Edit tour

Windows Analysis Report
https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d99d20d2d-8923-45d8-b9ad-5038c97582e3%26user%3d1e1aadac-fe48-43cc-8022-e2f9bbd92e33%26ticket%3dlLVj1lKTxCDGt1cqkCQXytiMqw4wvbQIxUgS7dyj1lA%253d%26ver%3d2.0

Overview

General Information

Sample URL:https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d99d20d2d-8923-45d8-b9ad-5038c97582e3%26user%3d1e1aadac-fe48-43cc-8022-e2f9bbd92e33%26ticket%3
Analysis ID:1654602
Infos:

Detection

Score:48
Range:0 - 100
Confidence:100%

Signatures

Suricata IDS alerts for network traffic
Creates files inside the system directory
Deletes files inside the Windows folder
Detected hidden input values containing email addresses (often used in phishing pages)
Detected suspicious crossdomain redirect
HTML body contains low number of good links
HTML title does not match URL

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • chrome.exe (PID: 2252 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 5832 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2116,i,18411507413408680836,5379153762494912250,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2172 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 6252 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d99d20d2d-8923-45d8-b9ad-5038c97582e3%26user%3d1e1aadac-fe48-43cc-8022-e2f9bbd92e33%26ticket%3dlLVj1lKTxCDGt1cqkCQXytiMqw4wvbQIxUgS7dyj1lA%25253d%26ver%3d2.0" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-04-02T12:51:20.460204+020028321801Successful Credential Theft Detected192.168.2.84974140.126.24.81443TCP
2025-04-02T12:51:58.528489+020028321801Successful Credential Theft Detected192.168.2.84974040.126.24.81443TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-04-02T12:51:20.460204+020028460451Successful Credential Theft Detected192.168.2.84974140.126.24.81443TCP
2025-04-02T12:51:58.528489+020028460451Successful Credential Theft Detected192.168.2.84974040.126.24.81443TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-04-02T12:51:20.460204+020028320461Successful Credential Theft Detected192.168.2.84974140.126.24.81443TCP
2025-04-02T12:51:58.528489+020028320461Successful Credential Theft Detected192.168.2.84974040.126.24.81443TCP

Click to jump to signature section

Show All Signature Results
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DYVtkRE25M_ZZDf-6T1FR4Yjad5bP-n_eTJ0M3Ae5TM_ESKltd-CCbdWJ5QBzZZRqjqgES7faEbgOA470JRH40urpDLxRk9jv7pHNUvOy7FIQ-qj99l3YP4qDk-aV7ypiE1bX5Z3_qMwzUSwBLSAF7y2eec0Vs4WMITSLI5EJDJg3xXKZOzflXWCraNZ9ACKMuf8huqjYmj8kbXWG9SmWc3k3cSMCA0oWf51Q7XpKvhXHHxICZNIrNFLkGoxxD43lEV0cL__CNYO9cOaZpvPtkcTjA85n2YXNLIqnfPj5s5rdm4j08Own3syhiJTuZ7cVRfwoYn_sbSDPb_dYKmbyFppdsepWsT8b6F9eDoqOkY7GI8Ci18OdOPHclNSEL8CZgRwOy8dPCXr25SoLIalM5OtYaC2SOXVEFj8CIVINqJNUFT00HxZlfJLniduCQU-6uyFXc4Mrwl-YB874rnfxNt6jubtFeOE524JAYqT4-ZIayrn6_5rsyHshb14VgRZe0YO338whIaQkZ0UrFzaJ1tZ1S64OKSnlAF7270LQovRa5nu87XnaWHUd0UVjDsuPLbQ9lsksU6SkbdFfV323kUU5SJjKKoutvG8bMifAbBvxG-D--FZPCUP3G3TtQV8xJw7SNfvNa1LpmVBPfL7vMdRoj02lDSr_Oh-o04T-Jvz6xUPEarg7Vc5AF6OlvFELymZAeBDh4oZoK66U7JrX2CMdpIxAeeR9N4_mU_uXaNrVaxCZS_e-EHsyFOlnsuDjBYMR4r_kDjLv4nUsf0ataA&response_mode=form_post&nonce=39f3f622-0d77-4c2a-b114-a6513fddb93b&lc=1033&login_hint=richard.parkinson%40ocs.com&invitation_username=Richard.parkinson%40ocs.com&invite_redirect_url=https%3A%2F%2Fmyapplications.microsoft.com%2F%3Ftenantid%3D99d20d2d-8923-45d8-b9ad-5038c97582e3&x-client-SKU=ID_NET462&x-client-ver=8.0.1.0&sso_reload=trueHTTP Parser: richard.parkinson@ocs.com
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DYVtkRE25M_ZZDf-6T1FR4Yjad5bP-n_eTJ0M3Ae5TM_ESKltd-CCbdWJ5QBzZZRqjqgES7faEbgOA470JRH40urpDLxRk9jv7pHNUvOy7FIQ-qj99l3YP4qDk-aV7ypiE1bX5Z3_qMwzUSwBLSAF7y2eec0Vs4WMITSLI5EJDJg3xXKZOzflXWCraNZ9ACKMuf8huqjYmj8kbXWG9SmWc3k3cSMCA0oWf51Q7XpKvhXHHxICZNIrNFLkGoxxD43lEV0cL__CNYO9cOaZpvPtkcTjA85n2YXNLIqnfPj5s5rdm4j08Own3syhiJTuZ7cVRfwoYn_sbSDPb_dYKmbyFppdsepWsT8b6F9eDoqOkY7GI8Ci18OdOPHclNSEL8CZgRwOy8dPCXr25SoLIalM5OtYaC2SOXVEFj8CIVINqJNUFT00HxZlfJLniduCQU-6uyFXc4Mrwl-YB874rnfxNt6jubtFeOE524JAYqT4-ZIayrn6_5rsyHshb14VgRZe0YO338whIaQkZ0UrFzaJ1tZ1S64OKSnlAF7270LQovRa5nu87XnaWHUd0UVjDsuPLbQ9lsksU6SkbdFfV323kUU5SJjKKoutvG8bMifAbBvxG-D--FZPCUP3G3TtQV8xJw7SNfvNa1LpmVBPfL7vMdRoj02lDSr_Oh-o04T-Jvz6xUPEarg7Vc5AF6OlvFELymZAeBDh4oZoK66U7JrX2CMdpIxAeeR9N4_mU_u...HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DYVtkRE25M_ZZDf-6T1FR4Yjad5bP-n_eTJ0M3Ae5TM_ESKltd-CCbdWJ5QBzZZRqjqgES7faEbgOA470JRH40urpDLxRk9jv7pHNUvOy7FIQ-qj99l3YP4qDk-aV7ypiE1bX5Z3_qMwzUSwBLSAF7y2eec0Vs4WMITSLI5EJDJg3xXKZOzflXWCraNZ9ACKMuf8huqjYmj8kbXWG9SmWc3k3cSMCA0oWf51Q7XpKvhXHHxICZNIrNFLkGoxxD43lEV0cL__CNYO9cOaZpvPtkcTjA85n2YXNLIqnfPj5s5rdm4j08Own3syhiJTuZ7cVRfwoYn_sbSDPb_dYKmbyFppdsepWsT8b6F9eDoqOkY7GI8Ci18OdOPHclNSEL8CZgRwOy8dPCXr25SoLIalM5OtYaC2SOXVEFj8CIVINqJNUFT00HxZlfJLniduCQU-6uyFXc4Mrwl-YB874rnfxNt6jubtFeOE524JAYqT4-ZIayrn6_5rsyHshb14VgRZe0YO338whIaQkZ0UrFzaJ1tZ1S64OKSnlAF7270LQovRa5nu87XnaWHUd0UVjDsuPLbQ9lsksU6SkbdFfV323kUU5SJjKKoutvG8bMifAbBvxG-D--FZPCUP3G3TtQV8xJw7SNfvNa1LpmVBPfL7vMdRoj02lDSr_Oh-o04T-Jvz6xUPEarg7Vc5AF6OlvFELymZAeBDh4oZoK66U7JrX2CMdpIxAeeR9N4_mU_u...HTTP Parser: Title: Redirecting does not match URL
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/loginHTTP Parser: Title: Sign in to your account does not match URL
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DYVtkRE25M_ZZDf-6T1FR4Yjad5bP-n_eTJ0M3Ae5TM_ESKltd-CCbdWJ5QBzZZRqjqgES7faEbgOA470JRH40urpDLxRk9jv7pHNUvOy7FIQ-qj99l3YP4qDk-aV7ypiE1bX5Z3_qMwzUSwBLSAF7y2eec0Vs4WMITSLI5EJDJg3xXKZOzflXWCraNZ9ACKMuf8huqjYmj8kbXWG9SmWc3k3cSMCA0oWf51Q7XpKvhXHHxICZNIrNFLkGoxxD43lEV0cL__CNYO9cOaZpvPtkcTjA85n2YXNLIqnfPj5s5rdm4j08Own3syhiJTuZ7cVRfwoYn_sbSDPb_dYKmbyFppdsepWsT8b6F9eDoqOkY7GI8Ci18OdOPHclNSEL8CZgRwOy8dPCXr25SoLIalM5OtYaC2SOXVEFj8CIVINqJNUFT00HxZlfJLniduCQU-6uyFXc4Mrwl-YB874rnfxNt6jubtFeOE524JAYqT4-ZIayrn6_5rsyHshb14VgRZe0YO338whIaQkZ0UrFzaJ1tZ1S64OKSnlAF7270LQovRa5nu87XnaWHUd0UVjDsuPLbQ9lsksU6SkbdFfV323kUU5SJjKKoutvG8bMifAbBvxG-D--FZPCUP3G3TtQV8xJw7SNfvNa1LpmVBPfL7vMdRoj02lDSr_Oh-o04T-Jvz6xUPEarg7Vc5AF6OlvFELymZAeBDh4oZoK66U7JrX2CMdpIxAeeR9N4_mU_u...HTTP Parser: <input type="password" .../> found
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/loginHTTP Parser: <input type="password" .../> found
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DYVtkRE25M_ZZDf-6T1FR4Yjad5bP-n_eTJ0M3Ae5TM_ESKltd-CCbdWJ5QBzZZRqjqgES7faEbgOA470JRH40urpDLxRk9jv7pHNUvOy7FIQ-qj99l3YP4qDk-aV7ypiE1bX5Z3_qMwzUSwBLSAF7y2eec0Vs4WMITSLI5EJDJg3xXKZOzflXWCraNZ9ACKMuf8huqjYmj8kbXWG9SmWc3k3cSMCA0oWf51Q7XpKvhXHHxICZNIrNFLkGoxxD43lEV0cL__CNYO9cOaZpvPtkcTjA85n2YXNLIqnfPj5s5rdm4j08Own3syhiJTuZ7cVRfwoYn_sbSDPb_dYKmbyFppdsepWsT8b6F9eDoqOkY7GI8Ci18OdOPHclNSEL8CZgRwOy8dPCXr25SoLIalM5OtYaC2SOXVEFj8CIVINqJNUFT00HxZlfJLniduCQU-6uyFXc4Mrwl-YB874rnfxNt6jubtFeOE524JAYqT4-ZIayrn6_5rsyHshb14VgRZe0YO338whIaQkZ0UrFzaJ1tZ1S64OKSnlAF7270LQovRa5nu87XnaWHUd0UVjDsuPLbQ9lsksU6SkbdFfV323kUU5SJjKKoutvG8bMifAbBvxG-D--FZPCUP3G3TtQV8xJw7SNfvNa1LpmVBPfL7vMdRoj02lDSr_Oh-o04T-Jvz6xUPEarg7Vc5AF6OlvFELymZAeBDh4oZoK66U7JrX2CMdpIxAeeR9N4_mU_u...HTTP Parser: No favicon
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DYVtkRE25M_ZZDf-6T1FR4Yjad5bP-n_eTJ0M3Ae5TM_ESKltd-CCbdWJ5QBzZZRqjqgES7faEbgOA470JRH40urpDLxRk9jv7pHNUvOy7FIQ-qj99l3YP4qDk-aV7ypiE1bX5Z3_qMwzUSwBLSAF7y2eec0Vs4WMITSLI5EJDJg3xXKZOzflXWCraNZ9ACKMuf8huqjYmj8kbXWG9SmWc3k3cSMCA0oWf51Q7XpKvhXHHxICZNIrNFLkGoxxD43lEV0cL__CNYO9cOaZpvPtkcTjA85n2YXNLIqnfPj5s5rdm4j08Own3syhiJTuZ7cVRfwoYn_sbSDPb_dYKmbyFppdsepWsT8b6F9eDoqOkY7GI8Ci18OdOPHclNSEL8CZgRwOy8dPCXr25SoLIalM5OtYaC2SOXVEFj8CIVINqJNUFT00HxZlfJLniduCQU-6uyFXc4Mrwl-YB874rnfxNt6jubtFeOE524JAYqT4-ZIayrn6_5rsyHshb14VgRZe0YO338whIaQkZ0UrFzaJ1tZ1S64OKSnlAF7270LQovRa5nu87XnaWHUd0UVjDsuPLbQ9lsksU6SkbdFfV323kUU5SJjKKoutvG8bMifAbBvxG-D--FZPCUP3G3TtQV8xJw7SNfvNa1LpmVBPfL7vMdRoj02lDSr_Oh-o04T-Jvz6xUPEarg7Vc5AF6OlvFELymZAeBDh4oZoK66U7JrX2CMdpIxAeeR9N4_mU_uHTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DYVtkRE25M_ZZDf-6T1FR4Yjad5bP-n_eTJ0M3Ae5TM_ESKltd-CCbdWJ5QBzZZRqjqgES7faEbgOA470JRH40urpDLxRk9jv7pHNUvOy7FIQ-qj99l3YP4qDk-aV7ypiE1bX5Z3_qMwzUSwBLSAF7y2eec0Vs4WMITSLI5EJDJg3xXKZOzflXWCraNZ9ACKMuf8huqjYmj8kbXWG9SmWc3k3cSMCA0oWf51Q7XpKvhXHHxICZNIrNFLkGoxxD43lEV0cL__CNYO9cOaZpvPtkcTjA85n2YXNLIqnfPj5s5rdm4j08Own3syhiJTuZ7cVRfwoYn_sbSDPb_dYKmbyFppdsepWsT8b6F9eDoqOkY7GI8Ci18OdOPHclNSEL8CZgRwOy8dPCXr25SoLIalM5OtYaC2SOXVEFj8CIVINqJNUFT00HxZlfJLniduCQU-6uyFXc4Mrwl-YB874rnfxNt6jubtFeOE524JAYqT4-ZIayrn6_5rsyHshb14VgRZe0YO338whIaQkZ0UrFzaJ1tZ1S64OKSnlAF7270LQovRa5nu87XnaWHUd0UVjDsuPLbQ9lsksU6SkbdFfV323kUU5SJjKKoutvG8bMifAbBvxG-D--FZPCUP3G3TtQV8xJw7SNfvNa1LpmVBPfL7vMdRoj02lDSr_Oh-o04T-Jvz6xUPEarg7Vc5AF6OlvFELymZAeBDh4oZoK66U7JrX2CMdpIxAeeR9N4_mU_uHTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DYVtkRE25M_ZZDf-6T1FR4Yjad5bP-n_eTJ0M3Ae5TM_ESKltd-CCbdWJ5QBzZZRqjqgES7faEbgOA470JRH40urpDLxRk9jv7pHNUvOy7FIQ-qj99l3YP4qDk-aV7ypiE1bX5Z3_qMwzUSwBLSAF7y2eec0Vs4WMITSLI5EJDJg3xXKZOzflXWCraNZ9ACKMuf8huqjYmj8kbXWG9SmWc3k3cSMCA0oWf51Q7XpKvhXHHxICZNIrNFLkGoxxD43lEV0cL__CNYO9cOaZpvPtkcTjA85n2YXNLIqnfPj5s5rdm4j08Own3syhiJTuZ7cVRfwoYn_sbSDPb_dYKmbyFppdsepWsT8b6F9eDoqOkY7GI8Ci18OdOPHclNSEL8CZgRwOy8dPCXr25SoLIalM5OtYaC2SOXVEFj8CIVINqJNUFT00HxZlfJLniduCQU-6uyFXc4Mrwl-YB874rnfxNt6jubtFeOE524JAYqT4-ZIayrn6_5rsyHshb14VgRZe0YO338whIaQkZ0UrFzaJ1tZ1S64OKSnlAF7270LQovRa5nu87XnaWHUd0UVjDsuPLbQ9lsksU6SkbdFfV323kUU5SJjKKoutvG8bMifAbBvxG-D--FZPCUP3G3TtQV8xJw7SNfvNa1LpmVBPfL7vMdRoj02lDSr_Oh-o04T-Jvz6xUPEarg7Vc5AF6OlvFELymZAeBDh4oZoK66U7JrX2CMdpIxAeeR9N4_mU_uHTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DYVtkRE25M_ZZDf-6T1FR4Yjad5bP-n_eTJ0M3Ae5TM_ESKltd-CCbdWJ5QBzZZRqjqgES7faEbgOA470JRH40urpDLxRk9jv7pHNUvOy7FIQ-qj99l3YP4qDk-aV7ypiE1bX5Z3_qMwzUSwBLSAF7y2eec0Vs4WMITSLI5EJDJg3xXKZOzflXWCraNZ9ACKMuf8huqjYmj8kbXWG9SmWc3k3cSMCA0oWf51Q7XpKvhXHHxICZNIrNFLkGoxxD43lEV0cL__CNYO9cOaZpvPtkcTjA85n2YXNLIqnfPj5s5rdm4j08Own3syhiJTuZ7cVRfwoYn_sbSDPb_dYKmbyFppdsepWsT8b6F9eDoqOkY7GI8Ci18OdOPHclNSEL8CZgRwOy8dPCXr25SoLIalM5OtYaC2SOXVEFj8CIVINqJNUFT00HxZlfJLniduCQU-6uyFXc4Mrwl-YB874rnfxNt6jubtFeOE524JAYqT4-ZIayrn6_5rsyHshb14VgRZe0YO338whIaQkZ0UrFzaJ1tZ1S64OKSnlAF7270LQovRa5nu87XnaWHUd0UVjDsuPLbQ9lsksU6SkbdFfV323kUU5SJjKKoutvG8bMifAbBvxG-D--FZPCUP3G3TtQV8xJw7SNfvNa1LpmVBPfL7vMdRoj02lDSr_Oh-o04T-Jvz6xUPEarg7Vc5AF6OlvFELymZAeBDh4oZoK66U7JrX2CMdpIxAeeR9N4_mU_uHTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/loginHTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/loginHTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DYVtkRE25M_ZZDf-6T1FR4Yjad5bP-n_eTJ0M3Ae5TM_ESKltd-CCbdWJ5QBzZZRqjqgES7faEbgOA470JRH40urpDLxRk9jv7pHNUvOy7FIQ-qj99l3YP4qDk-aV7ypiE1bX5Z3_qMwzUSwBLSAF7y2eec0Vs4WMITSLI5EJDJg3xXKZOzflXWCraNZ9ACKMuf8huqjYmj8kbXWG9SmWc3k3cSMCA0oWf51Q7XpKvhXHHxICZNIrNFLkGoxxD43lEV0cL__CNYO9cOaZpvPtkcTjA85n2YXNLIqnfPj5s5rdm4j08Own3syhiJTuZ7cVRfwoYn_sbSDPb_dYKmbyFppdsepWsT8b6F9eDoqOkY7GI8Ci18OdOPHclNSEL8CZgRwOy8dPCXr25SoLIalM5OtYaC2SOXVEFj8CIVINqJNUFT00HxZlfJLniduCQU-6uyFXc4Mrwl-YB874rnfxNt6jubtFeOE524JAYqT4-ZIayrn6_5rsyHshb14VgRZe0YO338whIaQkZ0UrFzaJ1tZ1S64OKSnlAF7270LQovRa5nu87XnaWHUd0UVjDsuPLbQ9lsksU6SkbdFfV323kUU5SJjKKoutvG8bMifAbBvxG-D--FZPCUP3G3TtQV8xJw7SNfvNa1LpmVBPfL7vMdRoj02lDSr_Oh-o04T-Jvz6xUPEarg7Vc5AF6OlvFELymZAeBDh4oZoK66U7JrX2CMdpIxAeeR9N4_mU_u...HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DYVtkRE25M_ZZDf-6T1FR4Yjad5bP-n_eTJ0M3Ae5TM_ESKltd-CCbdWJ5QBzZZRqjqgES7faEbgOA470JRH40urpDLxRk9jv7pHNUvOy7FIQ-qj99l3YP4qDk-aV7ypiE1bX5Z3_qMwzUSwBLSAF7y2eec0Vs4WMITSLI5EJDJg3xXKZOzflXWCraNZ9ACKMuf8huqjYmj8kbXWG9SmWc3k3cSMCA0oWf51Q7XpKvhXHHxICZNIrNFLkGoxxD43lEV0cL__CNYO9cOaZpvPtkcTjA85n2YXNLIqnfPj5s5rdm4j08Own3syhiJTuZ7cVRfwoYn_sbSDPb_dYKmbyFppdsepWsT8b6F9eDoqOkY7GI8Ci18OdOPHclNSEL8CZgRwOy8dPCXr25SoLIalM5OtYaC2SOXVEFj8CIVINqJNUFT00HxZlfJLniduCQU-6uyFXc4Mrwl-YB874rnfxNt6jubtFeOE524JAYqT4-ZIayrn6_5rsyHshb14VgRZe0YO338whIaQkZ0UrFzaJ1tZ1S64OKSnlAF7270LQovRa5nu87XnaWHUd0UVjDsuPLbQ9lsksU6SkbdFfV323kUU5SJjKKoutvG8bMifAbBvxG-D--FZPCUP3G3TtQV8xJw7SNfvNa1LpmVBPfL7vMdRoj02lDSr_Oh-o04T-Jvz6xUPEarg7Vc5AF6OlvFELymZAeBDh4oZoK66U7JrX2CMdpIxAeeR9N4_mU_u...HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DYVtkRE25M_ZZDf-6T1FR4Yjad5bP-n_eTJ0M3Ae5TM_ESKltd-CCbdWJ5QBzZZRqjqgES7faEbgOA470JRH40urpDLxRk9jv7pHNUvOy7FIQ-qj99l3YP4qDk-aV7ypiE1bX5Z3_qMwzUSwBLSAF7y2eec0Vs4WMITSLI5EJDJg3xXKZOzflXWCraNZ9ACKMuf8huqjYmj8kbXWG9SmWc3k3cSMCA0oWf51Q7XpKvhXHHxICZNIrNFLkGoxxD43lEV0cL__CNYO9cOaZpvPtkcTjA85n2YXNLIqnfPj5s5rdm4j08Own3syhiJTuZ7cVRfwoYn_sbSDPb_dYKmbyFppdsepWsT8b6F9eDoqOkY7GI8Ci18OdOPHclNSEL8CZgRwOy8dPCXr25SoLIalM5OtYaC2SOXVEFj8CIVINqJNUFT00HxZlfJLniduCQU-6uyFXc4Mrwl-YB874rnfxNt6jubtFeOE524JAYqT4-ZIayrn6_5rsyHshb14VgRZe0YO338whIaQkZ0UrFzaJ1tZ1S64OKSnlAF7270LQovRa5nu87XnaWHUd0UVjDsuPLbQ9lsksU6SkbdFfV323kUU5SJjKKoutvG8bMifAbBvxG-D--FZPCUP3G3TtQV8xJw7SNfvNa1LpmVBPfL7vMdRoj02lDSr_Oh-o04T-Jvz6xUPEarg7Vc5AF6OlvFELymZAeBDh4oZoK66U7JrX2CMdpIxAeeR9N4_mU_u...HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DYVtkRE25M_ZZDf-6T1FR4Yjad5bP-n_eTJ0M3Ae5TM_ESKltd-CCbdWJ5QBzZZRqjqgES7faEbgOA470JRH40urpDLxRk9jv7pHNUvOy7FIQ-qj99l3YP4qDk-aV7ypiE1bX5Z3_qMwzUSwBLSAF7y2eec0Vs4WMITSLI5EJDJg3xXKZOzflXWCraNZ9ACKMuf8huqjYmj8kbXWG9SmWc3k3cSMCA0oWf51Q7XpKvhXHHxICZNIrNFLkGoxxD43lEV0cL__CNYO9cOaZpvPtkcTjA85n2YXNLIqnfPj5s5rdm4j08Own3syhiJTuZ7cVRfwoYn_sbSDPb_dYKmbyFppdsepWsT8b6F9eDoqOkY7GI8Ci18OdOPHclNSEL8CZgRwOy8dPCXr25SoLIalM5OtYaC2SOXVEFj8CIVINqJNUFT00HxZlfJLniduCQU-6uyFXc4Mrwl-YB874rnfxNt6jubtFeOE524JAYqT4-ZIayrn6_5rsyHshb14VgRZe0YO338whIaQkZ0UrFzaJ1tZ1S64OKSnlAF7270LQovRa5nu87XnaWHUd0UVjDsuPLbQ9lsksU6SkbdFfV323kUU5SJjKKoutvG8bMifAbBvxG-D--FZPCUP3G3TtQV8xJw7SNfvNa1LpmVBPfL7vMdRoj02lDSr_Oh-o04T-Jvz6xUPEarg7Vc5AF6OlvFELymZAeBDh4oZoK66U7JrX2CMdpIxAeeR9N4_mU_u...HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/loginHTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/loginHTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 142.250.64.100:443 -> 192.168.2.8:49690 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.24.81:443 -> 192.168.2.8:49692 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.24.81:443 -> 192.168.2.8:49691 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.55.235.240:443 -> 192.168.2.8:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.8:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.8:49723 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.24.146:443 -> 192.168.2.8:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.8:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.8:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.8:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.8:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.24.146:443 -> 192.168.2.8:49732 version: TLS 1.2

