startdate: 01/04/2025 Architecture: WINDOWS Score: 52 22 AI detected phishing page 2->22 24 AI detected suspicious Javascript 2->24 6 chrome.exe 2 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 14 192.168.2.7, 443, 49306, 49473 unknown unknown 6->14 11 chrome.exe 6->11         started        process5 dnsIp6 16 3474889.cfd 5.255.117.88, 443, 49704, 49705 LITESERVERNL Netherlands 11->16 18 s-part-0012.t-0009.t-msedge.net 13.107.246.40, 443, 49713 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 11->18 20 25 other IPs or domains 11->20

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://cdn.ampproject.org/c/s/storage.googleapis.com/64537346863/pdpeulwim8hmijrsur818_q3ijp1j8y4ml6p47_0j2my8bsc.html?lt=t_s_jan_293241770520623800_stage&target=293241770520623800_1&utm_rid=293241770520623800_20%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://3474889.cfd/__//eqpuwogtu/qcwvj2/x2.0/cwvjqtkbg?tgurqpug_varg=eqfg&ueqrg=Ugetgvu.TgcfYtkvg.EtgcvgfDaCrr.Ugewtg%20qhhnkpg_ceeguu&enkgpv_kf=229h4f61-07gd-454c-9453-f27ddc7ee95d&tgfktgev_wtk=jvvru%3C%2H%2Hnqikp.oketquqhvqpnkpg.eqo%2Heqooqp%2Hqcwvj2%2Hpcvkxgenkgpv&tgurqpug_oqfg=swgta&uvcvg=%7D%22kf%22%3C%22hkgfdhiengffndeoifkilifheiilekqp%22%7F0%Avira URL Cloudsafe
https://3474889.cfd/GetCredentialType.srf?opid=B9D4FAAB0E60CB96&id=294521&client_id=000000004C372D0D&client_id=229f4d61-07eb-454a-9453-d27bba7cc95b&mkt=EN-US&lc=1033&uaid=7c48670771ec4a0195498fd364b479ab0%Avira URL Cloudsafe
https://session-auth.5436245745.info/favicon.ico0%Avira URL Cloudsafe
https://3474889.cfd/?xbytndgh0%Avira URL Cloudsafe