Networking

barindex
Source: Network trafficSuricata IDS: 2832046 - Severity 1 - ETPRO PHISHING Successful Office 365 Phish 2018-08-01 : 192.168.2.8:49741 -> 40.126.24.81:443
Source: Network trafficSuricata IDS: 2832046 - Severity 1 - ETPRO PHISHING Successful Office 365 Phish 2018-08-01 : 192.168.2.8:49740 -> 40.126.24.81:443
Source: Network trafficSuricata IDS: 2832180 - Severity 1 - ETPRO PHISHING Successful Microsoft Account Phish 2018-08-15 : 192.168.2.8:49741 -> 40.126.24.81:443
Source: Network trafficSuricata IDS: 2832180 - Severity 1 - ETPRO PHISHING Successful Microsoft Account Phish 2018-08-15 : 192.168.2.8:49740 -> 40.126.24.81:443
Source: Network trafficSuricata IDS: 2846045 - Severity 1 - ETPRO PHISHING Successful Microsoft Account Phish 2020-12-15 : 192.168.2.8:49741 -> 40.126.24.81:443
Source: Network trafficSuricata IDS: 2846045 - Severity 1 - ETPRO PHISHING Successful Microsoft Account Phish 2020-12-15 : 192.168.2.8:49740 -> 40.126.24.81:443
Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: login.microsoftonline.com to https://invitations.microsoft.com/redeem/?tenant=99d20d2d-8923-45d8-b9ad-5038c97582e3&user=1e1aadac-fe48-43cc-8022-e2f9bbd92e33&ticket=llvj1lktxcdgt1cqkcqxytimqw4wvbqixugs7dyj1la%253d&ver=2.0#
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.215
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.215
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.63
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.201.147
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.215
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.215
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.201.147
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.63
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.35.163
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.35.163
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.35.163
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.35.163
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.35.163
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.90
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.90
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.90
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.90
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.90
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.90
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.90
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.35.163
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.35.163
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d99d20d2d-8923-45d8-b9ad-5038c97582e3%26user%3d1e1aadac-fe48-43cc-8022-e2f9bbd92e33%26ticket%3dlLVj1lKTxCDGt1cqkCQXytiMqw4wvbQIxUgS7dyj1lA%25253d%26ver%3d2.0 HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DYVtkRE25M_ZZDf-6T1FR4Yjad5bP-n_eTJ0M3Ae5TM_ESKltd-CCbdWJ5QBzZZRqjqgES7faEbgOA470JRH40urpDLxRk9jv7pHNUvOy7FIQ-qj99l3YP4qDk-aV7ypiE1bX5Z3_qMwzUSwBLSAF7y2eec0Vs4WMITSLI5EJDJg3xXKZOzflXWCraNZ9ACKMuf8huqjYmj8kbXWG9SmWc3k3cSMCA0oWf51Q7XpKvhXHHxICZNIrNFLkGoxxD43lEV0cL__CNYO9cOaZpvPtkcTjA85n2YXNLIqnfPj5s5rdm4j08Own3syhiJTuZ7cVRfwoYn_sbSDPb_dYKmbyFppdsepWsT8b6F9eDoqOkY7GI8Ci18OdOPHclNSEL8CZgRwOy8dPCXr25SoLIalM5OtYaC2SOXVEFj8CIVINqJNUFT00HxZlfJLniduCQU-6uyFXc4Mrwl-YB874rnfxNt6jubtFeOE524JAYqT4-ZIayrn6_5rsyHshb14VgRZe0YO338whIaQkZ0UrFzaJ1tZ1S64OKSnlAF7270LQovRa5nu87XnaWHUd0UVjDsuPLbQ9lsksU6SkbdFfV323kUU5SJjKKoutvG8bMifAbBvxG-D--FZPCUP3G3TtQV8xJw7SNfvNa1LpmVBPfL7vMdRoj02lDSr_Oh-o04T-Jvz6xUPEarg7Vc5AF6OlvFELymZAeBDh4oZoK66U7JrX2CMdpIxAeeR9N4_mU_uXaNrVaxCZS_e-EHsyFOlnsuDjBYMR4r_kDjLv4nUsf0ataA&response_mode=form_post&nonce=39f3f622-0d77-4c2a-b114-a6513fddb93b&lc=1033&login_hint=richard.parkinson%40ocs.com&invitation_username=Richard.parkinson%40ocs.com&invite_redirect_url=https%3A%2F%2Fmyapplications.microsoft.com%2F%3Ftenantid%3D99d20d2d-8923-45d8-b9ad-5038c97582e3&x-client-SKU=ID_NET462&x-client-ver=8.0.1.0 HTTP/1.1Host: login.microsoftonline.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: rrc=1; fpc=AvDAnQt0nJlPrSSx6rgg6P4; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEyl3cSxfa3KeN_Xs7Z3ySSCx73SGCzZhiT1fsrolEXhUmJ0VaJUKzKIEIpV_qX1xBlW-VDxU5kO0ucO9Yc36ElfeRzNr375QwMRZcnppkQNsgZHREc1To8wDOSy2CiIQqOu7KUm7LKFbqy9KgxrUPEAUPEAWstV0iXDcVbf_YmzMgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global trafficHTTP traffic detected: GET /99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DYVtkRE25M_ZZDf-6T1FR4Yjad5bP-n_eTJ0M3Ae5TM_ESKltd-CCbdWJ5QBzZZRqjqgES7faEbgOA470JRH40urpDLxRk9jv7pHNUvOy7FIQ-qj99l3YP4qDk-aV7ypiE1bX5Z3_qMwzUSwBLSAF7y2eec0Vs4WMITSLI5EJDJg3xXKZOzflXWCraNZ9ACKMuf8huqjYmj8kbXWG9SmWc3k3cSMCA0oWf51Q7XpKvhXHHxICZNIrNFLkGoxxD43lEV0cL__CNYO9cOaZpvPtkcTjA85n2YXNLIqnfPj5s5rdm4j08Own3syhiJTuZ7cVRfwoYn_sbSDPb_dYKmbyFppdsepWsT8b6F9eDoqOkY7GI8Ci18OdOPHclNSEL8CZgRwOy8dPCXr25SoLIalM5OtYaC2SOXVEFj8CIVINqJNUFT00HxZlfJLniduCQU-6uyFXc4Mrwl-YB874rnfxNt6jubtFeOE524JAYqT4-ZIayrn6_5rsyHshb14VgRZe0YO338whIaQkZ0UrFzaJ1tZ1S64OKSnlAF7270LQovRa5nu87XnaWHUd0UVjDsuPLbQ9lsksU6SkbdFfV323kUU5SJjKKoutvG8bMifAbBvxG-D--FZPCUP3G3TtQV8xJw7SNfvNa1LpmVBPfL7vMdRoj02lDSr_Oh-o04T-Jvz6xUPEarg7Vc5AF6OlvFELymZAeBDh4oZoK66U7JrX2CMdpIxAeeR9N4_mU_uXaNrVaxCZS_e-EHsyFOlnsuDjBYMR4r_kDjLv4nUsf0ataA&response_mode=form_post&nonce=39f3f622-0d77-4c2a-b114-a6513fddb93b&lc=1033&login_hint=richard.parkinson%40ocs.com&invitation_username=Richard.parkinson%40ocs.com&invite_redirect_url=https%3A%2F%2Fmyapplications.microsoft.com%2F%3Ftenantid%3D99d20d2d-8923-45d8-b9ad-5038c97582e3&x-client-SKU=ID_NET462&x-client-ver=8.0.1.0&sso_reload=true HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DYVtkRE25M_ZZDf-6T1FR4Yjad5bP-n_eTJ0M3Ae5TM_ESKltd-CCbdWJ5QBzZZRqjqgES7faEbgOA470JRH40urpDLxRk9jv7pHNUvOy7FIQ-qj99l3YP4qDk-aV7ypiE1bX5Z3_qMwzUSwBLSAF7y2eec0Vs4WMITSLI5EJDJg3xXKZOzflXWCraNZ9ACKMuf8huqjYmj8kbXWG9SmWc3k3cSMCA0oWf51Q7XpKvhXHHxICZNIrNFLkGoxxD43lEV0cL__CNYO9cOaZpvPtkcTjA85n2YXNLIqnfPj5s5rdm4j08Own3syhiJTuZ7cVRfwoYn_sbSDPb_dYKmbyFppdsepWsT8b6F9eDoqOkY7GI8Ci18OdOPHclNSEL8CZgRwOy8dPCXr25SoLIalM5OtYaC2SOXVEFj8CIVINqJNUFT00HxZlfJLniduCQU-6uyFXc4Mrwl-YB874rnfxNt6jubtFeOE524JAYqT4-ZIayrn6_5rsyHshb14VgRZe0YO338whIaQkZ0UrFzaJ1tZ1S64OKSnlAF7270LQovRa5nu87XnaWHUd0UVjDsuPLbQ9lsksU6SkbdFfV323kUU5SJjKKoutvG8bMifAbBvxG-D--FZPCUP3G3TtQV8xJw7SNfvNa1LpmVBPfL7vMdRoj02lDSr_Oh-o04T-Jvz6xUPEarg7Vc5AF6OlvFELymZAeBDh4oZoK66U7JrX2CMdpIxAeeR9N4_mU_uXaNrVax
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DYVtkRE25M_ZZDf-6T1FR4Yjad5bP-n_eTJ0M3Ae5TM_ESKltd-CCbdWJ5QBzZZRqjqgES7faEbgOA470JRH40urpDLxRk9jv7pHNUvOy7FIQ-qj99l3YP4qDk-aV7ypiE1bX5Z3_qMwzUSwBLSAF7y2eec0Vs4WMITSLI5EJDJg3xXKZOzflXWCraNZ9ACKMuf8huqjYmj8kbXWG9SmWc3k3cSMCA0oWf51Q7XpKvhXHHxICZNIrNFLkGoxxD43lEV0cL__CNYO9cOaZpvPtkcTjA85n2YXNLIqnfPj5s5rdm4j08Own3syhiJTuZ7cVRfwoYn_sbSDPb_dYKmbyFppdsepWsT8b6F9eDoqOkY7GI8Ci18OdOPHclNSEL8CZgRwOy8dPCXr25SoLIalM5OtYaC2SOXVEFj8CIVINqJNUFT00HxZlfJLniduCQU-6uyFXc4Mrwl-YB874rnfxNt6jubtFeOE524JAYqT4-ZIayrn6_5rsyHshb14VgRZe0YO338whIaQkZ0UrFzaJ1tZ1S64OKSnlAF7270LQovRa5nu87XnaWHUd0UVjDsuPLbQ9lsksU6SkbdFfV323kUU5SJjKKoutvG8bMifAbBvxG-D--FZPCUP3G3TtQV8xJw7SNfvNa1LpmVBPfL7vMdRoj02lDSr_Oh-o04T-Jvz6xUPEarg7Vc5AF6OlvFELymZAeBDh4oZoK66U7JrX2CMdpIxAeeR9N4_mU_uXaNrVaxCZS_e-EHsyFOlnsuDjBYMR4r_kDjLv4nUsf0ataA&response_mode=form_post&nonce=39f3f622-0d77-4c2a-b114-a6513fddb93b&lc=1033&login_hint=richard.parkinson%40ocs.com&invitation_username=Richard.parkinson%40ocs.com&invite_redirect_url=https%3A%2F%2Fmyapplications.microsoft.com%2F%3Ftenantid%3D99d20d2d-8923-45d8-b9ad-5038c97582e3&x-client-SKU=ID_NET462&x-client-ver=8.0.1.0Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: rrc=1; fpc=AvDAnQt0nJlPrSSx6rgg6P4; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEyl3cSxfa3KeN_Xs7Z3ySSCx73SGCzZhiT1fsrolEXhUmJ0VaJUKzKIEIpV_qX1xBlW-VDxU5kO0ucO9Yc36ElfeRzNr375QwMRZcnppkQNsgZHREc1To8wDOSy2CiIQqOu7KUm7LKFbqy9KgxrUPEAUPEAWstV0iXDcVbf_YmzMgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-L7lu82brbzg=AQABCQEAAABVrSpeuWamRam2jAF1XRQER2jqJRhygbI5Oml3fpaSIxJKuAXHcLTwnGxfA1pQTXkhODjKTuq2i6I9fOBAXu-JTdyBr8r5zghTvxww91ERqPLxMHRXxPtrQAaa_-0IN1vws-SdaWt06UCA7jjQui6d_RpVk5yeK5GGtMmjTfWTASAA; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1
Source: global trafficHTTP traffic detected: GET /c1c6b6c8-kfpbhsrpqaiv6ikolpfs7a7vyr0gta6la597txj31zu/logintenantbranding/0/illustration?ts=636403066292715638 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /c1c6b6c8-kfpbhsrpqaiv6ikolpfs7a7vyr0gta6la597txj31zu/logintenantbranding/0/bannerlogo?ts=636403066229197274 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ocs.com/winauth/ssoprobe?client-request-id=21dbc2b4-3cbc-41ed-9f3c-0dbc75fc0c8f&_=1743591063850 HTTP/1.1Host: autologon.microsoftazuread-sso.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /c1c6b6c8-kfpbhsrpqaiv6ikolpfs7a7vyr0gta6la597txj31zu/logintenantbranding/0/bannerlogo?ts=636403066229197274 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /c1c6b6c8-kfpbhsrpqaiv6ikolpfs7a7vyr0gta6la597txj31zu/logintenantbranding/0/illustration?ts=636403066292715638 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /c1c6b6c8-p0ecqkormrlmmajgzx9e3jyt1y-ehy5oslrpngftngy/logintenantbranding/0/bannerlogo?ts=638260620761652122 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /c1c6b6c8-p0ecqkormrlmmajgzx9e3jyt1y-ehy5oslrpngftngy/logintenantbranding/0/bannerlogo?ts=638260620761652122 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /common/instrumentation/dssostatus HTTP/1.1Host: login.microsoftonline.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: rrc=1; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-L7lu82brbzg=AQABCQEAAABVrSpeuWamRam2jAF1XRQER2jqJRhygbI5Oml3fpaSIxJKuAXHcLTwnGxfA1pQTXkhODjKTuq2i6I9fOBAXu-JTdyBr8r5zghTvxww91ERqPLxMHRXxPtrQAaa_-0IN1vws-SdaWt06UCA7jjQui6d_RpVk5yeK5GGtMmjTfWTASAA; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=1.AUcALQ3SmSOJ2EW5rVA4yXWC40xQYEazRXRGpwlxlRprB2MNAQBHAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEM1kRqPCWGklqdgKVcFpG6xOqvGSQ8VnndyyZDp3Ijx6uKc9gDJ9FZkTOfcf7WlLe3p99zNDX13sd2UmVgupCuqIbSfLSU4INPkVg-ANwGeogAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEZRSTBWPhrKD6uw87ZeI86m76ZMdE8fdTWu2QDl4s9yDU1M5lH3LmgkKSdv96zDwzexqiy53kXe-X_0VD-v5sebrP_8ERsopdI44kiamRRVgDk8naUCvx0GJzGUiz9Mj7B5AF0UXTqQbXtALEo7WR636sUC7IhWsogHl8Ic3TuUAgAA; esctx-LHGHrFTK27M=AQABCQEAAABVrSpeuWamRam2jAF1XRQEmy29c6S1dqJJ9R-MeWfQ21ZG6zzWiCgQedp0UfQOI-1mlzlaqzrNzJ-WD8Q4PqDIxHkHxY7XhODkWJLKiJEY_TKGvjIJrdntiQiwjxrY4jHYVHoDikH7zA7ouwXCDkdpZN7zQOTqqyG4QRElivIbRCAA; fpc=AvDAnQt0nJlPrSSx6rgg6P6S0IzrAQAAAJENf98OAAAA; MicrosoftApplicationsTelemetryDeviceId=787c672d-e892-42a7-b382-264c5337ed25; brcap=0; ai_session=GvHwnIkYwdWfKYlFoy6qyo|1743591065117|1743591065117
Source: global trafficHTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficHTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: login.microsoftonline.com
Source: global trafficDNS traffic detected: DNS query: identity.nel.measure.office.net
Source: global trafficDNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global trafficDNS traffic detected: DNS query: aadcdn.msauthimages.net
Source: global trafficDNS traffic detected: DNS query: autologon.microsoftazuread-sso.com
Source: global trafficDNS traffic detected: DNS query: passwordreset.microsoftonline.com
Source: unknownHTTP traffic detected: POST /api/report?catId=GW+estsfd+bno HTTP/1.1Host: identity.nel.measure.office.netConnection: keep-aliveContent-Length: 1799Content-Type: application/reports+jsonOrigin: https://login.microsoftonline.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateSet-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponlyStrict-Transport-Security: max-age=31536000; includeSubDomainsX-Content-Type-Options: nosniffP3P: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: bbf35ce3-d86a-40a3-b684-87b311c22200x-ms-ests-server: 2.1.20329.5 - EUS ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+bno"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.PReferrer-Policy: strict-origin-when-cross-originContent-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-MLk5HiBZ1q0VG8Lc4zEyDw' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-AllX-XSS-Protection: 0Date: Wed, 02 Apr 2025 10:50:56 GMTConnection: closeContent-Length: 0
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49691 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49692
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49691
Source: unknownNetwork traffic detected: HTTP traffic on port 49692 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49690
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49690 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownHTTPS traffic detected: 142.250.64.100:443 -> 192.168.2.8:49690 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.24.81:443 -> 192.168.2.8:49692 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.24.81:443 -> 192.168.2.8:49691 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.55.235.240:443 -> 192.168.2.8:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.8:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.8:49723 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.24.146:443 -> 192.168.2.8:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.8:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.8:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.8:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.8:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.24.146:443 -> 192.168.2.8:49732 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir2252_1989991183Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir2252_1989991183Jump to behavior
Source: classification engineClassification label: mal48.win@21/37@22/9
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2116,i,18411507413408680836,5379153762494912250,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2172 /prefetch:3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d99d20d2d-8923-45d8-b9ad-5038c97582e3%26user%3d1e1aadac-fe48-43cc-8022-e2f9bbd92e33%26ticket%3dlLVj1lKTxCDGt1cqkCQXytiMqw4wvbQIxUgS7dyj1lA%25253d%26ver%3d2.0"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2116,i,18411507413408680836,5379153762494912250,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2172 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection
1
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion
Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer
Traffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1654602 URL: https://login.microsoftonli... Startdate: 02/04/2025 Architecture: WINDOWS Score: 48 24 Suricata IDS alerts for network traffic 2->24 6 chrome.exe 2 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 14 192.168.2.8, 443, 49297, 49386 unknown unknown 6->14 16 192.168.2.9 unknown unknown 6->16 11 chrome.exe 6->11         started        process5 dnsIp6 18 s-part-0044.t-0009.t-msedge.net 13.107.246.72, 443, 49757, 49760 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 11->18 20 autologon.microsoftazuread-sso.com 40.126.24.146, 443, 49725, 49732 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 11->20 22 25 other IPs or domains 11->22

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d99d20d2d-8923-45d8-b9ad-5038c97582e3%26user%3d1e1aadac-fe48-43cc-8022-e2f9bbd92e33%26ticket%3dlLVj1lKTxCDGt1cqkCQXytiMqw4wvbQIxUgS7dyj1lA%25253d%26ver%3d2.00%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
s-part-0012.t-0009.t-msedge.net
13.107.246.40
truefalse
    high
    e329293.dscd.akamaiedge.net
    23.209.72.9
    truefalse
      high
      www.tm.f.prd.aadg.trafficmanager.net
      20.190.152.80
      truefalse
        high
        s-part-0044.t-0009.t-msedge.net
        13.107.246.72
        truefalse
          high
          www.google.com
          142.250.64.100
          truefalse
            high
            a1894.dscb.akamai.net
            23.55.235.240
            truefalse
              high
              www.tm.a.prd.aadg.trafficmanager.net
              40.126.24.81
              truefalse
                high
                autologon.microsoftazuread-sso.com
                40.126.24.146
                truefalse
                  high
                  aadcdn.msauthimages.net
                  unknown
                  unknownfalse
                    high
                    passwordreset.microsoftonline.com
                    unknown
                    unknownfalse
                      high
                      identity.nel.measure.office.net
                      unknown
                      unknownfalse
                        high
                        aadcdn.msftauth.net
                        unknown
                        unknownfalse
                          high
                          login.microsoftonline.com
                          unknown
                          unknownfalse
                            high
                            NameMaliciousAntivirus DetectionReputation
                            https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+bnofalse
                              high
                              https://login.microsoftonline.com/common/instrumentation/dssostatusfalse
                                high
                                http://c.pki.goog/r/gsr1.crlfalse
                                  high
                                  http://c.pki.goog/r/r4.crlfalse
                                    high
                                    https://aadcdn.msauthimages.net/c1c6b6c8-p0ecqkormrlmmajgzx9e3jyt1y-ehy5oslrpngftngy/logintenantbranding/0/bannerlogo?ts=638260620761652122false
                                      high
                                      https://autologon.microsoftazuread-sso.com/ocs.com/winauth/ssoprobe?client-request-id=21dbc2b4-3cbc-41ed-9f3c-0dbc75fc0c8f&_=1743591063850false
                                        high
                                        https://aadcdn.msauthimages.net/c1c6b6c8-kfpbhsrpqaiv6ikolpfs7a7vyr0gta6la597txj31zu/logintenantbranding/0/bannerlogo?ts=636403066229197274false
                                          high
                                          https://login.microsoftonline.com/favicon.icofalse
                                            high
                                            https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/loginfalse
                                              high
                                              https://aadcdn.msauthimages.net/c1c6b6c8-kfpbhsrpqaiv6ikolpfs7a7vyr0gta6la597txj31zu/logintenantbranding/0/illustration?ts=636403066292715638false
                                                high
                                                • No. of IPs < 25%
                                                • 25% < No. of IPs < 50%
                                                • 50% < No. of IPs < 75%
                                                • 75% < No. of IPs
                                                IPDomainCountryFlagASNASN NameMalicious
                                                40.126.24.146
                                                autologon.microsoftazuread-sso.comUnited States
                                                8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                23.209.72.9
                                                e329293.dscd.akamaiedge.netUnited States
                                                20940AKAMAI-ASN1EUfalse
                                                40.126.24.149
                                                unknownUnited States
                                                8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                142.250.64.100
                                                www.google.comUnited States
                                                15169GOOGLEUSfalse
                                                13.107.246.72
                                                s-part-0044.t-0009.t-msedge.netUnited States
                                                8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                23.55.235.240
                                                a1894.dscb.akamai.netUnited States
                                                20940AKAMAI-ASN1EUfalse
                                                40.126.24.81
                                                www.tm.a.prd.aadg.trafficmanager.netUnited States
                                                8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                IP
                                                192.168.2.8
                                                192.168.2.9
                                                Joe Sandbox version:42.0.0 Malachite
                                                Analysis ID:1654602
                                                Start date and time:2025-04-02 12:49:48 +02:00
                                                Joe Sandbox product:CloudBasic
                                                Overall analysis duration:0h 3m 22s
                                                Hypervisor based Inspection enabled:false
                                                Report type:full
                                                Cookbook file name:browseurl.jbs
                                                Sample URL:https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d99d20d2d-8923-45d8-b9ad-5038c97582e3%26user%3d1e1aadac-fe48-43cc-8022-e2f9bbd92e33%26ticket%3dlLVj1lKTxCDGt1cqkCQXytiMqw4wvbQIxUgS7dyj1lA%253d%26ver%3d2.0
                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                Number of analysed new started processes analysed:14
                                                Number of new started drivers analysed:0
                                                Number of existing processes analysed:0
                                                Number of existing drivers analysed:0
                                                Number of injected processes analysed:0
                                                Technologies:
                                                • HCA enabled
                                                • EGA enabled
                                                • AMSI enabled
                                                Analysis Mode:default
                                                Analysis stop reason:Timeout
                                                Detection:MAL
                                                Classification:mal48.win@21/37@22/9
                                                EGA Information:Failed
                                                HCA Information:
                                                • Successful, ratio: 100%
                                                • Number of executed functions: 0
                                                • Number of non-executed functions: 0
                                                • Exclude process from analysis (whitelisted): sppsvc.exe, SIHClient.exe, SgrmBroker.exe, svchost.exe, TextInputHost.exe
                                                • Excluded IPs from analysis (whitelisted): 142.250.65.195, 172.253.63.84, 142.250.80.110, 142.250.80.14, 142.251.40.238, 142.251.32.110, 199.232.210.172, 142.250.80.78, 142.251.32.106, 142.251.40.106, 142.250.80.10, 142.251.40.234, 142.250.80.42, 142.251.40.138, 142.251.40.202, 142.251.35.170, 142.250.72.106, 142.250.80.106, 142.251.40.170, 172.217.165.138, 142.250.80.74, 142.251.41.10, 142.250.176.202, 142.250.64.74, 13.69.239.77, 40.79.141.154, 142.250.65.174, 142.250.81.234, 142.250.64.106, 142.250.72.99, 142.250.81.238, 172.217.165.142, 142.251.41.3, 142.251.40.206, 23.219.161.71, 40.126.24.82, 20.190.152.80, 13.107.246.40, 4.245.163.56, 40.126.24.147, 184.31.69.3
                                                • Not all processes where analyzed, report is missing behavior information
                                                • Report size getting too big, too many NtOpenFile calls found.
                                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                • VT rate limit hit for: https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d99d20d2d-8923-45d8-b9ad-5038c97582e3%26user%3d1e1aadac-fe48-43cc-8022-e2f9bbd92e33%26ticket%3dlLVj1lKTxCDGt1cqkCQXytiMqw4wvbQIxUgS7dyj1lA%25253d%26ver%3d2.0
                                                No simulations
                                                No context
                                                No context
                                                No context
                                                No context
                                                No context
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 190152
                                                Category:downloaded
                                                Size (bytes):61052
                                                Entropy (8bit):7.996159932827634
                                                Encrypted:true
                                                SSDEEP:1536:HQaq1Q7XOos5ZBIp+1Zr52IGmCJijm1qAxTe9wzf:fq1HoUBIpU5TG7JSmwuTe+b
                                                MD5:C1E82BF71ADD622AD0F3BF8572F634FC
                                                SHA1:6CA863D4CAB96669202548D301693B3F5F80B0D5
                                                SHA-256:BA48AF15D297DB450DC4870242482145ADDB2D18375A4871C490429E2DC5464A
                                                SHA-512:820A7F8A0C8EA33A8FE1E90CDC35F45DC1E143E836B0D8EA047E1E312F8CAEC72CDEE4E7DB54760A4D749CD0ACFE103A27E39A9A56EB2D704E448A67B0D0C079
                                                Malicious:false
                                                Reputation:low
                                                URL:https://aadcdn.msauth.net/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js
                                                Preview:...........iw.F.0.....'W...4)/qH#..D.L.EK...................().}.{..@.z........Qz.,..Ox.....i4..S.&.p......9..W....);a.].a....Y......Y<,.n..."`Is....5....P..|.-..x1.F...@...yRlG.O..5.Q.|.gy.c.^....r.EC.....xd.oL..$./..|3.......r^.j.}...M... )x.D.....%.....B..t....vZ....2L......px.G.1.*.lZYh...$.....,.../.a..;Q...._..#.....e.T.:trA_.0.:.f...........(I.x?.S...<7...o..0.`r.x.+.2..o+...4/..vzY7.C'.....!.r..4n....]P.+a..........._.8,..G>...{.4B....o.9.....r......X3..U.....'.0.@...lrX....r.W\e...].}....(.l......=........3....S..........^=D..[.zw6..e...<WQ.w.(.X..S....>.^.....^B..O-.(..U.R;h..v.......4.Dc .?..z....r.._.Y......M.a.?,...?..U.....OF.w\h$.Q..5....Q.Oj ....5U..8..Y......gYZM....y..OrY.z]B..y..;o.....oT.r...H..{K...Y&Q.......*..W....N4.......].0m..m........E.bc..~..e.. .nzS.i3^......).,Y}.=1H...... V...g.)....X..G...C....@o,.i.~...as...ehEH....u9l.2...y\J.?.(.I.q%..F#..D../>pr$...,...m.6..:,<s..~S.fl;k.'<..}z.Y.
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:PNG image data, 280 x 60, 8-bit/color RGBA, non-interlaced
                                                Category:dropped
                                                Size (bytes):2889
                                                Entropy (8bit):7.904874943552236
                                                Encrypted:false
                                                SSDEEP:48:fpnlGwJJN9lgXhFZC0eenZSLiQtfg3+b075d3Yyq+zxLlcg1SMY8svVE1J:fNl3JN96XngenZSLJkW0N9nJqg0n8sti
                                                MD5:423B37101C70C1863F8D997D646CC5EF
                                                SHA1:C6F3235346DB0F75EA08EB413BA26755B3A6FB93
                                                SHA-256:490105CDBED41DD1BC413FE802DB8E2018C3AAA1C39208F34ABC4AF37F4C2226
                                                SHA-512:7AFF47E0A89844675523EA55288FBE01AE268109D83E11BD32C7DC42CA0165787FE146D5938C2599B10E04435B8C3E53F1E1683E2B603B1E2A9E52D7CE4588F6
                                                Malicious:false
                                                Reputation:low
                                                Preview:.PNG........IHDR.......<............pHYs...........~.....IDATx..=oc.........(.F..X....mHW)R,...L5B..~A.?.B\.i..I..T.!.....$..+6D...T.q.DD....b0.w.#.........../.....s.)-..F.....hT..H.... R.{i....U...c.._.V.9f..1.N.m2h...s.v.7a..s.7.a.....47.=?.....c|...8..`.q.H<...|......f....[..a..-...>p|.1..[>..'l.5<?.Kc.j.)..b..R2...$&0....{3..D.'ng2hw.|Rx*..F.I....->q.G.D&....^~+'l....".H....a..Q...>i..A...I$aIc.......4.8z~....m/..BC....g..7j7..E._>5\.ig..5...bds.hjes.c<.....#n?N......7j.3L.cof...=..L.\1..ML....~m%}.B...Hd.8X....<f..k....nL.|....M....,.:..'..=....^..2m:N.=..A\.+........f.Id.XX......!..ukz..k...L.....5..L.S...$.......G.X..x~.m.....6d...K.1D.b2.5..c!.3|.;..J..[.^..d.n.....7.D#.c..Y...2l..........'....w..X.).D.F.c!..!6.Tj...2.@..T.lw....AX:.z.-xm:...iu....t5..t2h'f/.c&K.w.!l........^.*.n.\..P8..\...k..........g.....2.........F..!.1...K\8.[.1.C....&....W..Uq...G..^GE....."..........-E)0....\...E.Pd*?;.......,...<.(....G..>-d.T.[A|. .....4].,.E......^._9
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 455667
                                                Category:downloaded
                                                Size (bytes):122924
                                                Entropy (8bit):7.9974224995855785
                                                Encrypted:true
                                                SSDEEP:3072:mXUfU9c2uY2CMsZUpk4VD4yAVOunkOrKXfAE2ss:mkoG7ep8+7kGKXIb
                                                MD5:33E13AB2DB6540C3B64C119CE450CFA8
                                                SHA1:2608E73884B3F039987C3BB31C4ACB31BD48A5F4
                                                SHA-256:06BBD11635362530528A350A84DEA1F961D261BE142B79C56478C703F02334C2
                                                SHA-512:8A3607B7FB58A2510ADDB86FC6C4353CF2D41371DF35A3C42A49BA38FAD9A9B4BA6E74B38180FCA09FE406BD60AF43ACE06457D27C94DE670C0A60B41227BB5A
                                                Malicious:false
                                                Reputation:low
                                                URL:https://aadcdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_GjP1RdcVSKf6ASC7mgkR1g2.js
                                                Preview:...........{w.8.8.....fn..(..o+....*.I.....Merd.v.%.$.1.......([NU....s.Q.H... .....w.......Oit....OJ.O..J..............F....^\.x>+...3....0*y..F.0....f.o..~i...R..J.(..9I\.8.Bc..2T...K;J^K...*..6o..P.....!).a.9.d.....G..."pYTz~...Da.N.R...=A#....M.%;b..%.I.%......!E.15.[...:..P.........8_...L...U..ie..|.JIXz.....x.`Z...bj......I..a.,z...~)..D...%.2....-M#;@...`..i......cTt.Z.fs...L/.8..s...R..^...J.?.0.W..K.z.h..Z.5....d...>L..a1.:.......C.G.....G..?c^....,]....Q8..@.u.b.4..K..!`_.....q|q.?]..<>.L....+..R........d..uO...v.G...c..;...A.KX.Y0M....g...>....'a.:g..;.>...9.b.:0.e[.*....w...T......JE..V..;....wU...TYf....?.....ua8...i....$)W.....\..7... EC.h.&e.6..D,YDA..W.Na!..T..$k..;..2..ju .1,D}LdY=..a.>|k....ND/.A...}{+'V?..W%#..o)a.S....c!P8..UI.".n.{.]C.q...-u..a.....$z%...[*.CX......l.}.U.Q.......\.nT..........Z...LK.~.|."...D;U{>._....T$.C..^|)..'e..!.k2=...)Y! )..+.Y.#%........C..>0.r_oo..%.>....=..g..!.V....<%J.D......
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):72
                                                Entropy (8bit):4.241202481433726
                                                Encrypted:false
                                                SSDEEP:3:YozDD/RNgQJzRWWlKFiFD3e4xCzY:YovtNgmzR/wYFDxkY
                                                MD5:9E576E34B18E986347909C29AE6A82C6
                                                SHA1:532C767978DC2B55854B3CA2D2DF5B4DB221C934
                                                SHA-256:88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
                                                SHA-512:5EF6DCFFD93434D45760888BF4B95FF134D53F34DA9DC904AD3C5EBEDC58409073483F531FEA4233869ED3EC75F38B022A70B2E179A5D3A13BDB10AB5C46B124
                                                Malicious:false
                                                Reputation:low
                                                Preview:{"Message":"The requested resource does not support http method 'GET'."}
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 15755
                                                Category:downloaded
                                                Size (bytes):5529
                                                Entropy (8bit):7.963357626093036
                                                Encrypted:false
                                                SSDEEP:96:FC4lWyY3aCfrPHSuZ6WTgaPZT1rfaaCEIqgpxXpYUFUUjadVPht:c4lWyK/rvn3TgKdfaaCbqgmUfjIVPht
                                                MD5:2897F2B9FBDFCA48FD9E7C3EBACD4825
                                                SHA1:1AC29A73147FAB24EECEDE0BBF4ABAC2B09B4FDA
                                                SHA-256:34AC02CED788528E58CD6EBB75EDF624F4061D4839369AF860A36AC0BFC3C830
                                                SHA-512:508CE7E7E1D3AE2101737E8D26A1257D516F8644ADC3AB5BE2A6B86C0B21CCFC32C1030B2014BE1280B9AF29AEB78A005D2242A2D12C68D2C3733941BCF64A42
                                                Malicious:false
                                                Reputation:low
                                                URL:https://aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_4ba7c391e6f3f547d8ce.js
                                                Preview:...........[}w.......q.Q.f......q....c..&9:H.$b..E.UK......$!..ss.`vgggg.}...j_i.....G...{.e[..\7.+....].:.......7.6....9p...(.D..a..Q.\hS...n...h.....I...S...H.h...^3...+7I.Z......?.C..F..?OR-.R..57.$../...,.x..O..D...I$.Q.%|..;l"f._.in.5.Sm.%.D.ai]......QHp...{@8....8........5Q....+dD.:.Z.i.h.Q_......6.r../..o6L..c.....A.E.O4.,A.k.!.....8qCby.....'.Oy.20.....Oc."O.4..(.y@w+....[..h.g.._[..f|}t......cSMM.4.....O'..5...^4......[..;..{...P....l.j6..Z3..~..uU.~g..W9./.....tC.G.]......._..~.A... v....C.S1.X|.dZ.LL........_}..=..C:..Y..x...a|m...c.%x.....[...j6t...p......c.fNd.6...&.*....%.. tS..<...A...c.3j=@3.5.. eS.u!>..j........B.kpE_.81.x./Z..&K.nI.L.n.vn.Q..&....Y:.... a8..f...)...."...;z..d(...{\.B.."R..n.g#.@.G<......S.qPt......r..H.V...s......w..['..$../..=.n.&sv...z.Q8...A.H...?..<..Y./....m.Y.........C*.F`M..I..p.?.n2........D.......,.%....GE....|..{....)....u......<!.>..~~.v...|.Cj....V.^s..M.9.i7....8I..8}8%...'.I#...Y..i.........
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 26668
                                                Category:downloaded
                                                Size (bytes):7397
                                                Entropy (8bit):7.97524113662337
                                                Encrypted:false
                                                SSDEEP:192:vv11ns4EL0OgtJ0c6aEWgRM28JPmDLFAFy:vjnsbLAJ0c6nWSMtPkRt
                                                MD5:F1FAE06223E03425D351882922E10846
                                                SHA1:1C1A8E229B1FF88E487174338E27CB6FC69352D0
                                                SHA-256:1371CEF302CFD811D98458BEF647F3E997931A8C4160E87E9B0C1CB471369C7B
                                                SHA-512:ABF856038A4D3DD9F2686564BC0FE3BBD789AA84F622C821448734EC64361052250E5669861043A0D855B0D83000D5D0D010FA8A3A7A30549677499ABFA52801
                                                Malicious:false
                                                Reputation:low
                                                URL:https://aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_9508950c2b89b79b3f88.js
                                                Preview:...........]{w.6...?....[....7.......Ck).I..EB.c.`I.j....o....{{..%..`0...f.2....7......?..h.'..{u.......r.=<^..v....~....j.=r..i,.X.........6......8f3.O....3uy..~...l..@.........&.@..!.vY...S...............C...b.S..wc..1.b.R..:I.P^.hNL..rm.b>.|.Z.k.T...1.......c1P........a.....,1..C~.<h.iK6O./.....6KD?X^........0... .A.1..kBX.....*$.R..N."...s&1.3.r....h......##.M8."......?.f....9a...s../.w....nk{....G.........t.....I.u....=...y..9....,.7......9~...+K.[.~/..%H?......q|q.G........z.M.:....g.Pd+...?|2.h.L...^|...}...5....K.$$..q@.6._.$..m...c....5.._?l.].~.4.._....w..c...P..........G.w..A.W.Y.........1|..[.. S,.. Cd.[c.Y..##.g.y..K.vl...].>..d.Eg...GI...c..w.,#J...8..q....l.<.ADc...u..+..../d...I...Qh.F.......Qe.....~..}...O. .j.J..(....'Q.,/.....!WP6..+.....OX.6...[..$...-...S...9.[....(.8..g..A1..].KQx.....{3K.wN0....5.!......=..J..{B.....?...p..P0.G6`.4$o%..?).C*S..2.BF..&.y.7...p.\......u..sI..'.O.....[NNq....$.y.....G.V....6...B
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, baseline, precision 8, 1921x1080, components 3
                                                Category:downloaded
                                                Size (bytes):236176
                                                Entropy (8bit):7.976676300039493
                                                Encrypted:false
                                                SSDEEP:6144:FXVezE1Z6TEQbV0Dwa2v1GYmLKm68qmhhhK2WX4:FXVdUtbV08pvsYmWEqmhfK2+4
                                                MD5:1A8F3006501735AB31D72D2F8248572A
                                                SHA1:F030C3C9062E15F84D094021CCFDA0A0618768AE
                                                SHA-256:4398401858653F7533C75872F440C7D574062ACB315718C781D21F717E4F6DC4
                                                SHA-512:2227AE96D9766538DBBC8B1DD55062408303A28A9F5A9C010075C9CD280CE90B825560AF0EA9CBA7AE09E4CF43514557D14048EE3F8477758F91A65624F8F385
                                                Malicious:false
                                                Reputation:low
                                                URL:https://aadcdn.msauthimages.net/c1c6b6c8-kfpbhsrpqaiv6ikolpfs7a7vyr0gta6la597txj31zu/logintenantbranding/0/illustration?ts=636403066292715638
                                                Preview:.....Phttp://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about=""/> </rdf:RDF> </x:xmpmeta>
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 406986
                                                Category:downloaded
                                                Size (bytes):116362
                                                Entropy (8bit):7.997473195483862
                                                Encrypted:true
                                                SSDEEP:3072:b4AjEJ6y6ebFHqvxmN75LyWZh7nUOJc4TG91lJa5l+2EqFonU:0AgsnM79PZh7nuN1naTdFoU
                                                MD5:81C7B985343C317ADEEA2C28F5C6FF4D
                                                SHA1:7A04D6215D0B79EEDE6823C4B3621795AD552534
                                                SHA-256:6BDBA6F0D2271DD20E6E6AEA2B459A1A23050EDE1B3BBADE4C913A1716F6E491
                                                SHA-512:DDF40137ED7F870C5E7475685BA9006F9C99C7C0632A9E7738DCF9BD081C105ABA5B94B3302BBD26DFF413DC065FC442D3CDDA33684709D6185B409F08158085
                                                Malicious:false
                                                Reputation:low
                                                URL:https://aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_72a1051aa2aa2943d8c1.js
                                                Preview:...........k{.H.(.}.......c....8=.Ib......#Ca.....K..o..ZU%...q..9...ct).....S..*?U.6..rqyt~Y9}W..........Z.xzy..x.z.Q.w9......^...U.........<..G....=wZ.....Oxe.._.0.*S/..k>..*&T..*gn.?TN....6.....a0...I\......)....$......7.T>x.0..q\...{..H...|.....2..x"..\`IYkD..#*....FP....a.^.].'0h.&.....ie..|.*qPy....l<..S.y.E..>.....a...3..-vq:..P<..dE.....C.h.P..]..\5.......3.<N.^?T...:B#c....|...T.........(...Q.l7[...V.e.W.8.G.....O...0.m...f.F...7..h.......F..b...Yr.=...f.....?......S.}U..g.......t..../...G.......~.+...)y.X\...<.&.........`.v.....`^....c4c.Yh=.a.wB.m.......i..~v-..O..nY....A....5...v...t..FSw...Q/n...c.9Y{.-..>a..7h..o..ec...O...)~..8...j-M..nD....9......f5..'Q#...L.'......fZW."Q[.<.nx..O...LU.;..a.m..&.k.$...;.=L...yv....,.f<Hb{.w.@.8...8F.D.>.04.[K6v.i..2.#?..&.;-.].....1.X0w.H6mZ..A...t..e-.\...MC6.xt`..cu...@_...v....;z'.mV.T/o.i....-...K......\..Sn>B......%x..%......W.|......~.6.%...+.:..x5..s5P.-..!.G...ZT.i...;.&
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 142588
                                                Category:downloaded
                                                Size (bytes):49982
                                                Entropy (8bit):7.995657643114965
                                                Encrypted:true
                                                SSDEEP:1536:Jxgptniucdklf46I3reB9kaGX2VDj/vlzQ4Orr:JehcdSPIbK9ggnnlzor
                                                MD5:47B6359A09BBEE6AA41B82E06C5A6105
                                                SHA1:7049BB7A20217A9153F9AED16A0A6B6DF27B1038
                                                SHA-256:EACBD5A1C958B4A2859D1D59FCDF028EDB6DD7567109218A83AA4E263A253A35
                                                SHA-512:16CAC5CD306721D5A117CA06CC42BBB38680697E811479F51C315A3967F5716ED9AC2A01A049BDBA027984312F268E2711E359936ED748394100A11953B231FC
                                                Malicious:false
                                                Reputation:low
                                                URL:https://aadcdn.msauth.net/shared/1.0/content/js/BssoInterrupt_Core_9810YxmrLqOR1rQ4anyNMg2.js
                                                Preview:...........m[.8.0........OL....;w.....6.ff.X.'V......4.r~........=........,..JU.......T~.l..?..E...r..r.....r.o....^.......(..q...?.......*aP......h.Fn".....|wR.G.C%...i.~..$.L.8.BC1..*U...*gn.<W...:./.6.....(.>..}R.......xT..^.XTf.'...?.....(..qR..H...x...OX.7..X$.q.%..ze....>._......{P.:....~.M...X&.&.u..ie..|.*IXy.g..Y....x{..;..U.M.f....f,.Gl.dR..<...bl{E|..@<y..En.(W...s."!.D.X.<AE....a....Y..'.t*&8.T.....".J.K......Rm5.;...F...$........Q......C.G_.s...../1.8b\....ZP9..\?P.:........)`_.... .......6..#lXU.s.\I....Q..*..Y..\5n,.~.7V.4..su........N\...._.7...........T.....)..L..S}.c_...\_......Y}:...._1-|p..l@..[q.......*....?&.0Z_.Aw:3.RsV...qR5..Bv./..7...b.G,..jt...HfQP..:.).a...&9s.N....d.=_,:...B..@...+{.Mx.8k.,m.Q.B.......j....}.2bdEkE.G.a..5...1....G ...T...~....uV6.....i.=...A*U.!.+."3c...D.&!*q.9L....8..&`>.....v....6aT\.U.S.q"+!.....Xi.@D2.....g..t\.nw.-..L..S.B@QZ.N>.\-...[...pD....sro//..H...i......}.U.....M.yJ........./.
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:PNG image data, 281 x 60, 8-bit/color RGBA, non-interlaced
                                                Category:downloaded
                                                Size (bytes):2720
                                                Entropy (8bit):7.843230930170466
                                                Encrypted:false
                                                SSDEEP:48:198IUOPKKmFUdQzjZWjP/OkrwbCBW4HCSJUs2Ko5/MgoRQHtba49hv8Ka:198IUOBafwjOk8eBW4HCS2sTUMjQHd94
                                                MD5:B810A28B29F68A0CA077D31D0812B76D
                                                SHA1:7A95CC4A1E82A43AFC2109B46995C007261D1FEC
                                                SHA-256:7EE5EEEC7C7D52E159AE852844846F306D8D5E0252F56F4B48735F868ED9E564
                                                SHA-512:441E1A56668E0E9D06DE59DAFE408189783B5186AA7F59CAE016D5DBEE0E5A92CBEA60E34737CC5D6CDAAA8CC897691A84E915002120ABCBBA068D2A71E45FF5
                                                Malicious:false
                                                Reputation:low
                                                URL:https://aadcdn.msauthimages.net/c1c6b6c8-kfpbhsrpqaiv6ikolpfs7a7vyr0gta6la597txj31zu/logintenantbranding/0/bannerlogo?ts=636403066229197274
                                                Preview:.PNG........IHDR.......<.....R..&....pHYs...........~....RIDATx..]A..Y.=W...~..B7.Fd....B._..P.t...)W&.g%"...+a...W...B0...&...E..JD...q!8.....>/s.......D....{....;.s+.B...A...&... ...A$#.. ...A$#..HF..A$#..HF.... ..HF.... .".A.... .".A.... .".A.D2. .".A..l...W..~e$W......].. ..e.......D`.... .<..[f...}%-3......7Y7b.`*.........!.G.>afc..7..Y...O..K..BX......p..H.......|..N..............w.j....lfs3.5l.....9='..A.......T.........^..a......H.._......v2.QS9p.......$......MWo..^BXkaf..5..j..zjf..p...fV..:...@..!...<....J.6.nw.c.w..l..LD2.qh....a.#..\...>.~.A_`.......wNG.."...0t..A.lGh.\..W.?.X.8.zV..mn7..Y.=.6!......].<l.......f.S.......Fry7...x..?.P...........l.q....~r...m...........!d$.kn..{.A........B.B.G..!..!T..6p.8.p..a..H.t.,.:..HI....\....?..g....q.v@.......C.sN.C..S.......f......S...<<..6.,.:li.Q...E..:..$.k3..X.mj...e..2.G_.z..c[u.......Uhg...]..b..Q%.L...I.Zw..j.....=....m......t.H.l./..C....Iy.....v?........{...]..v....WZJ.I.q.....~.Uv.U
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, baseline, precision 8, 1921x1080, components 3
                                                Category:dropped
                                                Size (bytes):236176
                                                Entropy (8bit):7.976676300039493
                                                Encrypted:false
                                                SSDEEP:6144:FXVezE1Z6TEQbV0Dwa2v1GYmLKm68qmhhhK2WX4:FXVdUtbV08pvsYmWEqmhfK2+4
                                                MD5:1A8F3006501735AB31D72D2F8248572A
                                                SHA1:F030C3C9062E15F84D094021CCFDA0A0618768AE
                                                SHA-256:4398401858653F7533C75872F440C7D574062ACB315718C781D21F717E4F6DC4
                                                SHA-512:2227AE96D9766538DBBC8B1DD55062408303A28A9F5A9C010075C9CD280CE90B825560AF0EA9CBA7AE09E4CF43514557D14048EE3F8477758F91A65624F8F385
                                                Malicious:false
                                                Reputation:low
                                                Preview:.....Phttp://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about=""/> </rdf:RDF> </x:xmpmeta>
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:downloaded
                                                Size (bytes):100
                                                Entropy (8bit):5.32621000584615
                                                Encrypted:false
                                                SSDEEP:3:JrsczNDrhkI2yLrm0do+qBVcdtwyRKR:BVBeITm02+q6+
                                                MD5:9FBF053785C2798F4358FDE7854BA873
                                                SHA1:0ACEAB2137B525FD7AE3E26F8E0667C97FF10B54
                                                SHA-256:EEBD062BBFC45E917D0ADFCC7BC5E6404DF123B54BD2AAA066EABDA343B332C6
                                                SHA-512:9C49DEACB0E2B69FFC7FA2AE353AB7360356EAFA5CAA3C331E224DCB9B6D8ACF8BCC47CEF73759FDA8AEC8D6DF31EAE1D46D75FCECBEC294592ECE21F9F51FBE
                                                Malicious:false
                                                Reputation:low
                                                URL:https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIgCYICaXLWAdtdEgUNT367vRIFDVd69_0hEtaOfRvJJkU=?alt=proto
                                                Preview:CkgKDQ1Pfru9GgQIVhgCIAEKNw1Xevf9GgQISxgCKioIClImChxAISMuKiQtXyslJj8vXj0pKCw6O348IidcXT5bEAEY/////w8=
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:GIF image data, version 89a, 352 x 3
                                                Category:dropped
                                                Size (bytes):3620
                                                Entropy (8bit):6.867828878374734
                                                Encrypted:false
                                                SSDEEP:48:ZumKaT5ezv47j2/ZiRDlq16x8XvEUcg777shHdpHVGJqFd:Eal647jPDlL8XvEUcg77kVGyd
                                                MD5:B540A8E518037192E32C4FE58BF2DBAB
                                                SHA1:3047C1DB97B86F6981E0AD2F96AF40CDF43511AF
                                                SHA-256:8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
                                                SHA-512:E3612D9E6809EC192F6E2D035290B730871C269A267115E4A5515CADB7E6E14E3DD4290A35ABAA8D14CF1FA3924DC76E11926AC341E0F6F372E9FC5434B546E5
                                                Malicious:false
                                                Reputation:low
                                                Preview:GIF89a`.........iii!.......!.&Edited with ezgif.com online GIF maker.!..NETSCAPE2.0.....,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....`.....9..i....Q4......H..j.=.k9-5_..........j7..({.........!.......,....`.....9.......trV.......H....`.[.q6......>.. .CZ.&!.....M...!.......,....`.....8..........:......H..jJ..U..6_....../.el...q.)...*..!.......,....`.....9.....i..l.go.....H..*".U...f......._......5......n..!.......,....`.....:..i......./.....H...5%.kE/5.........In.a..@&3.....J...!.......,....`.....9.......kr.j.....H..*.-.{Im5c..............@&.........!.......,....`.....9.........j..q....H...].&..\.5.........8..S..........!.......,....`.....9.......3q.g..5....H...:u..............Al..x.q.........!.......,....`.....9......\.F....z....H...zX...ov.........h3N.x4......j..!.......,....`.....9........Q.:......H....y..^...1.........n.!.F......E...!.......,....`.....8.........i,......H....*_.21.I.........%...
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 58644
                                                Category:downloaded
                                                Size (bytes):16624
                                                Entropy (8bit):7.988053289965094
                                                Encrypted:false
                                                SSDEEP:384:gWZV40GhomYB18u1JiDbaRVsa5j8Am0WZlQdLKYt1:gcK0gyB/8bCVJ6WvZt1
                                                MD5:FCA4A90FD7C2D439B087528EEE0F2782
                                                SHA1:7FB04ED94A94FF03E532A52B1387DC29DDAF439E
                                                SHA-256:FB8F15112AF581621E2B19B638B43B655703939AA86392F68F7540D38E2A060D
                                                SHA-512:6348C5A7D8238C6612732C9C2D5592D95E07E51CC4994AA36825B7E195F67ED993ABE92A99B105B63BE5FA6482F29244690D7B4B87BDAA18C173AC67AD8A2D24
                                                Malicious:false
                                                Reputation:low
                                                URL:https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1d0daql8my9m71a_2aaxzg2.js
                                                Preview:...........}Ms#.......f....O..1..3.!....RH2....~......Q.x7...}..'.}..?e#...QU]....Vo.....].U............^..{..w!x..=z....{..._..%.i..q........j<.w...7..."pgbV.C..kYU`..X....'t....<p........x...!..4mx..Q,:.....?&.p.....Q/.............=.m.Q.z.M...=..3'...."....L...{".?..k..../.E8...T.,FqXt.6.].tu6.....w.W..7i..s.Z,&c.)n.[.pcQp...4..`....4X.q..^...E.M.p|qoBh..B+..<q..Pgb.j....\.!...q..Q.k....>.}z'`~....E<.{.B4..w..x~...F.-.........>T..b.,...S.O.z...<.......=.N..S.GB.......m......J.\9........W.2.A)h.V..:t..t.O.J.).CO......K.w&..4?.d..r..4.7.8(L. ..-......:.J.y....%n..<..n....-....Oo_>a....-.i.............{O...1.M....V>..=N..(.4.K.t../.1....\F..`._Bz......u..[,...].3.0.3.....L|..*.a!.!.t.....[x..Xv:.QTp....ZE.u.`...s..o\.....)..a0..5....oN..{h..l)..QL.d.X.E.]...%$.H.|...wWo..........BwPpg...W/|..\X..F.[5.e.[ .o........S.3/..3@n.......=P A.B6...{{.g.=...L...tl.rJ..X.J,...;.}7..O/......Z........)...,`l...7 ...C....QQ.3(..{...Z2...qs....x.....
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
                                                Category:downloaded
                                                Size (bytes):17174
                                                Entropy (8bit):2.9129715116732746
                                                Encrypted:false
                                                SSDEEP:24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
                                                MD5:12E3DAC858061D088023B2BD48E2FA96
                                                SHA1:E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
                                                SHA-256:90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
                                                SHA-512:C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
                                                Malicious:false
                                                Reputation:low
                                                URL:https://aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
                                                Preview:..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:GIF image data, version 89a, 352 x 3
                                                Category:dropped
                                                Size (bytes):2672
                                                Entropy (8bit):6.640973516071413
                                                Encrypted:false
                                                SSDEEP:48:ZaOdwduTYPpS9pZy9vDNi1miicsvrJkafMiS+MGQ09DU/X9/4Xp6m5Z9SQcq:4CIuTYPpSTc9vcPZX9/2gzQ/
                                                MD5:166DE53471265253AB3A456DEFE6DA23
                                                SHA1:17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D
                                                SHA-256:A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
                                                SHA-512:80978C1D262BC225A8BA1758DF546E27B5BE8D84CBCF7E6044910E5E05E04AFFEFEC3C0DA0818145EB8A917E1A8D90F4BAC833B64A1F6DE97AD3D5FC80A02308
                                                Malicious:false
                                                Reputation:low
                                                Preview:GIF89a`............!..NETSCAPE2.0.....!.......,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....0.............<....[.\K8j.tr.g..!.......,....3............^;.*..\UK.]\.%.V.c...!.......,....7........`....lo...[.a..*Rw~i...!.......,....;........h.....l.G-.[K.,_XA]..'g..!.......,....?........i.....g....Z.}..)..u...F..!.......,....C...............P.,nt^.i....Xq...i..!.......,....F...........{^b....n.y..i...\C.-...!.......,....H..............R...o....h.xV!.z#...!.......,"...L.............r.jY..w~aP(.......[i...!.......,(...N.............r....w.aP.j.'.)Y..S..!.......,....H.........`......hew..9`.%z.xVeS..!.......,5...A.........`...\m.Vmtzw.}.d.%...Q..!.......,9...=.........h......3S..s.-W8m...Q..!.......,A...5.........h.....N...:..!..U..!.......,H.............h....M.x...f.i.4..!.......,O...'.........i...tp......(..!.......,X.............j...@.x....!.......,].............j..L..3em..!.......,e.............`......!.......,n..............{i..!..
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:PNG image data, 281 x 60, 8-bit/color RGBA, non-interlaced
                                                Category:dropped
                                                Size (bytes):2720
                                                Entropy (8bit):7.843230930170466
                                                Encrypted:false
                                                SSDEEP:48:198IUOPKKmFUdQzjZWjP/OkrwbCBW4HCSJUs2Ko5/MgoRQHtba49hv8Ka:198IUOBafwjOk8eBW4HCS2sTUMjQHd94
                                                MD5:B810A28B29F68A0CA077D31D0812B76D
                                                SHA1:7A95CC4A1E82A43AFC2109B46995C007261D1FEC
                                                SHA-256:7EE5EEEC7C7D52E159AE852844846F306D8D5E0252F56F4B48735F868ED9E564
                                                SHA-512:441E1A56668E0E9D06DE59DAFE408189783B5186AA7F59CAE016D5DBEE0E5A92CBEA60E34737CC5D6CDAAA8CC897691A84E915002120ABCBBA068D2A71E45FF5
                                                Malicious:false
                                                Reputation:low
                                                Preview:.PNG........IHDR.......<.....R..&....pHYs...........~....RIDATx..]A..Y.=W...~..B7.Fd....B._..P.t...)W&.g%"...+a...W...B0...&...E..JD...q!8.....>/s.......D....{....;.s+.B...A...&... ...A$#.. ...A$#..HF..A$#..HF.... ..HF.... .".A.... .".A.... .".A.D2. .".A..l...W..~e$W......].. ..e.......D`.... .<..[f...}%-3......7Y7b.`*.........!.G.>afc..7..Y...O..K..BX......p..H.......|..N..............w.j....lfs3.5l.....9='..A.......T.........^..a......H.._......v2.QS9p.......$......MWo..^BXkaf..5..j..zjf..p...fV..:...@..!...<....J.6.nw.c.w..l..LD2.qh....a.#..\...>.~.A_`.......wNG.."...0t..A.lGh.\..W.?.X.8.zV..mn7..Y.=.6!......].<l.......f.S.......Fry7...x..?.P...........l.q....~r...m...........!d$.kn..{.A........B.B.G..!..!T..6p.8.p..a..H.t.,.:..HI....\....?..g....q.v@.......C.sN.C..S.......f......S...<<..6.,.:li.Q...E..:..$.k3..X.mj...e..2.G_.z..c[u.......Uhg...]..b..Q%.L...I.Zw..j.....=....m......t.H.l./..C....Iy.....v?........{...]..v....WZJ.I.q.....~.Uv.U
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113424
                                                Category:downloaded
                                                Size (bytes):20410
                                                Entropy (8bit):7.980582012022051
                                                Encrypted:false
                                                SSDEEP:384:8RvmaMFysnOXZ2m9zM+udO6GGUpeAU02oDGnN5EsQwWUQGTS8r2k:8pmm7ZFM+ObGGUIjN5PJV3Tp
                                                MD5:3BA4D76A17ADD0A6C34EE696F28C8541
                                                SHA1:5E8A4B8334539A7EAB798A7799F6E232016CB263
                                                SHA-256:17D6FF63DD857A72F37292B5906B40DC087EA27D7B1DEFCFA6DD1BA82AEA0B59
                                                SHA-512:8DA16A9759BB68A6B408F9F274B882ABB3EE7BA19F888448E495B721094BDB2CE5664E9A26BAE306A00491235EB94C143E53F618CCD6D50307C3C7F2EF1B4455
                                                Malicious:false
                                                Reputation:low
                                                URL:https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css
                                                Preview:...........}k..6..w...R..J.H=GSI..x.9...}T*.....)Q..f<...~.F.h..x..{+.-.....h..n....</v.ev......W.,.bU..rW.I...0x...C..2...6]..W_......../x.........~.z.}.|.#x......Ag*O.|XgU...4 .^'U...mP.A.].Z.U.!..Y.......:.ve.?.!..d.N...xJ...mR......0.@p...lKr/...E.-. .....|l.4.o.i.......L.iF..T{.n....2....VEY.y=..=..T+V./.b....\....7.sH.w{.h.....!.."F.k.!.......d...mS.rh.&G.../..h&..RE"!.A/.......A....L...8.q.M...t[...R...>.6;R..^.Vu..9.[F........>A.:HT}w]......2........p......'T.^]}.^..yJ>.<..pq..h.|..j....j.x..-...c...f...=".)..U.X'.M..l.]ZVtl\.I..}.0.~B0Y'.N...E.4.Xd..e...a.........."..9+d.&..l.$E..R.u.g.Q..w&...~I. .y..D.4;..'.."-.....b...)k.n.M...,3J.z_..&2f.h;.&.R.y..P..X.....\P....*.r...B.$........<....H5.M.."'#.6mQl..mQ5.=.\...O.....^..jM..u*.F..Oh.lNI..j..T..u...I..._........{.\...{..._|..={O..z..>......x..5Q.D7?{...^...^.......o.=.z......v......z.C...Gtw...0!..M@....^...^.x..G....W...{...)..y.<c3...^>{......7._..'d__...;R.
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:GIF image data, version 89a, 352 x 3
                                                Category:downloaded
                                                Size (bytes):2672
                                                Entropy (8bit):6.640973516071413
                                                Encrypted:false
                                                SSDEEP:48:ZaOdwduTYPpS9pZy9vDNi1miicsvrJkafMiS+MGQ09DU/X9/4Xp6m5Z9SQcq:4CIuTYPpSTc9vcPZX9/2gzQ/
                                                MD5:166DE53471265253AB3A456DEFE6DA23
                                                SHA1:17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D
                                                SHA-256:A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
                                                SHA-512:80978C1D262BC225A8BA1758DF546E27B5BE8D84CBCF7E6044910E5E05E04AFFEFEC3C0DA0818145EB8A917E1A8D90F4BAC833B64A1F6DE97AD3D5FC80A02308
                                                Malicious:false
                                                Reputation:low
                                                URL:https://aadcdn.msauth.net/shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif
                                                Preview:GIF89a`............!..NETSCAPE2.0.....!.......,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....0.............<....[.\K8j.tr.g..!.......,....3............^;.*..\UK.]\.%.V.c...!.......,....7........`....lo...[.a..*Rw~i...!.......,....;........h.....l.G-.[K.,_XA]..'g..!.......,....?........i.....g....Z.}..)..u...F..!.......,....C...............P.,nt^.i....Xq...i..!.......,....F...........{^b....n.y..i...\C.-...!.......,....H..............R...o....h.xV!.z#...!.......,"...L.............r.jY..w~aP(.......[i...!.......,(...N.............r....w.aP.j.'.)Y..S..!.......,....H.........`......hew..9`.%z.xVeS..!.......,5...A.........`...\m.Vmtzw.}.d.%...Q..!.......,9...=.........h......3S..s.-W8m...Q..!.......,A...5.........h.....N...:..!..U..!.......,H.............h....M.x...f.i.4..!.......,O...'.........i...tp......(..!.......,X.............j...@.x....!.......,].............j..L..3em..!.......,e.............`......!.......,n..............{i..!..
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:GIF image data, version 89a, 352 x 3
                                                Category:downloaded
                                                Size (bytes):3620
                                                Entropy (8bit):6.867828878374734
                                                Encrypted:false
                                                SSDEEP:48:ZumKaT5ezv47j2/ZiRDlq16x8XvEUcg777shHdpHVGJqFd:Eal647jPDlL8XvEUcg77kVGyd
                                                MD5:B540A8E518037192E32C4FE58BF2DBAB
                                                SHA1:3047C1DB97B86F6981E0AD2F96AF40CDF43511AF
                                                SHA-256:8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
                                                SHA-512:E3612D9E6809EC192F6E2D035290B730871C269A267115E4A5515CADB7E6E14E3DD4290A35ABAA8D14CF1FA3924DC76E11926AC341E0F6F372E9FC5434B546E5
                                                Malicious:false
                                                Reputation:low
                                                URL:https://aadcdn.msauth.net/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif
                                                Preview:GIF89a`.........iii!.......!.&Edited with ezgif.com online GIF maker.!..NETSCAPE2.0.....,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....`.....9..i....Q4......H..j.=.k9-5_..........j7..({.........!.......,....`.....9.......trV.......H....`.[.q6......>.. .CZ.&!.....M...!.......,....`.....8..........:......H..jJ..U..6_....../.el...q.)...*..!.......,....`.....9.....i..l.go.....H..*".U...f......._......5......n..!.......,....`.....:..i......./.....H...5%.kE/5.........In.a..@&3.....J...!.......,....`.....9.......kr.j.....H..*.-.{Im5c..............@&.........!.......,....`.....9.........j..q....H...].&..\.5.........8..S..........!.......,....`.....9.......3q.g..5....H...:u..............Al..x.q.........!.......,....`.....9......\.F....z....H...zX...ov.........h3N.x4......j..!.......,....`.....9........Q.:......H....y..^...1.........n.!.F......E...!.......,....`.....8.........i,......H....*_.21.I.........%...
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:PNG image data, 280 x 60, 8-bit/color RGBA, non-interlaced
                                                Category:downloaded
                                                Size (bytes):2889
                                                Entropy (8bit):7.904874943552236
                                                Encrypted:false
                                                SSDEEP:48:fpnlGwJJN9lgXhFZC0eenZSLiQtfg3+b075d3Yyq+zxLlcg1SMY8svVE1J:fNl3JN96XngenZSLJkW0N9nJqg0n8sti
                                                MD5:423B37101C70C1863F8D997D646CC5EF
                                                SHA1:C6F3235346DB0F75EA08EB413BA26755B3A6FB93
                                                SHA-256:490105CDBED41DD1BC413FE802DB8E2018C3AAA1C39208F34ABC4AF37F4C2226
                                                SHA-512:7AFF47E0A89844675523EA55288FBE01AE268109D83E11BD32C7DC42CA0165787FE146D5938C2599B10E04435B8C3E53F1E1683E2B603B1E2A9E52D7CE4588F6
                                                Malicious:false
                                                Reputation:low
                                                URL:https://aadcdn.msauthimages.net/c1c6b6c8-p0ecqkormrlmmajgzx9e3jyt1y-ehy5oslrpngftngy/logintenantbranding/0/bannerlogo?ts=638260620761652122
                                                Preview:.PNG........IHDR.......<............pHYs...........~.....IDATx..=oc.........(.F..X....mHW)R,...L5B..~A.?.B\.i..I..T.!.....$..+6D...T.q.DD....b0.w.#.........../.....s.)-..F.....hT..H.... R.{i....U...c.._.V.9f..1.N.m2h...s.v.7a..s.7.a.....47.=?.....c|...8..`.q.H<...|......f....[..a..-...>p|.1..[>..'l.5<?.Kc.j.)..b..R2...$&0....{3..D.'ng2hw.|Rx*..F.I....->q.G.D&....^~+'l....".H....a..Q...>i..A...I$aIc.......4.8z~....m/..BC....g..7j7..E._>5\.ig..5...bds.hjes.c<.....#n?N......7j.3L.cof...=..L.\1..ML....~m%}.B...Hd.8X....<f..k....nL.|....M....,.:..'..=....^..2m:N.=..A\.+........f.Id.XX......!..ukz..k...L.....5..L.S...$.......G.X..x~.m.....6d...K.1D.b2.5..c!.3|.;..J..[.^..d.n.....7.D#.c..Y...2l..........'....w..X.).D.F.c!..!6.Tj...2.@..T.lw....AX:.z.-xm:...iu....t5..t2h'f/.c&K.w.!l........^.*.n.\..P8..\...k..........g.....2.........F..!.1...K\8.[.1.C....&....W..Uq...G..^GE....."..........-E)0....\...E.Pd*?;.......,...<.(....G..>-d.T.[A|. .....4].,.E......^._9
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
                                                Category:dropped
                                                Size (bytes):17174
                                                Entropy (8bit):2.9129715116732746
                                                Encrypted:false
                                                SSDEEP:24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
                                                MD5:12E3DAC858061D088023B2BD48E2FA96
                                                SHA1:E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
                                                SHA-256:90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
                                                SHA-512:C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
                                                Malicious:false
                                                Reputation:low
                                                Preview:..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""
                                                No static file info