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
s-part-0010.t-0009.t-msedge.net
13.107.246.38
truefalse
    high
    s-part-0012.t-0009.t-msedge.net
    13.107.246.40
    truefalse
      high
      greenid-prod-pme.eastus2.cloudapp.azure.com
      52.167.30.171
      truefalse
        high
        e329293.dscd.akamaiedge.net
        23.209.72.31
        truefalse
          high
          s-part-0044.t-0009.t-msedge.net
          13.107.246.72
          truefalse
            high
            session-auth.5436245745.info
            5.255.106.15
            truefalse
              unknown
              www.google.com
              142.251.32.100
              truefalse
                high
                cdn-content.ampproject.org
                142.250.65.225
                truefalse
                  high
                  greenid-prod-pme.westus2.cloudapp.azure.com
                  20.72.243.62
                  truefalse
                    high
                    3474889.cfd
                    5.255.117.88
                    truetrue
                      unknown
                      storage-googleapis-com.cdn.ampproject.org
                      unknown
                      unknownfalse
                        high
                        cdn.ampproject.org
                        unknown
                        unknownfalse
                          high
                          logincdn.msftauth.net
                          unknown
                          unknownfalse
                            high
                            fpt.live.com
                            unknown
                            unknownfalse
                              high
                              acctcdn.msftauth.net
                              unknown
                              unknownfalse
                                high
                                NameMaliciousAntivirus DetectionReputation
                                https://3474889.cfd/__//eqpuwogtu/qcwvj2/x2.0/cwvjqtkbg?tgurqpug_varg=eqfg&ueqrg=Ugetgvu.TgcfYtkvg.EtgcvgfDaCrr.Ugewtg%20qhhnkpg_ceeguu&enkgpv_kf=229h4f61-07gd-454c-9453-f27ddc7ee95d&tgfktgev_wtk=jvvru%3C%2H%2Hnqikp.oketquqhvqpnkpg.eqo%2Heqooqp%2Hqcwvj2%2Hpcvkxgenkgpv&tgurqpug_oqfg=swgta&uvcvg=%7D%22kf%22%3C%22hkgfdhiengffndeoifkilifheiilekqp%22%7Ffalse
                                • Avira URL Cloud: safe
                                unknown
                                https://www.google.com/images/icons/product/cloud_storage-32.pngfalse
                                  high
                                  https://3474889.cfd/?xbytndghfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://c.pki.goog/r/gsr1.crlfalse
                                    high
                                    http://c.pki.goog/r/r4.crlfalse
                                      high
                                      https://session-auth.5436245745.info/favicon.icofalse
                                      • Avira URL Cloud: safe
                                      unknown
                                      https://fpt.live.com/?session_id=7c48670771ec4a0195498fd364b479ab&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SIfalse
                                        high
                                        https://3474889.cfd/GetCredentialType.srf?opid=B9D4FAAB0E60CB96&id=294521&client_id=000000004C372D0D&client_id=229f4d61-07eb-454a-9453-d27bba7cc95b&mkt=EN-US&lc=1033&uaid=7c48670771ec4a0195498fd364b479abfalse
                                        • Avira URL Cloud: safe
                                        unknown
                                        NameSourceMaliciousAntivirus DetectionReputation
                                        https://fpt.live.com/chromecache_80.1.drfalse
                                          high
                                          • No. of IPs < 25%
                                          • 25% < No. of IPs < 50%
                                          • 50% < No. of IPs < 75%
                                          • 75% < No. of IPs
                                          IPDomainCountryFlagASNASN NameMalicious
                                          142.251.35.161
                                          unknownUnited States
                                          15169GOOGLEUSfalse
                                          13.107.246.40
                                          s-part-0012.t-0009.t-msedge.netUnited States
                                          8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                          5.255.117.88
                                          3474889.cfdNetherlands
                                          60404LITESERVERNLtrue
                                          20.72.243.62
                                          greenid-prod-pme.westus2.cloudapp.azure.comUnited States
                                          8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                          5.255.106.15
                                          session-auth.5436245745.infoNetherlands
                                          60404LITESERVERNLfalse
                                          142.251.32.100
                                          www.google.comUnited States
                                          15169GOOGLEUSfalse
                                          142.251.40.196
                                          unknownUnited States
                                          15169GOOGLEUSfalse
                                          23.209.72.31
                                          e329293.dscd.akamaiedge.netUnited States
                                          20940AKAMAI-ASN1EUfalse
                                          142.250.65.225
                                          cdn-content.ampproject.orgUnited States
                                          15169GOOGLEUSfalse
                                          IP
                                          192.168.2.7
                                          Joe Sandbox version:42.0.0 Malachite
                                          Analysis ID:1653607
                                          Start date and time:2025-04-01 13:25:24 +02:00
                                          Joe Sandbox product:CloudBasic
                                          Overall analysis duration:0h 3m 14s
                                          Hypervisor based Inspection enabled:false
                                          Report type:full
                                          Cookbook file name:browseurl.jbs
                                          Sample URL:https://cdn.ampproject.org/c/s/storage.googleapis.com/64537346863/pdpeulwim8hmijrsur818_q3ijp1j8y4ml6p47_0j2my8bsc.html?lt=t_s_jan_293241770520623800_stage&target=293241770520623800_1&utm_rid=293241770520623800_2
                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                          Number of analysed new started processes analysed:14
                                          Number of new started drivers analysed:0
                                          Number of existing processes analysed:0
                                          Number of existing drivers analysed:0
                                          Number of injected processes analysed:0
                                          Technologies:
                                          • EGA enabled
                                          • AMSI enabled
                                          Analysis Mode:default
                                          Analysis stop reason:Timeout
                                          Detection:MAL
                                          Classification:mal52.phis.win@26/40@24/10
                                          • Exclude process from analysis (whitelisted): sppsvc.exe, SIHClient.exe, SgrmBroker.exe, svchost.exe, TextInputHost.exe
                                          • Excluded IPs from analysis (whitelisted): 172.217.165.131, 142.250.80.14, 142.250.80.46, 172.253.115.84, 142.250.81.238, 142.250.65.174, 142.251.40.238, 142.251.40.219, 142.250.65.251, 142.251.41.27, 142.250.65.187, 142.250.65.219, 142.250.80.91, 142.251.40.155, 142.250.80.59, 142.251.40.123, 142.250.176.219, 142.251.40.251, 142.251.32.123, 142.250.80.123, 142.251.35.187, 142.250.81.251, 142.251.40.187, 199.232.214.172, 142.250.80.78, 142.251.41.14, 142.251.40.138, 142.251.40.234, 142.251.40.202, 142.250.80.42, 172.217.165.138, 142.251.32.106, 142.250.72.106, 142.250.80.10, 142.251.40.170, 142.251.35.170, 142.251.40.106, 142.250.80.106, 142.251.41.10, 142.250.80.74, 142.250.176.202, 142.250.64.74, 142.250.65.238, 52.182.141.63, 13.78.111.198, 142.251.40.142, 142.251.35.163, 142.250.176.206, 142.251.35.174, 142.250.81.227, 172.202.163.200, 13.107.246.38, 13.107.246.72, 52.167.30.171, 184.31.69.3
                                          • Not all processes where analyzed, report is missing behavior information
                                          • Report size getting too big, too many NtCreateFile calls found.
                                          • Report size getting too big, too many NtOpenFile calls found.
                                          • VT rate limit hit for: https://cdn.ampproject.org/c/s/storage.googleapis.com/64537346863/pdpeulwim8hmijrsur818_q3ijp1j8y4ml6p47_0j2my8bsc.html?lt=t_s_jan_293241770520623800_stage&amp;target=293241770520623800_1&amp;utm_rid=293241770520623800_2
                                          No simulations
                                          No context
                                          No context
                                          No context
                                          No context
                                          No context
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
                                          Category:dropped
                                          Size (bytes):1435
                                          Entropy (8bit):7.8613342322590265
                                          Encrypted:false
                                          SSDEEP:24:XjtSZi0kq+yVCGYXVrO4vDxik/N/z5VaLPbholJvf6dblke68eRZJyBDz3BnZcNX:XgDkpyVCGca4b//9z5oPXdbl9688qRzY
                                          MD5:9F368BC4580FED907775F31C6B26D6CF
                                          SHA1:E393A40B3E337F43057EEE3DE189F197AB056451
                                          SHA-256:7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
                                          SHA-512:0023B04D1EEC26719363AED57C95C1A91244C5AFF0BB53091938798FB16E230680E1F972D166B633C1D2B314B34FE0B9D7C18442410DB7DD6024E279AAFD61B0
                                          Malicious:false
                                          Reputation:low
                                          Preview:...........WMo.7..+..uV.HJ...{..........&..v...(Q.F.....aW.Q.|..~.|{~...b{8...zv.....8|...b.gxb.y{.x<\lS...p...p..l7...o.}.v.....t.........r..r.|9?.......HP...r.4.aGA.j....7.!....K.n.B.Z.C.]....kj..A..p...xI...b..I!K..><.B..O....#...$.]h.bU.;.Y...).r.u....g*.-w.2..vPh....q....4_..N\..@y).t{.2pj.f..4h.....NC.....x.R..P..9.....".4.`%N..&...a.@.......fS)A4.F..8e9KHE....8d.CR.K..g..Q.......a....f.....dg*N.N.k..#w..........,.".%..I.q.Y.R]..7.!.:.Ux...T.qI..{..,b..2..B...Bh...[o..[4....dZ.z.!.l....E.9$..Y.'...M.,p..$..8Ns3.B.....{.....H..Se3....%.Ly...VP{.Bh.D.+....p..(..`....t....U.e....2......j...%..0.f<...q...B.k..N....03...8....l.....bS...vh..8..Q..LWXW..C.......3..Pr.V.l...^=VX\,d9f.Y;1!w.d,.qvs....f*;.....Zhrr.,.U....6.Y....+Zd.*R...but....".....4.L...z........L.Q......)....,.].Y.&....*ZsIVG.^...#...e..r....Z..F..c..... .QDCmV..1.~...J9..b_Oov\..X.R..._.TqH.q.5G.0{ZphQ..k...s..\.../.Dp..d`#......8.#Y...Mb.j.Q......=n4.c....p.[.SI.....0.N.
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592
                                          Category:dropped
                                          Size (bytes):621
                                          Entropy (8bit):7.673946009263606
                                          Encrypted:false
                                          SSDEEP:12:Xp7fmqfW/e4YC2L0E5DZLB62y/+6lbPa1Gotq8mdd2Xmy2QLBwxD+QkCfBJ:Xp6qf2SCk3LBpy/rtPa1GKq8mOX5jLcD
                                          MD5:4761405717E938D7E7400BB15715DB1E
                                          SHA1:76FED7C229D353A27DB3257F5927C1EAF0AB8DE9
                                          SHA-256:F7ED91A1DAB5BB2802A7A3B3890DF4777588CCBE04903260FBA83E6E64C90DDF
                                          SHA-512:E8DAC6F81EB4EBA2722E9F34DAF9B99548E5C40CCA93791FBEDA3DEBD8D6E401975FC1A75986C0E7262AFA1B9D1475E1008A89B92C8A7BEC84D8A917F221B4A2
                                          Malicious:false
                                          Reputation:low
                                          Preview:..........}UMo"1..+.....G; .8l...M..$.U.AW......UaX..`'.=......|..z3...Ms>..Y...QB..W..y..6.......?..........L.W=m....=..w.)...nw...a.z......#.y.j...m...P...#...6....6.u.u...OF.V..07b..\...s.f..U..N..B...>.d.-z..x.2..Lr.Rr)....JF.z.;Lh.....q.2.A....[.&".S..:......]........#k.U#57V..k5.tdM.j.9.FMQ2..H:.~op..H.......hQ.#...r[.T.$.@........j.xc.x0..I.B:#{iP1.e'..S4.:...mN.4)<W.A.).g.+..PZ&.$.#.6v.+.!...x*...}.._...d...#.Cb..(..^k..h!..7.dx.WHB......(.6g.7.Wwt.I<.......o.;.....Oi$}f.6.....:P..!<5.(.p.e.%et.)w8LA.l9r..n.....?.F.DrK...H....0F...{.,.......{E.."....*...x.@..?u......../....8...
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
                                          Category:downloaded
                                          Size (bytes):17174
                                          Entropy (8bit):2.9129715116732746
                                          Encrypted:false
                                          SSDEEP:24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
                                          MD5:12E3DAC858061D088023B2BD48E2FA96
                                          SHA1:E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
                                          SHA-256:90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
                                          SHA-512:C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
                                          Malicious:false
                                          Reputation:low
                                          URL:https://logincdn.msauth.net/16.000.30558.4/images/favicon.ico
                                          Preview:..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592
                                          Category:downloaded
                                          Size (bytes):621
                                          Entropy (8bit):7.673946009263606
                                          Encrypted:false
                                          SSDEEP:12:Xp7fmqfW/e4YC2L0E5DZLB62y/+6lbPa1Gotq8mdd2Xmy2QLBwxD+QkCfBJ:Xp6qf2SCk3LBpy/rtPa1GKq8mOX5jLcD
                                          MD5:4761405717E938D7E7400BB15715DB1E
                                          SHA1:76FED7C229D353A27DB3257F5927C1EAF0AB8DE9
                                          SHA-256:F7ED91A1DAB5BB2802A7A3B3890DF4777588CCBE04903260FBA83E6E64C90DDF
                                          SHA-512:E8DAC6F81EB4EBA2722E9F34DAF9B99548E5C40CCA93791FBEDA3DEBD8D6E401975FC1A75986C0E7262AFA1B9D1475E1008A89B92C8A7BEC84D8A917F221B4A2
                                          Malicious:false
                                          Reputation:low
                                          URL:https://logincdn.msauth.net/shared/5/images/signin_options_4e48046ce74f4b89d450.svg
                                          Preview:..........}UMo"1..+.....G; .8l...M..$.U.AW......UaX..`'.=......|..z3...Ms>..Y...QB..W..y..6.......?..........L.W=m....=..w.)...nw...a.z......#.y.j...m...P...#...6....6.u.u...OF.V..07b..\...s.f..U..N..B...>.d.-z..x.2..Lr.Rr)....JF.z.;Lh.....q.2.A....[.&".S..:......]........#k.U#57V..k5.tdM.j.9.FMQ2..H:.~op..H.......hQ.#...r[.T.$.@........j.xc.x0..I.B:#{iP1.e'..S4.:...mN.4)<W.A.).g.+..PZ&.$.#.6v.+.!...x*...}.._...d...#.Cb..(..^k..h!..7.dx.WHB......(.6g.7.Wwt.I<.......o.;.....Oi$}f.6.....:P..!<5.(.p.e.%et.)w8LA.l9r..n.....?.F.DrK...H....0F...{.,.......{E.."....*...x.@..?u......../....8...
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:downloaded
                                          Size (bytes):16
                                          Entropy (8bit):3.875
                                          Encrypted:false
                                          SSDEEP:3:HtHKiY:RKiY
                                          MD5:011B17B116126E6E0C4A9B0DE9145805
                                          SHA1:DF63A6EB731FFCE96F79802EFF6D53D00CDA42BC
                                          SHA-256:3418E6E704387A99F1611EB7BB883328A438BA600971E6D692E8BEA60F10B179
                                          SHA-512:BB432E96AF588E0B19CBD8BC228C87989FE578167FD1F3831C7E50D2D86DE11016FB93679FEF189B39085E9151EB9A6EB2986155C65DD0FE95EC85454D32AE7D
                                          Malicious:false
                                          Reputation:low
                                          URL:https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIZCa7kqsRnh84cEgUN0VtRUiERQmAkDIihEw==?alt=proto
                                          Preview:CgkKBw3RW1FSGgA=
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 44327
                                          Category:downloaded
                                          Size (bytes):6213
                                          Entropy (8bit):7.966605070784871
                                          Encrypted:false
                                          SSDEEP:96:6XZqMaoZgs0RHBR7XHJOfepmm5qjoxfSzdqmSSSOKVlJI05qszE8YjS10+b6o:yaoZQHBRzJOfahzFS51SuUJI05A/g5
                                          MD5:14A1E96B2D571F92C96D8979EEBFC80E
                                          SHA1:ACDF9EACF069BF51C86112667ED3C41BE394A2DC
                                          SHA-256:D721FF1CCC3BC31816AE80D4975E8D3AC3C2BDA5B679EF72B4233C15FA908A89
                                          SHA-512:6A2745688BA237F4459E89F85555CA2C9491F624F1428433C398FFD266D70429D73726ED043150B842346DED0686FCEBF3B5ABA62A4141F02C819F0A3D16116E
                                          Malicious:false
                                          Reputation:low
                                          URL:https://logincdn.msauth.net/shared/5/images/3_57fee22710b04cebe1d5.svg
                                          Preview:...........].r.F.....%~....8U..$3.L2....%[.my$.|.Y..J1.<!h2.1.T...h.^......'.....G'Ooo_....^.._.....C-.|..'......NT..D<=.|....d..........'........N....E...'O.|q..z1.,.\/>.H;s..1y.~...f~~>.....s..VW......w.....D<~t.%&..._r...'......?>...{..V..w;.............:....]..n.{....v..........N.(..;......n...S&.Zz...C..ji.....b..1..?..\m.p..*,*+.`*......r..1.+.}.T."~+}......K.U......0...-ko<..`.p...Q....`j..#......!..pH..I...u4Vh.k.....^.P'k...+.....J../.7u.n...."~...X:~..AG-#.._...q.R...T.P..j.}...V....U..A;..l..t.5......._>t._~......|......J8.=....%...$$.......K7.jB.E.W.G...2.+.yD..../.J.....TXS)M..+c@+HN.F..M..({.9u..)TH.....p[...pOIoG..C$..^.A.pz.......,.v..&......0.r.........Ge ......v.O..h..(.m.Q.A.24"..jS.E[.D.,.. ..zax....0..|U7.(......c5P#X).J...a..,.....|.$%....J.ia.."\.p,(... ....ce...5.O..R7g...A.4.]..c..O...Q9............ .@.....Ep/..`L......X.3..X~...,.qB..Ji^;.}Yc.a.....F...e.V.........|7.?;..n.~~........w....r.B1.d...+.~.N
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):6
                                          Entropy (8bit):2.584962500721156
                                          Encrypted:false
                                          SSDEEP:3:fCu:au
                                          MD5:AAAB7A355103063D9EEB4824A3A6B374
                                          SHA1:E51555F02C32321F3E48F07A0FA5AF46DF835BFC
                                          SHA-256:79BA862622D6FA84AC7E4F98EB95043A255FC2C81711E9400A8AA4D4B1608471
                                          SHA-512:D1A0C9C4F628459F5CA904405B2A66A69425A50E8DCE1BAA43161D784EB219BD3E1FD9447BCBACC314652EDA08CF0B02C863C87F3AC1534AE0F62A414C191F1B
                                          Malicious:false
                                          Reputation:low
                                          Preview:dfp:OK
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 997188
                                          Category:downloaded
                                          Size (bytes):252091
                                          Entropy (8bit):7.998731130660578
                                          Encrypted:true
                                          SSDEEP:3072:KL7JBYtVAWzhz1AwR4ki/a1JZw/99B1U853bPyfDt2ZJAuwHqJ71Ky3f99tgagbK:0gZzhbs/SJCHUCbysYJHq7Ku9bTgx9y
                                          MD5:EC98D6753D491C5B3E6B5B038C061ACD
                                          SHA1:F2D1B1BA3F447B58A549AC1AC9B75CC5A59C2C3E
                                          SHA-256:5479F45AF491321104311A0254E84B84400BD1E467AECED90A713E63CB9848FC
                                          SHA-512:B6F201017A32CE3D255A8EE84F7ED676CF7CB21FDE4AC5850CDF8FFF01A941C45A991CFB3DE8D28AD1D67EA5C5239ACCC3F1DD107194CA2578DC6C61BC6A4AD0
                                          Malicious:false
                                          Reputation:low
                                          URL:https://logincdn.msauth.net/shared/5/js/login_en_iVxtJ3li0D22qYX0GRP0Bw2.js
                                          Preview:............w.8. ...+l.....V$;+..&....K'i...Z.m&.........j.JRN..3w^... P(...BU.........4...kiv....J.lm>..d.R.M..4;.Y.s.{.tg...^..Z.......".c. .:O.5)*Q.L.".....l.L.z.^u.XmU..3.o......p(..j|.N';yV.o..,.......#...d1.^.....r>M._$3*~*..Z..*.s9y[%../..^Q..w.Y.-.(5.,.@.-..ju*...L...J.L..0).K...LfU..iuI.%..[.]~...B.D..a..W....q .BV."[.zi.\.r..%..@.t.....rz...L..b.F...P.2.p.~.(....&...._.........JdQ]...Qyy..|......o/g.............q.x.G..8..f.'...*c.B....W.I.A..N;.1.f...S..y|...0.v..8>.v...>]..$^..I..$q....'U0..0.....4..U(....,..g.....pcc.......p.-....1._..f.8.v.(1.v......x...8.V..U.`...p......j....T....}.7.k.. .p.;:..k..(u.........E..4....UI..Z^J.sus......Pw..&.]..4l.iP`...l.......ld..N!. ,9.8.;at.?.o...V.....B.`Ah+tR$.N].a.....:....J>...V..$.E....rU..t.....\m+..kU.,.....2.;...0}WT7^...T~.v..uT..Ur.&w+z...7AUl.f.M..i.....Bk...o.....4.~......E.....ji ....&..&..}q.Z...<..........b..<.......w9..@.1N.Xc..). .J..-dX^....J1F.".T..BXD.O"...O.?c....i
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):72
                                          Entropy (8bit):4.241202481433726
                                          Encrypted:false
                                          SSDEEP:3:YozDD/RNgQJzRWWlKFiFD3e4xCzY:YovtNgmzR/wYFDxkY
                                          MD5:9E576E34B18E986347909C29AE6A82C6
                                          SHA1:532C767978DC2B55854B3CA2D2DF5B4DB221C934
                                          SHA-256:88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
                                          SHA-512:5EF6DCFFD93434D45760888BF4B95FF134D53F34DA9DC904AD3C5EBEDC58409073483F531FEA4233869ED3EC75F38B022A70B2E179A5D3A13BDB10AB5C46B124
                                          Malicious:false
                                          Reputation:low
                                          Preview:{"Message":"The requested resource does not support http method 'GET'."}
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:HTML document, ASCII text, with very long lines (592), with CRLF line terminators
                                          Category:downloaded
                                          Size (bytes):2898
                                          Entropy (8bit):5.19497964232457
                                          Encrypted:false
                                          SSDEEP:48:tV9mfe+8XxT1uCpYaUYVHpvu8js8/gzHG2WPcwbkFMCLkuHWk:PnLpuCB1BN5n/CLHx
                                          MD5:A59A7B71C1DE1C69C31402A8125343C0
                                          SHA1:01EDFA465AE0170EE249F461ACAA1314E0EF6B0D
                                          SHA-256:6B2DC39C65DA71DF4FC7F85B192EADA121008D6BF6ABAEEE21557852C925AD47
                                          SHA-512:0DA1549C3D4B84AAD798460ECDA752A22360496876A8BC2956EA19252296CB5764C4F2E67F68C7F552E8F2089496976E3460DD348543767BDB7413A9EF608E94
                                          Malicious:false
                                          Reputation:low
                                          URL:https://storage.googleapis.com/64537346863/pdpeulwim8hmijrsur818_q3ijp1j8y4ml6p47_0j2my8bsc.html?lt=t_s_jan_293241770520623800_stage&target=293241770520623800_1&utm_rid=293241770520623800_2
                                          Preview:<!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <style>.. body {.. display: flex;.. justify-content: center;.. align-items: center;.. height: 100vh;.. margin: 0;.. background-color: #f0f0f0;.. flex-direction: column;.. }.... .loader {.. border: 16px solid #f3f3f3;.. border-radius: 50%;.. border-top: 16px solid #32CD32; .. width: 120px;.. height: 120px;.. animation: spin 2s linear infinite;.. }.... @keyframes spin {.. 0% { transform: rotate(0deg); }.. 100% { transform: rotate(360deg); }.. }.... iframe {.. display: none; .. width: 100vw; .. height: 100vh; .. border: none; .. }.... <div style="display:none">..
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
                                          Category:dropped
                                          Size (bytes):17174
                                          Entropy (8bit):2.9129715116732746
                                          Encrypted:false
                                          SSDEEP:24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
                                          MD5:12E3DAC858061D088023B2BD48E2FA96
                                          SHA1:E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
                                          SHA-256:90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
                                          SHA-512:C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
                                          Malicious:false
                                          Reputation:low
                                          Preview:..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:HTML document, ASCII text
                                          Category:downloaded
                                          Size (bytes):291
                                          Entropy (8bit):5.258625019674449
                                          Encrypted:false
                                          SSDEEP:6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoIRCwPzaiiyjm8oD:J0+oxBeRmR9etdzRxGezHtPziB8+
                                          MD5:FE7E7996B622BFF611B153681486B6FB
                                          SHA1:E25BC51BA86A87BA3118F1743974C037969BBE29
                                          SHA-256:BF5BB24D5F493125EC37A66E50A5209A2CAAF0C128726705C02432D9A96E32DD
                                          SHA-512:304B9D68A9A47633D72772CFFE6298024F9CC43F93C2DE293CAF321E51401E288E0619C257D2B6AD97F435744ED210C5F2938394AFB913E75BC08E4357AE53CC
                                          Malicious:false
                                          Reputation:low
                                          URL:https://session-auth.5436245745.info/favicon.ico
                                          Preview:<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<hr>.<address>Apache/2.4.52 (Ubuntu) Server at session-auth.5436245745.info Port 443</address>.</body></html>.
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 44327
                                          Category:dropped
                                          Size (bytes):6213
                                          Entropy (8bit):7.966605070784871
                                          Encrypted:false
                                          SSDEEP:96:6XZqMaoZgs0RHBR7XHJOfepmm5qjoxfSzdqmSSSOKVlJI05qszE8YjS10+b6o:yaoZQHBRzJOfahzFS51SuUJI05A/g5
                                          MD5:14A1E96B2D571F92C96D8979EEBFC80E
                                          SHA1:ACDF9EACF069BF51C86112667ED3C41BE394A2DC
                                          SHA-256:D721FF1CCC3BC31816AE80D4975E8D3AC3C2BDA5B679EF72B4233C15FA908A89
                                          SHA-512:6A2745688BA237F4459E89F85555CA2C9491F624F1428433C398FFD266D70429D73726ED043150B842346DED0686FCEBF3B5ABA62A4141F02C819F0A3D16116E
                                          Malicious:false
                                          Reputation:low
                                          Preview:...........].r.F.....%~....8U..$3.L2....%[.my$.|.Y..J1.<!h2.1.T...h.^......'.....G'Ooo_....^.._.....C-.|..'......NT..D<=.|....d..........'........N....E...'O.|q..z1.,.\/>.H;s..1y.~...f~~>.....s..VW......w.....D<~t.%&..._r...'......?>...{..V..w;.............:....]..n.{....v..........N.(..;......n...S&.Zz...C..ji.....b..1..?..\m.p..*,*+.`*......r..1.+.}.T."~+}......K.U......0...-ko<..`.p...Q....`j..#......!..pH..I...u4Vh.k.....^.P'k...+.....J../.7u.n...."~...X:~..AG-#.._...q.R...T.P..j.}...V....U..A;..l..t.5......._>t._~......|......J8.=....%...$$.......K7.jB.E.W.G...2.+.yD..../.J.....TXS)M..+c@+HN.F..M..({.9u..)TH.....p[...pOIoG..C$..^.A.pz.......,.v..&......0.r.........Ge ......v.O..h..(.m.Q.A.24"..jS.E[.D.,.. ..zax....0..|U7.(......c5P#X).J...a..,.....|.$%....J.ia.."\.p,(... ....ce...5.O..R7g...A.4.]..c..O...Q9............ .@.....Ep/..`L......X.3..X~...,.qB..Ji^;.}Yc.a.....F...e.V.........|7.?;..n.~~........w....r.B1.d...+.~.N
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:HTML document, ASCII text, with CRLF, LF line terminators
                                          Category:downloaded
                                          Size (bytes):638
                                          Entropy (8bit):5.6046499205520695
                                          Encrypted:false
                                          SSDEEP:12:4krY1trWPqUCjMLZC1J/33kPXVOrXVOHmrSXVOGYMLZC1J/3AXVOGXVOH5VKnXVw:zs1TUCjMM193U/VObVOHmrWVOGYMM191
                                          MD5:375F283F74F36C0B5DCBC5D08E896F50
                                          SHA1:E887C856BF46C07D02ABEA8E1A2C2C5F2FCC2C1F
                                          SHA-256:089A0864E61101CE59302508E7E5D4479C48431991C865B86AF90AFD96BAFB2A
                                          SHA-512:8FC9C7E513D63E88F50A9EB7C8C6F92C9ED3E9A866EAEE163D4B275132AB2D5F097667DD840FA6ECAC3E95C492A7DAFDC70AA387907335EFD99F74CF79956A66
                                          Malicious:false
                                          Reputation:low
                                          URL:https://storage-googleapis-com.cdn.ampproject.org/c/s/storage.googleapis.com/64537346863/pdpeulwim8hmijrsur818_q3ijp1j8y4ml6p47_0j2my8bsc.html?lt=t_s_jan_293241770520623800_stage&target=293241770520623800_1&utm_rid=293241770520623800_2
                                          Preview:<HTML><HEAD>.<meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>Redirecting</TITLE>.<META HTTP-EQUIV="refresh" content="0; url=https://storage.googleapis.com/64537346863/pdpeulwim8hmijrsur818_q3ijp1j8y4ml6p47_0j2my8bsc.html?lt=t_s_jan_293241770520623800_stage&amp;target=293241770520623800_1&amp;utm_rid=293241770520623800_2">.</HEAD>.<BODY onLoad="location.replace('https://storage.googleapis.com/64537346863/pdpeulwim8hmijrsur818_q3ijp1j8y4ml6p47_0j2my8bsc.html?lt\x3dt_s_jan_293241770520623800_stage\x26target\x3d293241770520623800_1\x26utm_rid\x3d293241770520623800_2'+document.location.hash)">.</BODY></HTML>..
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:HTML document, ASCII text
                                          Category:downloaded
                                          Size (bytes):939
                                          Entropy (8bit):4.392567816892699
                                          Encrypted:false
                                          SSDEEP:24:7YMM9ApAWFtsY1JCsfiRR4yHjWZg6yB4Nk:2eHtZJdi3jWZ9yuNk
                                          MD5:698975CFD62D86E3CE8E15CF7EE477EF
                                          SHA1:FBC43F2FD8008C518CE3C2F7A840A4BBEE1048A0
                                          SHA-256:5283CA1C95001295886F8B31B5FBD2B395B338A06DCF89FC53F537D0C5F5F676
                                          SHA-512:C684D118457FCE24A2A1D16AD68BEA3B72EB40EFE3F3BF08255C69C482209AFA3B9CD037E2DF8987D5C49C90BC772D09D6BF97D0A5B9EC3E25933FC458E89235
                                          Malicious:false
                                          Reputation:low
                                          URL:https://session-auth.5436245745.info/dashboard/?app=c3RlZmZlbi5ldWxpdHpAbmlwcG9uZ2FzZXMuY29t&utm_id=aHR0cHM6Ly9jZG4uYW1wcHJvamVjdC5vcmcvYy9zL3ZyYm8uY29tL2F1dGgvdWkvbG9naW4/NTgyMzU=&ut_adi_h1j6TQ=aHR0cHM6Ly9jZG4uYW1wcHJvamVjdC5vcmcvYy9zL3ZyYm8uY29tL2F1dGgvdWkvbG9naW4/NTgyMzU=
                                          Preview:. ..<!DOCTYPE html>.<html>.<head>. <meta charset="UTF-8">. . <meta http-equiv="refresh" content="2;url=https://3474889.cfd/?xbytndgh">. <style>. body {. font-family: Arial, sans-serif;. text-align: center;. margin-top: 100px;. }. .countdown {. font-size: 24px;. margin: 20px 0;. }. .message {. font-size: 18px;. }. </style>. <script>. // JavaScript timer to display a countdown. var seconds = 1;. function countdown() {. document.getElementById('timer').innerHTML = seconds;. if (seconds <= 0) {. window.location.href = "https://3474889.cfd/?xbytndgh";. } else {. seconds--;. setTimeout(countdown, 1000);. }. }. window.onload = countdown;. </script>.</head>.<body>. . . .</body>.</html>
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):850
                                          Entropy (8bit):7.680885612757513
                                          Encrypted:false
                                          SSDEEP:24:+l1KvB8VpaJI+e8HC2+6kIfDy1WjVf4MrQ1:+p0JI+e2C2tFpjVf4M+
                                          MD5:352549ECE32E8183CB6792D5B1E7450B
                                          SHA1:6C6EA952EC11C2026E828F0118BB9A58E35CCFBF
                                          SHA-256:24283ABECAB24B0A7F50518EF5E9C684B1ABD4FDBB31C6D0E1CA63A236A34D1C
                                          SHA-512:5CC8C80095B2928EEAEAA987FEE7769FC344A913F89D4505F38687D87916351DABEA19883550FFE4B95B2E2802FEE7297A9927C845F78DD5AA963BFF06AE7EED
                                          Malicious:false
                                          Reputation:low
                                          Preview:.PNG........IHDR... ... .....szz.....IDATX...k.P..7......(..PDq.H.u.;/tu0a.Uq.1.u(6MZm..../.L.K....W..D.e....-].6m.&=.....I..;....<OrNz.a'}...vO........PmY..Q..@.@O.%"..8..x.=.,^D.FWy .'.B]..-D.W.ct.@%0{..M..c..z*..te0@-.H.1..._.+..aa%!\I.iG..x.[....yP..|....,....T.N'@5y7/...%..q...W;..X8f|.e..M.W.T..T].G.$...?&.a~..n.U.80..o......#U....%QH.y..'....1..D..@!r.J.>..>..:._`$..&..S.....T.(.&@n...C[..<.....X.;...@.Z.B..lvE9..p.......C..w.yu.7.....*.1...M.d....88.0.ot$....P..h$......fCHZ&:..,.L..>...sE..:,.......'C.y..Gl...}......k......2..3.l..-.0f..^6.l....Q..1...G....2.7#...A.yR.'..c..G.g...R.n...$..N.C.u..|....,..iH.,.&.<.:Z.AO.n()H.R..p&'.. ...._.z....ah=..c|Z.)..e...LNu...4Y...qp..{...:.V...B..p..zh....k.....Y......B..h|....o^...~4...z...w....4]...q...=.......}RO..N}.?P.k.....LC&....0....IEND.B`.
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 90678
                                          Category:downloaded
                                          Size (bytes):32811
                                          Entropy (8bit):7.993115726308211
                                          Encrypted:true
                                          SSDEEP:768:Tu4jwkrxI2adXpo9SSwpmUPieDFpfy2Ky4lS4ru4r0r:300CfRpFpmAieDFpfBbWbru4r0r
                                          MD5:BCD68C8A4F1BB13B272E02FDA0EB5460
                                          SHA1:57C81EE13D027556D54744C9246226E1E85C211C
                                          SHA-256:25D5832DE46E5170761BA826342655D7C5550451332E4086EC366E79D359BD51
                                          SHA-512:0D70D7476653949F79CC67897F9F36E6B2F503E5C308C59D0C349B841BC2A27CD6408ACB272568CCA6B593AF5060F93FADD217D1677DE0E897608BA3BBFB0493
                                          Malicious:false
                                          Reputation:low
                                          URL:https://logincdn.msauth.net/shared/5/chunks/oneds-analytics-js_8c01a5c09df43fd8d323.js
                                          Preview:...........kW.H.?..|.[g.[...$..Q..B&....e.a.....F.H2.`..S..Z.H..>..5..Z....U.U..~m.^.Yk..d..V.L..2*.4i.2..\.V..q..%....G..?..Q..=.u..'..&.G...?y........N.h.z....h...Q...\N'.ky:.F.......2..2)...$..9...j-.G.Ag6..........mos.G..<...~".(....2.Eg.Kq.l6.M.....L....L..,i.....".0.L..DK.|.d.....;..>QS....r*/e...O.gq.Ps./..4...ZA...c.O...*[...f......"..4..{......,.b.@.6*d2.i..{....&..>.......Q......Q.4.W.....!.'...~...J~.QrF.=;.W2#<i...z..N..$...,N..z.P.....3...'..".h.yG+......>.^.....k.Y:.Y...N..............B...S......5r.E#.........O.t...I..~...3.4%.G.....I........(M/b..*.....SB.3Y......I. .,E.?..i.s.s...$?..f....?.$WLS".M.....{.=.P.~~y.1..uZ2..=!.U.`.s.....n.c...x......O.3B...q...r........).D.z..?.H.HCo...$..<..{./.a.ei..73)F...+"..Q&.JbJ..M..n.$.w.|.:1Y.....OJ...&..t.:..<M.kk^....NL8..i6,w....,.....y...0...#j;.C..6.%$..o}.A.q-..0.O..g..U..[]j.:.'a...C...2.x..50.|..}gBlg..i4=<..S...eA.P.S....L.&.Z.f]k.YA@.J......._.!I.k-.L.....XP....{.....i.
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):72
                                          Entropy (8bit):4.241202481433726
                                          Encrypted:false
                                          SSDEEP:3:YozDD/RNgQJzRWWlKFiFD3e4xCzY:YovtNgmzR/wYFDxkY
                                          MD5:9E576E34B18E986347909C29AE6A82C6
                                          SHA1:532C767978DC2B55854B3CA2D2DF5B4DB221C934
                                          SHA-256:88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
                                          SHA-512:5EF6DCFFD93434D45760888BF4B95FF134D53F34DA9DC904AD3C5EBEDC58409073483F531FEA4233869ED3EC75F38B022A70B2E179A5D3A13BDB10AB5C46B124
                                          Malicious:false
                                          Reputation:low
                                          Preview:{"Message":"The requested resource does not support http method 'GET'."}
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:HTML document, ASCII text, with very long lines (2156), with CRLF line terminators
                                          Category:downloaded
                                          Size (bytes):2284
                                          Entropy (8bit):5.736501959890029
                                          Encrypted:false
                                          SSDEEP:48:t1X4w+kOpGgkuGq9juwbae13NhcKBLd4VSOytSg6r0NjyPMGn84zrIQoNfK:H6cFuV96wDrHBZ4qooEMGnjvnP
                                          MD5:7AD5681C17BF1F957440D144AE0F6FC3
                                          SHA1:D20C93491E947BEF3B8089530ABE6E9D05964F02
                                          SHA-256:F14A7BCBF681FCECDDC2F03EB44791E98FEC2314160C204479FA78AD885A17CD
                                          SHA-512:CCD135D8A6D28C6AC57133B2CCE7ABF363B439B42E64D89930AF6244AFE90939BED4E9319D0F27B03A2D9B8597C95896E050631DD75722AEBEA8220F1405F0C0
                                          Malicious:false
                                          Reputation:low
                                          URL:https://df.cfp.microsoft.com/Clear.HTML?ctx=Ls1.0&wl=False&session_id=7c48670771ec4a0195498fd364b479ab&id=f978cb99-bf09-d437-bcb7-2bbf4e5d1c3f&w=8DD711011802484&tkt=taBcrIH61PuCVH7eNCyH0Iitb%252bEMfwlgK%252fM8w%252f28EbfGPmY0ttgyKs3tFFnStJsqv5iEblhq%252fLd6XCbqsWQhiKGNMcErI6Acq9cr%252fiys%252bd8MtjSTt0EPDWrfHf3PokvIY4Xr3%252ftK422Xpa%252b3TlLIl7TBMhPd28q0e5CnuFW1zj2vxGoHkgasOtUi0pCDG5dPzL7New5OItMzdCjH43RaUfdO%252fMGE0ZaxDAaOrjRQlFiVXfTY%252bQlKZRvl3EtBSGgfrxM2YG%252bu%252fAMXV9ezwHIiGl%252fIKG71V%252fwoiqKSnnYhRyg%253d&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d
                                          Preview:<!DOCTYPE html>..<html xmlns="http://www.w3.org/1999/xhtml">..<head>.. <title></title>..</head>..<body>.. <script>function BaseStamp() { this.GetStorageQsInfo = function () { if (window.localStorage) { var n = window.localStorage.getItem(lsKey); if(n&&n!=null&&n!="")return n==id&&(n=""),"session_id=" + sid + "&CustomerId=" + cid + "&fid=" + id + "&ofid=" + n + "&w=" + ticks + "&auth=" + encodeURIComponent(authKey);window.localStorage.setItem(lsKey,id);n=id}return""}; this.newXMLHttp = function () { var n = null; return window.XMLHttpRequest ? n = new XMLHttpRequest : window.ActiveXObject && (n = new ActiveXObject("Msxml2.XMLHTTP")), n }; this.delayedSend = function (n) { var i, t, r; try { i = this.newXMLHttp(); i.open("GET", n, !0); i.send() } catch (u) { t = document.createElement("script"); t.id = "DelayedSendLS"; t.defer = !0; t.onload = function () { return !0 }; t.setAttribute("src", n); r = document.createElement("div"); r.id = "DelayedSendLSDiv"; document.body.appendChild
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                          Category:downloaded
                                          Size (bytes):850
                                          Entropy (8bit):7.680885612757513
                                          Encrypted:false
                                          SSDEEP:24:+l1KvB8VpaJI+e8HC2+6kIfDy1WjVf4MrQ1:+p0JI+e2C2tFpjVf4M+
                                          MD5:352549ECE32E8183CB6792D5B1E7450B
                                          SHA1:6C6EA952EC11C2026E828F0118BB9A58E35CCFBF
                                          SHA-256:24283ABECAB24B0A7F50518EF5E9C684B1ABD4FDBB31C6D0E1CA63A236A34D1C
                                          SHA-512:5CC8C80095B2928EEAEAA987FEE7769FC344A913F89D4505F38687D87916351DABEA19883550FFE4B95B2E2802FEE7297A9927C845F78DD5AA963BFF06AE7EED
                                          Malicious:false
                                          Reputation:low
                                          URL:https://www.google.com/images/icons/product/cloud_storage-32.png
                                          Preview:.PNG........IHDR... ... .....szz.....IDATX...k.P..7......(..PDq.H.u.;/tu0a.Uq.1.u(6MZm..../.L.K....W..D.e....-].6m.&=.....I..;....<OrNz.a'}...vO........PmY..Q..@.@O.%"..8..x.=.,^D.FWy .'.B]..-D.W.ct.@%0{..M..c..z*..te0@-.H.1..._.+..aa%!\I.iG..x.[....yP..|....,....T.N'@5y7/...%..q...W;..X8f|.e..M.W.T..T].G.$...?&.a~..n.U.80..o......#U....%QH.y..'....1..D..@!r.J.>..>..:._`$..&..S.....T.(.&@n...C[..<.....X.;...@.Z.B..lvE9..p.......C..w.yu.7.....*.1...M.d....88.0.ot$....P..h$......fCHZ&:..,.L..>...sE..:,.......'C.y..Gl...}......k......2..3.l..-.0f..^6.l....Q..1...G....2.7#...A.yR.'..c..G.g...R.n...$..N.C.u..|....,..iH.,.&.<.:Z.AO.n()H.R..p&'.. ...._.z....ah=..c|Z.)..e...LNu...4Y...qp..{...:.V...B..p..zh....k.....Y......B..h|....o^...~4...z...w....4]...q...=.......}RO..N}.?P.k.....LC&....0....IEND.B`.
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
                                          Category:downloaded
                                          Size (bytes):1435
                                          Entropy (8bit):7.8613342322590265
                                          Encrypted:false
                                          SSDEEP:24:XjtSZi0kq+yVCGYXVrO4vDxik/N/z5VaLPbholJvf6dblke68eRZJyBDz3BnZcNX:XgDkpyVCGca4b//9z5oPXdbl9688qRzY
                                          MD5:9F368BC4580FED907775F31C6B26D6CF
                                          SHA1:E393A40B3E337F43057EEE3DE189F197AB056451
                                          SHA-256:7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
                                          SHA-512:0023B04D1EEC26719363AED57C95C1A91244C5AFF0BB53091938798FB16E230680E1F972D166B633C1D2B314B34FE0B9D7C18442410DB7DD6024E279AAFD61B0
                                          Malicious:false
                                          Reputation:low
                                          URL:https://logincdn.msauth.net/shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg
                                          Preview:...........WMo.7..+..uV.HJ...{..........&..v...(Q.F.....aW.Q.|..~.|{~...b{8...zv.....8|...b.gxb.y{.x<\lS...p...p..l7...o.}.v.....t.........r..r.|9?.......HP...r.4.aGA.j....7.!....K.n.B.Z.C.]....kj..A..p...xI...b..I!K..><.B..O....#...$.]h.bU.;.Y...).r.u....g*.-w.2..vPh....q....4_..N\..@y).t{.2pj.f..4h.....NC.....x.R..P..9.....".4.`%N..&...a.@.......fS)A4.F..8e9KHE....8d.CR.K..g..Q.......a....f.....dg*N.N.k..#w..........,.".%..I.q.Y.R]..7.!.:.Ux...T.qI..{..,b..2..B...Bh...[o..[4....dZ.z.!.l....E.9$..Y.'...M.,p..$..8Ns3.B.....{.....H..Se3....%.Ly...VP{.Bh.D.+....p..(..`....t....U.e....2......j...%..0.f<...q...B.k..N....03...8....l.....bS...vh..8..Q..LWXW..C.......3..Pr.V.l...^=VX\,d9f.Y;1!w.d,.qvs....f*;.....Zhrr.,.U....6.Y....+Zd.*R...but....".....4.L...z........L.Q......)....,.].Y.&....*ZsIVG.^...#...e..r....Z..F..c..... .QDCmV..1.~...J9..b_Oov\..X.R..._.TqH.q.5G.0{ZphQ..k...s..\.../.Dp..d`#......8.#Y...Mb.j.Q......=n4.c....p.[.SI.....0.N.
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 58521
                                          Category:downloaded
                                          Size (bytes):15163
                                          Entropy (8bit):7.985681384720909
                                          Encrypted:false
                                          SSDEEP:384:WbsVePxvE3cAD7V8ao3+1XnpcWY4tCO5ANutm31LPYy:Ite3ckp873+1XnpcEYO2Mtw1LPYy
                                          MD5:FCA43E0A7FF6A13BDA50ABC0F0447B82
                                          SHA1:190704C7E2B265F164B8FDB5EFD8CF900D0CFDD1
                                          SHA-256:64ED1FAF7B4D6AB36FD093DA44065B4DA9656ED6802FE3902D9B85BEBC7BD2E6
                                          SHA-512:C3C61239173877A942C62F6DC11C2007CD7691F32EFA3193E4980C36147ED8179ED4C789D4B74E7131162D7B5161750D6A03E948E74998E980272BCCFF67D400
                                          Malicious:false
                                          Reputation:low
                                          URL:https://logincdn.msauth.net/shared/5/chunks/gamepad-navigation_443837d04fb6e3f7553c.js
                                          Preview:...........}ks.H...........R..n.0.m.........\.."...$..C.V........E{<........;+++_..U...e..Ko..|.....M<...J?...d..2)o....=....Ng.`S.W.t...3v.....O.e...$K}.J..w....:.{i.U./../......l..x...V.>...AR.<..|..../....8Y.GP9.<...v.....`.......:.A..*O....I/.H...{....>.......M...f...G*8...45(V..O.Q0.Dv.4Ja..y.B3.....C../.4^...6.P.....Eq..1.e..}..y~Y.a&.Y......... -...v....$....x..`B...?.J^.~..#.A....:..{i..........Up.#.9t. .GC.. ..vcQ.].&,....X.,RuM..Y.....O#v..*..i~|<...7p(.+....wl.&..xK.M.W...<.r.{.B....%_o.^.....^.....b.{..?N.|...k.@..9..=..Q..A..h>..*..U|.{q...~.[..*[..`...Y....<:..P1 .F.B...+,.0...K...p...!..o.f....A...o..6.V+@........`.A.nqY....x...*p...u....4*.".z2..../V....X.....8=>..i:.8.QC.wre...>.6</.....y.6[T+.;...).+..s.".S..\q\.Q.....~..}....E..1..R>..l.2.....WY.....gH..D..ht..4.....'?.0...px..Q0n.5.M.21.....X..~.%`>.J..Y=...,.4.cQb.%..-.r~.E@.}..:...+$t....b..&....t..!m\....`..q9..7.]1....,.k.g...:Wi...-."...z..T..H.*.WE./X...n7.oZL.VxUFPe5.
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (23188), with CRLF line terminators
                                          Category:downloaded
                                          Size (bytes):23652
                                          Entropy (8bit):5.763638775977824
                                          Encrypted:false
                                          SSDEEP:384:HxUbHIEsQdsQvZxyF1Aw8B7Nv0edjuDNaFTLLb2M/zvyMEZWpV:R+H9yF1IBBdq5yF/2dW
                                          MD5:DF48742F8CFF17AC94D91074ADFD0340
                                          SHA1:063C0AE4BC6435017EA7198B901F4283A8A9F9F0
                                          SHA-256:CAE7E0CDC9674ADD2BACC0C8429BB14AE442DBEE9245D726E9E61A0D879A9592
                                          SHA-512:80036C85D7609DD2A3181F2ADE4AC7FCC193B090DC08C277F5D4CC84EDC69C6DEE9F997D5080066E83693733AC1CB568A43A6FCFC3AFF0D194209B1DA80F3649
                                          Malicious:false
                                          Reputation:low
                                          URL:https://fpt.live.com/?session_id=7c48670771ec4a0195498fd364b479ab&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SI
                                          Preview:<!DOCTYPE html>..<html xmlns="http://www.w3.org/1999/xhtml">..<head>.. <title></title>.. <script>var localTarget='https://fpt.live.com/',target='https://df.cfp.microsoft.com/Clear.HTML?ctx=Ls1.0&wl=False&',txnId='7c48670771ec4a0195498fd364b479ab',ticks='8DD711011802484',rid='f978cb99-bf09-d437-bcb7-2bbf4e5d1c3f',authKey='taBcrIH61PuCVH7eNCyH0Iitb%252bEMfwlgK%252fM8w%252f28EbfGPmY0ttgyKs3tFFnStJsqv5iEblhq%252fLd6XCbqsWQhiKGNMcErI6Acq9cr%252fiys%252bd8MtjSTt0EPDWrfHf3PokvIY4Xr3%252ftK422Xpa%252b3TlLIl7TBMhPd28q0e5CnuFW1zj2vxGoHkgasOtUi0pCDG5dPzL7New5OItMzdCjH43RaUfdO%252fMGE0ZaxDAaOrjRQlFiVXfTY%252bQlKZRvl3EtBSGgfrxM2YG%252bu%252fAMXV9ezwHIiGl%252fIKG71V%252fwoiqKSnnYhRyg%253d',cid='33e01921-4d64-4f8c-a055-5bdaffd5e33d',assessment='',waitresponse=true,bbwait=false,commonquery='&PageId=SI',lsInfo=true,splitFonts=false,noFonts=false,UCH=true,PTO=100,rticks=1743506798350,ipv6Url='',txnKey='session_id',ridKey='id',lskey='MUID';(function(){function w(){var i=0,n;return t&&t.length&&(i=t
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:downloaded
                                          Size (bytes):6
                                          Entropy (8bit):2.584962500721156
                                          Encrypted:false
                                          SSDEEP:3:fCu:au
                                          MD5:AAAB7A355103063D9EEB4824A3A6B374
                                          SHA1:E51555F02C32321F3E48F07A0FA5AF46DF835BFC
                                          SHA-256:79BA862622D6FA84AC7E4F98EB95043A255FC2C81711E9400A8AA4D4B1608471
                                          SHA-512:D1A0C9C4F628459F5CA904405B2A66A69425A50E8DCE1BAA43161D784EB219BD3E1FD9447BCBACC314652EDA08CF0B02C863C87F3AC1534AE0F62A414C191F1B
                                          Malicious:false
                                          Reputation:low
                                          URL:https://fpt.live.com/Images/Clear.PNG?ctx=jscb1.0&session_id=7c48670771ec4a0195498fd364b479ab&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&esi=YnVhPU1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMzQuMC4wLjAgU2FmYXJpLzUzNy4zNiZvcz1XaW4zMiZscHJvYz00Jm9sPXRydWUmcnR0PTI1MCZjaHJtPXRydWUmcHJvc3ViPTIwMDMwMTA3JmV2YWw9MzMmYXBwdj01LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEzNC4wLjAuMCBTYWZhcmkvNTM3LjM2JmxzPXRydWUmZG09OCZtdHA9MCZuYz04MiZwcj0xJnNyPTEyODB4MTAyNCZzY2Q9MjQmYXNyPTEyODB4OTg0JnR6PS0zMDAmZHN0PTYwJnR6bz0tMjQwJmJsPWVuLVVTJm10aD0yN2Y1MWQzMTQ5ZTZiZjIwOWI2NmJkMzg3YjBhZjNjNCZtdG49MiZwbj01JnBoPWYzYWMyMmFjNTljNmRjYjg3NDEwOWQwOTNjNTI1NWU4JnA9cGx1Z2luX2ZsYXNoJTNEZmFsc2UlMjZwbHVnaW5fd2luZG93c19tZWRpYV9wbGF5ZXIlM0RmYWxzZSUyNnBsdWdpbl9hZG9iZV9hY3JvYmF0JTNEZmFsc2UlMjZwbHVnaW5fc2lsdmVybGlnaHQlM0RmYWxzZSUyNnBsdWdpbl9xdWlja3RpbWUlM0RmYWxzZSUyNnBsdWdpbl9zaG9ja3dhdmUlM0RmYWxzZSUyNnBsdWdpbl9yZWFscGxheWVyJTNEZmFsc2UlMjZwbHVnaW5fdmxjX3BsYXllciUzRGZhbHNlJTI2cGx1Z2luX2RldmFsdnIlM0RmYWxzZSUyNnBsdWdpbl9zdmdfdmlld2VyJTNEZmFsc2UlMjZwbHVnaW5famF2YSUzRGZhbHNlJmZoPTJhMjk4NDlhZjA3ZGQxNjFkZGM3MzA0MGJlMjVmM2YwJmZuPTExMiZsaD1odHRwcyUzQSUyRiUyRmZwdC5saXZlLmNvbSUyRiUzRnNlc3Npb25faWQlM0Q3YzQ4NjcwNzcxZWM0YTAxOTU0OThmZDM2NGI0NzlhYiUyNkN1c3RvbWVySWQlM0QzM2UwMTkyMS00ZDY0LTRmOGMtYTA1NS01YmRhZmZkNWUzM2QlMjZQYWdlSWQlM0RTSSZkcj1odHRwcyUzQSUyRiUyRjM0NzQ4ODkuY2ZkJTJGJnc9OERENzExMDExODAyNDg0JmlkPWY5NzhjYjk5LWJmMDktZDQzNy1iY2I3LTJiYmY0ZTVkMWMzZiZhPSZjPTRlNDA4YzVhNzUzZmU0NTM3OWJkOTZkMTNlMDRhOTc4&eci=eyJ1dmRyIjoiR29vZ2xlIEluYy4gKEdvb2dsZSkiLCJ1cmRyIjoiQU5HTEUgKEdvb2dsZSwgVnVsa2FuIDEuMy4wIChTd2lmdFNoYWRlciBEZXZpY2UgKFN1Ynplcm8pICgweDAwMDBDMERFKSksIFN3aWZ0U2hhZGVyIGRyaXZlcikiLCJ2ZHIiOiJXZWJLaXQiLCJyZHIiOiJXZWJLaXQgV2ViR0wiLCJpZHVoIjoiOTA0ZGQ5YjYyOTk4ZTc0ZjBhNGQxYzhmM2U1MjM3ZDUifQ==&PageId=SI&u1=&u3=10.0.0&u4=x86&u5=64&u2=(Chromium%2C134.0.6998.36)%2C(Not%3AA-Brand%2C24.0.0.0)%2C(Google%20Chrome%2C134.0.6998.36)
                                          Preview:dfp:OK
                                          No static file info