                                                Download Network PCAP: filteredfull

                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                2025-04-02T12:51:20.460204+02002832046ETPRO PHISHING Successful Office 365 Phish 2018-08-011192.168.2.84974140.126.24.81443TCP
                                                2025-04-02T12:51:20.460204+02002832180ETPRO PHISHING Successful Microsoft Account Phish 2018-08-151192.168.2.84974140.126.24.81443TCP
                                                2025-04-02T12:51:20.460204+02002846045ETPRO PHISHING Successful Microsoft Account Phish 2020-12-151192.168.2.84974140.126.24.81443TCP
                                                2025-04-02T12:51:58.528489+02002832046ETPRO PHISHING Successful Office 365 Phish 2018-08-011192.168.2.84974040.126.24.81443TCP
                                                2025-04-02T12:51:58.528489+02002832180ETPRO PHISHING Successful Microsoft Account Phish 2018-08-151192.168.2.84974040.126.24.81443TCP
                                                2025-04-02T12:51:58.528489+02002846045ETPRO PHISHING Successful Microsoft Account Phish 2020-12-151192.168.2.84974040.126.24.81443TCP
                                                • Total Packets: 332
                                                • 443 (HTTPS)
                                                • 80 (HTTP)
                                                • 53 (DNS)
                                                TimestampSource PortDest PortSource IPDest IP
                                                Apr 2, 2025 12:50:36.302896023 CEST49675443192.168.2.82.23.227.215
                                                Apr 2, 2025 12:50:36.302896023 CEST49676443192.168.2.82.23.227.215
                                                Apr 2, 2025 12:50:36.303208113 CEST49674443192.168.2.82.23.227.208
                                                Apr 2, 2025 12:50:37.271708012 CEST49672443192.168.2.82.19.104.63
                                                Apr 2, 2025 12:50:37.271708965 CEST4967780192.168.2.823.60.201.147
                                                Apr 2, 2025 12:50:44.815318108 CEST49690443192.168.2.8142.250.64.100
                                                Apr 2, 2025 12:50:44.815368891 CEST44349690142.250.64.100192.168.2.8
                                                Apr 2, 2025 12:50:44.815495968 CEST49690443192.168.2.8142.250.64.100
                                                Apr 2, 2025 12:50:44.815664053 CEST49690443192.168.2.8142.250.64.100
                                                Apr 2, 2025 12:50:44.815685987 CEST44349690142.250.64.100192.168.2.8
                                                Apr 2, 2025 12:50:45.908531904 CEST49675443192.168.2.82.23.227.215
                                                Apr 2, 2025 12:50:45.908550978 CEST49674443192.168.2.82.23.227.208
                                                Apr 2, 2025 12:50:45.915853024 CEST49676443192.168.2.82.23.227.215
                                                Apr 2, 2025 12:50:45.924535990 CEST44349690142.250.64.100192.168.2.8
                                                Apr 2, 2025 12:50:45.924627066 CEST49690443192.168.2.8142.250.64.100
                                                Apr 2, 2025 12:50:45.925787926 CEST49690443192.168.2.8142.250.64.100
                                                Apr 2, 2025 12:50:45.925798893 CEST44349690142.250.64.100192.168.2.8
                                                Apr 2, 2025 12:50:45.926093102 CEST44349690142.250.64.100192.168.2.8
                                                Apr 2, 2025 12:50:45.946244955 CEST49691443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:45.946284056 CEST4434969140.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:45.946374893 CEST49691443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:45.946595907 CEST49691443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:45.946607113 CEST4434969140.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:45.947192907 CEST49692443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:45.947200060 CEST4434969240.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:45.947288990 CEST49692443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:45.947633982 CEST49692443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:45.947647095 CEST4434969240.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:45.978708982 CEST49690443192.168.2.8142.250.64.100
                                                Apr 2, 2025 12:50:46.268393993 CEST4434969240.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:46.268624067 CEST49692443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:46.269655943 CEST49692443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:46.269675970 CEST4434969240.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:46.269916058 CEST4434969240.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:46.270281076 CEST49692443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:46.312277079 CEST4434969240.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:46.383873940 CEST4434969140.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:46.384048939 CEST49691443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:46.384774923 CEST49691443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:46.384782076 CEST4434969140.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:46.385024071 CEST4434969140.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:46.430125952 CEST49691443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:46.510405064 CEST4434969240.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:46.510505915 CEST4434969240.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:46.510518074 CEST49692443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:46.510574102 CEST49692443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:46.515119076 CEST49692443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:46.515136003 CEST4434969240.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:46.881683111 CEST4967780192.168.2.823.60.201.147
                                                Apr 2, 2025 12:50:46.881684065 CEST49672443192.168.2.82.19.104.63
                                                Apr 2, 2025 12:50:54.105166912 CEST49691443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:54.105356932 CEST4434969140.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:55.110467911 CEST44349690142.250.64.100192.168.2.8
                                                Apr 2, 2025 12:50:55.110548973 CEST44349690142.250.64.100192.168.2.8
                                                Apr 2, 2025 12:50:55.110635042 CEST49690443192.168.2.8142.250.64.100
                                                Apr 2, 2025 12:50:55.519042969 CEST4434969140.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:55.519105911 CEST4434969140.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:55.519143105 CEST4434969140.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:55.519165993 CEST4434969140.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:55.519200087 CEST4434969140.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:55.519206047 CEST49691443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:55.519206047 CEST49691443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:55.519221067 CEST4434969140.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:55.519238949 CEST49691443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:55.519260883 CEST49691443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:55.519289017 CEST49691443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:55.568679094 CEST49690443192.168.2.8142.250.64.100
                                                Apr 2, 2025 12:50:55.568705082 CEST44349690142.250.64.100192.168.2.8
                                                Apr 2, 2025 12:50:55.664362907 CEST4434969140.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:55.664556026 CEST49691443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:55.664572001 CEST4434969140.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:55.664599895 CEST4434969140.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:55.664650917 CEST49691443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:55.679738998 CEST49691443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:55.679768085 CEST4434969140.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:56.575273037 CEST49702443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:56.575310946 CEST4434970240.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:56.575401068 CEST49702443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:56.575694084 CEST49703443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:56.575721025 CEST4434970340.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:56.575778961 CEST49703443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:56.575825930 CEST49702443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:56.575834990 CEST4434970240.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:56.575918913 CEST49703443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:56.575933933 CEST4434970340.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:57.011145115 CEST4434970340.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:57.062552929 CEST49703443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:57.213886976 CEST49703443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:57.213895082 CEST4434970340.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:57.214353085 CEST49703443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:57.214365005 CEST4434970340.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:57.409101963 CEST4434970240.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:57.409398079 CEST49702443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:57.409420967 CEST4434970240.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:57.409646988 CEST49702443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:57.409655094 CEST4434970240.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:57.688551903 CEST4434970240.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:57.688622952 CEST4434970240.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:57.688694954 CEST49702443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:57.690841913 CEST49702443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:57.690854073 CEST4434970240.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:57.827819109 CEST49704443192.168.2.823.55.235.240
                                                Apr 2, 2025 12:50:57.827864885 CEST4434970423.55.235.240192.168.2.8
                                                Apr 2, 2025 12:50:57.827969074 CEST49704443192.168.2.823.55.235.240
                                                Apr 2, 2025 12:50:57.828191996 CEST49704443192.168.2.823.55.235.240
                                                Apr 2, 2025 12:50:57.828207970 CEST4434970423.55.235.240192.168.2.8
                                                Apr 2, 2025 12:50:57.933684111 CEST4434970340.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:57.933747053 CEST4434970340.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:57.933758974 CEST49703443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:57.933782101 CEST4434970340.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:57.933800936 CEST4434970340.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:57.933813095 CEST49703443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:57.933823109 CEST4434970340.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:57.933856964 CEST49703443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:57.933861971 CEST4434970340.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:57.933897972 CEST49703443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:57.933921099 CEST49703443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:57.933980942 CEST4434970340.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:57.934031010 CEST4434970340.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:57.934063911 CEST49703443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:57.934068918 CEST4434970340.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:57.934111118 CEST49703443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:57.934129953 CEST49703443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:58.040466070 CEST4434970423.55.235.240192.168.2.8
                                                Apr 2, 2025 12:50:58.040527105 CEST49704443192.168.2.823.55.235.240
                                                Apr 2, 2025 12:50:58.046020031 CEST49704443192.168.2.823.55.235.240
                                                Apr 2, 2025 12:50:58.046034098 CEST4434970423.55.235.240192.168.2.8
                                                Apr 2, 2025 12:50:58.046248913 CEST4434970423.55.235.240192.168.2.8
                                                Apr 2, 2025 12:50:58.050971985 CEST49704443192.168.2.823.55.235.240
                                                Apr 2, 2025 12:50:58.096272945 CEST4434970423.55.235.240192.168.2.8
                                                Apr 2, 2025 12:50:58.217596054 CEST4434970423.55.235.240192.168.2.8
                                                Apr 2, 2025 12:50:58.217900038 CEST4434970423.55.235.240192.168.2.8
                                                Apr 2, 2025 12:50:58.217977047 CEST49704443192.168.2.823.55.235.240
                                                Apr 2, 2025 12:50:58.217977047 CEST49704443192.168.2.823.55.235.240
                                                Apr 2, 2025 12:50:58.218005896 CEST49704443192.168.2.823.55.235.240
                                                Apr 2, 2025 12:50:58.218852043 CEST49707443192.168.2.823.55.235.240
                                                Apr 2, 2025 12:50:58.218888998 CEST4434970723.55.235.240192.168.2.8
                                                Apr 2, 2025 12:50:58.218955994 CEST49707443192.168.2.823.55.235.240
                                                Apr 2, 2025 12:50:58.219155073 CEST49707443192.168.2.823.55.235.240
                                                Apr 2, 2025 12:50:58.219172001 CEST4434970723.55.235.240192.168.2.8
                                                Apr 2, 2025 12:50:58.487644911 CEST4434970340.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:58.487663031 CEST4434970340.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:58.487690926 CEST4434970340.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:58.487729073 CEST49703443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:58.487744093 CEST4434970340.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:58.487785101 CEST49703443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:58.487804890 CEST49703443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:58.545164108 CEST4970880192.168.2.8142.251.35.163
                                                Apr 2, 2025 12:50:58.980405092 CEST8049708142.251.35.163192.168.2.8
                                                Apr 2, 2025 12:50:58.980604887 CEST4970880192.168.2.8142.251.35.163
                                                Apr 2, 2025 12:50:58.980839968 CEST4970880192.168.2.8142.251.35.163
                                                Apr 2, 2025 12:50:59.113784075 CEST8049708142.251.35.163192.168.2.8
                                                Apr 2, 2025 12:50:59.114953995 CEST8049708142.251.35.163192.168.2.8
                                                Apr 2, 2025 12:50:59.120886087 CEST4970880192.168.2.8142.251.35.163
                                                Apr 2, 2025 12:50:59.221821070 CEST4434970340.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:59.221879005 CEST4434970340.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:59.221920967 CEST4434970340.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:59.221959114 CEST49703443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:59.222114086 CEST4434970340.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:59.222146988 CEST49703443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:59.223332882 CEST49703443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:59.224494934 CEST49703443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:50:59.224519968 CEST4434970340.126.24.81192.168.2.8
                                                Apr 2, 2025 12:50:59.256283998 CEST8049708142.251.35.163192.168.2.8
                                                Apr 2, 2025 12:50:59.306917906 CEST4970880192.168.2.8142.251.35.163
                                                Apr 2, 2025 12:51:02.640769005 CEST4434970723.55.235.240192.168.2.8
                                                Apr 2, 2025 12:51:02.641052008 CEST49707443192.168.2.823.55.235.240
                                                Apr 2, 2025 12:51:02.641099930 CEST4434970723.55.235.240192.168.2.8
                                                Apr 2, 2025 12:51:02.641186953 CEST49707443192.168.2.823.55.235.240
                                                Apr 2, 2025 12:51:02.641196012 CEST4434970723.55.235.240192.168.2.8
                                                Apr 2, 2025 12:51:02.641243935 CEST49707443192.168.2.823.55.235.240
                                                Apr 2, 2025 12:51:02.641251087 CEST4434970723.55.235.240192.168.2.8
                                                Apr 2, 2025 12:51:02.911571026 CEST4434970723.55.235.240192.168.2.8
                                                Apr 2, 2025 12:51:02.911658049 CEST4434970723.55.235.240192.168.2.8
                                                Apr 2, 2025 12:51:02.911760092 CEST49707443192.168.2.823.55.235.240
                                                Apr 2, 2025 12:51:02.912322044 CEST49707443192.168.2.823.55.235.240
                                                Apr 2, 2025 12:51:02.912344933 CEST4434970723.55.235.240192.168.2.8
                                                Apr 2, 2025 12:51:05.149852991 CEST49723443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.149949074 CEST4434972323.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.150027990 CEST49723443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.150094986 CEST49724443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.150115967 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.150182009 CEST49724443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.150798082 CEST49724443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.150831938 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.150971889 CEST49723443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.150995970 CEST4434972323.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.297930956 CEST49725443192.168.2.840.126.24.146
                                                Apr 2, 2025 12:51:05.297988892 CEST4434972540.126.24.146192.168.2.8
                                                Apr 2, 2025 12:51:05.298096895 CEST49725443192.168.2.840.126.24.146
                                                Apr 2, 2025 12:51:05.298410892 CEST49725443192.168.2.840.126.24.146
                                                Apr 2, 2025 12:51:05.298434019 CEST4434972540.126.24.146192.168.2.8
                                                Apr 2, 2025 12:51:05.351699114 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.351803064 CEST49724443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.352772951 CEST49724443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.352802038 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.353138924 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.354330063 CEST49724443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.396276951 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.399912119 CEST4434972323.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.400027037 CEST49723443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.400497913 CEST49723443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.400506973 CEST4434972323.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.400823116 CEST4434972323.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.401103020 CEST49723443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.448273897 CEST4434972323.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.536556005 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.536581993 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.536597967 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.536659002 CEST49724443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.536698103 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.536715984 CEST49724443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.536763906 CEST49724443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.659347057 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.659368992 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.659499884 CEST49724443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.659521103 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.659538984 CEST49724443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.659569979 CEST49724443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.661338091 CEST4434972323.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.661365986 CEST4434972323.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.661410093 CEST49723443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.661417961 CEST4434972323.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.661529064 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.661581039 CEST49724443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.662156105 CEST49723443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.662205935 CEST4434972323.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.662257910 CEST49723443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.689116955 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.689138889 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.689383030 CEST49724443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.689449072 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.689521074 CEST49724443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.756201029 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.756294012 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.756361008 CEST49724443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.756371975 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.756412029 CEST49724443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.778465033 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.778481960 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.778592110 CEST49724443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.778601885 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.800667048 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.800683975 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.800774097 CEST49724443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.800792933 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.800822020 CEST49724443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.802723885 CEST49726443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.802763939 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.802841902 CEST49726443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.802983046 CEST49726443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.802994013 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.813715935 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.813821077 CEST49724443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.813836098 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.835269928 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.835294008 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.835375071 CEST49724443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.835393906 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.835541010 CEST49724443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.847404957 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.847470045 CEST49724443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.847484112 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.860284090 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.860300064 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.860378027 CEST49724443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.860388041 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.877239943 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.877257109 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.877305031 CEST49724443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.877312899 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.877362013 CEST49724443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.881860018 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.881944895 CEST49724443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.895030022 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.895045996 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.895114899 CEST49724443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.895131111 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.895157099 CEST49724443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.901983976 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.902061939 CEST49724443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.902076006 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.913239956 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.913261890 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.913335085 CEST49724443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.913357019 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.913386106 CEST49724443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.928320885 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.928334951 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.928396940 CEST49724443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.928411961 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.934725046 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.934787989 CEST49724443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.934802055 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.936436892 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.936507940 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.936526060 CEST49724443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.936553001 CEST49724443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.936896086 CEST49724443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.936928034 CEST4434972423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.940141916 CEST49727443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.940191984 CEST4434972723.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:05.940273046 CEST49727443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.940424919 CEST49727443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:05.940438986 CEST4434972723.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:06.124778986 CEST4434972540.126.24.146192.168.2.8
                                                Apr 2, 2025 12:51:06.124871016 CEST49725443192.168.2.840.126.24.146
                                                Apr 2, 2025 12:51:06.125941038 CEST49725443192.168.2.840.126.24.146
                                                Apr 2, 2025 12:51:06.125956059 CEST4434972540.126.24.146192.168.2.8
                                                Apr 2, 2025 12:51:06.126193047 CEST4434972540.126.24.146192.168.2.8
                                                Apr 2, 2025 12:51:06.126461029 CEST49725443192.168.2.840.126.24.146
                                                Apr 2, 2025 12:51:06.172278881 CEST4434972540.126.24.146192.168.2.8
                                                Apr 2, 2025 12:51:06.185172081 CEST4434972723.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:06.185275078 CEST49727443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:06.185734034 CEST49727443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:06.185748100 CEST4434972723.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:06.185991049 CEST4434972723.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:06.186233044 CEST49727443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:06.228317976 CEST4434972723.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:06.343429089 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:06.343539953 CEST49726443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:06.343976021 CEST49726443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:06.343982935 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:06.344314098 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:06.344547033 CEST49726443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:06.378528118 CEST4434972540.126.24.146192.168.2.8
                                                Apr 2, 2025 12:51:06.378612995 CEST4434972540.126.24.146192.168.2.8
                                                Apr 2, 2025 12:51:06.378638029 CEST49725443192.168.2.840.126.24.146
                                                Apr 2, 2025 12:51:06.378663063 CEST49725443192.168.2.840.126.24.146
                                                Apr 2, 2025 12:51:06.392263889 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:06.410228968 CEST49725443192.168.2.840.126.24.146
                                                Apr 2, 2025 12:51:06.410255909 CEST4434972540.126.24.146192.168.2.8
                                                Apr 2, 2025 12:51:06.415020943 CEST49728443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:51:06.415054083 CEST4434972840.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:06.415122986 CEST49728443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:51:06.415326118 CEST49728443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:51:06.415338039 CEST4434972840.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:06.441065073 CEST4434972723.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:06.441083908 CEST4434972723.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:06.441143990 CEST49727443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:06.441170931 CEST4434972723.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:06.441875935 CEST4434972723.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:06.441899061 CEST49727443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:06.441910982 CEST4434972723.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:06.441925049 CEST49727443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:06.441956997 CEST49727443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:06.879519939 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:06.879545927 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:06.879589081 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:06.879647970 CEST49726443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:06.879667044 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:06.879704952 CEST49726443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:06.879709959 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:06.879740000 CEST49726443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:06.879754066 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:06.879782915 CEST49726443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:06.879787922 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:06.879854918 CEST49726443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:06.969898939 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:06.969938040 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:06.970066071 CEST49726443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:06.970082045 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:06.970129013 CEST49726443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:06.993623972 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:06.993680000 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:06.993757963 CEST49726443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:06.993767977 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:06.993827105 CEST49726443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:07.025958061 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:07.025983095 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:07.026112080 CEST49726443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:07.026119947 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:07.066351891 CEST49726443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:07.097141027 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:07.097177029 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:07.097240925 CEST49726443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:07.097251892 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:07.097291946 CEST49726443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:07.097301960 CEST49726443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:07.119985104 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:07.120100975 CEST49726443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:07.151088953 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:07.151114941 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:07.151179075 CEST49726443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:07.151185989 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:07.151215076 CEST49726443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:07.151236057 CEST49726443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:07.163950920 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:07.164031982 CEST49726443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:07.320173025 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:07.320213079 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:07.320287943 CEST49726443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:07.320310116 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:07.320326090 CEST49726443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:07.320353985 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:07.320379019 CEST49726443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:07.320386887 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:07.320405006 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:07.320451021 CEST49726443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:07.320486069 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:07.320549965 CEST49726443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:07.320585966 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:07.320609093 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:07.320647955 CEST49726443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:07.320652962 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:07.320673943 CEST49726443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:07.320688963 CEST49726443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:07.320727110 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:07.320780993 CEST49726443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:07.320811033 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:07.320828915 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:07.320862055 CEST49726443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:07.320866108 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:07.320883989 CEST49726443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:07.320902109 CEST49726443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:07.320931911 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:07.320952892 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:07.320995092 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:07.321008921 CEST49726443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:07.321016073 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:07.321057081 CEST49726443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:07.321079016 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:07.321130037 CEST49726443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:07.321136951 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:07.321192026 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:07.321232080 CEST49726443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:07.354816914 CEST49726443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:07.366121054 CEST49726443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:07.366137028 CEST4434972623.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:07.528493881 CEST4434972840.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:07.529901028 CEST49728443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:51:07.529918909 CEST4434972840.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:07.530317068 CEST49728443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:51:07.530339003 CEST4434972840.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:07.530419111 CEST49728443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:51:07.530422926 CEST4434972840.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:07.717279911 CEST49730443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:07.717323065 CEST4434973023.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:07.717381001 CEST49730443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:07.717538118 CEST49730443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:07.717551947 CEST4434973023.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:07.903589010 CEST4434972840.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:07.903692961 CEST49728443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:51:07.903717041 CEST4434972840.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:07.903848886 CEST4434972840.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:07.904241085 CEST49728443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:51:07.910145998 CEST49728443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:51:07.910171032 CEST4434972840.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:07.986687899 CEST4434973023.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:07.986758947 CEST49730443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:07.987273932 CEST49730443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:07.987279892 CEST4434973023.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:07.987514019 CEST4434973023.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:07.988106012 CEST49730443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:08.032264948 CEST4434973023.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:08.532514095 CEST49732443192.168.2.840.126.24.146
                                                Apr 2, 2025 12:51:08.532572031 CEST4434973240.126.24.146192.168.2.8
                                                Apr 2, 2025 12:51:08.532635927 CEST49732443192.168.2.840.126.24.146
                                                Apr 2, 2025 12:51:08.533380032 CEST49732443192.168.2.840.126.24.146
                                                Apr 2, 2025 12:51:08.533395052 CEST4434973240.126.24.146192.168.2.8
                                                Apr 2, 2025 12:51:08.545753956 CEST4434973023.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:08.545772076 CEST4434973023.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:08.545788050 CEST4434973023.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:08.545818090 CEST49730443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:08.545830965 CEST4434973023.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:08.545844078 CEST4434973023.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:08.545865059 CEST49730443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:08.545897961 CEST49730443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:08.546679974 CEST49730443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:08.546688080 CEST4434973023.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:08.593233109 CEST49734443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:08.593276978 CEST4434973423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:08.593504906 CEST49734443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:08.593900919 CEST49734443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:08.593918085 CEST4434973423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:08.861291885 CEST4434973423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:08.861663103 CEST49734443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:08.861687899 CEST4434973423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:08.861834049 CEST49734443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:08.861846924 CEST4434973423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:08.992157936 CEST4434973240.126.24.146192.168.2.8
                                                Apr 2, 2025 12:51:08.992234945 CEST49732443192.168.2.840.126.24.146
                                                Apr 2, 2025 12:51:08.993514061 CEST49732443192.168.2.840.126.24.146
                                                Apr 2, 2025 12:51:08.993529081 CEST4434973240.126.24.146192.168.2.8
                                                Apr 2, 2025 12:51:08.993850946 CEST4434973240.126.24.146192.168.2.8
                                                Apr 2, 2025 12:51:08.994143009 CEST49732443192.168.2.840.126.24.146
                                                Apr 2, 2025 12:51:08.994174957 CEST4434973240.126.24.146192.168.2.8
                                                Apr 2, 2025 12:51:09.123876095 CEST4434973423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:09.123895884 CEST4434973423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:09.123950005 CEST49734443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:09.123955011 CEST4434973423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:09.124177933 CEST4434973423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:09.124226093 CEST49734443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:09.125058889 CEST49734443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:09.125072956 CEST4434973423.209.72.9192.168.2.8
                                                Apr 2, 2025 12:51:09.125085115 CEST49734443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:09.125128031 CEST49734443192.168.2.823.209.72.9
                                                Apr 2, 2025 12:51:09.974081993 CEST4434973240.126.24.146192.168.2.8
                                                Apr 2, 2025 12:51:09.974217892 CEST49732443192.168.2.840.126.24.146
                                                Apr 2, 2025 12:51:09.974234104 CEST4434973240.126.24.146192.168.2.8
                                                Apr 2, 2025 12:51:09.974289894 CEST4434973240.126.24.146192.168.2.8
                                                Apr 2, 2025 12:51:09.975198984 CEST49732443192.168.2.840.126.24.146
                                                Apr 2, 2025 12:51:10.305938959 CEST49732443192.168.2.840.126.24.146
                                                Apr 2, 2025 12:51:10.305960894 CEST4434973240.126.24.146192.168.2.8
                                                Apr 2, 2025 12:51:13.944386959 CEST49671443192.168.2.8204.79.197.203
                                                Apr 2, 2025 12:51:14.256407976 CEST49671443192.168.2.8204.79.197.203
                                                Apr 2, 2025 12:51:14.866266966 CEST49671443192.168.2.8204.79.197.203
                                                Apr 2, 2025 12:51:16.068990946 CEST49671443192.168.2.8204.79.197.203