                                          Download Network PCAP: filteredfull

                                          • Total Packets: 232
                                          • 443 (HTTPS)
                                          • 80 (HTTP)
                                          • 53 (DNS)
                                          TimestampSource PortDest PortSource IPDest IP
                                          Apr 1, 2025 13:26:11.791660070 CEST4967680192.168.2.723.199.215.203
                                          Apr 1, 2025 13:26:11.791662931 CEST49677443192.168.2.72.18.98.62
                                          Apr 1, 2025 13:26:13.385298014 CEST49673443192.168.2.72.23.227.208
                                          Apr 1, 2025 13:26:13.385376930 CEST49675443192.168.2.72.23.227.208
                                          Apr 1, 2025 13:26:13.387181997 CEST49674443192.168.2.72.23.227.208
                                          Apr 1, 2025 13:26:21.401566982 CEST4967680192.168.2.723.199.215.203
                                          Apr 1, 2025 13:26:21.401582003 CEST49677443192.168.2.72.18.98.62
                                          Apr 1, 2025 13:26:21.892467022 CEST49688443192.168.2.7142.251.32.100
                                          Apr 1, 2025 13:26:21.892565966 CEST44349688142.251.32.100192.168.2.7
                                          Apr 1, 2025 13:26:21.892719030 CEST49688443192.168.2.7142.251.32.100
                                          Apr 1, 2025 13:26:21.892847061 CEST49688443192.168.2.7142.251.32.100
                                          Apr 1, 2025 13:26:21.892858028 CEST44349688142.251.32.100192.168.2.7
                                          Apr 1, 2025 13:26:22.095228910 CEST44349688142.251.32.100192.168.2.7
                                          Apr 1, 2025 13:26:22.095300913 CEST49688443192.168.2.7142.251.32.100
                                          Apr 1, 2025 13:26:22.096198082 CEST49688443192.168.2.7142.251.32.100
                                          Apr 1, 2025 13:26:22.096210957 CEST44349688142.251.32.100192.168.2.7
                                          Apr 1, 2025 13:26:22.096554995 CEST44349688142.251.32.100192.168.2.7
                                          Apr 1, 2025 13:26:22.135924101 CEST49688443192.168.2.7142.251.32.100
                                          Apr 1, 2025 13:26:22.995304108 CEST49673443192.168.2.72.23.227.208
                                          Apr 1, 2025 13:26:22.995310068 CEST49674443192.168.2.72.23.227.208
                                          Apr 1, 2025 13:26:22.995311022 CEST49675443192.168.2.72.23.227.208
                                          Apr 1, 2025 13:26:23.153431892 CEST49689443192.168.2.7142.250.65.225
                                          Apr 1, 2025 13:26:23.153486967 CEST44349689142.250.65.225192.168.2.7
                                          Apr 1, 2025 13:26:23.153577089 CEST49689443192.168.2.7142.250.65.225
                                          Apr 1, 2025 13:26:23.154284000 CEST49690443192.168.2.7142.250.65.225
                                          Apr 1, 2025 13:26:23.154329062 CEST44349690142.250.65.225192.168.2.7
                                          Apr 1, 2025 13:26:23.154390097 CEST49690443192.168.2.7142.250.65.225
                                          Apr 1, 2025 13:26:23.154500008 CEST49689443192.168.2.7142.250.65.225
                                          Apr 1, 2025 13:26:23.154512882 CEST44349689142.250.65.225192.168.2.7
                                          Apr 1, 2025 13:26:23.154584885 CEST49690443192.168.2.7142.250.65.225
                                          Apr 1, 2025 13:26:23.154596090 CEST44349690142.250.65.225192.168.2.7
                                          Apr 1, 2025 13:26:23.351114988 CEST44349689142.250.65.225192.168.2.7
                                          Apr 1, 2025 13:26:23.351139069 CEST44349689142.250.65.225192.168.2.7
                                          Apr 1, 2025 13:26:23.351197958 CEST49689443192.168.2.7142.250.65.225
                                          Apr 1, 2025 13:26:23.351226091 CEST44349689142.250.65.225192.168.2.7
                                          Apr 1, 2025 13:26:23.351265907 CEST49689443192.168.2.7142.250.65.225
                                          Apr 1, 2025 13:26:23.351285934 CEST49689443192.168.2.7142.250.65.225
                                          Apr 1, 2025 13:26:23.351907015 CEST44349689142.250.65.225192.168.2.7
                                          Apr 1, 2025 13:26:23.353013992 CEST49689443192.168.2.7142.250.65.225
                                          Apr 1, 2025 13:26:23.353028059 CEST44349689142.250.65.225192.168.2.7
                                          Apr 1, 2025 13:26:23.353250980 CEST44349689142.250.65.225192.168.2.7
                                          Apr 1, 2025 13:26:23.353605986 CEST49689443192.168.2.7142.250.65.225
                                          Apr 1, 2025 13:26:23.355521917 CEST44349690142.250.65.225192.168.2.7
                                          Apr 1, 2025 13:26:23.355540037 CEST44349690142.250.65.225192.168.2.7
                                          Apr 1, 2025 13:26:23.355616093 CEST49690443192.168.2.7142.250.65.225
                                          Apr 1, 2025 13:26:23.355640888 CEST44349690142.250.65.225192.168.2.7
                                          Apr 1, 2025 13:26:23.355693102 CEST49690443192.168.2.7142.250.65.225
                                          Apr 1, 2025 13:26:23.356317043 CEST44349690142.250.65.225192.168.2.7
                                          Apr 1, 2025 13:26:23.356789112 CEST49690443192.168.2.7142.250.65.225
                                          Apr 1, 2025 13:26:23.356802940 CEST44349690142.250.65.225192.168.2.7
                                          Apr 1, 2025 13:26:23.357022047 CEST44349690142.250.65.225192.168.2.7
                                          Apr 1, 2025 13:26:23.400139093 CEST49690443192.168.2.7142.250.65.225
                                          Apr 1, 2025 13:26:23.400285959 CEST44349689142.250.65.225192.168.2.7
                                          Apr 1, 2025 13:26:23.546492100 CEST44349689142.250.65.225192.168.2.7
                                          Apr 1, 2025 13:26:23.547044039 CEST49689443192.168.2.7142.250.65.225
                                          Apr 1, 2025 13:26:23.547077894 CEST44349689142.250.65.225192.168.2.7
                                          Apr 1, 2025 13:26:23.547233105 CEST49689443192.168.2.7142.250.65.225
                                          Apr 1, 2025 13:26:23.666146040 CEST49691443192.168.2.7142.251.35.161
                                          Apr 1, 2025 13:26:23.666193008 CEST44349691142.251.35.161192.168.2.7
                                          Apr 1, 2025 13:26:23.666290045 CEST49691443192.168.2.7142.251.35.161
                                          Apr 1, 2025 13:26:23.666508913 CEST49691443192.168.2.7142.251.35.161
                                          Apr 1, 2025 13:26:23.666522026 CEST44349691142.251.35.161192.168.2.7
                                          Apr 1, 2025 13:26:23.857853889 CEST44349691142.251.35.161192.168.2.7
                                          Apr 1, 2025 13:26:23.857876062 CEST44349691142.251.35.161192.168.2.7
                                          Apr 1, 2025 13:26:23.857932091 CEST49691443192.168.2.7142.251.35.161
                                          Apr 1, 2025 13:26:23.857949972 CEST44349691142.251.35.161192.168.2.7
                                          Apr 1, 2025 13:26:23.857994080 CEST49691443192.168.2.7142.251.35.161
                                          Apr 1, 2025 13:26:23.857994080 CEST49691443192.168.2.7142.251.35.161
                                          Apr 1, 2025 13:26:23.858604908 CEST44349691142.251.35.161192.168.2.7
                                          Apr 1, 2025 13:26:23.859532118 CEST49691443192.168.2.7142.251.35.161
                                          Apr 1, 2025 13:26:23.859545946 CEST44349691142.251.35.161192.168.2.7
                                          Apr 1, 2025 13:26:23.859805107 CEST44349691142.251.35.161192.168.2.7
                                          Apr 1, 2025 13:26:23.860198021 CEST49691443192.168.2.7142.251.35.161
                                          Apr 1, 2025 13:26:23.904270887 CEST44349691142.251.35.161192.168.2.7
                                          Apr 1, 2025 13:26:24.105696917 CEST44349691142.251.35.161192.168.2.7
                                          Apr 1, 2025 13:26:24.108586073 CEST44349691142.251.35.161192.168.2.7
                                          Apr 1, 2025 13:26:24.108697891 CEST49691443192.168.2.7142.251.35.161
                                          Apr 1, 2025 13:26:24.122622013 CEST49691443192.168.2.7142.251.35.161
                                          Apr 1, 2025 13:26:24.122644901 CEST44349691142.251.35.161192.168.2.7
                                          Apr 1, 2025 13:26:25.305990934 CEST49698443192.168.2.7142.251.40.196
                                          Apr 1, 2025 13:26:25.306025982 CEST44349698142.251.40.196192.168.2.7
                                          Apr 1, 2025 13:26:25.306097984 CEST49698443192.168.2.7142.251.40.196
                                          Apr 1, 2025 13:26:25.306251049 CEST49698443192.168.2.7142.251.40.196
                                          Apr 1, 2025 13:26:25.306260109 CEST44349698142.251.40.196192.168.2.7
                                          Apr 1, 2025 13:26:25.502644062 CEST44349698142.251.40.196192.168.2.7
                                          Apr 1, 2025 13:26:25.502743006 CEST49698443192.168.2.7142.251.40.196
                                          Apr 1, 2025 13:26:25.504339933 CEST49698443192.168.2.7142.251.40.196
                                          Apr 1, 2025 13:26:25.504349947 CEST44349698142.251.40.196192.168.2.7
                                          Apr 1, 2025 13:26:25.504600048 CEST44349698142.251.40.196192.168.2.7
                                          Apr 1, 2025 13:26:25.505191088 CEST49698443192.168.2.7142.251.40.196
                                          Apr 1, 2025 13:26:25.552273035 CEST44349698142.251.40.196192.168.2.7
                                          Apr 1, 2025 13:26:25.698070049 CEST44349698142.251.40.196192.168.2.7
                                          Apr 1, 2025 13:26:25.698394060 CEST44349698142.251.40.196192.168.2.7
                                          Apr 1, 2025 13:26:25.698451996 CEST49698443192.168.2.7142.251.40.196
                                          Apr 1, 2025 13:26:25.711010933 CEST49698443192.168.2.7142.251.40.196
                                          Apr 1, 2025 13:26:25.711030960 CEST44349698142.251.40.196192.168.2.7
                                          Apr 1, 2025 13:26:25.885092974 CEST49699443192.168.2.7142.251.32.100
                                          Apr 1, 2025 13:26:25.885154963 CEST44349699142.251.32.100192.168.2.7
                                          Apr 1, 2025 13:26:25.885215044 CEST49699443192.168.2.7142.251.32.100
                                          Apr 1, 2025 13:26:25.885390997 CEST49699443192.168.2.7142.251.32.100
                                          Apr 1, 2025 13:26:25.885401011 CEST44349699142.251.32.100192.168.2.7
                                          Apr 1, 2025 13:26:26.082056999 CEST44349699142.251.32.100192.168.2.7
                                          Apr 1, 2025 13:26:26.082146883 CEST49699443192.168.2.7142.251.32.100
                                          Apr 1, 2025 13:26:26.082699060 CEST49699443192.168.2.7142.251.32.100
                                          Apr 1, 2025 13:26:26.082707882 CEST44349699142.251.32.100192.168.2.7
                                          Apr 1, 2025 13:26:26.083554029 CEST44349699142.251.32.100192.168.2.7
                                          Apr 1, 2025 13:26:26.083878040 CEST49699443192.168.2.7142.251.32.100
                                          Apr 1, 2025 13:26:26.124277115 CEST44349699142.251.32.100192.168.2.7
                                          Apr 1, 2025 13:26:26.277600050 CEST44349699142.251.32.100192.168.2.7
                                          Apr 1, 2025 13:26:26.277740955 CEST44349699142.251.32.100192.168.2.7
                                          Apr 1, 2025 13:26:26.277848959 CEST49699443192.168.2.7142.251.32.100
                                          Apr 1, 2025 13:26:26.279206038 CEST49699443192.168.2.7142.251.32.100
                                          Apr 1, 2025 13:26:26.279232025 CEST44349699142.251.32.100192.168.2.7
                                          Apr 1, 2025 13:26:28.936436892 CEST49701443192.168.2.75.255.106.15
                                          Apr 1, 2025 13:26:28.936480999 CEST443497015.255.106.15192.168.2.7
                                          Apr 1, 2025 13:26:28.936547995 CEST49701443192.168.2.75.255.106.15
                                          Apr 1, 2025 13:26:28.936888933 CEST49701443192.168.2.75.255.106.15
                                          Apr 1, 2025 13:26:28.936904907 CEST443497015.255.106.15192.168.2.7
                                          Apr 1, 2025 13:26:28.937268019 CEST49702443192.168.2.75.255.106.15
                                          Apr 1, 2025 13:26:28.937311888 CEST443497025.255.106.15192.168.2.7
                                          Apr 1, 2025 13:26:28.937371016 CEST49702443192.168.2.75.255.106.15
                                          Apr 1, 2025 13:26:28.937522888 CEST49702443192.168.2.75.255.106.15
                                          Apr 1, 2025 13:26:28.937542915 CEST443497025.255.106.15192.168.2.7
                                          Apr 1, 2025 13:26:29.280200958 CEST443497015.255.106.15192.168.2.7
                                          Apr 1, 2025 13:26:29.280294895 CEST49701443192.168.2.75.255.106.15
                                          Apr 1, 2025 13:26:29.281740904 CEST49701443192.168.2.75.255.106.15
                                          Apr 1, 2025 13:26:29.281753063 CEST443497015.255.106.15192.168.2.7
                                          Apr 1, 2025 13:26:29.282018900 CEST443497015.255.106.15192.168.2.7
                                          Apr 1, 2025 13:26:29.282371044 CEST49701443192.168.2.75.255.106.15
                                          Apr 1, 2025 13:26:29.284617901 CEST443497025.255.106.15192.168.2.7
                                          Apr 1, 2025 13:26:29.284686089 CEST49702443192.168.2.75.255.106.15
                                          Apr 1, 2025 13:26:29.285681963 CEST49702443192.168.2.75.255.106.15
                                          Apr 1, 2025 13:26:29.285692930 CEST443497025.255.106.15192.168.2.7
                                          Apr 1, 2025 13:26:29.286235094 CEST443497025.255.106.15192.168.2.7
                                          Apr 1, 2025 13:26:29.324270010 CEST443497015.255.106.15192.168.2.7
                                          Apr 1, 2025 13:26:29.340007067 CEST49702443192.168.2.75.255.106.15
                                          Apr 1, 2025 13:26:29.605423927 CEST443497015.255.106.15192.168.2.7
                                          Apr 1, 2025 13:26:29.605653048 CEST443497015.255.106.15192.168.2.7
                                          Apr 1, 2025 13:26:29.605719090 CEST49701443192.168.2.75.255.106.15
                                          Apr 1, 2025 13:26:29.633447886 CEST49701443192.168.2.75.255.106.15
                                          Apr 1, 2025 13:26:29.633470058 CEST443497015.255.106.15192.168.2.7
                                          Apr 1, 2025 13:26:29.676055908 CEST49702443192.168.2.75.255.106.15
                                          Apr 1, 2025 13:26:29.716289043 CEST443497025.255.106.15192.168.2.7
                                          Apr 1, 2025 13:26:29.844181061 CEST443497025.255.106.15192.168.2.7
                                          Apr 1, 2025 13:26:29.844305992 CEST443497025.255.106.15192.168.2.7
                                          Apr 1, 2025 13:26:29.844388008 CEST49702443192.168.2.75.255.106.15
                                          Apr 1, 2025 13:26:29.846669912 CEST49702443192.168.2.75.255.106.15
                                          Apr 1, 2025 13:26:29.846692085 CEST443497025.255.106.15192.168.2.7
                                          Apr 1, 2025 13:26:31.815926075 CEST49704443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:31.815958023 CEST443497045.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:31.816277981 CEST49704443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:31.816440105 CEST49705443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:31.816509008 CEST443497055.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:31.816576004 CEST49705443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:31.816766977 CEST49705443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:31.816801071 CEST443497055.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:31.817131042 CEST49704443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:31.817142010 CEST443497045.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:32.107878923 CEST44349688142.251.32.100192.168.2.7
                                          Apr 1, 2025 13:26:32.108025074 CEST44349688142.251.32.100192.168.2.7
                                          Apr 1, 2025 13:26:32.108110905 CEST49688443192.168.2.7142.251.32.100
                                          Apr 1, 2025 13:26:32.162935972 CEST443497045.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:32.163062096 CEST49704443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:32.169709921 CEST443497055.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:32.169823885 CEST49705443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:32.183243990 CEST49705443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:32.183290958 CEST443497055.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:32.183635950 CEST443497055.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:32.220705032 CEST49704443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:32.220741987 CEST443497045.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:32.221081972 CEST443497045.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:32.221388102 CEST49705443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:32.265840054 CEST49704443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:32.268274069 CEST443497055.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:32.497736931 CEST443497055.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:32.497917891 CEST443497055.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:32.498003960 CEST49705443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:32.498778105 CEST49705443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:32.498851061 CEST443497055.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:32.501125097 CEST49688443192.168.2.7142.251.32.100
                                          Apr 1, 2025 13:26:32.501199961 CEST44349688142.251.32.100192.168.2.7
                                          Apr 1, 2025 13:26:32.501589060 CEST49704443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:32.544296980 CEST443497045.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:32.873703003 CEST443497045.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:32.873791933 CEST49704443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:32.873820066 CEST443497045.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:32.874001980 CEST443497045.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:32.874231100 CEST49704443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:32.877321005 CEST49704443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:32.877350092 CEST443497045.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:32.884172916 CEST49707443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:32.884212017 CEST443497075.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:32.884357929 CEST49707443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:32.884553909 CEST49707443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:32.884562016 CEST443497075.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:33.008033991 CEST4970880192.168.2.7142.250.72.99
                                          Apr 1, 2025 13:26:33.099819899 CEST8049708142.250.72.99192.168.2.7
                                          Apr 1, 2025 13:26:33.099919081 CEST4970880192.168.2.7142.250.72.99
                                          Apr 1, 2025 13:26:33.100110054 CEST4970880192.168.2.7142.250.72.99
                                          Apr 1, 2025 13:26:33.189822912 CEST8049708142.250.72.99192.168.2.7
                                          Apr 1, 2025 13:26:33.191659927 CEST8049708142.250.72.99192.168.2.7
                                          Apr 1, 2025 13:26:33.197976112 CEST4970880192.168.2.7142.250.72.99
                                          Apr 1, 2025 13:26:33.220597982 CEST443497075.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:33.223905087 CEST49707443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:33.223936081 CEST443497075.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:33.224215031 CEST49707443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:33.224226952 CEST443497075.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:33.288830996 CEST8049708142.250.72.99192.168.2.7
                                          Apr 1, 2025 13:26:33.329586983 CEST4970880192.168.2.7142.250.72.99
                                          Apr 1, 2025 13:26:33.870779037 CEST443497075.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:33.870804071 CEST443497075.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:33.870820045 CEST443497075.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:33.870834112 CEST443497075.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:33.870923042 CEST49707443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:33.870923042 CEST49707443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:33.870943069 CEST443497075.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:33.870953083 CEST443497075.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:33.870959997 CEST443497075.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:33.870996952 CEST49707443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:33.871041059 CEST49707443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:33.872375011 CEST49707443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:33.872394085 CEST443497075.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:34.035576105 CEST49712443192.168.2.723.209.72.31
                                          Apr 1, 2025 13:26:34.035631895 CEST4434971223.209.72.31192.168.2.7
                                          Apr 1, 2025 13:26:34.036106110 CEST49712443192.168.2.723.209.72.31
                                          Apr 1, 2025 13:26:34.036551952 CEST49712443192.168.2.723.209.72.31
                                          Apr 1, 2025 13:26:34.036566973 CEST4434971223.209.72.31192.168.2.7
                                          Apr 1, 2025 13:26:34.037554026 CEST49713443192.168.2.713.107.246.40
                                          Apr 1, 2025 13:26:34.037600040 CEST4434971313.107.246.40192.168.2.7
                                          Apr 1, 2025 13:26:34.038368940 CEST49713443192.168.2.713.107.246.40
                                          Apr 1, 2025 13:26:34.038660049 CEST49713443192.168.2.713.107.246.40
                                          Apr 1, 2025 13:26:34.038675070 CEST4434971313.107.246.40192.168.2.7
                                          Apr 1, 2025 13:26:34.196013927 CEST49672443192.168.2.72.23.227.208
                                          Apr 1, 2025 13:26:34.196072102 CEST443496722.23.227.208192.168.2.7
                                          Apr 1, 2025 13:26:34.196281910 CEST49672443192.168.2.72.23.227.208
                                          Apr 1, 2025 13:26:34.196293116 CEST443496722.23.227.208192.168.2.7
                                          Apr 1, 2025 13:26:34.239751101 CEST4434971223.209.72.31192.168.2.7
                                          Apr 1, 2025 13:26:34.239877939 CEST49712443192.168.2.723.209.72.31
                                          Apr 1, 2025 13:26:34.241514921 CEST49712443192.168.2.723.209.72.31
                                          Apr 1, 2025 13:26:34.241544962 CEST4434971223.209.72.31192.168.2.7
                                          Apr 1, 2025 13:26:34.241952896 CEST4434971223.209.72.31192.168.2.7
                                          Apr 1, 2025 13:26:34.281827927 CEST49712443192.168.2.723.209.72.31
                                          Apr 1, 2025 13:26:34.328188896 CEST4434971313.107.246.40192.168.2.7
                                          Apr 1, 2025 13:26:34.328282118 CEST49713443192.168.2.713.107.246.40
                                          Apr 1, 2025 13:26:34.330632925 CEST49713443192.168.2.713.107.246.40
                                          Apr 1, 2025 13:26:34.330641985 CEST4434971313.107.246.40192.168.2.7
                                          Apr 1, 2025 13:26:34.330909014 CEST4434971313.107.246.40192.168.2.7
                                          Apr 1, 2025 13:26:34.374739885 CEST49713443192.168.2.713.107.246.40
                                          Apr 1, 2025 13:26:37.043972969 CEST49715443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:37.044024944 CEST443497155.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:37.044094086 CEST49715443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:37.044426918 CEST49715443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:37.044444084 CEST443497155.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:37.384385109 CEST443497155.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:37.384773970 CEST49715443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:37.384809017 CEST443497155.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:37.385040998 CEST49715443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:37.385055065 CEST443497155.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:37.385062933 CEST49715443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:37.385073900 CEST443497155.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:37.613290071 CEST49719443192.168.2.720.72.243.62
                                          Apr 1, 2025 13:26:37.613347054 CEST4434971920.72.243.62192.168.2.7
                                          Apr 1, 2025 13:26:37.613775969 CEST49719443192.168.2.720.72.243.62
                                          Apr 1, 2025 13:26:37.613775969 CEST49719443192.168.2.720.72.243.62
                                          Apr 1, 2025 13:26:37.613816977 CEST4434971920.72.243.62192.168.2.7
                                          Apr 1, 2025 13:26:37.837100983 CEST443497155.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:37.837172985 CEST443497155.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:37.839271069 CEST49715443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:37.991583109 CEST49715443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:37.991612911 CEST443497155.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:38.116487026 CEST4434971920.72.243.62192.168.2.7
                                          Apr 1, 2025 13:26:38.116554976 CEST49719443192.168.2.720.72.243.62
                                          Apr 1, 2025 13:26:38.117841959 CEST49719443192.168.2.720.72.243.62
                                          Apr 1, 2025 13:26:38.117850065 CEST4434971920.72.243.62192.168.2.7
                                          Apr 1, 2025 13:26:38.118191957 CEST4434971920.72.243.62192.168.2.7
                                          Apr 1, 2025 13:26:38.118504047 CEST49719443192.168.2.720.72.243.62
                                          Apr 1, 2025 13:26:38.160280943 CEST4434971920.72.243.62192.168.2.7
                                          Apr 1, 2025 13:26:38.438781977 CEST4434971920.72.243.62192.168.2.7
                                          Apr 1, 2025 13:26:38.438808918 CEST4434971920.72.243.62192.168.2.7
                                          Apr 1, 2025 13:26:38.438895941 CEST49719443192.168.2.720.72.243.62
                                          Apr 1, 2025 13:26:38.438913107 CEST4434971920.72.243.62192.168.2.7
                                          Apr 1, 2025 13:26:38.438961983 CEST49719443192.168.2.720.72.243.62
                                          Apr 1, 2025 13:26:38.471597910 CEST49724443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:38.471635103 CEST443497245.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:38.471709967 CEST49724443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:38.472160101 CEST49724443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:38.472170115 CEST443497245.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:38.603538036 CEST4434971920.72.243.62192.168.2.7
                                          Apr 1, 2025 13:26:38.603611946 CEST49719443192.168.2.720.72.243.62
                                          Apr 1, 2025 13:26:38.765664101 CEST4434971920.72.243.62192.168.2.7
                                          Apr 1, 2025 13:26:38.765752077 CEST49719443192.168.2.720.72.243.62
                                          Apr 1, 2025 13:26:38.811502934 CEST443497245.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:38.811593056 CEST49724443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:38.812211037 CEST49724443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:38.812217951 CEST443497245.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:38.812428951 CEST443497245.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:38.813138008 CEST49724443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:38.813167095 CEST443497245.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:38.928100109 CEST4434971920.72.243.62192.168.2.7
                                          Apr 1, 2025 13:26:38.928227901 CEST49719443192.168.2.720.72.243.62
                                          Apr 1, 2025 13:26:39.091694117 CEST4434971920.72.243.62192.168.2.7
                                          Apr 1, 2025 13:26:39.091819048 CEST49719443192.168.2.720.72.243.62
                                          Apr 1, 2025 13:26:39.222620010 CEST4434971313.107.246.40192.168.2.7
                                          Apr 1, 2025 13:26:39.222691059 CEST4434971313.107.246.40192.168.2.7
                                          Apr 1, 2025 13:26:39.222817898 CEST49713443192.168.2.713.107.246.40
                                          Apr 1, 2025 13:26:39.251214981 CEST443497245.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:39.251290083 CEST443497245.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:39.252055883 CEST49724443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:39.252077103 CEST443497245.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:39.252094030 CEST49724443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:39.252130032 CEST49724443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:39.255932093 CEST4434971920.72.243.62192.168.2.7
                                          Apr 1, 2025 13:26:39.256000996 CEST49719443192.168.2.720.72.243.62
                                          Apr 1, 2025 13:26:39.271759033 CEST49713443192.168.2.713.107.246.40
                                          Apr 1, 2025 13:26:39.271775961 CEST4434971313.107.246.40192.168.2.7
                                          Apr 1, 2025 13:26:39.459602118 CEST4434971920.72.243.62192.168.2.7
                                          Apr 1, 2025 13:26:39.459692955 CEST4434971920.72.243.62192.168.2.7
                                          Apr 1, 2025 13:26:39.459748030 CEST49719443192.168.2.720.72.243.62
                                          Apr 1, 2025 13:26:39.507674932 CEST49719443192.168.2.720.72.243.62
                                          Apr 1, 2025 13:26:39.507705927 CEST4434971920.72.243.62192.168.2.7
                                          Apr 1, 2025 13:26:41.303908110 CEST49729443192.168.2.720.72.243.62