                                                Apr 2, 2025 12:51:18.475284100 CEST49671443192.168.2.8204.79.197.203
                                                Apr 2, 2025 12:51:19.316569090 CEST49740443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:51:19.316606045 CEST4434974040.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:19.316705942 CEST49740443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:51:19.317013025 CEST49741443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:51:19.317044973 CEST4434974140.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:19.317156076 CEST49741443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:51:19.317218065 CEST49740443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:51:19.317234993 CEST4434974040.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:19.317316055 CEST49741443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:51:19.317331076 CEST4434974140.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:19.627551079 CEST4434974140.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:19.627885103 CEST49741443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:51:19.627907991 CEST4434974140.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:19.628159046 CEST49741443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:51:19.628175020 CEST4434974140.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:19.628192902 CEST49741443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:51:19.628200054 CEST4434974140.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:19.726190090 CEST4434974040.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:19.728657961 CEST49740443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:51:19.728688955 CEST4434974040.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:20.460190058 CEST4434974140.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:20.460216999 CEST4434974140.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:20.460246086 CEST4434974140.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:20.460285902 CEST49741443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:51:20.460300922 CEST4434974140.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:20.460325956 CEST49741443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:51:20.460335970 CEST4434974140.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:20.460345984 CEST4434974140.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:20.460359097 CEST49741443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:51:20.460364103 CEST4434974140.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:20.460582018 CEST49741443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:51:20.561072111 CEST4434974140.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:20.561098099 CEST4434974140.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:20.561157942 CEST49741443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:51:20.561172009 CEST4434974140.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:20.561184883 CEST49741443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:51:20.561219931 CEST49741443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:51:20.561288118 CEST4434974140.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:20.561340094 CEST4434974140.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:20.561343908 CEST49741443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:51:20.561364889 CEST4434974140.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:20.561404943 CEST49741443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:51:20.561412096 CEST4434974140.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:20.561428070 CEST4434974140.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:20.561475992 CEST49741443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:51:20.603518009 CEST49741443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:51:20.603554964 CEST4434974140.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:22.078898907 CEST49678443192.168.2.820.42.65.90
                                                Apr 2, 2025 12:51:22.382499933 CEST49678443192.168.2.820.42.65.90
                                                Apr 2, 2025 12:51:22.991380930 CEST49678443192.168.2.820.42.65.90
                                                Apr 2, 2025 12:51:23.287869930 CEST49671443192.168.2.8204.79.197.203
                                                Apr 2, 2025 12:51:24.214977026 CEST49678443192.168.2.820.42.65.90
                                                Apr 2, 2025 12:51:26.710628033 CEST49678443192.168.2.820.42.65.90
                                                Apr 2, 2025 12:51:31.525172949 CEST49678443192.168.2.820.42.65.90
                                                Apr 2, 2025 12:51:32.897969007 CEST49671443192.168.2.8204.79.197.203
                                                Apr 2, 2025 12:51:41.131953955 CEST49678443192.168.2.820.42.65.90
                                                Apr 2, 2025 12:51:44.742897034 CEST49752443192.168.2.8142.250.64.100
                                                Apr 2, 2025 12:51:44.742934942 CEST44349752142.250.64.100192.168.2.8
                                                Apr 2, 2025 12:51:44.743016005 CEST49752443192.168.2.8142.250.64.100
                                                Apr 2, 2025 12:51:44.743248940 CEST49752443192.168.2.8142.250.64.100
                                                Apr 2, 2025 12:51:44.743257999 CEST44349752142.250.64.100192.168.2.8
                                                Apr 2, 2025 12:51:45.313474894 CEST44349752142.250.64.100192.168.2.8
                                                Apr 2, 2025 12:51:45.314297915 CEST49752443192.168.2.8142.250.64.100
                                                Apr 2, 2025 12:51:45.314311028 CEST44349752142.250.64.100192.168.2.8
                                                Apr 2, 2025 12:51:55.323489904 CEST44349752142.250.64.100192.168.2.8
                                                Apr 2, 2025 12:51:55.323558092 CEST44349752142.250.64.100192.168.2.8
                                                Apr 2, 2025 12:51:55.323648930 CEST49752443192.168.2.8142.250.64.100
                                                Apr 2, 2025 12:51:56.766199112 CEST49752443192.168.2.8142.250.64.100
                                                Apr 2, 2025 12:51:56.766242027 CEST44349752142.250.64.100192.168.2.8
                                                Apr 2, 2025 12:51:57.278598070 CEST49740443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:51:57.278629065 CEST4434974040.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:57.278830051 CEST49740443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:51:57.278837919 CEST4434974040.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:57.375067949 CEST49757443192.168.2.813.107.246.72
                                                Apr 2, 2025 12:51:57.375121117 CEST4434975713.107.246.72192.168.2.8
                                                Apr 2, 2025 12:51:57.375236988 CEST49757443192.168.2.813.107.246.72
                                                Apr 2, 2025 12:51:57.375577927 CEST49757443192.168.2.813.107.246.72
                                                Apr 2, 2025 12:51:57.375593901 CEST4434975713.107.246.72192.168.2.8
                                                Apr 2, 2025 12:51:57.390603065 CEST49758443192.168.2.840.126.24.149
                                                Apr 2, 2025 12:51:57.390649080 CEST4434975840.126.24.149192.168.2.8
                                                Apr 2, 2025 12:51:57.390768051 CEST49758443192.168.2.840.126.24.149
                                                Apr 2, 2025 12:51:57.390919924 CEST49758443192.168.2.840.126.24.149
                                                Apr 2, 2025 12:51:57.390930891 CEST4434975840.126.24.149192.168.2.8
                                                Apr 2, 2025 12:51:57.723473072 CEST4434975713.107.246.72192.168.2.8
                                                Apr 2, 2025 12:51:57.723932028 CEST49757443192.168.2.813.107.246.72
                                                Apr 2, 2025 12:51:57.723951101 CEST4434975713.107.246.72192.168.2.8
                                                Apr 2, 2025 12:51:58.132530928 CEST4434975840.126.24.149192.168.2.8
                                                Apr 2, 2025 12:51:58.136115074 CEST49758443192.168.2.840.126.24.149
                                                Apr 2, 2025 12:51:58.136138916 CEST4434975840.126.24.149192.168.2.8
                                                Apr 2, 2025 12:51:58.528628111 CEST4434974040.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:58.528676033 CEST4434974040.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:58.528695107 CEST4434974040.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:58.528772116 CEST49740443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:51:58.528814077 CEST4434974040.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:58.528842926 CEST49740443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:51:58.528851032 CEST4434974040.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:58.528881073 CEST49740443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:51:58.528938055 CEST49740443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:51:58.543901920 CEST49760443192.168.2.813.107.246.72
                                                Apr 2, 2025 12:51:58.543926954 CEST4434976013.107.246.72192.168.2.8
                                                Apr 2, 2025 12:51:58.543984890 CEST49760443192.168.2.813.107.246.72
                                                Apr 2, 2025 12:51:58.545286894 CEST49760443192.168.2.813.107.246.72
                                                Apr 2, 2025 12:51:58.545305014 CEST4434976013.107.246.72192.168.2.8
                                                Apr 2, 2025 12:51:58.630280018 CEST4434974040.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:58.630310059 CEST4434974040.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:58.630407095 CEST4434974040.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:58.630417109 CEST49740443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:51:58.630456924 CEST4434974040.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:58.630485058 CEST49740443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:51:58.630512953 CEST49740443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:51:58.630520105 CEST4434974040.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:58.630536079 CEST4434974040.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:58.630570889 CEST49740443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:51:58.630605936 CEST49740443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:51:58.630831003 CEST49740443192.168.2.840.126.24.81
                                                Apr 2, 2025 12:51:58.630846024 CEST4434974040.126.24.81192.168.2.8
                                                Apr 2, 2025 12:51:58.942158937 CEST4434976013.107.246.72192.168.2.8
                                                Apr 2, 2025 12:51:58.981463909 CEST49760443192.168.2.813.107.246.72
                                                Apr 2, 2025 12:51:58.987965107 CEST49760443192.168.2.813.107.246.72
                                                Apr 2, 2025 12:51:58.987979889 CEST4434976013.107.246.72192.168.2.8
                                                Apr 2, 2025 12:51:59.801130056 CEST4970880192.168.2.8142.251.35.163
                                                Apr 2, 2025 12:51:59.905141115 CEST8049708142.251.35.163192.168.2.8
                                                Apr 2, 2025 12:51:59.905214071 CEST4970880192.168.2.8142.251.35.163
                                                Apr 2, 2025 12:52:02.582309008 CEST4434975713.107.246.72192.168.2.8
                                                Apr 2, 2025 12:52:02.582478046 CEST4434975713.107.246.72192.168.2.8
                                                Apr 2, 2025 12:52:02.582541943 CEST49757443192.168.2.813.107.246.72
                                                Apr 2, 2025 12:52:02.634067059 CEST49757443192.168.2.813.107.246.72
                                                Apr 2, 2025 12:52:02.634088039 CEST4434975713.107.246.72192.168.2.8
                                                Apr 2, 2025 12:52:03.770490885 CEST4434976013.107.246.72192.168.2.8
                                                Apr 2, 2025 12:52:03.770652056 CEST4434976013.107.246.72192.168.2.8
                                                Apr 2, 2025 12:52:03.770731926 CEST49760443192.168.2.813.107.246.72
                                                TimestampSource PortDest PortSource IPDest IP
                                                Apr 2, 2025 12:50:40.481156111 CEST53623161.1.1.1192.168.2.8
                                                Apr 2, 2025 12:50:40.481584072 CEST53612581.1.1.1192.168.2.8
                                                Apr 2, 2025 12:50:41.317888021 CEST53499991.1.1.1192.168.2.8
                                                Apr 2, 2025 12:50:41.608186007 CEST53647891.1.1.1192.168.2.8
                                                Apr 2, 2025 12:50:44.679709911 CEST5658153192.168.2.81.1.1.1
                                                Apr 2, 2025 12:50:44.680089951 CEST6490753192.168.2.81.1.1.1
                                                Apr 2, 2025 12:50:44.809525967 CEST53649071.1.1.1192.168.2.8
                                                Apr 2, 2025 12:50:44.814233065 CEST53565811.1.1.1192.168.2.8
                                                Apr 2, 2025 12:50:45.802884102 CEST4938653192.168.2.81.1.1.1
                                                Apr 2, 2025 12:50:45.803167105 CEST5987853192.168.2.81.1.1.1
                                                Apr 2, 2025 12:50:45.943986893 CEST53493861.1.1.1192.168.2.8
                                                Apr 2, 2025 12:50:45.944093943 CEST53598781.1.1.1192.168.2.8
                                                Apr 2, 2025 12:50:57.690160990 CEST4929753192.168.2.81.1.1.1
                                                Apr 2, 2025 12:50:57.690315962 CEST5173253192.168.2.81.1.1.1
                                                Apr 2, 2025 12:50:57.800095081 CEST53492971.1.1.1192.168.2.8
                                                Apr 2, 2025 12:50:57.827167988 CEST53517321.1.1.1192.168.2.8
                                                Apr 2, 2025 12:50:57.944629908 CEST5971853192.168.2.81.1.1.1
                                                Apr 2, 2025 12:50:57.946120977 CEST5007053192.168.2.81.1.1.1
                                                Apr 2, 2025 12:50:58.061444044 CEST53500701.1.1.1192.168.2.8
                                                Apr 2, 2025 12:50:58.069864988 CEST53597181.1.1.1192.168.2.8
                                                Apr 2, 2025 12:50:59.510885954 CEST53568741.1.1.1192.168.2.8
                                                Apr 2, 2025 12:51:05.017302990 CEST5605653192.168.2.81.1.1.1
                                                Apr 2, 2025 12:51:05.018796921 CEST6536753192.168.2.81.1.1.1
                                                Apr 2, 2025 12:51:05.117275000 CEST53653671.1.1.1192.168.2.8
                                                Apr 2, 2025 12:51:05.117373943 CEST53560561.1.1.1192.168.2.8
                                                Apr 2, 2025 12:51:05.156399965 CEST5277553192.168.2.81.1.1.1
                                                Apr 2, 2025 12:51:05.156564951 CEST5951453192.168.2.81.1.1.1
                                                Apr 2, 2025 12:51:05.295547009 CEST53527751.1.1.1192.168.2.8
                                                Apr 2, 2025 12:51:05.297024012 CEST53595141.1.1.1192.168.2.8
                                                Apr 2, 2025 12:51:05.668809891 CEST5087853192.168.2.81.1.1.1
                                                Apr 2, 2025 12:51:05.668978930 CEST5154153192.168.2.81.1.1.1
                                                Apr 2, 2025 12:51:05.796857119 CEST53515411.1.1.1192.168.2.8
                                                Apr 2, 2025 12:51:05.802161932 CEST53508781.1.1.1192.168.2.8
                                                Apr 2, 2025 12:51:07.897480965 CEST53513301.1.1.1192.168.2.8
                                                Apr 2, 2025 12:51:08.392479897 CEST5977553192.168.2.81.1.1.1
                                                Apr 2, 2025 12:51:08.392699003 CEST5873453192.168.2.81.1.1.1
                                                Apr 2, 2025 12:51:08.503395081 CEST53597751.1.1.1192.168.2.8
                                                Apr 2, 2025 12:51:08.534841061 CEST53587341.1.1.1192.168.2.8
                                                Apr 2, 2025 12:51:17.560005903 CEST53605881.1.1.1192.168.2.8
                                                Apr 2, 2025 12:51:21.567827940 CEST53503671.1.1.1192.168.2.8
                                                Apr 2, 2025 12:51:21.723176003 CEST5077253192.168.2.81.1.1.1
                                                Apr 2, 2025 12:51:21.723337889 CEST5336353192.168.2.81.1.1.1
                                                Apr 2, 2025 12:51:21.861985922 CEST53507721.1.1.1192.168.2.8
                                                Apr 2, 2025 12:51:21.901071072 CEST53533631.1.1.1192.168.2.8
                                                Apr 2, 2025 12:51:40.145783901 CEST53612701.1.1.1192.168.2.8
                                                Apr 2, 2025 12:51:40.828469038 CEST53577061.1.1.1192.168.2.8
                                                Apr 2, 2025 12:51:43.820019960 CEST53568361.1.1.1192.168.2.8
                                                Apr 2, 2025 12:51:57.264386892 CEST6423153192.168.2.81.1.1.1
                                                Apr 2, 2025 12:51:57.264548063 CEST6482853192.168.2.81.1.1.1
                                                Apr 2, 2025 12:51:57.371220112 CEST53642311.1.1.1192.168.2.8
                                                Apr 2, 2025 12:51:57.389497995 CEST53648281.1.1.1192.168.2.8
                                                Apr 2, 2025 12:51:58.542973995 CEST6064453192.168.2.81.1.1.1
                                                Apr 2, 2025 12:51:58.543123960 CEST5793053192.168.2.81.1.1.1
                                                Apr 2, 2025 12:51:58.670893908 CEST53606441.1.1.1192.168.2.8
                                                Apr 2, 2025 12:51:58.673932076 CEST53579301.1.1.1192.168.2.8
                                                TimestampSource IPDest IPChecksumCodeType
                                                Apr 2, 2025 12:51:08.534926891 CEST192.168.2.81.1.1.1c29f(Port unreachable)Destination Unreachable
                                                Apr 2, 2025 12:51:21.901129007 CEST192.168.2.81.1.1.1c2c7(Port unreachable)Destination Unreachable
                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                Apr 2, 2025 12:50:44.679709911 CEST192.168.2.81.1.1.10x2622Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:50:44.680089951 CEST192.168.2.81.1.1.10xdb72Standard query (0)www.google.com65IN (0x0001)false
                                                Apr 2, 2025 12:50:45.802884102 CEST192.168.2.81.1.1.10x185eStandard query (0)login.microsoftonline.comA (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:50:45.803167105 CEST192.168.2.81.1.1.10xe655Standard query (0)login.microsoftonline.com65IN (0x0001)false
                                                Apr 2, 2025 12:50:57.690160990 CEST192.168.2.81.1.1.10xdd12Standard query (0)identity.nel.measure.office.netA (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:50:57.690315962 CEST192.168.2.81.1.1.10x79dcStandard query (0)identity.nel.measure.office.net65IN (0x0001)false
                                                Apr 2, 2025 12:50:57.944629908 CEST192.168.2.81.1.1.10x1b64Standard query (0)aadcdn.msftauth.netA (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:50:57.946120977 CEST192.168.2.81.1.1.10x9ae5Standard query (0)aadcdn.msftauth.net65IN (0x0001)false
                                                Apr 2, 2025 12:51:05.017302990 CEST192.168.2.81.1.1.10x3632Standard query (0)aadcdn.msauthimages.netA (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:51:05.018796921 CEST192.168.2.81.1.1.10x3d2bStandard query (0)aadcdn.msauthimages.net65IN (0x0001)false
                                                Apr 2, 2025 12:51:05.156399965 CEST192.168.2.81.1.1.10x1be3Standard query (0)autologon.microsoftazuread-sso.comA (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:51:05.156564951 CEST192.168.2.81.1.1.10x434cStandard query (0)autologon.microsoftazuread-sso.com65IN (0x0001)false
                                                Apr 2, 2025 12:51:05.668809891 CEST192.168.2.81.1.1.10x7bfaStandard query (0)aadcdn.msauthimages.netA (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:51:05.668978930 CEST192.168.2.81.1.1.10xf0e1Standard query (0)aadcdn.msauthimages.net65IN (0x0001)false
                                                Apr 2, 2025 12:51:08.392479897 CEST192.168.2.81.1.1.10xa935Standard query (0)login.microsoftonline.comA (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:51:08.392699003 CEST192.168.2.81.1.1.10x1255Standard query (0)login.microsoftonline.com65IN (0x0001)false
                                                Apr 2, 2025 12:51:21.723176003 CEST192.168.2.81.1.1.10x7b73Standard query (0)passwordreset.microsoftonline.comA (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:51:21.723337889 CEST192.168.2.81.1.1.10xfa91Standard query (0)passwordreset.microsoftonline.com65IN (0x0001)false
                                                Apr 2, 2025 12:51:57.264386892 CEST192.168.2.81.1.1.10x6b9aStandard query (0)login.microsoftonline.comA (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:51:57.264548063 CEST192.168.2.81.1.1.10xc37dStandard query (0)login.microsoftonline.com65IN (0x0001)false
                                                Apr 2, 2025 12:51:58.542973995 CEST192.168.2.81.1.1.10x9360Standard query (0)aadcdn.msftauth.netA (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:51:58.543123960 CEST192.168.2.81.1.1.10x10b3Standard query (0)aadcdn.msftauth.net65IN (0x0001)false
                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                Apr 2, 2025 12:50:44.809525967 CEST1.1.1.1192.168.2.80xdb72No error (0)www.google.com65IN (0x0001)false
                                                Apr 2, 2025 12:50:44.814233065 CEST1.1.1.1192.168.2.80x2622No error (0)www.google.com142.250.64.100A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:50:45.943986893 CEST1.1.1.1192.168.2.80x185eNo error (0)login.microsoftonline.comlogin.mso.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:50:45.943986893 CEST1.1.1.1192.168.2.80x185eNo error (0)login.mso.msidentity.comak.privatelink.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:50:45.943986893 CEST1.1.1.1192.168.2.80x185eNo error (0)ak.privatelink.msidentity.comwww.tm.a.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:50:45.943986893 CEST1.1.1.1192.168.2.80x185eNo error (0)www.tm.a.prd.aadg.trafficmanager.net40.126.24.81A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:50:45.943986893 CEST1.1.1.1192.168.2.80x185eNo error (0)www.tm.a.prd.aadg.trafficmanager.net40.126.24.149A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:50:45.943986893 CEST1.1.1.1192.168.2.80x185eNo error (0)www.tm.a.prd.aadg.trafficmanager.net40.126.24.147A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:50:45.943986893 CEST1.1.1.1192.168.2.80x185eNo error (0)www.tm.a.prd.aadg.trafficmanager.net40.126.24.82A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:50:45.943986893 CEST1.1.1.1192.168.2.80x185eNo error (0)www.tm.a.prd.aadg.trafficmanager.net40.126.24.146A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:50:45.943986893 CEST1.1.1.1192.168.2.80x185eNo error (0)www.tm.a.prd.aadg.trafficmanager.net40.126.24.148A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:50:45.943986893 CEST1.1.1.1192.168.2.80x185eNo error (0)www.tm.a.prd.aadg.trafficmanager.net20.190.152.20A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:50:45.943986893 CEST1.1.1.1192.168.2.80x185eNo error (0)www.tm.a.prd.aadg.trafficmanager.net20.190.152.21A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:50:45.944093943 CEST1.1.1.1192.168.2.80xe655No error (0)login.microsoftonline.comlogin.mso.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:50:45.944093943 CEST1.1.1.1192.168.2.80xe655No error (0)login.mso.msidentity.comak.privatelink.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:50:45.944093943 CEST1.1.1.1192.168.2.80xe655No error (0)ak.privatelink.msidentity.comwww.tm.a.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:50:46.689438105 CEST1.1.1.1192.168.2.80xf30bNo error (0)na.privatelink.msidentity.comprdf.aadg.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:50:46.689438105 CEST1.1.1.1192.168.2.80xf30bNo error (0)prdf.aadg.msidentity.comwww.tm.f.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:50:46.732870102 CEST1.1.1.1192.168.2.80x37aeNo error (0)na.privatelink.msidentity.comprdf.aadg.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:50:46.732870102 CEST1.1.1.1192.168.2.80x37aeNo error (0)prdf.aadg.msidentity.comwww.tm.f.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:50:46.732870102 CEST1.1.1.1192.168.2.80x37aeNo error (0)www.tm.f.prd.aadg.trafficmanager.net20.190.152.80A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:50:46.732870102 CEST1.1.1.1192.168.2.80x37aeNo error (0)www.tm.f.prd.aadg.trafficmanager.net20.190.152.23A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:50:46.732870102 CEST1.1.1.1192.168.2.80x37aeNo error (0)www.tm.f.prd.aadg.trafficmanager.net40.126.24.145A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:50:46.732870102 CEST1.1.1.1192.168.2.80x37aeNo error (0)www.tm.f.prd.aadg.trafficmanager.net40.126.24.16A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:50:46.732870102 CEST1.1.1.1192.168.2.80x37aeNo error (0)www.tm.f.prd.aadg.trafficmanager.net20.190.152.144A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:50:55.791737080 CEST1.1.1.1192.168.2.80x2953No error (0)shed.dual-low.s-part-0012.t-0009.t-msedge.nets-part-0012.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:50:55.791737080 CEST1.1.1.1192.168.2.80x2953No error (0)s-part-0012.t-0009.t-msedge.net13.107.246.40A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:50:57.800095081 CEST1.1.1.1192.168.2.80xdd12No error (0)identity.nel.measure.office.netnel.measure.office.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:50:57.800095081 CEST1.1.1.1192.168.2.80xdd12No error (0)nel.measure.office.net.edgesuite.neta1894.dscb.akamai.netCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:50:57.800095081 CEST1.1.1.1192.168.2.80xdd12No error (0)a1894.dscb.akamai.net23.55.235.240A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:50:57.800095081 CEST1.1.1.1192.168.2.80xdd12No error (0)a1894.dscb.akamai.net23.55.235.168A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:50:57.827167988 CEST1.1.1.1192.168.2.80x79dcNo error (0)identity.nel.measure.office.netnel.measure.office.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:50:57.827167988 CEST1.1.1.1192.168.2.80x79dcNo error (0)nel.measure.office.net.edgesuite.neta1894.dscb.akamai.netCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:50:58.061444044 CEST1.1.1.1192.168.2.80x9ae5No error (0)aadcdn.msftauth.netwww.tm.aadcdn.msftauth.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:50:58.061444044 CEST1.1.1.1192.168.2.80x9ae5No error (0)www.tm.aadcdn.msftauth.trafficmanager.netaadcdn.msftauth.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:50:58.061444044 CEST1.1.1.1192.168.2.80x9ae5No error (0)aadcdn.msftauth.edgekey.nete329293.dscd.akamaiedge.netCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:50:58.069864988 CEST1.1.1.1192.168.2.80x1b64No error (0)aadcdn.msftauth.netwww.tm.aadcdn.msftauth.akadns.netCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:50:58.069864988 CEST1.1.1.1192.168.2.80x1b64No error (0)www.tm.aadcdn.msftauth.akadns.netaadcdn.msftauth.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:50:58.069864988 CEST1.1.1.1192.168.2.80x1b64No error (0)aadcdn.msftauth.edgekey.nete329293.dscd.akamaiedge.netCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:50:58.069864988 CEST1.1.1.1192.168.2.80x1b64No error (0)e329293.dscd.akamaiedge.net23.209.72.9A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:50:58.069864988 CEST1.1.1.1192.168.2.80x1b64No error (0)e329293.dscd.akamaiedge.net23.209.72.31A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:51:03.055171013 CEST1.1.1.1192.168.2.80x28deNo error (0)shed.dual-low.s-part-0012.t-0009.t-msedge.nets-part-0012.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:51:03.055171013 CEST1.1.1.1192.168.2.80x28deNo error (0)s-part-0012.t-0009.t-msedge.net13.107.246.40A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:51:05.117275000 CEST1.1.1.1192.168.2.80x3d2bNo error (0)aadcdn.msauthimages.netwww.tm.aadmsodsxstore01prod.msauthimages.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:51:05.117275000 CEST1.1.1.1192.168.2.80x3d2bNo error (0)www.tm.aadmsodsxstore01prod.msauthimages.trafficmanager.netaadmsodsxstore01prod.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:51:05.117275000 CEST1.1.1.1192.168.2.80x3d2bNo error (0)aadmsodsxstore01prod.edgekey.nete329293.dscd.akamaiedge.netCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:51:05.117373943 CEST1.1.1.1192.168.2.80x3632No error (0)aadcdn.msauthimages.netwww.tm.aadmsodsxstore01prod.msauthimages.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:51:05.117373943 CEST1.1.1.1192.168.2.80x3632No error (0)www.tm.aadmsodsxstore01prod.msauthimages.trafficmanager.netaadmsodsxstore01prod.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:51:05.117373943 CEST1.1.1.1192.168.2.80x3632No error (0)aadmsodsxstore01prod.edgekey.nete329293.dscd.akamaiedge.netCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:51:05.117373943 CEST1.1.1.1192.168.2.80x3632No error (0)e329293.dscd.akamaiedge.net23.209.72.9A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:51:05.117373943 CEST1.1.1.1192.168.2.80x3632No error (0)e329293.dscd.akamaiedge.net23.209.72.31A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:51:05.295547009 CEST1.1.1.1192.168.2.80x1be3No error (0)autologon.microsoftazuread-sso.com40.126.24.146A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:51:05.295547009 CEST1.1.1.1192.168.2.80x1be3No error (0)autologon.microsoftazuread-sso.com40.126.24.83A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:51:05.295547009 CEST1.1.1.1192.168.2.80x1be3No error (0)autologon.microsoftazuread-sso.com20.190.152.19A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:51:05.295547009 CEST1.1.1.1192.168.2.80x1be3No error (0)autologon.microsoftazuread-sso.com40.126.24.148A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:51:05.295547009 CEST1.1.1.1192.168.2.80x1be3No error (0)autologon.microsoftazuread-sso.com20.190.152.22A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:51:05.295547009 CEST1.1.1.1192.168.2.80x1be3No error (0)autologon.microsoftazuread-sso.com40.126.24.84A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:51:05.295547009 CEST1.1.1.1192.168.2.80x1be3No error (0)autologon.microsoftazuread-sso.com40.126.24.82A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:51:05.295547009 CEST1.1.1.1192.168.2.80x1be3No error (0)autologon.microsoftazuread-sso.com20.190.152.21A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:51:05.796857119 CEST1.1.1.1192.168.2.80xf0e1No error (0)aadcdn.msauthimages.netwww.tm.aadmsodsxstore01prod.msauthimages.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:51:05.796857119 CEST1.1.1.1192.168.2.80xf0e1No error (0)www.tm.aadmsodsxstore01prod.msauthimages.trafficmanager.netaadmsodsxstore01prod.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:51:05.796857119 CEST1.1.1.1192.168.2.80xf0e1No error (0)aadmsodsxstore01prod.edgekey.nete329293.dscd.akamaiedge.netCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:51:05.802161932 CEST1.1.1.1192.168.2.80x7bfaNo error (0)aadcdn.msauthimages.netwww.tm.aadmsodsxstore01prod.msauthimages.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:51:05.802161932 CEST1.1.1.1192.168.2.80x7bfaNo error (0)www.tm.aadmsodsxstore01prod.msauthimages.trafficmanager.netaadmsodsxstore01prod.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:51:05.802161932 CEST1.1.1.1192.168.2.80x7bfaNo error (0)aadmsodsxstore01prod.edgekey.nete329293.dscd.akamaiedge.netCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:51:05.802161932 CEST1.1.1.1192.168.2.80x7bfaNo error (0)e329293.dscd.akamaiedge.net23.209.72.9A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:51:05.802161932 CEST1.1.1.1192.168.2.80x7bfaNo error (0)e329293.dscd.akamaiedge.net23.209.72.31A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:51:08.503395081 CEST1.1.1.1192.168.2.80xa935No error (0)login.microsoftonline.comlogin.mso.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:51:08.503395081 CEST1.1.1.1192.168.2.80xa935No error (0)login.mso.msidentity.comak.privatelink.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:51:08.503395081 CEST1.1.1.1192.168.2.80xa935No error (0)ak.privatelink.msidentity.comwww.tm.a.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:51:08.503395081 CEST1.1.1.1192.168.2.80xa935No error (0)www.tm.a.prd.aadg.trafficmanager.net40.126.24.146A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:51:08.503395081 CEST1.1.1.1192.168.2.80xa935No error (0)www.tm.a.prd.aadg.trafficmanager.net40.126.24.149A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:51:08.503395081 CEST1.1.1.1192.168.2.80xa935No error (0)www.tm.a.prd.aadg.trafficmanager.net40.126.24.148A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:51:08.503395081 CEST1.1.1.1192.168.2.80xa935No error (0)www.tm.a.prd.aadg.trafficmanager.net20.190.152.20A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:51:08.503395081 CEST1.1.1.1192.168.2.80xa935No error (0)www.tm.a.prd.aadg.trafficmanager.net40.126.24.84A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:51:08.503395081 CEST1.1.1.1192.168.2.80xa935No error (0)www.tm.a.prd.aadg.trafficmanager.net40.126.24.83A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:51:08.503395081 CEST1.1.1.1192.168.2.80xa935No error (0)www.tm.a.prd.aadg.trafficmanager.net20.190.152.21A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:51:08.503395081 CEST1.1.1.1192.168.2.80xa935No error (0)www.tm.a.prd.aadg.trafficmanager.net40.126.24.147A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:51:08.534841061 CEST1.1.1.1192.168.2.80x1255No error (0)login.microsoftonline.comlogin.mso.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:51:08.534841061 CEST1.1.1.1192.168.2.80x1255No error (0)login.mso.msidentity.comak.privatelink.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:51:08.534841061 CEST1.1.1.1192.168.2.80x1255No error (0)ak.privatelink.msidentity.comwww.tm.a.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:51:21.861985922 CEST1.1.1.1192.168.2.80x7b73No error (0)passwordreset.microsoftonline.compasswordreset.mso.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:51:21.861985922 CEST1.1.1.1192.168.2.80x7b73No error (0)passwordreset.mso.msidentity.comna.privatelink.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:51:21.861985922 CEST1.1.1.1192.168.2.80x7b73No error (0)na.privatelink.msidentity.comprdf.aadg.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:51:21.861985922 CEST1.1.1.1192.168.2.80x7b73No error (0)prdf.aadg.msidentity.comwww.tm.f.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:51:21.861985922 CEST1.1.1.1192.168.2.80x7b73No error (0)www.tm.f.prd.aadg.trafficmanager.net40.126.35.132A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:51:21.861985922 CEST1.1.1.1192.168.2.80x7b73No error (0)www.tm.f.prd.aadg.trafficmanager.net20.190.163.23A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:51:21.861985922 CEST1.1.1.1192.168.2.80x7b73No error (0)www.tm.f.prd.aadg.trafficmanager.net20.190.163.128A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:51:21.861985922 CEST1.1.1.1192.168.2.80x7b73No error (0)www.tm.f.prd.aadg.trafficmanager.net40.126.35.131A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:51:21.861985922 CEST1.1.1.1192.168.2.80x7b73No error (0)www.tm.f.prd.aadg.trafficmanager.net20.190.163.0A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:51:21.901071072 CEST1.1.1.1192.168.2.80xfa91No error (0)passwordreset.microsoftonline.compasswordreset.mso.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:51:21.901071072 CEST1.1.1.1192.168.2.80xfa91No error (0)passwordreset.mso.msidentity.comna.privatelink.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:51:21.901071072 CEST1.1.1.1192.168.2.80xfa91No error (0)na.privatelink.msidentity.comprdf.aadg.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:51:21.901071072 CEST1.1.1.1192.168.2.80xfa91No error (0)prdf.aadg.msidentity.comwww.tm.f.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:51:57.361855030 CEST1.1.1.1192.168.2.80x8a97No error (0)shed.dual-low.s-part-0044.t-0009.t-msedge.nets-part-0044.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:51:57.361855030 CEST1.1.1.1192.168.2.80x8a97No error (0)s-part-0044.t-0009.t-msedge.net13.107.246.72A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:51:57.371220112 CEST1.1.1.1192.168.2.80x6b9aNo error (0)login.microsoftonline.comlogin.mso.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:51:57.371220112 CEST1.1.1.1192.168.2.80x6b9aNo error (0)login.mso.msidentity.comak.privatelink.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:51:57.371220112 CEST1.1.1.1192.168.2.80x6b9aNo error (0)ak.privatelink.msidentity.comwww.tm.a.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:51:57.371220112 CEST1.1.1.1192.168.2.80x6b9aNo error (0)www.tm.a.prd.aadg.trafficmanager.net40.126.24.149A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:51:57.371220112 CEST1.1.1.1192.168.2.80x6b9aNo error (0)www.tm.a.prd.aadg.trafficmanager.net20.190.152.20A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:51:57.371220112 CEST1.1.1.1192.168.2.80x6b9aNo error (0)www.tm.a.prd.aadg.trafficmanager.net40.126.24.83A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:51:57.371220112 CEST1.1.1.1192.168.2.80x6b9aNo error (0)www.tm.a.prd.aadg.trafficmanager.net40.126.24.148A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:51:57.371220112 CEST1.1.1.1192.168.2.80x6b9aNo error (0)www.tm.a.prd.aadg.trafficmanager.net40.126.24.147A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:51:57.371220112 CEST1.1.1.1192.168.2.80x6b9aNo error (0)www.tm.a.prd.aadg.trafficmanager.net20.190.152.19A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:51:57.371220112 CEST1.1.1.1192.168.2.80x6b9aNo error (0)www.tm.a.prd.aadg.trafficmanager.net20.190.152.22A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:51:57.371220112 CEST1.1.1.1192.168.2.80x6b9aNo error (0)www.tm.a.prd.aadg.trafficmanager.net40.126.24.81A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:51:57.389497995 CEST1.1.1.1192.168.2.80xc37dNo error (0)login.microsoftonline.comlogin.mso.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:51:57.389497995 CEST1.1.1.1192.168.2.80xc37dNo error (0)login.mso.msidentity.comak.privatelink.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:51:57.389497995 CEST1.1.1.1192.168.2.80xc37dNo error (0)ak.privatelink.msidentity.comwww.tm.a.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:51:58.670893908 CEST1.1.1.1192.168.2.80x9360No error (0)aadcdn.msftauth.netwww.tm.aadcdn.msftauth.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:51:58.670893908 CEST1.1.1.1192.168.2.80x9360No error (0)www.tm.aadcdn.msftauth.trafficmanager.netaadcdn.msftauth.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:51:58.670893908 CEST1.1.1.1192.168.2.80x9360No error (0)aadcdn.msftauth.edgekey.nete329293.dscd.akamaiedge.netCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:51:58.670893908 CEST1.1.1.1192.168.2.80x9360No error (0)e329293.dscd.akamaiedge.net23.209.72.9A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:51:58.670893908 CEST1.1.1.1192.168.2.80x9360No error (0)e329293.dscd.akamaiedge.net23.209.72.31A (IP address)IN (0x0001)false
                                                Apr 2, 2025 12:51:58.673932076 CEST1.1.1.1192.168.2.80x10b3No error (0)aadcdn.msftauth.netwww.tm.aadcdn.msftauth.akadns.netCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:51:58.673932076 CEST1.1.1.1192.168.2.80x10b3No error (0)www.tm.aadcdn.msftauth.akadns.netaadcdn.msftauth.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                Apr 2, 2025 12:51:58.673932076 CEST1.1.1.1192.168.2.80x10b3No error (0)aadcdn.msftauth.edgekey.nete329293.dscd.akamaiedge.netCNAME (Canonical name)IN (0x0001)false
                                                • login.microsoftonline.com
                                                  • aadcdn.msauthimages.net
                                                  • autologon.microsoftazuread-sso.com
                                                • identity.nel.measure.office.net
                                                • c.pki.goog
                                                Session IDSource IPSource PortDestination IPDestination Port
                                                0192.168.2.849708142.251.35.16380
                                                TimestampBytes transferredDirectionData
                                                Apr 2, 2025 12:50:58.980839968 CEST202OUTGET /r/gsr1.crl HTTP/1.1
                                                Cache-Control: max-age = 3000
                                                Connection: Keep-Alive
                                                Accept: */*
                                                If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMT
                                                User-Agent: Microsoft-CryptoAPI/10.0
                                                Host: c.pki.goog
                                                Apr 2, 2025 12:50:59.114953995 CEST223INHTTP/1.1 304 Not Modified
                                                Date: Wed, 02 Apr 2025 10:32:01 GMT
                                                Expires: Wed, 02 Apr 2025 11:22:01 GMT
                                                Age: 1138
                                                Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT
                                                Cache-Control: public, max-age=3000
                                                Vary: Accept-Encoding
                                                Apr 2, 2025 12:50:59.120886087 CEST200OUTGET /r/r4.crl HTTP/1.1
                                                Cache-Control: max-age = 3000
                                                Connection: Keep-Alive
                                                Accept: */*
                                                If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT
                                                User-Agent: Microsoft-CryptoAPI/10.0
                                                Host: c.pki.goog
                                                Apr 2, 2025 12:50:59.256283998 CEST223INHTTP/1.1 304 Not Modified
                                                Date: Wed, 02 Apr 2025 10:32:01 GMT
                                                Expires: Wed, 02 Apr 2025 11:22:01 GMT
                                                Age: 1138
                                                Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
                                                Cache-Control: public, max-age=3000
                                                Vary: Accept-Encoding