                                          Apr 1, 2025 13:26:41.303953886 CEST4434972920.72.243.62192.168.2.7
                                          Apr 1, 2025 13:26:41.304025888 CEST49729443192.168.2.720.72.243.62
                                          Apr 1, 2025 13:26:41.304972887 CEST49729443192.168.2.720.72.243.62
                                          Apr 1, 2025 13:26:41.304989100 CEST4434972920.72.243.62192.168.2.7
                                          Apr 1, 2025 13:26:41.869365931 CEST4434972920.72.243.62192.168.2.7
                                          Apr 1, 2025 13:26:41.869848967 CEST49729443192.168.2.720.72.243.62
                                          Apr 1, 2025 13:26:41.869865894 CEST4434972920.72.243.62192.168.2.7
                                          Apr 1, 2025 13:26:41.870098114 CEST49729443192.168.2.720.72.243.62
                                          Apr 1, 2025 13:26:41.870110035 CEST4434972920.72.243.62192.168.2.7
                                          Apr 1, 2025 13:26:42.209614038 CEST4434972920.72.243.62192.168.2.7
                                          Apr 1, 2025 13:26:42.209729910 CEST4434972920.72.243.62192.168.2.7
                                          Apr 1, 2025 13:26:42.209949017 CEST49729443192.168.2.720.72.243.62
                                          Apr 1, 2025 13:26:42.211987019 CEST49729443192.168.2.720.72.243.62
                                          Apr 1, 2025 13:26:42.212022066 CEST4434972920.72.243.62192.168.2.7
                                          Apr 1, 2025 13:26:48.636293888 CEST49671443192.168.2.7204.79.197.203
                                          Apr 1, 2025 13:26:48.948472977 CEST49671443192.168.2.7204.79.197.203
                                          Apr 1, 2025 13:26:49.561974049 CEST49671443192.168.2.7204.79.197.203
                                          Apr 1, 2025 13:26:50.776561975 CEST49671443192.168.2.7204.79.197.203
                                          Apr 1, 2025 13:26:53.183988094 CEST49671443192.168.2.7204.79.197.203
                                          Apr 1, 2025 13:26:53.313342094 CEST4434971223.209.72.31192.168.2.7
                                          Apr 1, 2025 13:26:53.313426018 CEST4434971223.209.72.31192.168.2.7
                                          Apr 1, 2025 13:26:53.313491106 CEST49712443192.168.2.723.209.72.31
                                          Apr 1, 2025 13:26:54.076440096 CEST49712443192.168.2.723.209.72.31
                                          Apr 1, 2025 13:26:54.076488972 CEST4434971223.209.72.31192.168.2.7
                                          Apr 1, 2025 13:26:57.203545094 CEST49678443192.168.2.720.189.173.15
                                          Apr 1, 2025 13:26:57.506140947 CEST49678443192.168.2.720.189.173.15
                                          Apr 1, 2025 13:26:57.996625900 CEST49671443192.168.2.7204.79.197.203
                                          Apr 1, 2025 13:26:58.118484020 CEST49678443192.168.2.720.189.173.15
                                          Apr 1, 2025 13:26:58.580496073 CEST49744443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:58.580549002 CEST443497445.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:58.580661058 CEST49744443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:58.583591938 CEST49744443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:58.583626986 CEST443497445.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:58.924510002 CEST443497445.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:58.924840927 CEST49744443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:58.924921989 CEST443497445.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:58.925153017 CEST49744443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:58.925189018 CEST443497445.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:58.925211906 CEST49744443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:58.925221920 CEST443497445.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:59.324104071 CEST49678443192.168.2.720.189.173.15
                                          Apr 1, 2025 13:26:59.392751932 CEST443497445.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:59.392925978 CEST443497445.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:59.393063068 CEST49744443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:59.394174099 CEST49744443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:59.394211054 CEST443497445.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:59.446070910 CEST49745443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:59.446122885 CEST443497455.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:59.446264982 CEST49745443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:59.446491957 CEST49745443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:59.446511030 CEST443497455.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:59.784305096 CEST443497455.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:59.784708023 CEST49745443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:59.784720898 CEST443497455.255.117.88192.168.2.7
                                          Apr 1, 2025 13:26:59.784939051 CEST49745443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:26:59.784945011 CEST443497455.255.117.88192.168.2.7
                                          Apr 1, 2025 13:27:00.259239912 CEST443497455.255.117.88192.168.2.7
                                          Apr 1, 2025 13:27:00.259426117 CEST443497455.255.117.88192.168.2.7
                                          Apr 1, 2025 13:27:00.259615898 CEST49745443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:27:00.260221004 CEST49745443192.168.2.75.255.117.88
                                          Apr 1, 2025 13:27:00.260262012 CEST443497455.255.117.88192.168.2.7
                                          Apr 1, 2025 13:27:01.729492903 CEST49678443192.168.2.720.189.173.15
                                          Apr 1, 2025 13:27:06.541635990 CEST49678443192.168.2.720.189.173.15
                                          Apr 1, 2025 13:27:07.605468035 CEST49671443192.168.2.7204.79.197.203
                                          Apr 1, 2025 13:27:08.370486975 CEST49690443192.168.2.7142.250.65.225
                                          Apr 1, 2025 13:27:08.370532036 CEST44349690142.250.65.225192.168.2.7
                                          Apr 1, 2025 13:27:16.151850939 CEST49678443192.168.2.720.189.173.15
                                          Apr 1, 2025 13:27:21.856467962 CEST49754443192.168.2.7142.251.32.100
                                          Apr 1, 2025 13:27:21.856498003 CEST44349754142.251.32.100192.168.2.7
                                          Apr 1, 2025 13:27:21.856599092 CEST49754443192.168.2.7142.251.32.100
                                          Apr 1, 2025 13:27:21.857012033 CEST49754443192.168.2.7142.251.32.100
                                          Apr 1, 2025 13:27:21.857022047 CEST44349754142.251.32.100192.168.2.7
                                          Apr 1, 2025 13:27:22.054744959 CEST44349754142.251.32.100192.168.2.7
                                          Apr 1, 2025 13:27:22.055140018 CEST49754443192.168.2.7142.251.32.100
                                          Apr 1, 2025 13:27:22.055162907 CEST44349754142.251.32.100192.168.2.7
                                          Apr 1, 2025 13:27:24.091937065 CEST49690443192.168.2.7142.250.65.225
                                          Apr 1, 2025 13:27:24.092308998 CEST44349690142.250.65.225192.168.2.7
                                          Apr 1, 2025 13:27:24.092405081 CEST49690443192.168.2.7142.250.65.225
                                          Apr 1, 2025 13:27:32.080935955 CEST44349754142.251.32.100192.168.2.7
                                          Apr 1, 2025 13:27:32.081090927 CEST44349754142.251.32.100192.168.2.7
                                          Apr 1, 2025 13:27:32.081156969 CEST49754443192.168.2.7142.251.32.100
                                          Apr 1, 2025 13:27:33.495426893 CEST4970880192.168.2.7142.250.72.99
                                          Apr 1, 2025 13:27:33.585376978 CEST8049708142.250.72.99192.168.2.7
                                          Apr 1, 2025 13:27:33.585500002 CEST4970880192.168.2.7142.250.72.99
                                          Apr 1, 2025 13:27:34.075686932 CEST49754443192.168.2.7142.251.32.100
                                          Apr 1, 2025 13:27:34.075716972 CEST44349754142.251.32.100192.168.2.7
                                          TimestampSource PortDest PortSource IPDest IP
                                          Apr 1, 2025 13:26:17.525952101 CEST53567711.1.1.1192.168.2.7
                                          Apr 1, 2025 13:26:17.527055025 CEST53559261.1.1.1192.168.2.7
                                          Apr 1, 2025 13:26:18.140269995 CEST53641291.1.1.1192.168.2.7
                                          Apr 1, 2025 13:26:18.291815996 CEST53573041.1.1.1192.168.2.7
                                          Apr 1, 2025 13:26:21.793328047 CEST4930653192.168.2.71.1.1.1
                                          Apr 1, 2025 13:26:21.793483973 CEST5594953192.168.2.71.1.1.1
                                          Apr 1, 2025 13:26:21.891239882 CEST53493061.1.1.1192.168.2.7
                                          Apr 1, 2025 13:26:21.891463995 CEST53559491.1.1.1192.168.2.7
                                          Apr 1, 2025 13:26:23.051021099 CEST6465753192.168.2.71.1.1.1
                                          Apr 1, 2025 13:26:23.051372051 CEST4947353192.168.2.71.1.1.1
                                          Apr 1, 2025 13:26:23.149244070 CEST53646571.1.1.1192.168.2.7
                                          Apr 1, 2025 13:26:23.150630951 CEST53494731.1.1.1192.168.2.7
                                          Apr 1, 2025 13:26:23.549870968 CEST5025453192.168.2.71.1.1.1
                                          Apr 1, 2025 13:26:23.550242901 CEST5316853192.168.2.71.1.1.1
                                          Apr 1, 2025 13:26:23.664901972 CEST53502541.1.1.1192.168.2.7
                                          Apr 1, 2025 13:26:23.665556908 CEST53531681.1.1.1192.168.2.7
                                          Apr 1, 2025 13:26:24.290818930 CEST53602771.1.1.1192.168.2.7
                                          Apr 1, 2025 13:26:25.179792881 CEST6237053192.168.2.71.1.1.1
                                          Apr 1, 2025 13:26:25.180140972 CEST6123253192.168.2.71.1.1.1
                                          Apr 1, 2025 13:26:25.277411938 CEST53623701.1.1.1192.168.2.7
                                          Apr 1, 2025 13:26:25.277435064 CEST53612321.1.1.1192.168.2.7
                                          Apr 1, 2025 13:26:25.786026955 CEST5825253192.168.2.71.1.1.1
                                          Apr 1, 2025 13:26:25.786187887 CEST6140153192.168.2.71.1.1.1
                                          Apr 1, 2025 13:26:25.884223938 CEST53614011.1.1.1192.168.2.7
                                          Apr 1, 2025 13:26:25.884443045 CEST53582521.1.1.1192.168.2.7
                                          Apr 1, 2025 13:26:28.726357937 CEST5188453192.168.2.71.1.1.1
                                          Apr 1, 2025 13:26:28.726408958 CEST4950553192.168.2.71.1.1.1
                                          Apr 1, 2025 13:26:28.895356894 CEST53495051.1.1.1192.168.2.7
                                          Apr 1, 2025 13:26:28.935590029 CEST53518841.1.1.1192.168.2.7
                                          Apr 1, 2025 13:26:31.694478989 CEST6376453192.168.2.71.1.1.1
                                          Apr 1, 2025 13:26:31.694853067 CEST5457353192.168.2.71.1.1.1
                                          Apr 1, 2025 13:26:31.807877064 CEST53545731.1.1.1192.168.2.7
                                          Apr 1, 2025 13:26:31.814847946 CEST53637641.1.1.1192.168.2.7
                                          Apr 1, 2025 13:26:33.935856104 CEST5722253192.168.2.71.1.1.1
                                          Apr 1, 2025 13:26:33.936084986 CEST6487853192.168.2.71.1.1.1
                                          Apr 1, 2025 13:26:34.034147978 CEST53648781.1.1.1192.168.2.7
                                          Apr 1, 2025 13:26:34.034215927 CEST53572221.1.1.1192.168.2.7
                                          Apr 1, 2025 13:26:34.036849022 CEST5091053192.168.2.71.1.1.1
                                          Apr 1, 2025 13:26:34.036978960 CEST5527753192.168.2.71.1.1.1
                                          Apr 1, 2025 13:26:34.137130022 CEST53552771.1.1.1192.168.2.7
                                          Apr 1, 2025 13:26:34.137365103 CEST53509101.1.1.1192.168.2.7
                                          Apr 1, 2025 13:26:35.459738970 CEST53635791.1.1.1192.168.2.7
                                          Apr 1, 2025 13:26:37.472420931 CEST5450853192.168.2.71.1.1.1
                                          Apr 1, 2025 13:26:37.472793102 CEST5871253192.168.2.71.1.1.1
                                          Apr 1, 2025 13:26:37.593764067 CEST53587121.1.1.1192.168.2.7
                                          Apr 1, 2025 13:26:37.612307072 CEST53545081.1.1.1192.168.2.7
                                          Apr 1, 2025 13:26:37.665694952 CEST53628941.1.1.1192.168.2.7
                                          Apr 1, 2025 13:26:38.185134888 CEST5879653192.168.2.71.1.1.1
                                          Apr 1, 2025 13:26:38.185412884 CEST5788953192.168.2.71.1.1.1
                                          Apr 1, 2025 13:26:38.290328026 CEST53578891.1.1.1192.168.2.7
                                          Apr 1, 2025 13:26:38.453906059 CEST53587961.1.1.1192.168.2.7
                                          Apr 1, 2025 13:26:42.240443945 CEST5887553192.168.2.71.1.1.1
                                          Apr 1, 2025 13:26:42.240607977 CEST6427353192.168.2.71.1.1.1
                                          Apr 1, 2025 13:26:42.338416100 CEST53642731.1.1.1192.168.2.7
                                          Apr 1, 2025 13:26:42.338463068 CEST53588751.1.1.1192.168.2.7
                                          Apr 1, 2025 13:26:54.552161932 CEST53570101.1.1.1192.168.2.7
                                          Apr 1, 2025 13:27:17.098310947 CEST53583221.1.1.1192.168.2.7
                                          Apr 1, 2025 13:27:17.128521919 CEST53629661.1.1.1192.168.2.7
                                          Apr 1, 2025 13:27:20.186779022 CEST53554761.1.1.1192.168.2.7
                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                          Apr 1, 2025 13:26:21.793328047 CEST192.168.2.71.1.1.10xd406Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                          Apr 1, 2025 13:26:21.793483973 CEST192.168.2.71.1.1.10x99d6Standard query (0)www.google.com65IN (0x0001)false
                                          Apr 1, 2025 13:26:23.051021099 CEST192.168.2.71.1.1.10x81c6Standard query (0)cdn.ampproject.orgA (IP address)IN (0x0001)false
                                          Apr 1, 2025 13:26:23.051372051 CEST192.168.2.71.1.1.10x4caeStandard query (0)cdn.ampproject.org65IN (0x0001)false
                                          Apr 1, 2025 13:26:23.549870968 CEST192.168.2.71.1.1.10x8cf3Standard query (0)storage-googleapis-com.cdn.ampproject.orgA (IP address)IN (0x0001)false
                                          Apr 1, 2025 13:26:23.550242901 CEST192.168.2.71.1.1.10x744fStandard query (0)storage-googleapis-com.cdn.ampproject.org65IN (0x0001)false
                                          Apr 1, 2025 13:26:25.179792881 CEST192.168.2.71.1.1.10x237eStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                          Apr 1, 2025 13:26:25.180140972 CEST192.168.2.71.1.1.10x558eStandard query (0)www.google.com65IN (0x0001)false
                                          Apr 1, 2025 13:26:25.786026955 CEST192.168.2.71.1.1.10x4130Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                          Apr 1, 2025 13:26:25.786187887 CEST192.168.2.71.1.1.10x56fcStandard query (0)www.google.com65IN (0x0001)false
                                          Apr 1, 2025 13:26:28.726357937 CEST192.168.2.71.1.1.10xf655Standard query (0)session-auth.5436245745.infoA (IP address)IN (0x0001)false
                                          Apr 1, 2025 13:26:28.726408958 CEST192.168.2.71.1.1.10xb727Standard query (0)session-auth.5436245745.info65IN (0x0001)false
                                          Apr 1, 2025 13:26:31.694478989 CEST192.168.2.71.1.1.10x6e11Standard query (0)3474889.cfdA (IP address)IN (0x0001)false
                                          Apr 1, 2025 13:26:31.694853067 CEST192.168.2.71.1.1.10xc09eStandard query (0)3474889.cfd65IN (0x0001)false
                                          Apr 1, 2025 13:26:33.935856104 CEST192.168.2.71.1.1.10x14bdStandard query (0)acctcdn.msftauth.netA (IP address)IN (0x0001)false
                                          Apr 1, 2025 13:26:33.936084986 CEST192.168.2.71.1.1.10xe751Standard query (0)acctcdn.msftauth.net65IN (0x0001)false
                                          Apr 1, 2025 13:26:34.036849022 CEST192.168.2.71.1.1.10xfce8Standard query (0)logincdn.msftauth.netA (IP address)IN (0x0001)false
                                          Apr 1, 2025 13:26:34.036978960 CEST192.168.2.71.1.1.10x1321Standard query (0)logincdn.msftauth.net65IN (0x0001)false
                                          Apr 1, 2025 13:26:37.472420931 CEST192.168.2.71.1.1.10x858eStandard query (0)fpt.live.comA (IP address)IN (0x0001)false
                                          Apr 1, 2025 13:26:37.472793102 CEST192.168.2.71.1.1.10xb691Standard query (0)fpt.live.com65IN (0x0001)false
                                          Apr 1, 2025 13:26:38.185134888 CEST192.168.2.71.1.1.10x44a7Standard query (0)3474889.cfdA (IP address)IN (0x0001)false
                                          Apr 1, 2025 13:26:38.185412884 CEST192.168.2.71.1.1.10xf75dStandard query (0)3474889.cfd65IN (0x0001)false
                                          Apr 1, 2025 13:26:42.240443945 CEST192.168.2.71.1.1.10xd3cStandard query (0)fpt.live.comA (IP address)IN (0x0001)false
                                          Apr 1, 2025 13:26:42.240607977 CEST192.168.2.71.1.1.10x794cStandard query (0)fpt.live.com65IN (0x0001)false
                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                          Apr 1, 2025 13:26:21.891239882 CEST1.1.1.1192.168.2.70xd406No error (0)www.google.com142.251.32.100A (IP address)IN (0x0001)false
                                          Apr 1, 2025 13:26:21.891463995 CEST1.1.1.1192.168.2.70x99d6No error (0)www.google.com65IN (0x0001)false
                                          Apr 1, 2025 13:26:23.149244070 CEST1.1.1.1192.168.2.70x81c6No error (0)cdn.ampproject.orgcdn-content.ampproject.orgCNAME (Canonical name)IN (0x0001)false
                                          Apr 1, 2025 13:26:23.149244070 CEST1.1.1.1192.168.2.70x81c6No error (0)cdn-content.ampproject.org142.250.65.225A (IP address)IN (0x0001)false
                                          Apr 1, 2025 13:26:23.150630951 CEST1.1.1.1192.168.2.70x4caeNo error (0)cdn.ampproject.orgcdn-content.ampproject.orgCNAME (Canonical name)IN (0x0001)false
                                          Apr 1, 2025 13:26:23.664901972 CEST1.1.1.1192.168.2.70x8cf3No error (0)storage-googleapis-com.cdn.ampproject.orgcdn-content.ampproject.orgCNAME (Canonical name)IN (0x0001)false
                                          Apr 1, 2025 13:26:23.664901972 CEST1.1.1.1192.168.2.70x8cf3No error (0)cdn-content.ampproject.org142.251.35.161A (IP address)IN (0x0001)false
                                          Apr 1, 2025 13:26:23.665556908 CEST1.1.1.1192.168.2.70x744fNo error (0)storage-googleapis-com.cdn.ampproject.orgcdn-content.ampproject.orgCNAME (Canonical name)IN (0x0001)false
                                          Apr 1, 2025 13:26:25.277411938 CEST1.1.1.1192.168.2.70x237eNo error (0)www.google.com142.251.40.196A (IP address)IN (0x0001)false
                                          Apr 1, 2025 13:26:25.277435064 CEST1.1.1.1192.168.2.70x558eNo error (0)www.google.com65IN (0x0001)false
                                          Apr 1, 2025 13:26:25.884223938 CEST1.1.1.1192.168.2.70x56fcNo error (0)www.google.com65IN (0x0001)false
                                          Apr 1, 2025 13:26:25.884443045 CEST1.1.1.1192.168.2.70x4130No error (0)www.google.com142.251.32.100A (IP address)IN (0x0001)false
                                          Apr 1, 2025 13:26:28.935590029 CEST1.1.1.1192.168.2.70xf655No error (0)session-auth.5436245745.info5.255.106.15A (IP address)IN (0x0001)false
                                          Apr 1, 2025 13:26:31.814847946 CEST1.1.1.1192.168.2.70x6e11No error (0)3474889.cfd5.255.117.88A (IP address)IN (0x0001)false
                                          Apr 1, 2025 13:26:33.987304926 CEST1.1.1.1192.168.2.70xfd58No error (0)shed.dual-low.s-part-0010.t-0009.t-msedge.nets-part-0010.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                          Apr 1, 2025 13:26:33.987304926 CEST1.1.1.1192.168.2.70xfd58No error (0)s-part-0010.t-0009.t-msedge.net13.107.246.38A (IP address)IN (0x0001)false
                                          Apr 1, 2025 13:26:34.034147978 CEST1.1.1.1192.168.2.70xe751No error (0)acctcdn.msftauth.netwww.tm.acctcdn.msftauth.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                          Apr 1, 2025 13:26:34.034147978 CEST1.1.1.1192.168.2.70xe751No error (0)www.tm.acctcdn.msftauth.trafficmanager.netacctcdn.msftauth.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                          Apr 1, 2025 13:26:34.034147978 CEST1.1.1.1192.168.2.70xe751No error (0)acctcdn.msftauth.edgekey.nete329293.dscd.akamaiedge.netCNAME (Canonical name)IN (0x0001)false
                                          Apr 1, 2025 13:26:34.034215927 CEST1.1.1.1192.168.2.70x14bdNo error (0)acctcdn.msftauth.netwww.tm.acctcdn.msftauth.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                          Apr 1, 2025 13:26:34.034215927 CEST1.1.1.1192.168.2.70x14bdNo error (0)www.tm.acctcdn.msftauth.trafficmanager.netacctcdn.msftauth.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                          Apr 1, 2025 13:26:34.034215927 CEST1.1.1.1192.168.2.70x14bdNo error (0)acctcdn.msftauth.edgekey.nete329293.dscd.akamaiedge.netCNAME (Canonical name)IN (0x0001)false
                                          Apr 1, 2025 13:26:34.034215927 CEST1.1.1.1192.168.2.70x14bdNo error (0)e329293.dscd.akamaiedge.net23.209.72.31A (IP address)IN (0x0001)false
                                          Apr 1, 2025 13:26:34.034215927 CEST1.1.1.1192.168.2.70x14bdNo error (0)e329293.dscd.akamaiedge.net23.209.72.9A (IP address)IN (0x0001)false
                                          Apr 1, 2025 13:26:34.036643028 CEST1.1.1.1192.168.2.70x8b8dNo error (0)shed.dual-low.s-part-0012.t-0009.t-msedge.nets-part-0012.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                          Apr 1, 2025 13:26:34.036643028 CEST1.1.1.1192.168.2.70x8b8dNo error (0)s-part-0012.t-0009.t-msedge.net13.107.246.40A (IP address)IN (0x0001)false
                                          Apr 1, 2025 13:26:34.133162022 CEST1.1.1.1192.168.2.70xef05No error (0)shed.dual-low.s-part-0044.t-0009.t-msedge.nets-part-0044.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                          Apr 1, 2025 13:26:34.133162022 CEST1.1.1.1192.168.2.70xef05No error (0)s-part-0044.t-0009.t-msedge.net13.107.246.72A (IP address)IN (0x0001)false
                                          Apr 1, 2025 13:26:34.137130022 CEST1.1.1.1192.168.2.70x1321No error (0)logincdn.msftauth.netwww.tm.lgincdntcs.msftauth.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                          Apr 1, 2025 13:26:34.137130022 CEST1.1.1.1192.168.2.70x1321No error (0)www.tm.lgincdntcs.msftauth.trafficmanager.netlogincdn.msftauth.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                          Apr 1, 2025 13:26:34.137130022 CEST1.1.1.1192.168.2.70x1321No error (0)logincdn.msftauth.edgekey.nete329293.dscd.akamaiedge.netCNAME (Canonical name)IN (0x0001)false
                                          Apr 1, 2025 13:26:34.137365103 CEST1.1.1.1192.168.2.70xfce8No error (0)logincdn.msftauth.netwww.tm.lgincdntcs.msftauth.akadns.netCNAME (Canonical name)IN (0x0001)false
                                          Apr 1, 2025 13:26:34.137365103 CEST1.1.1.1192.168.2.70xfce8No error (0)www.tm.lgincdntcs.msftauth.akadns.netlogincdn.msftauth.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                          Apr 1, 2025 13:26:34.137365103 CEST1.1.1.1192.168.2.70xfce8No error (0)logincdn.msftauth.edgekey.nete329293.dscd.akamaiedge.netCNAME (Canonical name)IN (0x0001)false
                                          Apr 1, 2025 13:26:34.137365103 CEST1.1.1.1192.168.2.70xfce8No error (0)e329293.dscd.akamaiedge.net23.209.72.9A (IP address)IN (0x0001)false
                                          Apr 1, 2025 13:26:34.137365103 CEST1.1.1.1192.168.2.70xfce8No error (0)e329293.dscd.akamaiedge.net23.209.72.31A (IP address)IN (0x0001)false
                                          Apr 1, 2025 13:26:34.150368929 CEST1.1.1.1192.168.2.70xd0ccNo error (0)shed.dual-low.s-part-0012.t-0009.t-msedge.nets-part-0012.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                          Apr 1, 2025 13:26:34.150368929 CEST1.1.1.1192.168.2.70xd0ccNo error (0)s-part-0012.t-0009.t-msedge.net13.107.246.40A (IP address)IN (0x0001)false
                                          Apr 1, 2025 13:26:37.593764067 CEST1.1.1.1192.168.2.70xb691No error (0)fpt.live.comfpt.microsoft.comCNAME (Canonical name)IN (0x0001)false
                                          Apr 1, 2025 13:26:37.593764067 CEST1.1.1.1192.168.2.70xb691No error (0)fpt.microsoft.compme-greenid-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                          Apr 1, 2025 13:26:37.593764067 CEST1.1.1.1192.168.2.70xb691No error (0)pme-greenid-prod.trafficmanager.netgreenid-prod-pme.eastus2.cloudapp.azure.comCNAME (Canonical name)IN (0x0001)false
                                          Apr 1, 2025 13:26:37.612307072 CEST1.1.1.1192.168.2.70x858eNo error (0)fpt.live.comfpt.microsoft.comCNAME (Canonical name)IN (0x0001)false
                                          Apr 1, 2025 13:26:37.612307072 CEST1.1.1.1192.168.2.70x858eNo error (0)fpt.microsoft.compme-greenid-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                          Apr 1, 2025 13:26:37.612307072 CEST1.1.1.1192.168.2.70x858eNo error (0)pme-greenid-prod.trafficmanager.netgreenid-prod-pme.westus2.cloudapp.azure.comCNAME (Canonical name)IN (0x0001)false
                                          Apr 1, 2025 13:26:37.612307072 CEST1.1.1.1192.168.2.70x858eNo error (0)greenid-prod-pme.westus2.cloudapp.azure.com20.72.243.62A (IP address)IN (0x0001)false
                                          Apr 1, 2025 13:26:37.779244900 CEST1.1.1.1192.168.2.70x7170No error (0)shed.dual-low.s-part-0044.t-0009.t-msedge.nets-part-0044.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                          Apr 1, 2025 13:26:37.779244900 CEST1.1.1.1192.168.2.70x7170No error (0)s-part-0044.t-0009.t-msedge.net13.107.246.72A (IP address)IN (0x0001)false
                                          Apr 1, 2025 13:26:38.453906059 CEST1.1.1.1192.168.2.70x44a7No error (0)3474889.cfd5.255.117.88A (IP address)IN (0x0001)false
                                          Apr 1, 2025 13:26:41.397212982 CEST1.1.1.1192.168.2.70xd53bNo error (0)pme-greenid-prod.trafficmanager.netgreenid-prod-pme.eastus2.cloudapp.azure.comCNAME (Canonical name)IN (0x0001)false
                                          Apr 1, 2025 13:26:41.397212982 CEST1.1.1.1192.168.2.70xd53bNo error (0)greenid-prod-pme.eastus2.cloudapp.azure.com52.167.30.171A (IP address)IN (0x0001)false
                                          Apr 1, 2025 13:26:41.397475958 CEST1.1.1.1192.168.2.70xd447No error (0)pme-greenid-prod.trafficmanager.netgreenid-prod-pme.westus2.cloudapp.azure.comCNAME (Canonical name)IN (0x0001)false
                                          Apr 1, 2025 13:26:42.338416100 CEST1.1.1.1192.168.2.70x794cNo error (0)fpt.live.comfpt.microsoft.comCNAME (Canonical name)IN (0x0001)false
                                          Apr 1, 2025 13:26:42.338416100 CEST1.1.1.1192.168.2.70x794cNo error (0)fpt.microsoft.compme-greenid-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                          Apr 1, 2025 13:26:42.338416100 CEST1.1.1.1192.168.2.70x794cNo error (0)pme-greenid-prod.trafficmanager.netgreenid-prod-pme.eastus2.cloudapp.azure.comCNAME (Canonical name)IN (0x0001)false
                                          Apr 1, 2025 13:26:42.338463068 CEST1.1.1.1192.168.2.70xd3cNo error (0)fpt.live.comfpt.microsoft.comCNAME (Canonical name)IN (0x0001)false
                                          Apr 1, 2025 13:26:42.338463068 CEST1.1.1.1192.168.2.70xd3cNo error (0)fpt.microsoft.compme-greenid-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                          Apr 1, 2025 13:26:42.338463068 CEST1.1.1.1192.168.2.70xd3cNo error (0)pme-greenid-prod.trafficmanager.netgreenid-prod-pme.eastus2.cloudapp.azure.comCNAME (Canonical name)IN (0x0001)false
                                          Apr 1, 2025 13:26:42.338463068 CEST1.1.1.1192.168.2.70xd3cNo error (0)greenid-prod-pme.eastus2.cloudapp.azure.com52.167.30.171A (IP address)IN (0x0001)false
                                          • cdn.ampproject.org
                                          • storage-googleapis-com.cdn.ampproject.org
                                          • storage.googleapis.com
                                            • www.google.com
                                            • session-auth.5436245745.info
                                              • 3474889.cfd
                                                • fpt.live.com
                                          • c.pki.goog
                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          0192.168.2.749708142.250.72.99806068C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          Apr 1, 2025 13:26:33.100110054 CEST202OUTGET /r/gsr1.crl HTTP/1.1
                                          Cache-Control: max-age = 3000
                                          Connection: Keep-Alive
                                          Accept: */*
                                          If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMT
                                          User-Agent: Microsoft-CryptoAPI/10.0
                                          Host: c.pki.goog
                                          Apr 1, 2025 13:26:33.191659927 CEST222INHTTP/1.1 304 Not Modified
                                          Date: Tue, 01 Apr 2025 11:23:36 GMT
                                          Expires: Tue, 01 Apr 2025 12:13:36 GMT
                                          Age: 177
                                          Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT
                                          Cache-Control: public, max-age=3000
                                          Vary: Accept-Encoding
                                          Apr 1, 2025 13:26:33.197976112 CEST200OUTGET /r/r4.crl HTTP/1.1
                                          Cache-Control: max-age = 3000
                                          Connection: Keep-Alive
                                          Accept: */*
                                          If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT
                                          User-Agent: Microsoft-CryptoAPI/10.0
                                          Host: c.pki.goog
                                          Apr 1, 2025 13:26:33.288830996 CEST223INHTTP/1.1 304 Not Modified
                                          Date: Tue, 01 Apr 2025 10:43:30 GMT
                                          Expires: Tue, 01 Apr 2025 11:33:30 GMT
                                          Age: 2583
                                          Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
                                          Cache-Control: public, max-age=3000
                                          Vary: Accept-Encoding


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          0192.168.2.749689142.250.65.2254436068C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2025-04-01 11:26:23 UTC853OUTGET /c/s/storage.googleapis.com/64537346863/pdpeulwim8hmijrsur818_q3ijp1j8y4ml6p47_0j2my8bsc.html?lt=t_s_jan_293241770520623800_stage&target=293241770520623800_1&utm_rid=293241770520623800_2 HTTP/1.1
                                          Host: cdn.ampproject.org
                                          Connection: keep-alive
                                          sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                          sec-ch-ua-mobile: ?0
                                          sec-ch-ua-platform: "Windows"
                                          Upgrade-Insecure-Requests: 1
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: navigate
                                          Sec-Fetch-User: ?1
                                          Sec-Fetch-Dest: document
                                          Accept-Encoding: gzip, deflate, br, zstd
                                          Accept-Language: en-US,en;q=0.9
                                          2025-04-01 11:26:23 UTC608INHTTP/1.1 302 Found
                                          Location: https://storage-googleapis-com.cdn.ampproject.org/c/s/storage.googleapis.com/64537346863/pdpeulwim8hmijrsur818_q3ijp1j8y4ml6p47_0j2my8bsc.html?lt=t_s_jan_293241770520623800_stage&target=293241770520623800_1&utm_rid=293241770520623800_2
                                          Cache-Control: private
                                          Content-Type: text/html; charset=UTF-8
                                          Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                          X-Content-Type-Options: nosniff
                                          Date: Tue, 01 Apr 2025 11:26:23 GMT
                                          Server: sffe
                                          Content-Length: 440
                                          X-XSS-Protection: 0
                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                          Connection: close
                                          2025-04-01 11:26:23 UTC440INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 61 67 65 2d 67 6f 6f 67 6c 65 61 70 69 73 2d 63 6f 6d 2e 63 64 6e 2e 61 6d 70 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 63 2f 73 2f 73 74 6f 72 61 67 65 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 36 34 35 33 37 33 34 36 38 36
                                          Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://storage-googleapis-com.cdn.ampproject.org/c/s/storage.googleapis.com/6453734686


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          1192.168.2.749691142.251.35.1614436068C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2025-04-01 11:26:23 UTC876OUTGET /c/s/storage.googleapis.com/64537346863/pdpeulwim8hmijrsur818_q3ijp1j8y4ml6p47_0j2my8bsc.html?lt=t_s_jan_293241770520623800_stage&target=293241770520623800_1&utm_rid=293241770520623800_2 HTTP/1.1
                                          Host: storage-googleapis-com.cdn.ampproject.org
                                          Connection: keep-alive
                                          Upgrade-Insecure-Requests: 1
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: navigate
                                          Sec-Fetch-User: ?1
                                          Sec-Fetch-Dest: document
                                          sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                          sec-ch-ua-mobile: ?0
                                          sec-ch-ua-platform: "Windows"
                                          Accept-Encoding: gzip, deflate, br, zstd
                                          Accept-Language: en-US,en;q=0.9
                                          2025-04-01 11:26:24 UTC626INHTTP/1.1 200 OK
                                          Location: https://storage.googleapis.com/64537346863/pdpeulwim8hmijrsur818_q3ijp1j8y4ml6p47_0j2my8bsc.html?lt=t_s_jan_293241770520623800_stage&target=293241770520623800_1&utm_rid=293241770520623800_2
                                          Cache-Control: private
                                          X-Silent-Redirect: true
                                          Warning: 199 - "Failed to validate PCU."
                                          Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                          X-Content-Type-Options: nosniff
                                          Date: Tue, 01 Apr 2025 11:26:24 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Server: sffe
                                          Content-Length: 638
                                          X-XSS-Protection: 0
                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                          Connection: close
                                          2025-04-01 11:26:24 UTC594INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 52 65 64 69 72 65 63 74 69 6e 67 3c 2f 54 49 54 4c 45 3e 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 20 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 74 6f 72 61 67 65 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 36 34 35 33 37 33 34 36 38 36 33 2f 70 64 70 65 75 6c 77 69 6d 38 68 6d 69 6a 72 73 75 72 38 31 38 5f 71 33 69 6a 70 31 6a 38 79 34 6d 6c 36 70 34 37 5f 30 6a 32 6d 79 38 62 73 63 2e 68 74 6d 6c 3f 6c 74 3d 74 5f 73 5f 6a
                                          Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>Redirecting</TITLE><META HTTP-EQUIV="refresh" content="0; url=https://storage.googleapis.com/64537346863/pdpeulwim8hmijrsur818_q3ijp1j8y4ml6p47_0j2my8bsc.html?lt=t_s_j
                                          2025-04-01 11:26:24 UTC44INData Raw: 27 2b 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 68 61 73 68 29 22 3e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                          Data Ascii: '+document.location.hash)"></BODY></HTML>