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                0192.168.2.84969240.126.24.814435832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2025-04-02 10:50:46 UTC904OUTGET /redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d99d20d2d-8923-45d8-b9ad-5038c97582e3%26user%3d1e1aadac-fe48-43cc-8022-e2f9bbd92e33%26ticket%3dlLVj1lKTxCDGt1cqkCQXytiMqw4wvbQIxUgS7dyj1lA%25253d%26ver%3d2.0 HTTP/1.1
                                                Host: login.microsoftonline.com
                                                Connection: keep-alive
                                                sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                                sec-ch-ua-mobile: ?0
                                                sec-ch-ua-platform: "Windows"
                                                Upgrade-Insecure-Requests: 1
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: navigate
                                                Sec-Fetch-User: ?1
                                                Sec-Fetch-Dest: document
                                                Accept-Encoding: gzip, deflate, br, zstd
                                                Accept-Language: en-US,en;q=0.9
                                                2025-04-02 10:50:46 UTC2221INHTTP/1.1 302 Found
                                                Cache-Control: no-store, no-cache
                                                Pragma: no-cache
                                                Content-Type: text/html; charset=utf-8
                                                Expires: -1
                                                Location: https://invitations.microsoft.com/redeem/?tenant=99d20d2d-8923-45d8-b9ad-5038c97582e3&user=1e1aadac-fe48-43cc-8022-e2f9bbd92e33&ticket=lLVj1lKTxCDGt1cqkCQXytiMqw4wvbQIxUgS7dyj1lA%253d&ver=2.0#
                                                Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                X-Content-Type-Options: nosniff
                                                P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                x-ms-request-id: 8765b11a-7a32-48de-9c65-e2a59f5a0100
                                                x-ms-ests-server: 2.1.20393.4 - SCUS ProdSlices
                                                report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+bno"}]}
                                                nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
                                                x-ms-srs: 1.P
                                                Referrer-Policy: strict-origin-when-cross-origin
                                                Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-xyMwOfX-PR6SXGFOS8t3NQ' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All
                                                X-XSS-Protection: 0
                                                Set-Cookie: rrc=1; expires=Wed, 02-Apr-2025 11:00:46 GMT; path=/; secure; HttpOnly; SameSite=None
                                                Set-Cookie: fpc=AvDAnQt0nJlPrSSx6rgg6P4; expires=Fri, 02-May-2025 10:50:46 GMT; path=/; secure; HttpOnly; SameSite=None
                                                Set-Cookie: esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEyl3cSxfa3KeN_Xs7Z3ySSCx73SGCzZhiT1fsrolEXhUmJ0VaJUKzKIEIpV_qX1xBlW-VDxU5kO0ucO9Yc36ElfeRzNr375QwMRZcnppkQNsgZHREc1To8wDOSy2CiIQqOu7KUm7LKFbqy9KgxrUPEAUPEAWstV0iXDcVbf_YmzMgAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
                                                Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
                                                Set-Cookie: stsservicecookie=estsfd; path=/; secure; samesite=none; httponly
                                                Date: Wed, 02 Apr 2025 10:50:45 GMT
                                                Connection: close
                                                Content-Length: 321
                                                2025-04-02 10:50:46 UTC321INData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 69 6e 76 69 74 61 74 69 6f 6e 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 72 65 64 65 65 6d 2f 3f 74 65 6e 61 6e 74 3d 39 39 64 32 30 64 32 64 2d 38 39 32 33 2d 34 35 64 38 2d 62 39 61 64 2d 35 30 33 38 63 39 37 35 38 32 65 33 26 61 6d 70 3b 75 73 65 72 3d 31 65 31 61 61 64 61 63 2d 66 65 34 38 2d 34 33 63 63 2d 38 30 32 32 2d 65 32 66 39 62 62 64 39 32 65 33 33 26 61 6d 70 3b 74 69 63 6b 65 74 3d 6c 4c 56 6a 31 6c 4b 54 78 43 44 47 74 31 63 71 6b 43 51 58 79 74 69 4d 71 77 34 77 76
                                                Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="https://invitations.microsoft.com/redeem/?tenant=99d20d2d-8923-45d8-b9ad-5038c97582e3&amp;user=1e1aadac-fe48-43cc-8022-e2f9bbd92e33&amp;ticket=lLVj1lKTxCDGt1cqkCQXytiMqw4wv


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                1192.168.2.84969140.126.24.814435832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2025-04-02 10:50:54 UTC2345OUTGET /99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DYVtkRE25M_ZZDf-6T1FR4Yjad5bP-n_eTJ0M3Ae5TM_ESKltd-CCbdWJ5QBzZZRqjqgES7faEbgOA470JRH40urpDLxRk9jv7pHNUvOy7FIQ-qj99l3YP4qDk-aV7ypiE1bX5Z3_qMwzUSwBLSAF7y2eec0Vs4WMITSLI5EJDJg3xXKZOzflXWCraNZ9ACKMuf8huqjYmj8kbXWG9SmWc3k3cSMCA0oWf51Q7XpKvhXHHxICZNIrNFLkGoxxD43lEV0cL__CNYO9cOaZpvPtkcTjA85n2YXNLIqnfPj5s5rdm4j08Own3syhiJTuZ7cVRfwoYn_sbSDPb_dYKmbyFppdsepWsT8b6F9eDoqOkY7GI8Ci18OdOPHclNSEL8CZgRwOy8dPCXr25SoLIalM5OtYaC2SOXVEFj8CIVINqJNUFT00HxZlfJLniduCQU-6uyFXc4Mrwl-YB874rnfxNt6jubtFeOE524JAYqT4-ZIayrn6_5rsyHshb14VgRZe0YO338whIaQkZ0UrFzaJ1tZ1S64OKSnlAF7270LQovRa5nu87XnaWHUd0UVjDsuPLbQ9lsksU6SkbdFfV323kUU5SJjKKoutvG8bMifAbBvxG-D--FZPCUP3G3TtQV8xJw7SNfvNa1LpmVBPfL7vMdRoj02lDSr_Oh-o04T-Jvz6xUPEarg7Vc5AF6OlvFELymZAeBDh4oZoK66U7JrX2CMdpIxAeeR9N4_mU_uXaNrVaxCZS_e-EHsyFOlnsuDjBYMR [TRUNCATED]
                                                Host: login.microsoftonline.com
                                                Connection: keep-alive
                                                Upgrade-Insecure-Requests: 1
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: navigate
                                                Sec-Fetch-User: ?1
                                                Sec-Fetch-Dest: document
                                                sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                                sec-ch-ua-mobile: ?0
                                                sec-ch-ua-platform: "Windows"
                                                Accept-Encoding: gzip, deflate, br, zstd
                                                Accept-Language: en-US,en;q=0.9
                                                Cookie: rrc=1; fpc=AvDAnQt0nJlPrSSx6rgg6P4; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEyl3cSxfa3KeN_Xs7Z3ySSCx73SGCzZhiT1fsrolEXhUmJ0VaJUKzKIEIpV_qX1xBlW-VDxU5kO0ucO9Yc36ElfeRzNr375QwMRZcnppkQNsgZHREc1To8wDOSy2CiIQqOu7KUm7LKFbqy9KgxrUPEAUPEAWstV0iXDcVbf_YmzMgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
                                                2025-04-02 10:50:55 UTC1855INHTTP/1.1 200 OK
                                                Cache-Control: no-store, no-cache
                                                Pragma: no-cache
                                                Content-Type: text/html; charset=utf-8
                                                Expires: -1
                                                Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                X-Content-Type-Options: nosniff
                                                P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                x-ms-request-id: f34cd41b-0c05-4521-8000-ded0272d3600
                                                x-ms-ests-server: 2.1.20393.4 - FRC ProdSlices
                                                report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+bno"}]}
                                                nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
                                                x-ms-clitelem: 1,50168,0,,
                                                x-ms-srs: 1.P
                                                Referrer-Policy: strict-origin-when-cross-origin
                                                Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-7K_h3Mt_HD1wgzT77VDr8g' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All
                                                X-XSS-Protection: 0
                                                Set-Cookie: esctx-L7lu82brbzg=AQABCQEAAABVrSpeuWamRam2jAF1XRQER2jqJRhygbI5Oml3fpaSIxJKuAXHcLTwnGxfA1pQTXkhODjKTuq2i6I9fOBAXu-JTdyBr8r5zghTvxww91ERqPLxMHRXxPtrQAaa_-0IN1vws-SdaWt06UCA7jjQui6d_RpVk5yeK5GGtMmjTfWTASAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
                                                Set-Cookie: fpc=AvDAnQt0nJlPrSSx6rgg6P4; expires=Fri, 02-May-2025 10:50:54 GMT; path=/; secure; HttpOnly; SameSite=None
                                                Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
                                                Date: Wed, 02 Apr 2025 10:50:53 GMT
                                                Connection: close
                                                Content-Length: 22033
                                                2025-04-02 10:50:55 UTC14529INData Raw: 0d 0a 0d 0a 3c 21 2d 2d 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 20 2d 2d 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 52 65 64 69 72 65 63 74 69 6e 67 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e
                                                Data Ascii: ... Copyright (C) Microsoft Corporation. All rights reserved. --><!DOCTYPE html><html><head> <title>Redirecting</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" conten
                                                2025-04-02 10:50:55 UTC7504INData Raw: 72 20 64 2c 6c 2c 66 3d 77 69 6e 64 6f 77 2c 67 3d 66 2e 64 6f 63 75 6d 65 6e 74 2c 76 3d 22 2e 63 73 73 22 3b 63 2e 4f 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 72 2c 74 29 7b 69 66 28 21 65 29 7b 74 68 72 6f 77 22 54 68 65 20 74 61 72 67 65 74 20 65 6c 65 6d 65 6e 74 20 6d 75 73 74 20 62 65 20 70 72 6f 76 69 64 65 64 20 61 6e 64 20 63 61 6e 6e 6f 74 20 62 65 20 6e 75 6c 6c 2e 22 7d 72 3f 63 2e 4f 6e 45 72 72 6f 72 28 65 2c 74 29 3a 63 2e 4f 6e 53 75 63 63 65 73 73 28 65 2c 74 29 7d 2c 63 2e 4f 6e 53 75 63 63 65 73 73 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 69 66 28 21 65 29 7b 74 68 72 6f 77 22 54 68 65 20 74 61 72 67 65 74 20 65 6c 65 6d 65 6e 74 20 6d 75 73 74 20 62 65 20 70 72 6f 76 69 64 65 64 20 61 6e 64 20 63 61 6e 6e 6f 74 20 62 65 20 6e 75 6c
                                                Data Ascii: r d,l,f=window,g=f.document,v=".css";c.On=function(e,r,t){if(!e){throw"The target element must be provided and cannot be null."}r?c.OnError(e,t):c.OnSuccess(e,t)},c.OnSuccess=function(e,t){if(!e){throw"The target element must be provided and cannot be nul