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          2192.168.2.749698142.251.40.1964436068C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2025-04-01 11:26:25 UTC775OUTGET /images/icons/product/cloud_storage-32.png HTTP/1.1
                                          Host: www.google.com
                                          Connection: keep-alive
                                          sec-ch-ua-platform: "Windows"
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                          sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                          sec-ch-ua-mobile: ?0
                                          Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                          X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIk6HLAQiKo8sBCIWgzQEI9s/OAQiB1s4BCMnczgEIhODOAQii5M4BCK/kzgEI6eTOAQ==
                                          Sec-Fetch-Site: cross-site
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: image
                                          Sec-Fetch-Storage-Access: active
                                          Referer: https://storage.googleapis.com/
                                          Accept-Encoding: gzip, deflate, br, zstd
                                          Accept-Language: en-US,en;q=0.9
                                          2025-04-01 11:26:25 UTC670INHTTP/1.1 200 OK
                                          Accept-Ranges: bytes
                                          Content-Type: image/png
                                          Cross-Origin-Resource-Policy: cross-origin
                                          Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
                                          Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
                                          Content-Length: 850
                                          Date: Tue, 01 Apr 2025 11:26:25 GMT
                                          Expires: Tue, 01 Apr 2025 11:26:25 GMT
                                          Cache-Control: private, max-age=31536000
                                          Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                                          X-Content-Type-Options: nosniff
                                          Server: sffe
                                          X-XSS-Protection: 0
                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                          Connection: close
                                          2025-04-01 11:26:25 UTC550INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 03 19 49 44 41 54 58 c3 cd 97 dd 6b d3 50 18 c6 83 37 ea ed 10 ff 84 dd 28 c8 c6 50 44 71 fd 48 ba 75 0c 3b 2f 74 75 30 61 e8 86 55 71 8c 31 d0 75 28 36 4d 5a 6d ad ab db 98 ba 2f 86 4c c1 4b 91 81 8c 81 57 fb 0f 44 f6 65 bb 8f 8b b9 2d 5d d6 36 6d d3 26 3d 9e d3 b4 83 b0 b6 49 fa 01 3b f0 a3 17 c9 fb 3c 4f 72 4e 7a de 83 61 27 7d 00 00 ce 76 4f a5 1b 1e ce 88 9a e8 9e 12 1b 50 6d 59 e6 d6 51 b1 cf 40 0b 40 4f 8b 25 22 00 eb 98 38 a0 d9 78 e0 ab 88 3d fd 2c 5e 44 02 46 57 79 20 8d 27 b3 42 5d d7 84 a8 2d 44 8b 57 f8 63 74 a5 40 25 30 7b 84 15 4d e6 1d 63 a9 bb 7a 2a 09 8c 74 65 30 40 2d eb 48 ea 9e a2 31 9f 02 99 5f 93 2b 19 c3 61 61 25 21 5c 49 1e 69
                                          Data Ascii: PNGIHDR szzIDATXkP7(PDqHu;/tu0aUq1u(6MZm/LKWDe-]6m&=I;<OrNza'}vOPmYQ@@O%"8x=,^DFWy 'B]-DWct@%0{Mcz*te0@-H1_+aa%!\Ii
                                          2025-04-01 11:26:25 UTC300INData Raw: 7d 18 94 0c d9 02 c0 6b b0 18 89 e8 ec c1 32 08 00 33 cd 6c c9 cc 2d de 30 66 9b 8c 5e 36 92 6c 91 00 12 f8 51 88 d2 b8 31 18 00 f7 47 b6 af d5 f6 32 c7 37 23 8b 87 fd 41 a0 79 52 00 27 19 cd 9f 63 8e 16 47 f0 67 de 9d f0 db 52 02 6e c7 89 1a c9 24 a4 08 4e ee 43 c1 75 cd 01 7c df f7 cf cd 2c 1e 14 69 48 bc 2c ad 26 80 3c 84 3a 5a 9d 41 4f d1 6e 28 29 48 ed 52 13 c5 70 26 27 03 94 20 10 e4 1e 14 5f 03 7a 88 ae 00 e8 9a 61 68 3d 81 b4 63 7c 5a b9 29 ed 1c 65 ad e8 e9 4c 4e 75 10 e4 2e 34 59 cd 18 e5 a3 71 70 15 b4 7b 82 9d 9a 3a e3 56 17 f3 db 84 42 a8 84 70 fc 03 7a 68 94 8f a6 17 6b cb 9a cc 9f cd 85 b1 be 59 f6 02 ee d8 83 e2 ea 91 42 ac c8 68 7c be 02 1e 8f 6f 5e ea 9b d8 d6 7e 34 eb f0 87 7a 09 18 02 77 ec aa e7 d5 0e 34 5d ce a0 83 dc 71 07 fa cb 3d
                                          Data Ascii: }k23l-0f^6lQ1G27#AyR'cGgRn$NCu|,iH,&<:ZAOn()HRp&' _zah=c|Z)eLNu.4Yqp{:VBpzhkYBh|o^~4zw4]q=


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          3192.168.2.749699142.251.32.1004436068C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2025-04-01 11:26:26 UTC484OUTGET /images/icons/product/cloud_storage-32.png HTTP/1.1
                                          Host: www.google.com
                                          Connection: keep-alive
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                          Accept: */*
                                          X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIk6HLAQiKo8sBCIWgzQE=
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: cors
                                          Sec-Fetch-Dest: empty
                                          Sec-Fetch-Storage-Access: active
                                          Accept-Encoding: gzip, deflate, br, zstd
                                          Accept-Language: en-US,en;q=0.9
                                          2025-04-01 11:26:26 UTC670INHTTP/1.1 200 OK
                                          Accept-Ranges: bytes
                                          Content-Type: image/png
                                          Cross-Origin-Resource-Policy: cross-origin
                                          Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
                                          Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
                                          Content-Length: 850
                                          Date: Tue, 01 Apr 2025 11:26:26 GMT
                                          Expires: Tue, 01 Apr 2025 11:26:26 GMT
                                          Cache-Control: private, max-age=31536000
                                          Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                                          X-Content-Type-Options: nosniff
                                          Server: sffe
                                          X-XSS-Protection: 0
                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                          Connection: close
                                          2025-04-01 11:26:26 UTC550INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 03 19 49 44 41 54 58 c3 cd 97 dd 6b d3 50 18 c6 83 37 ea ed 10 ff 84 dd 28 c8 c6 50 44 71 fd 48 ba 75 0c 3b 2f 74 75 30 61 e8 86 55 71 8c 31 d0 75 28 36 4d 5a 6d ad ab db 98 ba 2f 86 4c c1 4b 91 81 8c 81 57 fb 0f 44 f6 65 bb 8f 8b b9 2d 5d d6 36 6d d3 26 3d 9e d3 b4 83 b0 b6 49 fa 01 3b f0 a3 17 c9 fb 3c 4f 72 4e 7a de 83 61 27 7d 00 00 ce 76 4f a5 1b 1e ce 88 9a e8 9e 12 1b 50 6d 59 e6 d6 51 b1 cf 40 0b 40 4f 8b 25 22 00 eb 98 38 a0 d9 78 e0 ab 88 3d fd 2c 5e 44 02 46 57 79 20 8d 27 b3 42 5d d7 84 a8 2d 44 8b 57 f8 63 74 a5 40 25 30 7b 84 15 4d e6 1d 63 a9 bb 7a 2a 09 8c 74 65 30 40 2d eb 48 ea 9e a2 31 9f 02 99 5f 93 2b 19 c3 61 61 25 21 5c 49 1e 69
                                          Data Ascii: PNGIHDR szzIDATXkP7(PDqHu;/tu0aUq1u(6MZm/LKWDe-]6m&=I;<OrNza'}vOPmYQ@@O%"8x=,^DFWy 'B]-DWct@%0{Mcz*te0@-H1_+aa%!\Ii
                                          2025-04-01 11:26:26 UTC300INData Raw: 7d 18 94 0c d9 02 c0 6b b0 18 89 e8 ec c1 32 08 00 33 cd 6c c9 cc 2d de 30 66 9b 8c 5e 36 92 6c 91 00 12 f8 51 88 d2 b8 31 18 00 f7 47 b6 af d5 f6 32 c7 37 23 8b 87 fd 41 a0 79 52 00 27 19 cd 9f 63 8e 16 47 f0 67 de 9d f0 db 52 02 6e c7 89 1a c9 24 a4 08 4e ee 43 c1 75 cd 01 7c df f7 cf cd 2c 1e 14 69 48 bc 2c ad 26 80 3c 84 3a 5a 9d 41 4f d1 6e 28 29 48 ed 52 13 c5 70 26 27 03 94 20 10 e4 1e 14 5f 03 7a 88 ae 00 e8 9a 61 68 3d 81 b4 63 7c 5a b9 29 ed 1c 65 ad e8 e9 4c 4e 75 10 e4 2e 34 59 cd 18 e5 a3 71 70 15 b4 7b 82 9d 9a 3a e3 56 17 f3 db 84 42 a8 84 70 fc 03 7a 68 94 8f a6 17 6b cb 9a cc 9f cd 85 b1 be 59 f6 02 ee d8 83 e2 ea 91 42 ac c8 68 7c be 02 1e 8f 6f 5e ea 9b d8 d6 7e 34 eb f0 87 7a 09 18 02 77 ec aa e7 d5 0e 34 5d ce a0 83 dc 71 07 fa cb 3d
                                          Data Ascii: }k23l-0f^6lQ1G27#AyR'cGgRn$NCu|,iH,&<:ZAOn()HRp&' _zah=c|Z)eLNu.4Yqp{:VBpzhkYBh|o^~4zw4]q=


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          4192.168.2.7497015.255.106.154436068C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2025-04-01 11:26:29 UTC944OUTGET /dashboard/?app=c3RlZmZlbi5ldWxpdHpAbmlwcG9uZ2FzZXMuY29t&utm_id=aHR0cHM6Ly9jZG4uYW1wcHJvamVjdC5vcmcvYy9zL3ZyYm8uY29tL2F1dGgvdWkvbG9naW4/NTgyMzU=&ut_adi_h1j6TQ=aHR0cHM6Ly9jZG4uYW1wcHJvamVjdC5vcmcvYy9zL3ZyYm8uY29tL2F1dGgvdWkvbG9naW4/NTgyMzU= HTTP/1.1
                                          Host: session-auth.5436245745.info
                                          Connection: keep-alive
                                          sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                          sec-ch-ua-mobile: ?0
                                          sec-ch-ua-platform: "Windows"
                                          Upgrade-Insecure-Requests: 1
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                          Sec-Fetch-Site: cross-site
                                          Sec-Fetch-Mode: navigate
                                          Sec-Fetch-Dest: document
                                          Referer: https://storage.googleapis.com/
                                          Accept-Encoding: gzip, deflate, br, zstd
                                          Accept-Language: en-US,en;q=0.9
                                          2025-04-01 11:26:29 UTC191INHTTP/1.1 200 OK
                                          Date: Tue, 01 Apr 2025 11:26:29 GMT
                                          Server: Apache/2.4.52 (Ubuntu)
                                          Vary: Accept-Encoding
                                          Content-Length: 939
                                          Connection: close
                                          Content-Type: text/html; charset=UTF-8
                                          2025-04-01 11:26:29 UTC939INData Raw: 0a 20 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 32 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 33 34 37 34 38 38 39 2e 63 66 64 2f 3f 78 62 79 74 6e 64 67 68 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20
                                          Data Ascii: <!DOCTYPE html><html><head> <meta charset="UTF-8"> <meta http-equiv="refresh" content="2;url=https://3474889.cfd/?xbytndgh"> <style> body { font-family: Arial, sans-serif; text-align: center;


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          5192.168.2.7497025.255.106.154436068C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2025-04-01 11:26:29 UTC857OUTGET /favicon.ico HTTP/1.1
                                          Host: session-auth.5436245745.info
                                          Connection: keep-alive
                                          sec-ch-ua-platform: "Windows"
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                          sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                          sec-ch-ua-mobile: ?0
                                          Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                          Sec-Fetch-Site: same-origin
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: image
                                          Referer: https://session-auth.5436245745.info/dashboard/?app=c3RlZmZlbi5ldWxpdHpAbmlwcG9uZ2FzZXMuY29t&utm_id=aHR0cHM6Ly9jZG4uYW1wcHJvamVjdC5vcmcvYy9zL3ZyYm8uY29tL2F1dGgvdWkvbG9naW4/NTgyMzU=&ut_adi_h1j6TQ=aHR0cHM6Ly9jZG4uYW1wcHJvamVjdC5vcmcvYy9zL3ZyYm8uY29tL2F1dGgvdWkvbG9naW4/NTgyMzU=
                                          Accept-Encoding: gzip, deflate, br, zstd
                                          Accept-Language: en-US,en;q=0.9
                                          2025-04-01 11:26:29 UTC180INHTTP/1.1 404 Not Found
                                          Date: Tue, 01 Apr 2025 11:26:29 GMT
                                          Server: Apache/2.4.52 (Ubuntu)
                                          Content-Length: 291
                                          Connection: close
                                          Content-Type: text/html; charset=iso-8859-1
                                          2025-04-01 11:26:29 UTC291INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 73 65 73 73 69 6f 6e 2d 61 75 74 68 2e 35 34 33 36 32 34 35 37 34 35 2e 69 6e 66
                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at session-auth.5436245745.inf


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          6192.168.2.7497055.255.117.884436068C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2025-04-01 11:26:32 UTC704OUTGET /?xbytndgh HTTP/1.1
                                          Host: 3474889.cfd
                                          Connection: keep-alive
                                          sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                          sec-ch-ua-mobile: ?0
                                          sec-ch-ua-platform: "Windows"
                                          Upgrade-Insecure-Requests: 1
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                          Sec-Fetch-Site: cross-site
                                          Sec-Fetch-Mode: navigate
                                          Sec-Fetch-Dest: document
                                          Referer: https://session-auth.5436245745.info/
                                          Accept-Encoding: gzip, deflate, br, zstd
                                          Accept-Language: en-US,en;q=0.9
                                          2025-04-01 11:26:32 UTC612INHTTP/1.1 302 Found
                                          Set-Cookie: qPdM=ZRd2Aq8R9E7Y; path=/; samesite=none; secure; httponly
                                          Set-Cookie: qPdM.sig=1Gz8890DSV4sFKAGLvvfSWi3PBA; path=/; samesite=none; secure; httponly
                                          location: /__//eqpuwogtu/qcwvj2/x2.0/cwvjqtkbg?tgurqpug_varg=eqfg&ueqrg=Ugetgvu.TgcfYtkvg.EtgcvgfDaCrr.Ugewtg%20qhhnkpg_ceeguu&enkgpv_kf=229h4f61-07gd-454c-9453-f27ddc7ee95d&tgfktgev_wtk=jvvru%3C%2H%2Hnqikp.oketquqhvqpnkpg.eqo%2Heqooqp%2Hqcwvj2%2Hpcvkxgenkgpv&tgurqpug_oqfg=swgta&uvcvg=%7D%22kf%22%3C%22hkgfdhiengffndeoifkilifheiilekqp%22%7F
                                          Date: Tue, 01 Apr 2025 11:26:32 GMT
                                          Connection: close
                                          Transfer-Encoding: chunked
                                          2025-04-01 11:26:32 UTC5INData Raw: 30 0d 0a 0d 0a
                                          Data Ascii: 0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          7192.168.2.7497045.255.117.884436068C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2025-04-01 11:26:32 UTC1090OUTGET /__//eqpuwogtu/qcwvj2/x2.0/cwvjqtkbg?tgurqpug_varg=eqfg&ueqrg=Ugetgvu.TgcfYtkvg.EtgcvgfDaCrr.Ugewtg%20qhhnkpg_ceeguu&enkgpv_kf=229h4f61-07gd-454c-9453-f27ddc7ee95d&tgfktgev_wtk=jvvru%3C%2H%2Hnqikp.oketquqhvqpnkpg.eqo%2Heqooqp%2Hqcwvj2%2Hpcvkxgenkgpv&tgurqpug_oqfg=swgta&uvcvg=%7D%22kf%22%3C%22hkgfdhiengffndeoifkilifheiilekqp%22%7F HTTP/1.1
                                          Host: 3474889.cfd
                                          Connection: keep-alive
                                          Upgrade-Insecure-Requests: 1
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                          Sec-Fetch-Site: cross-site
                                          Sec-Fetch-Mode: navigate
                                          Sec-Fetch-Dest: document
                                          sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                          sec-ch-ua-mobile: ?0
                                          sec-ch-ua-platform: "Windows"
                                          Referer: https://session-auth.5436245745.info/
                                          Accept-Encoding: gzip, deflate, br, zstd
                                          Accept-Language: en-US,en;q=0.9
                                          Cookie: qPdM=ZRd2Aq8R9E7Y; qPdM.sig=1Gz8890DSV4sFKAGLvvfSWi3PBA
                                          2025-04-01 11:26:32 UTC2816INHTTP/1.1 302 Found
                                          Cache-Control: no-store, no-cache
                                          Pragma: no-cache
                                          Content-Type: text/html; charset=utf-8
                                          Expires: -1
                                          Location: https://3474889.cfd/?pzu1ue0fb=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/Y2xpZW50X2lkPTIyOWY0ZDYxLTA3ZWItNDU0YS05NDUzLWQyN2JiYTdjYzk1YiZzY29wZT1TZWNyZXRzLlJlYWRXcml0ZS5DcmVhdGVkQnlBcHAuU2VjdXJlK29mZmxpbmVfYWNjZXNzJnJlZGlyZWN0X3VyaT1odHRwcyUzYSUyZiUyZmxvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20lMmZjb21tb24lMmZvYXV0aDIlMmZuYXRpdmVjbGllbnQmcmVzcG9uc2VfdHlwZT1jb2RlJnN0YXRlPSU3YiUyMmlkJTIyJTNhJTIyZmllZGJmZ2NsZWRkbGJjbWdkaWdqZ2RmY2dnamNpb24lMjIlN2QmcmVzcG9uc2VfbW9kZT1xdWVyeSZ1YWlkPTdjNDg2NzA3NzFlYzRhMDE5NTQ5OGZkMzY0YjQ3OWFiJm1zcHJveHk9MSZpc3N1ZXI9bXNvJnRlbmFudD1jb25zdW1lcnMmdWlfbG9jYWxlcz1lbi1VUyZlcGN0PVBBUUFCRGdFQUFBQlZyU3BldVdhbVJhbTJqQUYxWFJRRU5PcGlacHdhejlCaEVrajBaVzZnZG9aUHk1M1ljYno1RXRUUHZ5X0lJMWh6eEZ4MTI5UmhWSzVzSllHOHFHdEdCaGZuOUJ3WmRDYkpjMkJJWGZYWFl1VFBBcTQ2bGNFMmVxZW9kRTZUcW42MGhsa091NHpCa2J0c3hzeHNaTk4xU3pBenJNNUxxRHJzWURSczVLV2FPR25CdVVGWU54dDRVRmRGNWJGWWJpNzBFc0k2cWRHbU1rVjBaZXdKWjNaY2Ixc1pKMDg0ZDFFSy1CUy1YOGFsTXlBQSZqc2hzPTAj
                                          Strict-Transport-Security: max-age=31536000; includeSubDomains
                                          P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                          x-ms-request-id: 77643c89-a005-4af8-8235-74d2803cb301
                                          x-ms-ests-server: 2.1.20329.5 - FRC ProdSlices
                                          report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+ams2"}]}
                                          nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
                                          x-ms-srs: 1.P
                                          Referrer-Policy: strict-origin-when-cross-origin
                                          Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-DHoZC0u6AX0UhlRBmAWLiw' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All
                                          Set-Cookie: fpc=AuofijWSgx5NumVd2zxYrUU; expires=Thu, 01-May-2025 11:26:32 GMT; path=/; secure; HttpOnly; SameSite=None
                                          Set-Cookie: esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEkjpUyoimXwOLYnVPPygXTiZZrBSMa_-VJyX3Vh9AeBiMqo0h_SnAN9Nx7lFgLFtlMJOXKqCMFsyUkN7BnG1bhHw3x4hx0bdqs_AfN-PyFrPg3X6n_0OFVIRiDkr0W02_4QbHaWFV9BqQO-zkOeY9eRNiuug9c14p9kaVw7frjUIgAA; domain=3474889.cfd; path=/; secure; HttpOnly; SameSite=None
                                          Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
                                          Set-Cookie: stsservicecookie=estsfd; path=/; secure; samesite=none; httponly
                                          Date: Tue, 01 Apr 2025 11:26:32 GMT
                                          Connection: close
                                          content-length: 858
                                          2025-04-01 11:26:32 UTC858INData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 6c 69 76 65 2e 63 6f 6d 2f 6f 61 75 74 68 32 30 5f 61 75 74 68 6f 72 69 7a 65 2e 73 72 66 3f 63 6c 69 65 6e 74 5f 69 64 3d 32 32 39 66 34 64 36 31 2d 30 37 65 62 2d 34 35 34 61 2d 39 34 35 33 2d 64 32 37 62 62 61 37 63 63 39 35 62 26 61 6d 70 3b 73 63 6f 70 65 3d 53 65 63 72 65 74 73 2e 52 65 61 64 57 72 69 74 65 2e 43 72 65 61 74 65 64 42 79 41 70 70 2e 53 65 63 75 72 65 2b 6f 66 66 6c 69 6e 65 5f 61 63 63 65 73 73 26 61 6d 70 3b 72 65 64 69 72 65 63 74 5f 75 72 69 3d
                                          Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="https://login.live.com/oauth20_authorize.srf?client_id=229f4d61-07eb-454a-9453-d27bba7cc95b&amp;scope=Secrets.ReadWrite.CreatedByApp.Secure+offline_access&amp;redirect_uri=


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          8192.168.2.7497075.255.117.884436068C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2025-04-01 11:26:33 UTC1991OUTGET /?pzu1ue0fb=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/Y2xpZW50X2lkPTIyOWY0ZDYxLTA3ZWItNDU0YS05NDUzLWQyN2JiYTdjYzk1YiZzY29wZT1TZWNyZXRzLlJlYWRXcml0ZS5DcmVhdGVkQnlBcHAuU2VjdXJlK29mZmxpbmVfYWNjZXNzJnJlZGlyZWN0X3VyaT1odHRwcyUzYSUyZiUyZmxvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20lMmZjb21tb24lMmZvYXV0aDIlMmZuYXRpdmVjbGllbnQmcmVzcG9uc2VfdHlwZT1jb2RlJnN0YXRlPSU3YiUyMmlkJTIyJTNhJTIyZmllZGJmZ2NsZWRkbGJjbWdkaWdqZ2RmY2dnamNpb24lMjIlN2QmcmVzcG9uc2VfbW9kZT1xdWVyeSZ1YWlkPTdjNDg2NzA3NzFlYzRhMDE5NTQ5OGZkMzY0YjQ3OWFiJm1zcHJveHk9MSZpc3N1ZXI9bXNvJnRlbmFudD1jb25zdW1lcnMmdWlfbG9jYWxlcz1lbi1VUyZlcGN0PVBBUUFCRGdFQUFBQlZyU3BldVdhbVJhbTJqQUYxWFJRRU5PcGlacHdhejlCaEVrajBaVzZnZG9aUHk1M1ljYno1RXRUUHZ5X0lJMWh6eEZ4MTI5UmhWSzVzSllHOHFHdEdCaGZuOUJ3WmRDYkpjMkJJWGZYWFl1VFBBcTQ2bGNFMmVxZW9kRTZUcW42MGhsa091NHpCa2J0c3hzeHNaTk4xU3pBenJNNUxxRHJzWURSczVLV2FPR25CdVVGWU54dDRVRmRGNWJGWWJpNzBFc0k2cWRHbU1rVjBaZXdKWjNaY2Ixc1pKMDg0ZDFFSy1CUy1YOGFsTXlBQSZqc2hzPTAj HTTP/1.1
                                          Host: 3474889.cfd
                                          Connection: keep-alive
                                          Upgrade-Insecure-Requests: 1
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                          Sec-Fetch-Site: cross-site
                                          Sec-Fetch-Mode: navigate
                                          Sec-Fetch-Dest: document
                                          sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                          sec-ch-ua-mobile: ?0
                                          sec-ch-ua-platform: "Windows"
                                          Referer: https://session-auth.5436245745.info/
                                          Accept-Encoding: gzip, deflate, br, zstd
                                          Accept-Language: en-US,en;q=0.9
                                          Cookie: qPdM=ZRd2Aq8R9E7Y; qPdM.sig=1Gz8890DSV4sFKAGLvvfSWi3PBA; fpc=AuofijWSgx5NumVd2zxYrUU; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEkjpUyoimXwOLYnVPPygXTiZZrBSMa_-VJyX3Vh9AeBiMqo0h_SnAN9Nx7lFgLFtlMJOXKqCMFsyUkN7BnG1bhHw3x4hx0bdqs_AfN-PyFrPg3X6n_0OFVIRiDkr0W02_4QbHaWFV9BqQO-zkOeY9eRNiuug9c14p9kaVw7frjUIgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
                                          2025-04-01 11:26:33 UTC3018INHTTP/1.1 200 OK
                                          Referer: https://login.live.com/oauth20_authorize.srf?client_id=229f4d61-07eb-454a-9453-d27bba7cc95b&scope=Secrets.ReadWrite.CreatedByApp.Secure+offline_access&redirect_uri=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2foauth2%2fnativeclient&response_type=code&state=%7b%22id%22%3a%22fiedbfgcleddlbcmgdigjgdfcggjcion%22%7d&response_mode=query&uaid=7c48670771ec4a0195498fd364b479ab&msproxy=1&issuer=mso&tenant=consumers&ui_locales=en-US&epct=PAQABDgEAAABVrSpeuWamRam2jAF1XRQENOpiZpwaz9BhEkj0ZW6gdoZPy53Ycbz5EtTPvy_II1hzxFx129RhVK5sJYG8qGtGBhfn9BwZdCbJc2BIXfXXYuTPAq46lcE2eqeodE6Tqn60hlkOu4zBkbtsxsxsZNN1SzAzrM5LqDrsYDRs5KWaOGnBuUFYNxt4UFdF5bFYbi70EsI6qdGmMkV0ZewJZ3Zcb1sZJ084d1EK-BS-X8alMyAA&jshs=0#
                                          Cache-Control: no-store, no-cache
                                          Pragma: no-cache
                                          Content-Type: text/html; charset=utf-8
                                          Expires: Tue, 01 Apr 2025 11:25:33 GMT
                                          P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                          X-DNS-Prefetch-Control: on
                                          Link: <https://logincdn.msauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msftauth.net>; rel=preconnect; crossorigin, <https://acctcdn.msauth.net/>; rel=dns-prefetch, <https://acctcdn.msftauth.net/>; rel=dns-prefetch, <https://acctcdnmsftuswe2.azureedge.net/>; rel=dns-prefetch, <https://logincdn.msauth.net/>; rel=dns-prefetch, <https://logincdn.msftauth.net/>; rel=dns-prefetch, <https://lgincdnmsftuswe2.azureedge.net/>; rel=dns-prefetch
                                          Referrer-Policy: strict-origin-when-cross-origin
                                          x-ms-route-info: C515_SN1
                                          x-ms-request-id: cbaaa472-0aba-4450-9692-a7dc7c3150b9
                                          PPServer: PPV: 30 H: SN1PEPF0002F0DF V: 0
                                          Strict-Transport-Security: max-age=31536000
                                          Set-Cookie: MSPRequ=id=N&lt=1743506793&co=1; domain=3474889.cfd; Secure; path=/; SameSite=None; HttpOnly
                                          Set-Cookie: uaid=7c48670771ec4a0195498fd364b479ab; domain=3474889.cfd; Secure; path=/; SameSite=None; HttpOnly
                                          Set-Cookie: MSPOK=$uuid-5e85ee6d-c02f-49fb-bd00-7b43719bd627; domain=3474889.cfd; Secure; path=/; SameSite=None; HttpOnly
                                          Set-Cookie: OParams=11O.DlMeEeSvIIp4Z48xfcF!KVpmIdE*XZ85q*Cxh*tH6vm6Ak707OaMVc7mm8AazVLvCGs!lt7k7DymYaWmBs6sASCOS4JpVLqmtrpU8Z7BhfF3AMBzNKepp8QX*Hk8SSlGbANjAtNiXdPWufIHxncu46LS5*cuJhbuezzqEn06*G4m443dTAAF4iP15w*qIgwZxg5pEFJTpH4qMG8xCyNz5bUChWLVgsyd1P2Y0oEXoo0yKPgWmeqd!NjOQufXmsAtKLhEz1cYDsBJ7EnrMazwkKTuOBIOmc*3ZaiPxq6l6RuejerTUoTfq!X!L2*uLSZVeglCIR6gFk67y*L64XE8lyjJ71VhQ9Xn7cYahyyOgf5nK8gRCjA6BtYGfXYgHwAT6nI5UvnyCX37r*8XpXQ9DQt78FHUEpC2uO9AOg39mi!rHyjmYfuJsTrNwWumuxrpbrESoCeGUhOTfvzVc!yG9WoFbAn3W0SRmvwnsO8D!ev1WFkaFgUrQnupe0nbMT3rfX35TeyP!KGhrUCEeb2mm9RXEP0y4v!5t6aBcsutg5ysFRcZvhzo9jy9qAkZCP6f0PfZk7k2QMuJ1iu2w51d21h45WH!YEOHAJK9u5rShoz9FGQjdkIdgnx1mlHXqjA8HpJ8Z8KwBTXnLzRajoh3gtzkLUBv7UXo5zVwzrPOsKnMOpDedLJYMjCsVqHpwtrHFQ7bWScRE1XyCtzIrs3!lqqKv8MwoyfJsLlJny66kg!57r5G9HDFMVSG93uiCsoEGCcHCqnzBUaTdUU32*W8wkXmPqMSLUsygJPMUrmfP!NsTK1hNP3kuLOU!IfP07vyYDAufomQqnzE1XI4IgtZuZc$; domain=3474889.cfd; Secure; path=/; SameSite=None; HttpOnly
                                          Date: Tue, 01 Apr 2025 11:26:33 GMT
                                          Connection: close
                                          content-length: 25633
                                          2025-04-01 11:26:33 UTC13366INData Raw: 3c 21 2d 2d 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 20 2d 2d 3e 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 20 53 65 72 76 65 72 49 6e 66 6f 3a 20 53 4e 31 50 45 50 46 30 30 30 32 46 30 44 46 20 31 36 2e 30 2e 33 30 35 35 38 2e 34 20 4c 6f 63 56 65 72 3a 30 20 2d 2d 3e 3c 21 2d 2d 20 50 72 65 70 72 6f 63 65 73 73 49 6e 66 6f 3a 20 43 42 41 2d 30 33 32 30 5f 31 35 33 35 30 37 3a 30 63 63 35 34 37 36 31 63 30 30 30 30 30 4e 2c 20 32 30 32 35 2d 30 33 2d 32 30 54 31 36 3a 30 35 3a 32 33 2e 30 31 33 39 39 33 34 2d 30 37 3a 30 30 20 2d 20 56 65 72 73 69 6f 6e 3a 20 31 36 2c 30 2c 33 30 35 35 38 2c 34 20 2d 2d 3e 3c
                                          Data Ascii: ... Copyright (C) Microsoft Corporation. All rights reserved. --><!DOCTYPE html>... ServerInfo: SN1PEPF0002F0DF 16.0.30558.4 LocVer:0 -->... PreprocessInfo: CBA-0320_153507:0cc54761c00000N, 2025-03-20T16:05:23.0139934-07:00 - Version: 16,0,30558,4 --><
                                          2025-04-01 11:26:33 UTC12267INData Raw: 6d 62 61 62 77 65 7e 32 36 33 27 2c 66 45 6e 61 62 6c 65 41 72 69 61 4c 69 76 65 55 70 64 61 74 65 73 3a 74 72 75 65 2c 75 72 6c 48 6f 73 74 65 64 50 72 69 76 61 63 79 4c 69 6e 6b 3a 27 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 63 64 6e 2e 6d 73 61 75 74 68 2e 6e 65 74 2f 31 36 2e 30 30 30 2e 33 30 35 35 38 2e 34 2f 61 67 72 65 65 6d 65 6e 74 73 2f 70 72 69 76 61 63 79 2f 65 6e 2d 75 73 2f 70 72 69 76 61 63 79 2e 74 78 74 3f 78 3d 31 36 2e 30 30 30 2e 33 30 35 35 38 2e 34 27 2c 73 48 6f 73 74 42 75 69 6c 64 4e 75 6d 62 65 72 3a 27 31 36 2e 30 2e 33 30 35 35 38 2e 34 27 2c 66 49 73 48 6f 73 74 65 64 3a 74 72 75 65 2c 61 72 72 46 65 64 4e 61 6d 65 73 3a 5b 5d 2c 66 41 6c 6c 6f 77 53 6b 79 70 65 4e 61 6d 65 4c 6f 67 69 6e 3a 74 72 75 65 2c 75 72 6c 46 6f 72 67
                                          Data Ascii: mbabwe~263',fEnableAriaLiveUpdates:true,urlHostedPrivacyLink:'https://logincdn.msauth.net/16.000.30558.4/agreements/privacy/en-us/privacy.txt?x=16.000.30558.4',sHostBuildNumber:'16.0.30558.4',fIsHosted:true,arrFedNames:[],fAllowSkypeNameLogin:true,urlForg


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          9192.168.2.7497155.255.117.884436068C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2025-04-01 11:26:37 UTC3061OUTPOST /GetExperimentAssignments.srf HTTP/1.1
                                          Host: 3474889.cfd
                                          Connection: keep-alive
                                          Content-Length: 870
                                          correlationId: 7c48670771ec4a0195498fd364b479ab
                                          sec-ch-ua-platform: "Windows"
                                          hpgid: 37
                                          sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                          hpgact: 0
                                          sec-ch-ua-mobile: ?0
                                          client-request-id: 7c48670771ec4a0195498fd364b479ab
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                          Accept: application/json
                                          Content-Type: application/json; charset=utf-8
                                          Origin: https://3474889.cfd
                                          Sec-Fetch-Site: same-origin
                                          Sec-Fetch-Mode: cors
                                          Sec-Fetch-Dest: empty
                                          Referer: https://3474889.cfd/?pzu1ue0fb=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/Y2xpZW50X2lkPTIyOWY0ZDYxLTA3ZWItNDU0YS05NDUzLWQyN2JiYTdjYzk1YiZzY29wZT1TZWNyZXRzLlJlYWRXcml0ZS5DcmVhdGVkQnlBcHAuU2VjdXJlK29mZmxpbmVfYWNjZXNzJnJlZGlyZWN0X3VyaT1odHRwcyUzYSUyZiUyZmxvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20lMmZjb21tb24lMmZvYXV0aDIlMmZuYXRpdmVjbGllbnQmcmVzcG9uc2VfdHlwZT1jb2RlJnN0YXRlPSU3YiUyMmlkJTIyJTNhJTIyZmllZGJmZ2NsZWRkbGJjbWdkaWdqZ2RmY2dnamNpb24lMjIlN2QmcmVzcG9uc2VfbW9kZT1xdWVyeSZ1YWlkPTdjNDg2NzA3NzFlYzRhMDE5NTQ5OGZkMzY0YjQ3OWFiJm1zcHJveHk9MSZpc3N1ZXI9bXNvJnRlbmFudD1jb25zdW1lcnMmdWlfbG9jYWxlcz1lbi1VUyZlcGN0PVBBUUFCRGdFQUFBQlZyU3BldVdhbVJhbTJqQUYxWFJRRU5PcGlacHdhejlCaEVrajBaVzZnZG9aUHk1M1ljYno1RXRUUHZ5X0lJMWh6eEZ4MTI5UmhWSzVzSllHOHFHdEdCaGZuOUJ3WmRDYkpjMkJJWGZYWFl1VFBBcTQ2bGNFMmVxZW9kRTZUcW42MGhsa091NHpCa2J0c3hzeHNaTk4xU3pBenJNNUxxRHJzWURSczVLV2FPR25CdVVGWU54dDRVRmRGNWJGWWJpNzBFc0k2cWRHbU1rVjBaZXdKWjNaY2Ixc1pKMDg0ZDFFSy1CUy1YOGFsTXlBQSZqc2hzPTAj
                                          Accept-Encoding: gzip, deflate, br, zstd
                                          Accept-Language: en-US,en;q=0.9
                                          Cookie: qPdM=ZRd2Aq8R9E7Y; qPdM.sig=1Gz8890DSV4sFKAGLvvfSWi3PBA; fpc=AuofijWSgx5NumVd2zxYrUU; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEkjpUyoimXwOLYnVPPygXTiZZrBSMa_-VJyX3Vh9AeBiMqo0h_SnAN9Nx7lFgLFtlMJOXKqCMFsyUkN7BnG1bhHw3x4hx0bdqs_AfN-PyFrPg3X6n_0OFVIRiDkr0W02_4QbHaWFV9BqQO-zkOeY9eRNiuug9c14p9kaVw7frjUIgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; MSPRequ=id=N&lt=1743506793&co=1; uaid=7c48670771ec4a0195498fd364b479ab; MSPOK=$uuid-5e85ee6d-c02f-49fb-bd00-7b43719bd627; OParams=11O.DlMeEeSvIIp4Z48xfcF!KVpmIdE*XZ85q*Cxh*tH6vm6Ak707OaMVc7mm8AazVLvCGs!lt7k7DymYaWmBs6sASCOS4JpVLqmtrpU8Z7BhfF3AMBzNKepp8QX*Hk8SSlGbANjAtNiXdPWufIHxncu46LS5*cuJhbuezzqEn06*G4m443dTAAF4iP15w*qIgwZxg5pEFJTpH4qMG8xCyNz5bUChWLVgsyd1P2Y0oEXoo0yKPgWmeqd!NjOQufXmsAtKLhEz1cYDsBJ7EnrMazwkKTuOBIOmc*3ZaiPxq6l6RuejerTUoTfq!X!L2*uLSZVeglCIR6gFk67y*L64XE8lyjJ71VhQ9Xn7cYahyyOgf5nK8gRCjA6BtYGfXYgHwAT6nI5UvnyCX37r*8XpXQ9DQt78FHUEpC2uO9AOg39mi!rHyjmYfuJsTrNwWumuxrpbrESoCeGUhOTfvzVc!yG9WoFbAn3W0SRmvwnsO8D!ev1WFkaFgUrQnupe0nbMT3rfX35TeyP!KGhrUCEe [TRUNCATED]
                                          2025-04-01 11:26:37 UTC870OUTData Raw: 7b 22 63 6c 69 65 6e 74 45 78 70 65 72 69 6d 65 6e 74 73 22 3a 5b 7b 22 70 61 72 61 6c 6c 61 78 22 3a 22 65 6e 61 62 6c 65 69 64 65 6e 74 69 74 79 62 61 6e 6e 65 72 72 65 73 70 6f 6e 73 69 76 65 65 78 70 65 72 69 6d 65 6e 74 22 2c 22 63 6f 6e 74 72 6f 6c 22 3a 22 65 6e 61 62 6c 65 69 64 65 6e 74 69 74 79 62 61 6e 6e 65 72 72 65 73 70 6f 6e 73 69 76 65 65 78 70 65 72 69 6d 65 6e 74 5f 63 6f 6e 74 72 6f 6c 22 2c 22 74 72 65 61 74 6d 65 6e 74 73 22 3a 5b 22 65 6e 61 62 6c 65 69 64 65 6e 74 69 74 79 62 61 6e 6e 65 72 72 65 73 70 6f 6e 73 69 76 65 65 78 70 65 72 69 6d 65 6e 74 5f 74 72 65 61 74 6d 65 6e 74 22 5d 7d 2c 7b 22 70 61 72 61 6c 6c 61 78 22 3a 22 62 75 6d 70 6c 6f 74 74 69 65 76 65 72 73 69 6f 6e 66 72 6f 6d 63 6c 69 65 6e 74 22 2c 22 63 6f 6e 74 72
                                          Data Ascii: {"clientExperiments":[{"parallax":"enableidentitybannerresponsiveexperiment","control":"enableidentitybannerresponsiveexperiment_control","treatments":["enableidentitybannerresponsiveexperiment_treatment"]},{"parallax":"bumplottieversionfromclient","contr
                                          2025-04-01 11:26:37 UTC482INHTTP/1.1 200 OK
                                          Cache-Control: no-store, no-cache
                                          Pragma: no-cache
                                          Content-Type: application/json
                                          Expires: Tue, 01 Apr 2025 11:25:37 GMT
                                          P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                          Referrer-Policy: strict-origin-when-cross-origin
                                          x-ms-route-info: C511_SN1
                                          x-ms-request-id: b5b87e8d-db1f-4109-a0ac-0db62fd09123
                                          PPServer: PPV: 30 H: SN1PEPF0002F09F V: 0
                                          Strict-Transport-Security: max-age=31536000
                                          Date: Tue, 01 Apr 2025 11:26:36 GMT
                                          Connection: close
                                          content-length: 214
                                          2025-04-01 11:26:37 UTC214INData Raw: 7b 22 46 6c 69 67 68 74 41 73 73 69 67 6e 6d 65 6e 74 73 22 3a 5b 20 22 65 6e 61 62 6c 65 69 64 65 6e 74 69 74 79 62 61 6e 6e 65 72 72 65 73 70 6f 6e 73 69 76 65 65 78 70 65 72 69 6d 65 6e 74 5f 74 72 65 61 74 6d 65 6e 74 22 2c 20 22 62 75 6d 70 6c 6f 74 74 69 65 76 65 72 73 69 6f 6e 66 72 6f 6d 63 6c 69 65 6e 74 5f 74 72 65 61 74 6d 65 6e 74 22 2c 20 22 61 64 64 70 72 69 76 61 74 65 62 72 6f 77 73 69 6e 67 74 65 78 74 74 6f 66 61 62 72 69 63 66 6f 6f 74 65 72 5f 74 72 65 61 74 6d 65 6e 74 22 2c 20 22 75 70 64 61 74 65 75 73 65 66 6f 72 6d 73 75 62 6d 69 73 73 69 6f 6e 66 6f 63 75 73 6c 6f 67 69 63 5f 63 6f 6e 74 72 6f 6c 22 20 5d 7d
                                          Data Ascii: {"FlightAssignments":[ "enableidentitybannerresponsiveexperiment_treatment", "bumplottieversionfromclient_treatment", "addprivatebrowsingtexttofabricfooter_treatment", "updateuseformsubmissionfocuslogic_control" ]}