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                2192.168.2.84970340.126.24.814435832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2025-04-02 10:50:57 UTC3998OUTGET /99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DYVtkRE25M_ZZDf-6T1FR4Yjad5bP-n_eTJ0M3Ae5TM_ESKltd-CCbdWJ5QBzZZRqjqgES7faEbgOA470JRH40urpDLxRk9jv7pHNUvOy7FIQ-qj99l3YP4qDk-aV7ypiE1bX5Z3_qMwzUSwBLSAF7y2eec0Vs4WMITSLI5EJDJg3xXKZOzflXWCraNZ9ACKMuf8huqjYmj8kbXWG9SmWc3k3cSMCA0oWf51Q7XpKvhXHHxICZNIrNFLkGoxxD43lEV0cL__CNYO9cOaZpvPtkcTjA85n2YXNLIqnfPj5s5rdm4j08Own3syhiJTuZ7cVRfwoYn_sbSDPb_dYKmbyFppdsepWsT8b6F9eDoqOkY7GI8Ci18OdOPHclNSEL8CZgRwOy8dPCXr25SoLIalM5OtYaC2SOXVEFj8CIVINqJNUFT00HxZlfJLniduCQU-6uyFXc4Mrwl-YB874rnfxNt6jubtFeOE524JAYqT4-ZIayrn6_5rsyHshb14VgRZe0YO338whIaQkZ0UrFzaJ1tZ1S64OKSnlAF7270LQovRa5nu87XnaWHUd0UVjDsuPLbQ9lsksU6SkbdFfV323kUU5SJjKKoutvG8bMifAbBvxG-D--FZPCUP3G3TtQV8xJw7SNfvNa1LpmVBPfL7vMdRoj02lDSr_Oh-o04T-Jvz6xUPEarg7Vc5AF6OlvFELymZAeBDh4oZoK66U7JrX2CMdpIxAeeR9N4_mU_uXaNrVaxCZS_e-EHsyFOlnsuDjBYMR [TRUNCATED]
                                                Host: login.microsoftonline.com
                                                Connection: keep-alive
                                                sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                                sec-ch-ua-mobile: ?0
                                                sec-ch-ua-platform: "Windows"
                                                Upgrade-Insecure-Requests: 1
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Sec-Fetch-Site: same-origin
                                                Sec-Fetch-Mode: navigate
                                                Sec-Fetch-Dest: document
                                                Referer: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DYVtkRE25M_ZZDf-6T1FR4Yjad5bP-n_eTJ0M3Ae5TM_ESKltd-CCbdWJ5QBzZZRqjqgES7faEbgOA470JRH40urpDLxRk9jv7pHNUvOy7FIQ-qj99l3YP4qDk-aV7ypiE1bX5Z3_qMwzUSwBLSAF7y2eec0Vs4WMITSLI5EJDJg3xXKZOzflXWCraNZ9ACKMuf8huqjYmj8kbXWG9SmWc3k3cSMCA0oWf51Q7XpKvhXHHxICZNIrNFLkGoxxD43lEV0cL__CNYO9cOaZpvPtkcTjA85n2YXNLIqnfPj5s5rdm4j08Own3syhiJTuZ7cVRfwoYn_sbSDPb_dYKmbyFppdsepWsT8b6F9eDoqOkY7GI8Ci18OdOPHclNSEL8CZgRwOy8dPCXr25SoLIalM5OtYaC2SOXVEFj8CIVINqJNUFT00HxZlfJLniduCQU-6uyFXc4Mrwl-YB874rnfxNt6jubtFeOE524JAYqT4-ZIayrn6_5rsyHshb14VgRZe0YO338whIaQkZ0UrFzaJ1tZ1S64OKSnlAF7270LQovRa5nu87XnaWHUd0UVjDsuPLbQ9lsksU6SkbdFfV323kUU5SJjKKoutvG8bMifAbBvxG-D--FZPCUP3G3TtQV8xJw7SNfvNa1LpmVBPfL7vMdRoj02lDSr_Oh-o04T-Jvz6xUPEarg7Vc5AF6OlvFELymZAeBDh4oZoK66U7JrX2CMdpIxAee [TRUNCATED]
                                                Accept-Encoding: gzip, deflate, br, zstd
                                                Accept-Language: en-US,en;q=0.9
                                                Cookie: rrc=1; fpc=AvDAnQt0nJlPrSSx6rgg6P4; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEyl3cSxfa3KeN_Xs7Z3ySSCx73SGCzZhiT1fsrolEXhUmJ0VaJUKzKIEIpV_qX1xBlW-VDxU5kO0ucO9Yc36ElfeRzNr375QwMRZcnppkQNsgZHREc1To8wDOSy2CiIQqOu7KUm7LKFbqy9KgxrUPEAUPEAWstV0iXDcVbf_YmzMgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-L7lu82brbzg=AQABCQEAAABVrSpeuWamRam2jAF1XRQER2jqJRhygbI5Oml3fpaSIxJKuAXHcLTwnGxfA1pQTXkhODjKTuq2i6I9fOBAXu-JTdyBr8r5zghTvxww91ERqPLxMHRXxPtrQAaa_-0IN1vws-SdaWt06UCA7jjQui6d_RpVk5yeK5GGtMmjTfWTASAA; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1
                                                2025-04-02 10:50:57 UTC2682INHTTP/1.1 200 OK
                                                Cache-Control: no-store, no-cache
                                                Pragma: no-cache
                                                Content-Type: text/html; charset=utf-8
                                                Expires: -1
                                                Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                X-Content-Type-Options: nosniff
                                                X-Frame-Options: DENY
                                                Link: <https://aadcdn.msauth.net>; rel=preconnect; crossorigin,<https://aadcdn.msauth.net>; rel=dns-prefetch,<https://aadcdn.msftauth.net>; rel=dns-prefetch
                                                X-DNS-Prefetch-Control: on
                                                P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                x-ms-request-id: 72ed7ed3-75ea-4739-8f69-285087861100
                                                x-ms-ests-server: 2.1.20393.4 - SEC ProdSlices
                                                report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+bno"}]}
                                                nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
                                                x-ms-clitelem: 1,0,0,,
                                                x-ms-srs: 1.P
                                                Referrer-Policy: strict-origin-when-cross-origin
                                                Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-XfXxnp35NrGTW853wGPTfQ' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All
                                                X-XSS-Protection: 0
                                                Set-Cookie: buid=1.AUcALQ3SmSOJ2EW5rVA4yXWC40xQYEazRXRGpwlxlRprB2MNAQBHAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEM1kRqPCWGklqdgKVcFpG6xOqvGSQ8VnndyyZDp3Ijx6uKc9gDJ9FZkTOfcf7WlLe3p99zNDX13sd2UmVgupCuqIbSfLSU4INPkVg-ANwGeogAA; expires=Fri, 02-May-2025 10:50:57 GMT; path=/; secure; HttpOnly; SameSite=None
                                                Set-Cookie: esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEZRSTBWPhrKD6uw87ZeI86m76ZMdE8fdTWu2QDl4s9yDU1M5lH3LmgkKSdv96zDwzexqiy53kXe-X_0VD-v5sebrP_8ERsopdI44kiamRRVgDk8naUCvx0GJzGUiz9Mj7B5AF0UXTqQbXtALEo7WR636sUC7IhWsogHl8Ic3TuUAgAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
                                                Set-Cookie: esctx-LHGHrFTK27M=AQABCQEAAABVrSpeuWamRam2jAF1XRQEmy29c6S1dqJJ9R-MeWfQ21ZG6zzWiCgQedp0UfQOI-1mlzlaqzrNzJ-WD8Q4PqDIxHkHxY7XhODkWJLKiJEY_TKGvjIJrdntiQiwjxrY4jHYVHoDikH7zA7ouwXCDkdpZN7zQOTqqyG4QRElivIbRCAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
                                                Set-Cookie: fpc=AvDAnQt0nJlPrSSx6rgg6P6S0IzrAQAAAJENf98OAAAA; expires=Fri, 02-May-2025 10:50:57 GMT; path=/; secure; HttpOnly; SameSite=None
                                                Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
                                                Date: Wed, 02 Apr 2025 10:50:57 GMT
                                                Connection: close
                                                Content-Length: 57726
                                                2025-04-02 10:50:57 UTC13702INData Raw: 0d 0a 0d 0a 3c 21 2d 2d 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 20 2d 2d 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 63 6c 61 73 73 3d 22 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 69 67 6e 20 69 6e 20 74 6f 20 79 6f 75 72 20 61 63 63 6f 75 6e 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20
                                                Data Ascii: ... Copyright (C) Microsoft Corporation. All rights reserved. --><!DOCTYPE html><html dir="ltr" class="" lang="en"><head> <title>Sign in to your account</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
                                                2025-04-02 10:50:57 UTC16384INData Raw: 73 41 58 59 45 4c 51 4c 68 47 4d 51 34 72 75 75 54 53 48 32 6f 37 30 72 4d 6c 32 56 4d 5f 69 46 70 48 6d 77 39 5a 37 74 58 66 44 54 66 47 35 6d 61 56 46 2d 73 76 5f 31 6f 5a 78 35 69 65 41 79 61 5a 4a 34 54 74 6c 34 59 66 4f 53 4d 6e 44 2d 44 4b 6a 6b 61 65 62 6c 5a 65 41 56 5a 35 4e 68 47 61 6b 63 6a 48 56 4e 77 32 42 39 41 42 39 41 76 49 70 4f 51 73 76 46 62 41 56 49 54 47 38 67 67 6c 32 45 39 72 42 42 31 2d 53 30 54 6c 79 36 41 4d 50 59 37 6b 6a 45 2d 73 32 74 59 61 69 4c 63 44 48 6c 4e 4d 4b 33 4f 48 73 71 30 79 67 42 69 6d 6f 62 42 61 73 38 59 36 57 31 47 6c 48 68 6b 73 6a 61 50 58 30 70 62 77 68 65 36 41 4f 4c 6b 4b 4a 69 5a 4b 4b 67 43 7a 59 43 72 43 47 78 79 51 49 4f 73 73 65 59 67 5a 69 4c 37 6d 71 72 61 36 75 6d 70 4e 45 38 73 59 45 39 7a 77 47
                                                Data Ascii: sAXYELQLhGMQ4ruuTSH2o70rMl2VM_iFpHmw9Z7tXfDTfG5maVF-sv_1oZx5ieAyaZJ4Ttl4YfOSMnD-DKjkaeblZeAVZ5NhGakcjHVNw2B9AB9AvIpOQsvFbAVITG8ggl2E9rBB1-S0Tly6AMPY7kjE-s2tYaiLcDHlNMK3OHsq0ygBimobBas8Y6W1GlHhksjaPX0pbwhe6AOLkKJiZKKgCzYCrCGxyQIOsseYgZiL7mqra6umpNE8sYE9zwG
                                                2025-04-02 10:50:58 UTC16384INData Raw: 6e 64 51 69 73 54 4f 58 57 55 42 72 53 34 43 4d 31 6f 49 74 4f 35 7a 7a 74 58 63 46 32 73 43 43 4f 35 6f 6f 45 63 76 63 76 37 79 72 62 74 46 48 7a 42 70 72 71 64 4d 79 35 6f 47 33 36 44 44 2d 43 30 49 55 44 49 39 44 6f 6e 77 55 42 76 37 38 30 45 39 74 55 62 37 36 67 37 36 46 76 42 48 45 38 45 5a 79 76 6f 68 6c 66 52 37 62 68 4e 77 4f 57 58 75 54 5a 35 48 4c 46 31 74 32 62 64 39 75 62 5a 31 6b 79 52 6b 55 57 64 4f 74 39 38 57 33 56 45 73 34 55 47 64 4a 6f 46 66 66 42 42 44 79 31 6d 5a 38 4d 38 36 37 34 6a 49 5f 6c 45 72 58 5a 50 74 7a 34 6f 41 72 5f 6f 70 5a 65 6e 79 51 63 4d 35 74 4e 31 72 6f 77 74 79 38 74 47 58 62 61 68 4b 46 73 39 31 48 74 4e 38 50 67 53 4c 52 6a 65 45 43 79 78 33 63 44 75 74 6a 62 56 65 57 54 38 39 79 2d 78 76 47 4d 39 37 70 63 7a 4e
                                                Data Ascii: ndQisTOXWUBrS4CM1oItO5zztXcF2sCCO5ooEcvcv7yrbtFHzBprqdMy5oG36DD-C0IUDI9DonwUBv780E9tUb76g76FvBHE8EZyvohlfR7bhNwOWXuTZ5HLF1t2bd9ubZ1kyRkUWdOt98W3VEs4UGdJoFffBBDy1mZ8M8674jI_lErXZPtz4oAr_opZenyQcM5tN1rowty8tGXbahKFs91HtN8PgSLRjeECyx3cDutjbVeWT89y-xvGM97pczN
                                                2025-04-02 10:50:59 UTC11256INData Raw: 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 75 2e 73 65 74 41 74 74 72 69 62 75 74 65 26 26 28 75 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 63 72 6f 73 73 6f 72 69 67 69 6e 22 2c 22 61 6e 6f 6e 79 6d 6f 75 73 22 29 2c 74 26 26 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 74 26 26 75 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 69 6e 74 65 67 72 69 74 79 22 2c 74 29 29 2c 75 7d 66 75 6e 63 74 69 6f 6e 20 69 28 65 29 7b 76 61 72 20 72 3d 67 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 6c 69 6e 6b 22 29 3b 72 65 74 75 72 6e 20 72 2e 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 2c 72 2e 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 2c 72 2e 68 72 65 66 3d 65 2c 72 7d 66 75 6e 63 74 69 6f 6e 20 61 28 65 29 7b 0a 76 61 72 20 72 3d 67 2e 63 72 65 61 74
                                                Data Ascii: ion"==typeof u.setAttribute&&(u.setAttribute("crossorigin","anonymous"),t&&"string"==typeof t&&u.setAttribute("integrity",t)),u}function i(e){var r=g.createElement("link");return r.rel="stylesheet",r.type="text/css",r.href=e,r}function a(e){var r=g.creat


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                3192.168.2.84970240.126.24.814435832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2025-04-02 10:50:57 UTC2529OUTGET /favicon.ico HTTP/1.1
                                                Host: login.microsoftonline.com
                                                Connection: keep-alive
                                                sec-ch-ua-platform: "Windows"
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                                sec-ch-ua-mobile: ?0
                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                Sec-Fetch-Site: same-origin
                                                Sec-Fetch-Mode: no-cors
                                                Sec-Fetch-Dest: image
                                                Referer: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DYVtkRE25M_ZZDf-6T1FR4Yjad5bP-n_eTJ0M3Ae5TM_ESKltd-CCbdWJ5QBzZZRqjqgES7faEbgOA470JRH40urpDLxRk9jv7pHNUvOy7FIQ-qj99l3YP4qDk-aV7ypiE1bX5Z3_qMwzUSwBLSAF7y2eec0Vs4WMITSLI5EJDJg3xXKZOzflXWCraNZ9ACKMuf8huqjYmj8kbXWG9SmWc3k3cSMCA0oWf51Q7XpKvhXHHxICZNIrNFLkGoxxD43lEV0cL__CNYO9cOaZpvPtkcTjA85n2YXNLIqnfPj5s5rdm4j08Own3syhiJTuZ7cVRfwoYn_sbSDPb_dYKmbyFppdsepWsT8b6F9eDoqOkY7GI8Ci18OdOPHclNSEL8CZgRwOy8dPCXr25SoLIalM5OtYaC2SOXVEFj8CIVINqJNUFT00HxZlfJLniduCQU-6uyFXc4Mrwl-YB874rnfxNt6jubtFeOE524JAYqT4-ZIayrn6_5rsyHshb14VgRZe0YO338whIaQkZ0UrFzaJ1tZ1S64OKSnlAF7270LQovRa5nu87XnaWHUd0UVjDsuPLbQ9lsksU6SkbdFfV323kUU5SJjKKoutvG8bMifAbBvxG-D--FZPCUP3G3TtQV8xJw7SNfvNa1LpmVBPfL7vMdRoj02lDSr_Oh-o04T-Jvz6xUPEarg7Vc5AF6OlvFELymZAeBDh4oZoK66U7JrX2CMdpIxAee [TRUNCATED]
                                                Accept-Encoding: gzip, deflate, br, zstd
                                                Accept-Language: en-US,en;q=0.9
                                                Cookie: rrc=1; fpc=AvDAnQt0nJlPrSSx6rgg6P4; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEyl3cSxfa3KeN_Xs7Z3ySSCx73SGCzZhiT1fsrolEXhUmJ0VaJUKzKIEIpV_qX1xBlW-VDxU5kO0ucO9Yc36ElfeRzNr375QwMRZcnppkQNsgZHREc1To8wDOSy2CiIQqOu7KUm7LKFbqy9KgxrUPEAUPEAWstV0iXDcVbf_YmzMgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-L7lu82brbzg=AQABCQEAAABVrSpeuWamRam2jAF1XRQER2jqJRhygbI5Oml3fpaSIxJKuAXHcLTwnGxfA1pQTXkhODjKTuq2i6I9fOBAXu-JTdyBr8r5zghTvxww91ERqPLxMHRXxPtrQAaa_-0IN1vws-SdaWt06UCA7jjQui6d_RpVk5yeK5GGtMmjTfWTASAA; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1
                                                2025-04-02 10:50:57 UTC1335INHTTP/1.1 404 Not Found
                                                Cache-Control: private
                                                Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
                                                Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                X-Content-Type-Options: nosniff
                                                P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                x-ms-request-id: bbf35ce3-d86a-40a3-b684-87b311c22200
                                                x-ms-ests-server: 2.1.20329.5 - EUS ProdSlices
                                                report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+bno"}]}
                                                nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
                                                x-ms-srs: 1.P
                                                Referrer-Policy: strict-origin-when-cross-origin
                                                Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-MLk5HiBZ1q0VG8Lc4zEyDw' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All
                                                X-XSS-Protection: 0
                                                Date: Wed, 02 Apr 2025 10:50:56 GMT
                                                Connection: close
                                                Content-Length: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                4192.168.2.84970423.55.235.2404435832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2025-04-02 10:50:58 UTC441OUTOPTIONS /api/report?catId=GW+estsfd+bno HTTP/1.1
                                                Host: identity.nel.measure.office.net
                                                Connection: keep-alive
                                                Origin: https://login.microsoftonline.com
                                                Access-Control-Request-Method: POST
                                                Access-Control-Request-Headers: content-type
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                Accept-Encoding: gzip, deflate, br, zstd
                                                Accept-Language: en-US,en;q=0.9
                                                2025-04-02 10:50:58 UTC319INHTTP/1.1 200 OK
                                                Content-Type: text/html
                                                Content-Length: 7
                                                Date: Wed, 02 Apr 2025 10:50:58 GMT
                                                Connection: close
                                                Access-Control-Allow-Headers: content-type
                                                Access-Control-Allow-Credentials: false
                                                Access-Control-Allow-Methods: *
                                                Access-Control-Allow-Methods: GET, OPTIONS, POST
                                                Access-Control-Allow-Origin: *
                                                2025-04-02 10:50:58 UTC7INData Raw: 4f 50 54 49 4f 4e 53
                                                Data Ascii: OPTIONS


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                5192.168.2.84970723.55.235.2404435832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2025-04-02 10:51:02 UTC417OUTPOST /api/report?catId=GW+estsfd+bno HTTP/1.1
                                                Host: identity.nel.measure.office.net
                                                Connection: keep-alive
                                                Content-Length: 1799
                                                Content-Type: application/reports+json
                                                Origin: https://login.microsoftonline.com
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                Accept-Encoding: gzip, deflate, br, zstd
                                                Accept-Language: en-US,en;q=0.9
                                                2025-04-02 10:51:02 UTC1799OUTData Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 31 31 33 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 6d 69 63 72 6f 73 6f 66 74 6f 6e 6c 69 6e 65 2e 63 6f 6d 2f 39 39 64 32 30 64 32 64 2d 38 39 32 33 2d 34 35 64 38 2d 62 39 61 64 2d 35 30 33 38 63 39 37 35 38 32 65 33 2f 6f 61 75 74 68 32 2f 61 75 74 68 6f 72 69 7a 65 3f 63 6c 69 65 6e 74 5f 69 64 3d 34 36 36 30 35 30 34 63 2d 34 35 62 33 2d 34 36 37 34 2d 61 37 30 39 2d 37 31 39 35 31 61 36 62 30 37 36 33 26 72 65 64 69 72 65 63 74 5f 75 72
                                                Data Ascii: [{"age":0,"body":{"elapsed_time":1113,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_ur
                                                2025-04-02 10:51:02 UTC399INHTTP/1.1 429 Too Many Requests
                                                Content-Length: 0
                                                x-ms-middleware-request-id: 00000000-0000-0000-0000-000000000000
                                                Request-Context: appId=cid-v1:bdc28cee-e7d0-4fb8-ae30-555e54e91d16
                                                Date: Wed, 02 Apr 2025 10:51:02 GMT
                                                Connection: close
                                                Access-Control-Allow-Credentials: false
                                                Access-Control-Allow-Methods: *
                                                Access-Control-Allow-Methods: GET, OPTIONS, POST
                                                Access-Control-Allow-Origin: *