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          10192.168.2.74971920.72.243.624436068C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2025-04-01 11:26:38 UTC813OUTGET /?session_id=7c48670771ec4a0195498fd364b479ab&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SI HTTP/1.1
                                          Host: fpt.live.com
                                          Connection: keep-alive
                                          sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                          sec-ch-ua-mobile: ?0
                                          sec-ch-ua-platform: "Windows"
                                          Upgrade-Insecure-Requests: 1
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                          Sec-Fetch-Site: cross-site
                                          Sec-Fetch-Mode: navigate
                                          Sec-Fetch-Dest: iframe
                                          Sec-Fetch-Storage-Access: active
                                          Referer: https://3474889.cfd/
                                          Accept-Encoding: gzip, deflate, br, zstd
                                          Accept-Language: en-US,en;q=0.9
                                          2025-04-01 11:26:38 UTC751INHTTP/1.1 200 OK
                                          Transfer-Encoding: chunked
                                          Content-Type: text/html
                                          Server: Microsoft-HTTPAPI/2.0
                                          Access-Control-Allow-Origin: *
                                          Set-Cookie: fptctx2=taBcrIH61PuCVH7eNCyH0Iitb%252bEMfwlgK%252fM8w%252f28EbfGPmY0ttgyKs3tFFnStJsqv5iEblhq%252fLd6XCbqsWQhiKGNMcErI6Acq9cr%252fiys%252bd8MtjSTt0EPDWrfHf3PokvIY4Xr3%252ftK422Xpa%252b3TlLIl7TBMhPd28q0e5CnuFW1zj2vxGoHkgasOtUi0pCDG5dPzL7New5OItMzdCjH43RaUfdO%252fMGE0ZaxDAaOrjRQlFiVXfTY%252bQlKZRvl3EtBSGgfrxM2YG%252bu%252fAMXV9ezwHIiGl%252fIKG71V%252fwoiqKSnnYhRyg%253d; domain=.live.com; path=/; secure; httponly
                                          Set-Cookie: MUID=f9efcf86c2b343cc92e4ad9d576a3cf6; expires=Wed, 01 Apr 2026 11:26:38 GMT; domain=.live.com; path=/; secure; httponly
                                          Date: Tue, 01 Apr 2025 11:26:38 GMT
                                          Connection: close
                                          2025-04-01 11:26:38 UTC4104INData Raw: 31 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 76 61 72 20 6c 6f 63 61 6c 54 61 72 67 65 74 3d 27 68 74 74 70 73 3a 2f 2f 66 70 74 2e 6c 69 76 65 2e 63 6f 6d 2f 27 2c 74 61 72 67 65 74 3d 27 68 74 74 70 73 3a 2f 2f 64 66 2e 63 66 70 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 43 6c 65 61 72 2e 48 54 4d 4c 3f 63 74 78 3d 4c 73 31 2e 30 26 77 6c 3d 46 61 6c 73 65 26 27 2c 74 78 6e 49 64 3d 27 37 63 34 38 36 37 30 37 37 31 65 63 34 61 30 31 39 35 34 39 38 66 64 33 36 34 62 34 37 39
                                          Data Ascii: 1000<!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml"><head> <title></title> <script>var localTarget='https://fpt.live.com/',target='https://df.cfp.microsoft.com/Clear.HTML?ctx=Ls1.0&wl=False&',txnId='7c48670771ec4a0195498fd364b479
                                          2025-04-01 11:26:38 UTC4104INData Raw: 31 30 30 30 0d 0a 42 6f 6c 64 3b 43 65 6e 74 75 72 79 20 53 63 68 6f 6f 6c 62 6f 6f 6b 3b 47 6c 6f 75 63 65 73 74 65 72 20 4d 54 20 45 78 74 72 61 20 43 6f 6e 64 65 6e 73 65 64 3b 50 65 72 70 65 74 75 61 3b 46 72 61 6e 6b 6c 69 6e 20 47 6f 74 68 69 63 20 42 6f 6f 6b 3b 42 72 75 73 68 20 53 63 72 69 70 74 20 4d 54 3b 4d 69 63 72 6f 73 6f 66 74 20 54 61 69 20 4c 65 3b 47 69 6c 6c 20 53 61 6e 73 20 4d 54 3b 54 77 20 43 65 6e 20 4d 54 3b 4c 75 63 69 64 61 20 48 61 6e 64 77 72 69 74 69 6e 67 3b 4c 75 63 69 64 61 20 53 61 6e 73 3b 53 65 67 6f 65 20 55 49 3b 4c 75 63 69 64 61 20 46 61 78 3b 4d 56 20 42 6f 6c 69 3b 53 79 6c 66 61 65 6e 3b 45 73 74 72 61 6e 67 65 6c 6f 20 45 64 65 73 73 61 3b 4d 61 6e 67 61 6c 3b 47 61 75 74 61 6d 69 3b 54 75 6e 67 61 3b 53 68 72
                                          Data Ascii: 1000Bold;Century Schoolbook;Gloucester MT Extra Condensed;Perpetua;Franklin Gothic Book;Brush Script MT;Microsoft Tai Le;Gill Sans MT;Tw Cen MT;Lucida Handwriting;Lucida Sans;Segoe UI;Lucida Fax;MV Boli;Sylfaen;Estrangelo Edessa;Mangal;Gautami;Tunga;Shr
                                          2025-04-01 11:26:38 UTC4104INData Raw: 31 30 30 30 0d 0a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 21 30 7d 3b 72 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 73 72 63 22 2c 6e 29 3b 66 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 64 69 76 22 29 3b 66 2e 69 64 3d 22 44 65 6c 61 79 65 64 53 65 6e 64 44 69 76 22 2b 69 3b 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 66 29 3b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 66 2e 69 64 29 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 72 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 67 28 29 7b 76 61 72 20 6e 3d 7b 7d 3b 74 68 69 73 2e 62 72 6f 77 73 65 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 6e 3d 22 22 2c 74 2c 69 3b 74 72 79 7b 74 79 70 65 6f 66 20 6e 61 76
                                          Data Ascii: 1000function(){return!0};r.setAttribute("src",n);f=document.createElement("div");f.id="DelayedSendDiv"+i;document.body.appendChild(f);document.getElementById(f.id).appendChild(r)}}function g(){var n={};this.browser=function(){var n="",t,i;try{typeof nav
                                          2025-04-01 11:26:38 UTC4104INData Raw: 31 30 30 30 0d 0a 74 69 6f 6e 28 74 2c 69 29 7b 74 72 79 7b 22 6a 73 2d 65 72 72 6f 72 73 22 69 6e 20 6e 7c 7c 28 6e 5b 22 6a 73 2d 65 72 72 6f 72 73 22 5d 3d 5b 5d 29 3b 6e 5b 22 6a 73 2d 65 72 72 6f 72 73 22 5d 2e 70 75 73 68 28 74 2b 22 3a 22 2b 69 2e 74 6f 53 74 72 69 6e 67 28 29 29 7d 63 61 74 63 68 28 72 29 7b 7d 7d 3b 74 68 69 73 2e 70 69 6c 6f 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 66 2c 6e 2c 74 2c 72 2c 65 3b 69 66 28 76 28 29 26 26 55 43 48 26 26 6f 2e 70 75 73 68 28 74 74 28 29 29 2c 69 70 76 36 55 72 6c 29 7b 66 3d 68 28 29 3b 74 72 79 7b 66 2e 6f 70 65 6e 28 22 47 45 54 22 2c 69 70 76 36 55 72 6c 2c 21 30 29 3b 66 2e 73 65 6e 64 28 29 7d 63 61 74 63 68 28 73 29 7b 7d 7d 6e 3d 74 68 69 73 2e 62 72 6f 77 73 65 72 28 29 3b 6e 2b 3d
                                          Data Ascii: 1000tion(t,i){try{"js-errors"in n||(n["js-errors"]=[]);n["js-errors"].push(t+":"+i.toString())}catch(r){}};this.pilot=function(){var f,n,t,r,e;if(v()&&UCH&&o.push(tt()),ipv6Url){f=h();try{f.open("GET",ipv6Url,!0);f.send()}catch(s){}}n=this.browser();n+=
                                          2025-04-01 11:26:39 UTC4104INData Raw: 31 30 30 30 0d 0a 6c 73 65 22 2c 75 3d 6e 28 5b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 64 69 72 65 63 74 6f 72 22 5d 29 2c 69 3d 75 5b 30 5d 2c 66 3d 75 5b 31 5d 2c 72 3b 72 65 74 75 72 6e 20 69 21 3d 22 66 61 6c 73 65 22 26 26 69 21 3d 22 74 72 75 65 22 26 26 2f 53 68 6f 63 6b 77 61 76 65 20 66 6f 72 20 44 69 72 65 63 74 6f 72 2f 69 2e 74 65 73 74 28 69 29 26 26 28 74 3d 22 74 72 75 65 22 29 2c 74 3d 3d 22 74 72 75 65 22 26 26 66 26 26 28 72 3d 2f 5b 5c 64 5d 5b 5c 64 5c 2e 5c 5f 2c 2d 5d 2a 2f 2e 65 78 65 63 28 66 29 2c 72 26 26 28 74 3d 72 5b 30 5d 29 29 2c 74 7d 66 75 6e 63 74 69 6f 6e 20 73 74 28 29 7b 76 61 72 20 74 3d 22 66 61 6c 73 65 22 2c 75 3d 6e 28 5b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 76 6e 64 2e 72 6e 2d 72 65 61 6c 70 6c 61 79 65
                                          Data Ascii: 1000lse",u=n(["application/x-director"]),i=u[0],f=u[1],r;return i!="false"&&i!="true"&&/Shockwave for Director/i.test(i)&&(t="true"),t=="true"&&f&&(r=/[\d][\d\.\_,-]*/.exec(f),r&&(t=r[0])),t}function st(){var t="false",u=n(["application/vnd.rn-realplaye
                                          2025-04-01 11:26:39 UTC3179INData Raw: 43 36 34 0d 0a 63 2c 6f 2c 73 2c 6e 5b 6c 2b 31 35 5d 2c 31 34 2c 2d 36 36 30 34 37 38 33 33 35 29 2c 73 3d 69 28 73 2c 68 2c 63 2c 6f 2c 6e 5b 6c 2b 34 5d 2c 32 30 2c 2d 34 30 35 35 33 37 38 34 38 29 2c 6f 3d 69 28 6f 2c 73 2c 68 2c 63 2c 6e 5b 6c 2b 39 5d 2c 35 2c 35 36 38 34 34 36 34 33 38 29 2c 63 3d 69 28 63 2c 6f 2c 73 2c 68 2c 6e 5b 6c 2b 31 34 5d 2c 39 2c 2d 31 30 31 39 38 30 33 36 39 30 29 2c 68 3d 69 28 68 2c 63 2c 6f 2c 73 2c 6e 5b 6c 2b 33 5d 2c 31 34 2c 2d 31 38 37 33 36 33 39 36 31 29 2c 73 3d 69 28 73 2c 68 2c 63 2c 6f 2c 6e 5b 6c 2b 38 5d 2c 32 30 2c 31 31 36 33 35 33 31 35 30 31 29 2c 6f 3d 69 28 6f 2c 73 2c 68 2c 63 2c 6e 5b 6c 2b 31 33 5d 2c 35 2c 2d 31 34 34 34 36 38 31 34 36 37 29 2c 63 3d 69 28 63 2c 6f 2c 73 2c 68 2c 6e 5b 6c 2b 32
                                          Data Ascii: C64c,o,s,n[l+15],14,-660478335),s=i(s,h,c,o,n[l+4],20,-405537848),o=i(o,s,h,c,n[l+9],5,568446438),c=i(c,o,s,h,n[l+14],9,-1019803690),h=i(h,c,o,s,n[l+3],14,-187363961),s=i(s,h,c,o,n[l+8],20,1163531501),o=i(o,s,h,c,n[l+13],5,-1444681467),c=i(c,o,s,h,n[l+2
                                          2025-04-01 11:26:39 UTC5INData Raw: 30 0d 0a 0d 0a
                                          Data Ascii: 0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          11192.168.2.7497245.255.117.884436068C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2025-04-01 11:26:38 UTC1896OUTGET /GetExperimentAssignments.srf HTTP/1.1
                                          Host: 3474889.cfd
                                          Connection: keep-alive
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                          Accept: */*
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: cors
                                          Sec-Fetch-Dest: empty
                                          Sec-Fetch-Storage-Access: active
                                          Accept-Encoding: gzip, deflate, br, zstd
                                          Accept-Language: en-US,en;q=0.9
                                          Cookie: qPdM=ZRd2Aq8R9E7Y; qPdM.sig=1Gz8890DSV4sFKAGLvvfSWi3PBA; fpc=AuofijWSgx5NumVd2zxYrUU; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEkjpUyoimXwOLYnVPPygXTiZZrBSMa_-VJyX3Vh9AeBiMqo0h_SnAN9Nx7lFgLFtlMJOXKqCMFsyUkN7BnG1bhHw3x4hx0bdqs_AfN-PyFrPg3X6n_0OFVIRiDkr0W02_4QbHaWFV9BqQO-zkOeY9eRNiuug9c14p9kaVw7frjUIgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; MSPRequ=id=N&lt=1743506793&co=1; uaid=7c48670771ec4a0195498fd364b479ab; MSPOK=$uuid-5e85ee6d-c02f-49fb-bd00-7b43719bd627; OParams=11O.DlMeEeSvIIp4Z48xfcF!KVpmIdE*XZ85q*Cxh*tH6vm6Ak707OaMVc7mm8AazVLvCGs!lt7k7DymYaWmBs6sASCOS4JpVLqmtrpU8Z7BhfF3AMBzNKepp8QX*Hk8SSlGbANjAtNiXdPWufIHxncu46LS5*cuJhbuezzqEn06*G4m443dTAAF4iP15w*qIgwZxg5pEFJTpH4qMG8xCyNz5bUChWLVgsyd1P2Y0oEXoo0yKPgWmeqd!NjOQufXmsAtKLhEz1cYDsBJ7EnrMazwkKTuOBIOmc*3ZaiPxq6l6RuejerTUoTfq!X!L2*uLSZVeglCIR6gFk67y*L64XE8lyjJ71VhQ9Xn7cYahyyOgf5nK8gRCjA6BtYGfXYgHwAT6nI5UvnyCX37r*8XpXQ9DQt78FHUEpC2uO9AOg39mi!rHyjmYfuJsTrNwWumuxrpbrESoCeGUhOTfvzVc!yG9WoFbAn3W0SRmvwnsO8D!ev1WFkaFgUrQnupe0nbMT3rfX35TeyP!KGhrUCEe [TRUNCATED]
                                          2025-04-01 11:26:39 UTC581INHTTP/1.1 400 Bad Request
                                          Cache-Control: no-store, no-cache
                                          Pragma: no-cache
                                          Content-Type: application/json
                                          Expires: Tue, 01 Apr 2025 11:25:39 GMT
                                          P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                          X-WLID-Error: 0x80043449
                                          Referrer-Policy: strict-origin-when-cross-origin
                                          x-ms-route-info: C502_BL2
                                          x-ms-request-id: 4432adc2-2077-4781-a1fd-1609ff793bb8
                                          PPServer: PPV: 30 H: BL02EPF0001D6EC V: 0
                                          X-Content-Type-Options: nosniff
                                          Strict-Transport-Security: max-age=31536000
                                          X-XSS-Protection: 1; mode=block
                                          Date: Tue, 01 Apr 2025 11:26:38 GMT
                                          Connection: close
                                          Content-Length: 0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          12192.168.2.74972920.72.243.624436068C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2025-04-01 11:26:41 UTC2654OUTGET /Images/Clear.PNG?ctx=jscb1.0&session_id=7c48670771ec4a0195498fd364b479ab&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&esi=YnVhPU1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMzQuMC4wLjAgU2FmYXJpLzUzNy4zNiZvcz1XaW4zMiZscHJvYz00Jm9sPXRydWUmcnR0PTI1MCZjaHJtPXRydWUmcHJvc3ViPTIwMDMwMTA3JmV2YWw9MzMmYXBwdj01LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEzNC4wLjAuMCBTYWZhcmkvNTM3LjM2JmxzPXRydWUmZG09OCZtdHA9MCZuYz04MiZwcj0xJnNyPTEyODB4MTAyNCZzY2Q9MjQmYXNyPTEyODB4OTg0JnR6PS0zMDAmZHN0PTYwJnR6bz0tMjQwJmJsPWVuLVVTJm10aD0yN2Y1MWQzMTQ5ZTZiZjIwOWI2NmJkMzg3YjBhZjNjNCZtdG49MiZwbj01JnBoPWYzYWMyMmFjNTljNmRjYjg3NDEwOWQwOTNjNTI1NWU4JnA9cGx1Z2luX2ZsYXNoJTNEZmFsc2UlMjZwbHVnaW5fd2luZG93c19tZWRpYV9wbGF5ZXIlM0RmYWxzZSUyNnBsdWdpbl9hZG9iZV9hY3JvYmF0JTNEZmFsc2UlMjZwbHVnaW5fc2lsdmVybGlnaHQlM0RmYWxzZSUyNnBsdWdpbl9xdWlja3RpbWUlM0RmYWxzZSUyNnBsdWdpbl9zaG9ja3dhdmUlM0RmYWxzZSUyNnBsdWdpbl9yZWFscGxheWVyJTNEZm [TRUNCATED]
                                          Host: fpt.live.com
                                          Connection: keep-alive
                                          sec-ch-ua-platform: "Windows"
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                          sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                          sec-ch-ua-mobile: ?0
                                          Accept: */*
                                          Sec-Fetch-Site: same-origin
                                          Sec-Fetch-Mode: cors
                                          Sec-Fetch-Dest: empty
                                          Sec-Fetch-Storage-Access: active
                                          Referer: https://fpt.live.com/?session_id=7c48670771ec4a0195498fd364b479ab&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SI
                                          Accept-Encoding: gzip, deflate, br, zstd
                                          Accept-Language: en-US,en;q=0.9
                                          2025-04-01 11:26:42 UTC723INHTTP/1.1 200 OK
                                          Transfer-Encoding: chunked
                                          Content-Type: text/html
                                          Server: Microsoft-HTTPAPI/2.0
                                          Access-Control-Allow-Origin: *
                                          Set-Cookie: fptctx2=J2lVSzXLZLjGnFoFngsBvEJ0tT0UwoZY70CyB4R0UxQSz%252fd7UDvdLDnvFOj6CgWvLXl0HNMNAvo1yZzQOiZkEsg2fCEx81B9Wd5k68vs9%252fWUxDUu5HGC9isJ%252bYJdBhV0RZ8WS%252f1d71csXM1vSEwV64FAYEMiE1fmRq0a7oUwIodYirXguk%252fX3QKXoD34WHILXMfuEGUCZcfsN1zkv6frNba1ObO2%252bsjbvBuwqSBTwz3zgEhJWarDYQScEVrHxRZKPMH9OQ3fXcxEP89vNNoL6qFOUeA7hWArtHKeg%252b4hGgc%253d; domain=.live.com; path=/; secure; httponly
                                          Set-Cookie: MUID=f978cb99bf09d437bcb72bbf4e5d1c3f; expires=Wed, 01 Apr 2026 11:26:42 GMT; domain=.live.com; path=/; secure; httponly
                                          Date: Tue, 01 Apr 2025 11:26:41 GMT
                                          Connection: close
                                          2025-04-01 11:26:42 UTC11INData Raw: 36 0d 0a 64 66 70 3a 4f 4b 0d 0a
                                          Data Ascii: 6dfp:OK
                                          2025-04-01 11:26:42 UTC5INData Raw: 30 0d 0a 0d 0a
                                          Data Ascii: 0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          13192.168.2.7497445.255.117.884436068C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2025-04-01 11:26:58 UTC3442OUTPOST /GetCredentialType.srf?opid=B9D4FAAB0E60CB96&id=294521&client_id=000000004C372D0D&client_id=229f4d61-07eb-454a-9453-d27bba7cc95b&mkt=EN-US&lc=1033&uaid=7c48670771ec4a0195498fd364b479ab HTTP/1.1
                                          Host: 3474889.cfd
                                          Connection: keep-alive
                                          Content-Length: 697
                                          correlationId: 7c48670771ec4a0195498fd364b479ab
                                          sec-ch-ua-platform: "Windows"
                                          hpgid: 37
                                          sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                          hpgact: 0
                                          sec-ch-ua-mobile: ?0
                                          client-request-id: 7c48670771ec4a0195498fd364b479ab
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                          Accept: application/json
                                          Content-Type: application/json; charset=utf-8
                                          Origin: https://3474889.cfd
                                          Sec-Fetch-Site: same-origin
                                          Sec-Fetch-Mode: cors
                                          Sec-Fetch-Dest: empty
                                          Referer: https://3474889.cfd/?pzu1ue0fb=aHR0cHM6Ly9sb2dpbi5saXZlLmNvbS9vYXV0aDIwX2F1dGhvcml6ZS5zcmY/Y2xpZW50X2lkPTIyOWY0ZDYxLTA3ZWItNDU0YS05NDUzLWQyN2JiYTdjYzk1YiZzY29wZT1TZWNyZXRzLlJlYWRXcml0ZS5DcmVhdGVkQnlBcHAuU2VjdXJlK29mZmxpbmVfYWNjZXNzJnJlZGlyZWN0X3VyaT1odHRwcyUzYSUyZiUyZmxvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20lMmZjb21tb24lMmZvYXV0aDIlMmZuYXRpdmVjbGllbnQmcmVzcG9uc2VfdHlwZT1jb2RlJnN0YXRlPSU3YiUyMmlkJTIyJTNhJTIyZmllZGJmZ2NsZWRkbGJjbWdkaWdqZ2RmY2dnamNpb24lMjIlN2QmcmVzcG9uc2VfbW9kZT1xdWVyeSZ1YWlkPTdjNDg2NzA3NzFlYzRhMDE5NTQ5OGZkMzY0YjQ3OWFiJm1zcHJveHk9MSZpc3N1ZXI9bXNvJnRlbmFudD1jb25zdW1lcnMmdWlfbG9jYWxlcz1lbi1VUyZlcGN0PVBBUUFCRGdFQUFBQlZyU3BldVdhbVJhbTJqQUYxWFJRRU5PcGlacHdhejlCaEVrajBaVzZnZG9aUHk1M1ljYno1RXRUUHZ5X0lJMWh6eEZ4MTI5UmhWSzVzSllHOHFHdEdCaGZuOUJ3WmRDYkpjMkJJWGZYWFl1VFBBcTQ2bGNFMmVxZW9kRTZUcW42MGhsa091NHpCa2J0c3hzeHNaTk4xU3pBenJNNUxxRHJzWURSczVLV2FPR25CdVVGWU54dDRVRmRGNWJGWWJpNzBFc0k2cWRHbU1rVjBaZXdKWjNaY2Ixc1pKMDg0ZDFFSy1CUy1YOGFsTXlBQSZqc2hzPTAj
                                          Accept-Encoding: gzip, deflate, br, zstd
                                          Accept-Language: en-US,en;q=0.9
                                          Cookie: qPdM=ZRd2Aq8R9E7Y; qPdM.sig=1Gz8890DSV4sFKAGLvvfSWi3PBA; fpc=AuofijWSgx5NumVd2zxYrUU; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEkjpUyoimXwOLYnVPPygXTiZZrBSMa_-VJyX3Vh9AeBiMqo0h_SnAN9Nx7lFgLFtlMJOXKqCMFsyUkN7BnG1bhHw3x4hx0bdqs_AfN-PyFrPg3X6n_0OFVIRiDkr0W02_4QbHaWFV9BqQO-zkOeY9eRNiuug9c14p9kaVw7frjUIgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; MSPRequ=id=N&lt=1743506793&co=1; uaid=7c48670771ec4a0195498fd364b479ab; MSPOK=$uuid-5e85ee6d-c02f-49fb-bd00-7b43719bd627; OParams=11O.DlMeEeSvIIp4Z48xfcF!KVpmIdE*XZ85q*Cxh*tH6vm6Ak707OaMVc7mm8AazVLvCGs!lt7k7DymYaWmBs6sASCOS4JpVLqmtrpU8Z7BhfF3AMBzNKepp8QX*Hk8SSlGbANjAtNiXdPWufIHxncu46LS5*cuJhbuezzqEn06*G4m443dTAAF4iP15w*qIgwZxg5pEFJTpH4qMG8xCyNz5bUChWLVgsyd1P2Y0oEXoo0yKPgWmeqd!NjOQufXmsAtKLhEz1cYDsBJ7EnrMazwkKTuOBIOmc*3ZaiPxq6l6RuejerTUoTfq!X!L2*uLSZVeglCIR6gFk67y*L64XE8lyjJ71VhQ9Xn7cYahyyOgf5nK8gRCjA6BtYGfXYgHwAT6nI5UvnyCX37r*8XpXQ9DQt78FHUEpC2uO9AOg39mi!rHyjmYfuJsTrNwWumuxrpbrESoCeGUhOTfvzVc!yG9WoFbAn3W0SRmvwnsO8D!ev1WFkaFgUrQnupe0nbMT3rfX35TeyP!KGhrUCEe [TRUNCATED]
                                          2025-04-01 11:26:58 UTC697OUTData Raw: 7b 22 63 68 65 63 6b 50 68 6f 6e 65 73 22 3a 66 61 6c 73 65 2c 22 63 6f 75 6e 74 72 79 22 3a 22 22 2c 22 66 65 64 65 72 61 74 69 6f 6e 46 6c 61 67 73 22 3a 31 31 2c 22 66 6c 6f 77 54 6f 6b 65 6e 22 3a 22 2d 44 72 54 76 75 4c 51 4b 43 36 54 65 47 6d 76 47 35 56 69 77 34 48 4e 74 37 68 44 74 32 4e 44 72 21 4e 42 4f 61 6d 21 4c 6f 51 63 48 61 52 7a 75 4b 4b 66 48 4d 34 70 4d 50 55 6f 31 43 64 6c 57 45 4a 55 63 79 77 67 70 4c 43 6c 57 45 67 57 45 70 49 78 6e 4f 38 32 62 5a 75 5a 5a 54 79 44 32 72 62 69 6e 58 67 4e 38 4b 61 64 42 53 7a 35 38 73 4b 6b 76 66 45 55 21 63 62 42 4f 68 36 56 66 5a 36 36 69 4c 62 44 5a 66 31 36 76 6e 74 79 48 33 7a 34 52 2a 62 67 65 62 79 39 6f 6e 2a 48 39 50 41 52 2a 42 41 69 4e 64 21 42 75 41 4d 6e 6b 35 36 66 78 62 72 6c 41 64 39
                                          Data Ascii: {"checkPhones":false,"country":"","federationFlags":11,"flowToken":"-DrTvuLQKC6TeGmvG5Viw4HNt7hDt2NDr!NBOam!LoQcHaRzuKKfHM4pMPUo1CdlWEJUcywgpLClWEgWEpIxnO82bZuZZTyD2rbinXgN8KadBSz58sKkvfEU!cbBOh6VfZ66iLbDZf16vntyH3z4R*bgeby9on*H9PAR*BAiNd!BuAMnk56fxbrlAd9
                                          2025-04-01 11:26:59 UTC768INHTTP/1.1 200 OK
                                          Cache-Control: no-store, no-cache
                                          Pragma: no-cache
                                          Content-Type: application/json
                                          Expires: Tue, 01 Apr 2025 11:25:59 GMT
                                          P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                          Referrer-Policy: strict-origin-when-cross-origin
                                          x-ms-route-info: C535_SN1
                                          x-ms-request-id: f806b02f-4ffd-4865-b51c-2183ab858cea
                                          PPServer: PPV: 30 H: SN1PEPF0002F925 V: 0
                                          Strict-Transport-Security: max-age=31536000
                                          Set-Cookie: MSPOK= ; expires=Thu, 30-Oct-1980 16:00:00 GMT; domain=3474889.cfd; Secure; path=/; SameSite=None; HttpOnly
                                          Set-Cookie: MSPOK=$uuid-5e85ee6d-c02f-49fb-bd00-7b43719bd627$uuid-0e3ab224-45e8-41f3-bf9c-abeee5c91680; domain=3474889.cfd; Secure; path=/; SameSite=None; HttpOnly
                                          Date: Tue, 01 Apr 2025 11:26:58 GMT
                                          Connection: close
                                          content-length: 121
                                          2025-04-01 11:26:59 UTC121INData Raw: 7b 22 55 73 65 72 6e 61 6d 65 22 3a 22 73 70 6f 7a 67 61 40 72 66 64 73 75 2e 69 6f 22 2c 22 44 69 73 70 6c 61 79 22 3a 22 73 70 6f 7a 67 61 40 72 66 64 73 75 2e 69 6f 22 2c 22 4c 6f 63 61 74 69 6f 6e 22 3a 22 22 2c 22 49 66 45 78 69 73 74 73 52 65 73 75 6c 74 22 3a 31 2c 22 41 6c 69 61 73 44 69 73 61 62 6c 65 64 46 6f 72 4c 6f 67 69 6e 22 3a 66 61 6c 73 65 7d
                                          Data Ascii: {"Username":"spozga@rfdsu.io","Display":"spozga@rfdsu.io","Location":"","IfExistsResult":1,"AliasDisabledForLogin":false}


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          14192.168.2.7497455.255.117.884436068C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2025-04-01 11:26:59 UTC2179OUTGET /GetCredentialType.srf?opid=B9D4FAAB0E60CB96&id=294521&client_id=000000004C372D0D&client_id=229f4d61-07eb-454a-9453-d27bba7cc95b&mkt=EN-US&lc=1033&uaid=7c48670771ec4a0195498fd364b479ab HTTP/1.1
                                          Host: 3474889.cfd
                                          Connection: keep-alive
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                          Accept: */*
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: cors
                                          Sec-Fetch-Dest: empty
                                          Sec-Fetch-Storage-Access: active
                                          Accept-Encoding: gzip, deflate, br, zstd
                                          Accept-Language: en-US,en;q=0.9
                                          Cookie: qPdM=ZRd2Aq8R9E7Y; qPdM.sig=1Gz8890DSV4sFKAGLvvfSWi3PBA; fpc=AuofijWSgx5NumVd2zxYrUU; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEkjpUyoimXwOLYnVPPygXTiZZrBSMa_-VJyX3Vh9AeBiMqo0h_SnAN9Nx7lFgLFtlMJOXKqCMFsyUkN7BnG1bhHw3x4hx0bdqs_AfN-PyFrPg3X6n_0OFVIRiDkr0W02_4QbHaWFV9BqQO-zkOeY9eRNiuug9c14p9kaVw7frjUIgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; MSPRequ=id=N&lt=1743506793&co=1; uaid=7c48670771ec4a0195498fd364b479ab; OParams=11O.DlMeEeSvIIp4Z48xfcF!KVpmIdE*XZ85q*Cxh*tH6vm6Ak707OaMVc7mm8AazVLvCGs!lt7k7DymYaWmBs6sASCOS4JpVLqmtrpU8Z7BhfF3AMBzNKepp8QX*Hk8SSlGbANjAtNiXdPWufIHxncu46LS5*cuJhbuezzqEn06*G4m443dTAAF4iP15w*qIgwZxg5pEFJTpH4qMG8xCyNz5bUChWLVgsyd1P2Y0oEXoo0yKPgWmeqd!NjOQufXmsAtKLhEz1cYDsBJ7EnrMazwkKTuOBIOmc*3ZaiPxq6l6RuejerTUoTfq!X!L2*uLSZVeglCIR6gFk67y*L64XE8lyjJ71VhQ9Xn7cYahyyOgf5nK8gRCjA6BtYGfXYgHwAT6nI5UvnyCX37r*8XpXQ9DQt78FHUEpC2uO9AOg39mi!rHyjmYfuJsTrNwWumuxrpbrESoCeGUhOTfvzVc!yG9WoFbAn3W0SRmvwnsO8D!ev1WFkaFgUrQnupe0nbMT3rfX35TeyP!KGhrUCEeb2mm9RXEP0y4v!5t6aBcsutg5ysFRcZvhzo9jy9qAkZCP6f0Pf [TRUNCATED]
                                          2025-04-01 11:27:00 UTC481INHTTP/1.1 200 OK
                                          Cache-Control: no-store, no-cache
                                          Pragma: no-cache
                                          Content-Type: application/json
                                          Expires: Tue, 01 Apr 2025 11:26:00 GMT
                                          P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                          Referrer-Policy: strict-origin-when-cross-origin
                                          x-ms-route-info: C560_SN1
                                          x-ms-request-id: 9a6292f1-9c46-4bfe-8c60-601235019418
                                          PPServer: PPV: 30 H: SN1PEPF0002FA92 V: 0
                                          Strict-Transport-Security: max-age=31536000
                                          Date: Tue, 01 Apr 2025 11:26:59 GMT
                                          Connection: close
                                          content-length: 22
                                          2025-04-01 11:27:00 UTC22INData Raw: 7b 22 45 72 72 6f 72 48 52 22 3a 22 38 30 30 34 33 34 34 39 22 7d
                                          Data Ascii: {"ErrorHR":"80043449"}


                                          020406080s020406080100

                                          Click to jump to process

                                          020406080s0.0050100MB

                                          Click to jump to process

                                          Target ID:0
                                          Start time:07:26:14
                                          Start date:01/04/2025
                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                                          Imagebase:0x7ff778810000
                                          File size:3'388'000 bytes
                                          MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:low
                                          Has exited:false

                                          Target ID:1
                                          Start time:07:26:15
                                          Start date:01/04/2025
                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2028,i,7632261494517681474,106541947582837358,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2096 /prefetch:3
                                          Imagebase:0x7ff778810000
                                          File size:3'388'000 bytes
                                          MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:low
                                          Has exited:false

                                          Target ID:4
                                          Start time:07:26:21
                                          Start date:01/04/2025
                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cdn.ampproject.org/c/s/storage.googleapis.com/64537346863/pdpeulwim8hmijrsur818_q3ijp1j8y4ml6p47_0j2my8bsc.html?lt=t_s_jan_293241770520623800_stage&target=293241770520623800_1&utm_rid=293241770520623800_2"
                                          Imagebase:0x7ff778810000
                                          File size:3'388'000 bytes
                                          MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:low
                                          Has exited:true
                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                          No disassembly