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                6192.168.2.84972423.209.72.94435832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2025-04-02 10:51:05 UTC742OUTGET /c1c6b6c8-kfpbhsrpqaiv6ikolpfs7a7vyr0gta6la597txj31zu/logintenantbranding/0/illustration?ts=636403066292715638 HTTP/1.1
                                                Host: aadcdn.msauthimages.net
                                                Connection: keep-alive
                                                sec-ch-ua-platform: "Windows"
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                                sec-ch-ua-mobile: ?0
                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: no-cors
                                                Sec-Fetch-Dest: image
                                                Sec-Fetch-Storage-Access: active
                                                Referer: https://login.microsoftonline.com/
                                                Accept-Encoding: gzip, deflate, br, zstd
                                                Accept-Language: en-US,en;q=0.9
                                                2025-04-02 10:51:05 UTC715INHTTP/1.1 200 OK
                                                Content-Length: 236176
                                                Content-Type: image/jpeg
                                                Content-MD5: Go8wBlAXNasx1y0vgkhXKg==
                                                Last-Modified: Wed, 06 Sep 2017 14:57:09 GMT
                                                ETag: 0x8D4F5378C9D63D7
                                                x-ms-request-id: 47e18ced-f01e-005e-3db8-68df31000000
                                                x-ms-version: 2009-09-19
                                                x-ms-lease-status: unlocked
                                                x-ms-blob-type: BlockBlob
                                                Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                                Access-Control-Allow-Origin: *
                                                Cache-Control: public, max-age=72914
                                                Date: Wed, 02 Apr 2025 10:51:05 GMT
                                                Connection: close
                                                X-Content-Type-Options: nosniff
                                                Akamai-GRN: 0.8904d217.1743591065.2d5208c
                                                2025-04-02 10:51:05 UTC15669INData Raw: ff d8 ff e1 09 50 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 36 2d 63 31 33 38 20 37 39 2e 31 35 39 38 32 34 2c 20 32 30 31 36 2f 30 39 2f 31 34 2d 30 31 3a 30 39 3a 30 31 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d 6c 6e 73 3a 72 64 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 30 32 2f 32 32 2d 72 64 66 2d 73 79 6e
                                                Data Ascii: Phttp://ns.adobe.com/xap/1.0/<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syn
                                                2025-04-02 10:51:05 UTC16384INData Raw: 5d 64 c0 25 03 86 54 09 72 51 4c 72 51 54 74 a8 5d aa 20 10 42 95 cb 80 41 01 12 e8 52 02 20 82 95 01 4a 28 c5 d1 a1 08 c2 94 10 52 10 82 8a 50 1c a8 2a 25 44 a8 04 a5 b9 30 a1 89 55 0b ca 9a c6 2e 0c 4e 60 85 2d 58 26 c0 b2 78 75 92 75 29 ed 6d 97 3a e9 00 41 2a 1d 02 c9 b3 09 2e 32 91 69 6e 29 64 23 37 50 b4 e7 50 04 28 21 12 82 11 12 14 ea a3 45 28 a8 d1 75 8a 55 47 c1 5c c7 83 a6 c5 74 9b 3d b6 47 aa 53 09 29 ed 12 b3 5b 80 84 8c 47 a2 7f a8 ff 00 25 69 e2 15 6c 47 a2 7f aa ff 00 24 57 98 fa 1f 3b 51 d5 aa 1c b4 da 47 17 76 27 d7 a6 71 38 ae 65 e7 a0 1b 98 81 b7 b3 e7 82 87 97 62 eb 73 23 a2 c6 dc ef 89 d9 da 7d 81 35 b7 c7 1e d6 3b cc 2a 9b 15 5b 63 69 7e 7f d2 52 f9 45 b9 8b 84 c0 cc db 9d 82 02 66 20 86 62 e9 b8 98 00 3c 93 b0 08 2a 96 3a ab 6b 30
                                                Data Ascii: ]d%TrQLrQTt] BAR J(RP*%D0U.N`-X&xuu)m:A*.2in)d#7PP(!E(uUG\t=GS)[G%ilG$W;QGv'q8ebs#}5;*[ci~REf b<*:k0
                                                2025-04-02 10:51:05 UTC2571INData Raw: 9b c1 de 65 62 62 3d 3b bb bd a3 cb d9 bc 15 6a 42 da d8 9e c9 bf 0f 2f 77 da 90 40 5b 5c 99 e8 48 fc 47 c8 7c ec 1b 80 59 2d 19 47 68 d9 b6 df 0e e2 01 07 43 95 6b 72 67 a3 23 f1 1d 34 d0 69 bf 8d 92 25 75 3e b9 4f 09 0c eb 9e e4 f1 65 15 5b 1b 1c cb b8 b3 f5 04 ea bd 66 7c ec 49 c6 fa 17 0f 53 f5 b5 3a a6 ac f9 d8 ac e9 29 a8 5d a1 44 14 3b 42 a0 65 5e a1 e0 17 9f c4 7a 47 f7 58 fe f6 1f 9a c7 ec c3 a4 af 43 53 d1 f7 05 e7 f1 02 2b 38 de c6 d1 a9 27 76 d2 7b 04 18 d5 c4 59 55 80 75 9f 1b 64 74 b6 f1 fb c3 86 6c e7 ec bb 2d 95 ce 49 11 55 de ab bc c7 74 9d dd 61 f6 89 55 74 b0 b8 fc 37 10 75 d2 04 0f b7 60 07 da 6b f6 5b e4 bb 56 3d 8d 20 76 80 46 9b db da 20 6e 68 42 ac f2 a7 a1 3c 0a c2 a6 09 ed 96 cf 65 bc c7 e2 bb 06 d6 ad fe 52 f4 47 81 58 94 9a e7
                                                Data Ascii: ebb=;jB/w@[\HG|Y-GhCkrg#4i%u>Oe[f|IS:)]D;Be^zGXCS+8'v{YUudtl-IUtaUt7u`k[V= vF nhB<eRGX
                                                2025-04-02 10:51:05 UTC16384INData Raw: ba de a0 ed 6f f4 aa 78 cb 54 c3 fa c1 6d 96 be 0c 74 cf 05 9f 8c 6e 6c 5d 31 db 53 c8 ad 1c 29 e9 77 2c 8e 56 7b 85 42 dd 1a 66 77 d8 a6 5d 98 f2 bd 85 ab 48 56 6b 1a ec ce 33 d5 b8 10 36 9f 72 c9 e5 3b 56 9d a6 57 72 4b e7 16 ce 0f fd 2a d5 7c 23 f1 55 e1 a3 a2 26 5c 74 17 58 bc b7 38 66 60 c1 e7 41 2b 74 e0 59 53 2d 6a c7 a2 05 9b a0 ef 3e e5 35 69 50 c2 52 34 99 d7 74 76 b8 df 6e e1 e0 16 66 39 f5 9e fa 6c 2f 86 b8 81 6d 83 b3 e3 aa 0d 1a 9c a0 05 46 d0 a0 24 66 6b 49 68 90 01 3e 03 bf b9 57 e5 f6 82 c0 7b 07 99 4e c2 d1 6d 2c ac 60 80 08 ed da 87 97 87 d5 f8 7b d5 d3 3b 4b 34 0a ed 7b 61 db c0 79 2a 94 fa a3 80 56 eb ff 00 0e de ef 25 bc ba 66 76 c6 c0 7a 33 eb 15 68 fd 9d f9 bd ca 9e 08 c5 32 36 e6 2a cc 10 1a e2 0c 17 01 ec 4f 4b ec ba e0 1c 5b 01
                                                Data Ascii: oxTmtnl]1S)w,V{Bfw]HVk36r;VWrK*|#U&\tX8f`A+tYS-j>5iPR4tvnf9l/mF$fkIh>W{Nm,`{;K4{ay*V%fvz3h26*OK[
                                                2025-04-02 10:51:05 UTC12120INData Raw: 2b 86 b5 e2 47 4b 8e c5 e7 1a 6a f2 45 69 6c 16 11 17 d1 c2 66 3b 3d c7 8a 6c d7 0f 59 54 cc 70 1e 49 54 c4 55 6f 7a 1a 15 99 88 a5 ce d3 3d 13 b3 6b 7b 0f cd c2 3a 7e 91 bd fe 4a a2 cd 4d 56 7e 24 65 70 70 e1 e1 75 a3 51 55 ae dc cd 3d 97 5b 9d 31 7b 4e 21 b0 e6 76 b0 0f 04 75 3f 86 3e aa 5b c9 75 1a 4f db 71 f3 e0 99 53 f8 63 ea fb d6 2b 6a 98 1a 40 39 ee d6 d3 07 49 8d 78 fb 93 5d b5 76 0a e1 fe af b9 73 b4 4a 81 e5 6a 62 a6 19 ad 3b c7 91 58 94 30 d9 dd 95 c2 06 77 4c 76 05 e8 31 c2 68 b7 b0 8f 24 aa 43 ea 9d da e5 67 47 b1 60 c4 3c 0d 04 1b 20 c1 e3 33 e2 2b 61 9e 7a 4c 7b cb 3b 5b 3e ef 2e 09 d8 61 15 3b 8a c2 c5 b8 8c 4d 4a 94 8c 54 65 47 c1 ed 07 de b0 d3 d4 6c 54 f1 4c 75 3f f3 34 84 be 9f 5d a3 fe e5 3f b4 de d2 35 6f ee 53 70 75 c6 22 8b 6a 83
                                                Data Ascii: +GKjEilf;=lYTpITUoz=k{:~JMV~$eppuQU=[1{N!vu?>[uOqSc+j@9Ix]vsJjb;X0wLv1h$CgG`< 3+azL{;[>.a;MJTeGlTLu?4]?5oSpu"j
                                                2025-04-02 10:51:05 UTC16384INData Raw: 8e a6 04 8e c3 b7 e7 6a ba f6 07 b6 e0 10 41 99 59 6f a6 ec fc db 7d 2b 65 f4 1c 7e d3 66 f4 ce f8 f2 2d 3b 0a e9 86 5a 63 29 b5 cd 50 14 4d 21 c0 39 a6 41 12 0e f0 54 39 7a 5c 3a 0a 12 a5 42 20 14 29 21 42 0e d1 72 95 08 22 54 28 2b 90 4c ae 94 2b a5 01 4a e9 42 b9 07 4a e5 cb 90 74 a9 42 a5 07 12 8a 50 ae 40 72 ba 50 a9 40 4a 65 42 ed 50 48 32 8e 50 01 08 82 8a 30 53 98 92 d1 2a cb 1b 08 0f 2a 90 0a 21 70 b8 ac a9 65 74 a1 72 85 43 0a eb a1 06 17 4a 02 5d 08 73 2e 2e 94 04 0c 28 26 50 4a 99 40 c6 14 79 a1 27 34 28 2e 50 34 b9 0e 64 b9 51 28 19 99 46 64 b9 5d 2a 86 4c a2 4a 95 32 81 b2 a0 ba 10 02 a0 95 34 a9 25 74 a0 5c 2e a8 68 ba 6b 42 4b 53 8c b4 28 18 4c 2a ee 2a 1c f2 82 50 49 2b a5 04 ae 95 50 72 ba 50 4a e4 07 2b 90 ae 40 48 4a 89 5d 28 89 50 b9
                                                Data Ascii: jAYo}+e~f-;Zc)PM!9AT9z\:B )!Br"T(+L+JBJtBP@rP@JeBPH2P0S**!petrCJ]s..(&PJ@y'4(.P4dQ(Fd]*LJ24%t\.hkBKS(L**PI+PrPJ+@HJ](P
                                                2025-04-02 10:51:05 UTC16384INData Raw: 54 66 48 35 0a 1c eb 5a 4d ac e6 53 99 55 ce 88 54 29 a3 6b 39 97 66 55 f3 92 a7 32 9a 36 b0 1c 8e 52 1a 51 ca ce 9a 95 e6 03 03 9f 87 24 5f 30 56 31 c3 eb 29 7a cc f3 4a d2 a5 0f 58 27 e3 87 d6 52 f5 99 e6 82 39 4c 7d 40 ef f3 56 b1 22 29 3b 81 f2 49 e5 16 17 d2 0d 6e a6 75 30 35 45 5b 13 4e ad 37 f3 44 3b 28 be b0 82 79 3c 46 14 1f c2 ef d4 a3 93 9e d6 54 2c 2e 19 de f7 10 d1 73 11 b7 77 9a a9 c9 98 87 bc ba 94 c3 05 37 10 d0 34 39 9b df b7 69 28 79 3a d8 e0 06 99 9f e4 54 6b 48 c6 d7 7d 2a a7 29 03 6c 80 03 b5 df af 84 27 63 cc d0 11 bf de a2 b6 06 ae 2e bf 40 74 74 cc 6c 35 f6 f7 2b b9 30 fc d7 f9 82 20 13 a9 8d 38 5d 02 39 2d a4 e1 1e 00 92 5f a0 d7 46 a7 60 39 2c d1 78 ac f3 d2 17 ca 36 13 da 9c ca b3 87 73 a8 37 9b 00 80 dc cd 89 ed 84 ac 06 7a c6
                                                Data Ascii: TfH5ZMSUT)k9fU26RQ$_0V1)zJX'R9L}@V");Inu05E[N7D;(y<FT,.sw749i(y:TkH}*)l'c.@ttl5+0 8]9-_F`9,x6s7z
                                                2025-04-02 10:51:05 UTC7952INData Raw: 1d 40 e1 5e a9 04 e8 c8 dc 25 be f8 51 52 ce 93 2a 0d 99 1e ab b6 83 69 52 68 68 89 00 fb 15 aa 2d b3 c4 eb 4d c8 2a 08 60 6e e1 ee 54 66 f2 bd 27 3f 11 47 2c f5 0e 86 24 ca b2 c0 ec 0e 08 9a 42 4b 5c 2d 3a ce b1 bb b1 5b c5 50 6b de c7 9d 5a c1 1d f2 aa 63 da 4e 06 a6 53 04 39 ba 6c b8 41 73 07 5d 95 da 1e c3 2d 3b 54 b6 8e 4a d9 c1 b1 cd e2 56 7f 24 d0 34 79 c7 cd cb 5c e8 3a 5b 6f 1f 72 bb 81 c5 b7 14 d0 ed 08 30 e1 f7 5d 1a 7c ea 14 54 d0 1f e6 c9 fc 4f 43 85 e8 f3 a7 f0 9f 35 6a 9d 20 da a2 a6 a6 6f de ab d1 68 02 a7 6b 5d e6 83 2b 17 4c d5 a1 94 7f e4 a7 fd 4a f0 ac d0 69 b0 9b b8 54 02 4e e2 2d f3 bb b5 04 06 d1 7f 16 7f 52 0a cc f4 2f 8b 0e 73 da 5a 82 dd 5b d4 27 79 72 9f b1 4b 8f f5 28 ad e9 1d c4 a2 fb 14 fd 6f ea 40 ac d1 4c ef 2e f8 2c 8e 5c
                                                Data Ascii: @^%QR*iRhh-M*`nTf'?G,$BK\-:[PkZcNS9lAs]-;TJV$4y\:[or0]|TOC5j ohk]+LJiTN-R/sZ['yrK(o@L.,\
                                                2025-04-02 10:51:05 UTC16384INData Raw: fc 7d c8 2a d8 fe 66 29 6c 73 8f e3 ee 4b ac 40 3d ec 51 57 29 75 87 7a a0 1a d1 5c bd e4 35 81 b9 64 90 2f 33 17 57 a8 c6 61 75 83 8e 73 5b 58 9d b0 a4 1a b5 dc da 98 49 04 65 24 dc 5c 6d 54 db 88 c3 b1 ad a2 d0 e7 18 ca 09 80 2f ed 46 d7 4f 26 07 4f df f3 72 c7 a5 7a 8c be d0 8b a6 b6 3a bb a8 bd ae 66 51 23 52 d0 48 e1 29 fc 93 88 75 76 d5 2f 71 74 06 ea 77 e6 54 b9 50 66 73 44 ec f7 05 6f 91 e8 d4 a4 ca b9 c1 12 1b 12 3d 64 b0 8c 8a f0 d7 b8 0b 1c c5 6a d2 13 c9 ec 9f c7 e6 e4 9f f0 ea b5 5e 5c 04 49 3a db f7 5a 74 f0 47 e8 ed a0 48 04 66 b8 be a4 fc 52 8f 2f cc 93 bf 45 af 8b 64 e1 e2 62 5d f0 56 c6 1b 07 48 e5 aa f1 3f 89 e1 a8 99 88 a3 87 61 75 52 00 cc 60 c1 3a 20 c9 c2 e0 5e 6a b1 cd 04 80 e6 93 02 d6 2b 63 1f 85 75 78 0d 12 2d b9 70 e5 36 3d c1
                                                Data Ascii: }*f)lsK@=QW)uz\5d/3Waus[XIe$\mT/FO&Orz:fQ#RH)uv/qtwTPfsDo=dj^\I:ZtGHfR/Edb]VH?auR`: ^j+cux-p6=
                                                2025-04-02 10:51:05 UTC8048INData Raw: 34 cc 45 e5 66 d5 d2 c6 0a b8 a1 52 a8 74 dd c0 5b bd 68 d5 a8 1f 44 41 da 7d e9 14 70 f4 99 a3 47 7d fc d5 81 61 10 a4 5a cc c3 55 7d 1a 4d 80 60 17 12 03 49 3a a6 62 83 aa d0 76 50 4b 89 26 00 bd e1 69 5f 39 20 44 85 02 b0 60 32 40 e2 40 41 97 86 0e 6b 98 e3 4d fd 17 12 6d bf e0 ad 72 93 4e 21 a5 8c b9 b6 c3 b0 ca 63 f1 74 da d3 f5 8c 9f 5c 24 bb 1b 87 69 f4 80 eb a4 95 4d 07 0b 4a ab 32 b9 c2 40 74 f6 ea 9d 8e a2 ec 53 4b 59 69 03 5f d9 07 f8 96 19 ad 8c c4 f0 61 41 fe 2d 87 07 47 1e e1 f1 40 da c1 d4 46 77 09 1d 9d aa b6 22 b6 66 ba 99 16 92 26 7b 50 62 79 5a 9d 51 01 a4 77 85 49 f8 d6 ba 60 6a 67 55 3a 55 ca 27 9b 66 50 0d 8d ba 5a 71 df ee 56 4e 24 be 93 58 47 54 44 ce ab 23 e9 c4 68 3c d4 1c 73 f6 01 e1 fb ab d2 76 6f d0 5a e1 0e 75 e5 5f c1 b9 b8
                                                Data Ascii: 4EfRt[hDA}pG}aZU}M`I:bvPK&i_9 D`2@@AkMmrN!ct\$iMJ2@tSKYi_aA-G@Fw"f&{PbyZQwI`jgU:U'fPZqVN$XGTD#h<svoZu_


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                7192.168.2.84972323.209.72.94435832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2025-04-02 10:51:05 UTC740OUTGET /c1c6b6c8-kfpbhsrpqaiv6ikolpfs7a7vyr0gta6la597txj31zu/logintenantbranding/0/bannerlogo?ts=636403066229197274 HTTP/1.1
                                                Host: aadcdn.msauthimages.net
                                                Connection: keep-alive
                                                sec-ch-ua-platform: "Windows"
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                                sec-ch-ua-mobile: ?0
                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: no-cors
                                                Sec-Fetch-Dest: image
                                                Sec-Fetch-Storage-Access: active
                                                Referer: https://login.microsoftonline.com/
                                                Accept-Encoding: gzip, deflate, br, zstd
                                                Accept-Language: en-US,en;q=0.9
                                                2025-04-02 10:51:05 UTC712INHTTP/1.1 200 OK
                                                Content-Length: 2720
                                                Content-Type: image/png
                                                Content-MD5: uBCiiyn2igygd9MdCBK3bQ==
                                                Last-Modified: Wed, 06 Sep 2017 14:57:03 GMT
                                                ETag: 0x8D4F53788B483DE
                                                x-ms-request-id: 492c764f-601e-0014-5eb8-68ef56000000
                                                x-ms-version: 2009-09-19
                                                x-ms-lease-status: unlocked
                                                x-ms-blob-type: BlockBlob
                                                Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                                Access-Control-Allow-Origin: *
                                                Cache-Control: public, max-age=72747
                                                Date: Wed, 02 Apr 2025 10:51:05 GMT
                                                Connection: close
                                                X-Content-Type-Options: nosniff
                                                Akamai-GRN: 0.8904d217.1743591065.2d52093
                                                2025-04-02 10:51:05 UTC2720INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 19 00 00 00 3c 08 06 00 00 00 52 06 ce 26 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 0a 52 49 44 41 54 78 da ed 5d 41 a8 1c 59 15 3d 57 83 b8 10 7e 8b cc 42 37 bf 46 64 dc e8 a4 dc e8 42 86 5f 83 b8 50 94 74 b2 13 17 29 57 26 e2 a2 67 25 22 92 0a 82 2b 61 1a 14 06 57 d3 d9 e8 42 30 15 9d c5 ac 26 15 9c 11 45 c1 0e 4a 44 11 ac 16 71 21 38 f6 d7 9d 0b 9f 8b 3e 2f 73 ff b3 aa ab ff ef ee 9f 44 cf 81 a6 7f f5 7b f5 ea be fb ee 3b ef bd 73 2b c4 42 08 10 04 41 d8 17 de 26 17 08 82 20 92 11 04 41 24 23 08 82 20 92 11 04 41 24 23 08 82 48 46 10 04 41 24 23 08 82 48 46 10 04 91 8c 20 08 82 48 46 10 04 91 8c 20 08 22 19 41 10 04 91 8c 20 08 22 19 41 10 04 91 8c 20 08 22 19 41 10 44
                                                Data Ascii: PNGIHDR<R&pHYs~RIDATx]AY=W~B7FdB_Pt)W&g%"+aWB0&EJDq!8>/sD{;s+BA& A$# A$#HFA$#HF HF "A "A "AD


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                8192.168.2.84972540.126.24.1464435832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2025-04-02 10:51:06 UTC739OUTGET /ocs.com/winauth/ssoprobe?client-request-id=21dbc2b4-3cbc-41ed-9f3c-0dbc75fc0c8f&_=1743591063850 HTTP/1.1
                                                Host: autologon.microsoftazuread-sso.com
                                                Connection: keep-alive
                                                sec-ch-ua-platform: "Windows"
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                                sec-ch-ua-mobile: ?0
                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: no-cors
                                                Sec-Fetch-Dest: image
                                                Sec-Fetch-Storage-Access: active
                                                Referer: https://login.microsoftonline.com/
                                                Accept-Encoding: gzip, deflate, br, zstd
                                                Accept-Language: en-US,en;q=0.9
                                                2025-04-02 10:51:06 UTC1732INHTTP/1.1 401 Unauthorized
                                                Cache-Control: no-store, no-cache
                                                Pragma: no-cache
                                                Content-Type: image/png; charset=utf-8
                                                Expires: -1
                                                Vary: Origin
                                                X-Content-Type-Options: nosniff
                                                Access-Control-Allow-Origin: https://login.microsoftonline.com
                                                Access-Control-Allow-Credentials: true
                                                Access-Control-Allow-Methods: GET, OPTIONS
                                                P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                x-ms-request-id: cb790c8a-2905-4501-8d0d-28cfeb9d5300
                                                x-ms-ests-server: 2.1.20393.4 - EUS ProdSlices
                                                report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+bno"}]}
                                                nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
                                                Referrer-Policy: strict-origin-when-cross-origin
                                                Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-mL7Gcaeb1OKv2NHBIEeR3w' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All
                                                X-XSS-Protection: 0
                                                WWW-Authenticate: Negotiate
                                                Set-Cookie: fpc=At1BRFNj0HJCoWq5tcGe-x4; expires=Fri, 02-May-2025 10:51:06 GMT; path=/; secure; HttpOnly; SameSite=None
                                                Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
                                                Set-Cookie: stsservicecookie=estsfd; path=/; secure; samesite=none; httponly
                                                Date: Wed, 02 Apr 2025 10:51:06 GMT
                                                Connection: close
                                                Content-Length: 12
                                                2025-04-02 10:51:06 UTC12INData Raw: 55 6e 61 75 74 68 6f 72 69 7a 65 64
                                                Data Ascii: Unauthorized


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                9192.168.2.84972723.209.72.94435832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2025-04-02 10:51:06 UTC494OUTGET /c1c6b6c8-kfpbhsrpqaiv6ikolpfs7a7vyr0gta6la597txj31zu/logintenantbranding/0/bannerlogo?ts=636403066229197274 HTTP/1.1
                                                Host: aadcdn.msauthimages.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Sec-Fetch-Storage-Access: active
                                                Accept-Encoding: gzip, deflate, br, zstd
                                                Accept-Language: en-US,en;q=0.9
                                                2025-04-02 10:51:06 UTC712INHTTP/1.1 200 OK
                                                Content-Length: 2720
                                                Content-Type: image/png
                                                Content-MD5: uBCiiyn2igygd9MdCBK3bQ==
                                                Last-Modified: Wed, 06 Sep 2017 14:57:03 GMT
                                                ETag: 0x8D4F53788B483DE
                                                x-ms-request-id: 492c764f-601e-0014-5eb8-68ef56000000
                                                x-ms-version: 2009-09-19
                                                x-ms-lease-status: unlocked
                                                x-ms-blob-type: BlockBlob
                                                Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                                Access-Control-Allow-Origin: *
                                                Cache-Control: public, max-age=72746
                                                Date: Wed, 02 Apr 2025 10:51:06 GMT
                                                Connection: close
                                                X-Content-Type-Options: nosniff
                                                Akamai-GRN: 0.8904d217.1743591066.2d52134
                                                2025-04-02 10:51:06 UTC2720INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 19 00 00 00 3c 08 06 00 00 00 52 06 ce 26 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 0a 52 49 44 41 54 78 da ed 5d 41 a8 1c 59 15 3d 57 83 b8 10 7e 8b cc 42 37 bf 46 64 dc e8 a4 dc e8 42 86 5f 83 b8 50 94 74 b2 13 17 29 57 26 e2 a2 67 25 22 92 0a 82 2b 61 1a 14 06 57 d3 d9 e8 42 30 15 9d c5 ac 26 15 9c 11 45 c1 0e 4a 44 11 ac 16 71 21 38 f6 d7 9d 0b 9f 8b 3e 2f 73 ff b3 aa ab ff ef ee 9f 44 cf 81 a6 7f f5 7b f5 ea be fb ee 3b ef bd 73 2b c4 42 08 10 04 41 d8 17 de 26 17 08 82 20 92 11 04 41 24 23 08 82 20 92 11 04 41 24 23 08 82 48 46 10 04 41 24 23 08 82 48 46 10 04 91 8c 20 08 82 48 46 10 04 91 8c 20 08 22 19 41 10 04 91 8c 20 08 22 19 41 10 04 91 8c 20 08 22 19 41 10 44
                                                Data Ascii: PNGIHDR<R&pHYs~RIDATx]AY=W~B7FdB_Pt)W&g%"+aWB0&EJDq!8>/sD{;s+BA& A$# A$#HFA$#HF HF "A "A "AD


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                10192.168.2.84972623.209.72.94435832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2025-04-02 10:51:06 UTC496OUTGET /c1c6b6c8-kfpbhsrpqaiv6ikolpfs7a7vyr0gta6la597txj31zu/logintenantbranding/0/illustration?ts=636403066292715638 HTTP/1.1
                                                Host: aadcdn.msauthimages.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Sec-Fetch-Storage-Access: active
                                                Accept-Encoding: gzip, deflate, br, zstd
                                                Accept-Language: en-US,en;q=0.9
                                                2025-04-02 10:51:06 UTC715INHTTP/1.1 200 OK
                                                Content-Length: 236176
                                                Content-Type: image/jpeg
                                                Content-MD5: Go8wBlAXNasx1y0vgkhXKg==
                                                Last-Modified: Wed, 06 Sep 2017 14:57:09 GMT
                                                ETag: 0x8D4F5378C9D63D7
                                                x-ms-request-id: 47e18ced-f01e-005e-3db8-68df31000000
                                                x-ms-version: 2009-09-19
                                                x-ms-lease-status: unlocked
                                                x-ms-blob-type: BlockBlob
                                                Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                                Access-Control-Allow-Origin: *
                                                Cache-Control: public, max-age=72913
                                                Date: Wed, 02 Apr 2025 10:51:06 GMT
                                                Connection: close
                                                X-Content-Type-Options: nosniff
                                                Akamai-GRN: 0.8904d217.1743591066.2d52151
                                                2025-04-02 10:51:06 UTC15669INData Raw: ff d8 ff e1 09 50 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 36 2d 63 31 33 38 20 37 39 2e 31 35 39 38 32 34 2c 20 32 30 31 36 2f 30 39 2f 31 34 2d 30 31 3a 30 39 3a 30 31 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d 6c 6e 73 3a 72 64 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 30 32 2f 32 32 2d 72 64 66 2d 73 79 6e
                                                Data Ascii: Phttp://ns.adobe.com/xap/1.0/<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syn
                                                2025-04-02 10:51:06 UTC16384INData Raw: 5d 64 c0 25 03 86 54 09 72 51 4c 72 51 54 74 a8 5d aa 20 10 42 95 cb 80 41 01 12 e8 52 02 20 82 95 01 4a 28 c5 d1 a1 08 c2 94 10 52 10 82 8a 50 1c a8 2a 25 44 a8 04 a5 b9 30 a1 89 55 0b ca 9a c6 2e 0c 4e 60 85 2d 58 26 c0 b2 78 75 92 75 29 ed 6d 97 3a e9 00 41 2a 1d 02 c9 b3 09 2e 32 91 69 6e 29 64 23 37 50 b4 e7 50 04 28 21 12 82 11 12 14 ea a3 45 28 a8 d1 75 8a 55 47 c1 5c c7 83 a6 c5 74 9b 3d b6 47 aa 53 09 29 ed 12 b3 5b 80 84 8c 47 a2 7f a8 ff 00 25 69 e2 15 6c 47 a2 7f aa ff 00 24 57 98 fa 1f 3b 51 d5 aa 1c b4 da 47 17 76 27 d7 a6 71 38 ae 65 e7 a0 1b 98 81 b7 b3 e7 82 87 97 62 eb 73 23 a2 c6 dc ef 89 d9 da 7d 81 35 b7 c7 1e d6 3b cc 2a 9b 15 5b 63 69 7e 7f d2 52 f9 45 b9 8b 84 c0 cc db 9d 82 02 66 20 86 62 e9 b8 98 00 3c 93 b0 08 2a 96 3a ab 6b 30
                                                Data Ascii: ]d%TrQLrQTt] BAR J(RP*%D0U.N`-X&xuu)m:A*.2in)d#7PP(!E(uUG\t=GS)[G%ilG$W;QGv'q8ebs#}5;*[ci~REf b<*:k0
                                                2025-04-02 10:51:06 UTC2571INData Raw: 9b c1 de 65 62 62 3d 3b bb bd a3 cb d9 bc 15 6a 42 da d8 9e c9 bf 0f 2f 77 da 90 40 5b 5c 99 e8 48 fc 47 c8 7c ec 1b 80 59 2d 19 47 68 d9 b6 df 0e e2 01 07 43 95 6b 72 67 a3 23 f1 1d 34 d0 69 bf 8d 92 25 75 3e b9 4f 09 0c eb 9e e4 f1 65 15 5b 1b 1c cb b8 b3 f5 04 ea bd 66 7c ec 49 c6 fa 17 0f 53 f5 b5 3a a6 ac f9 d8 ac e9 29 a8 5d a1 44 14 3b 42 a0 65 5e a1 e0 17 9f c4 7a 47 f7 58 fe f6 1f 9a c7 ec c3 a4 af 43 53 d1 f7 05 e7 f1 02 2b 38 de c6 d1 a9 27 76 d2 7b 04 18 d5 c4 59 55 80 75 9f 1b 64 74 b6 f1 fb c3 86 6c e7 ec bb 2d 95 ce 49 11 55 de ab bc c7 74 9d dd 61 f6 89 55 74 b0 b8 fc 37 10 75 d2 04 0f b7 60 07 da 6b f6 5b e4 bb 56 3d 8d 20 76 80 46 9b db da 20 6e 68 42 ac f2 a7 a1 3c 0a c2 a6 09 ed 96 cf 65 bc c7 e2 bb 06 d6 ad fe 52 f4 47 81 58 94 9a e7
                                                Data Ascii: ebb=;jB/w@[\HG|Y-GhCkrg#4i%u>Oe[f|IS:)]D;Be^zGXCS+8'v{YUudtl-IUtaUt7u`k[V= vF nhB<eRGX
                                                2025-04-02 10:51:06 UTC16384INData Raw: ba de a0 ed 6f f4 aa 78 cb 54 c3 fa c1 6d 96 be 0c 74 cf 05 9f 8c 6e 6c 5d 31 db 53 c8 ad 1c 29 e9 77 2c 8e 56 7b 85 42 dd 1a 66 77 d8 a6 5d 98 f2 bd 85 ab 48 56 6b 1a ec ce 33 d5 b8 10 36 9f 72 c9 e5 3b 56 9d a6 57 72 4b e7 16 ce 0f fd 2a d5 7c 23 f1 55 e1 a3 a2 26 5c 74 17 58 bc b7 38 66 60 c1 e7 41 2b 74 e0 59 53 2d 6a c7 a2 05 9b a0 ef 3e e5 35 69 50 c2 52 34 99 d7 74 76 b8 df 6e e1 e0 16 66 39 f5 9e fa 6c 2f 86 b8 81 6d 83 b3 e3 aa 0d 1a 9c a0 05 46 d0 a0 24 66 6b 49 68 90 01 3e 03 bf b9 57 e5 f6 82 c0 7b 07 99 4e c2 d1 6d 2c ac 60 80 08 ed da 87 97 87 d5 f8 7b d5 d3 3b 4b 34 0a ed 7b 61 db c0 79 2a 94 fa a3 80 56 eb ff 00 0e de ef 25 bc ba 66 76 c6 c0 7a 33 eb 15 68 fd 9d f9 bd ca 9e 08 c5 32 36 e6 2a cc 10 1a e2 0c 17 01 ec 4f 4b ec ba e0 1c 5b 01
                                                Data Ascii: oxTmtnl]1S)w,V{Bfw]HVk36r;VWrK*|#U&\tX8f`A+tYS-j>5iPR4tvnf9l/mF$fkIh>W{Nm,`{;K4{ay*V%fvz3h26*OK[
                                                2025-04-02 10:51:06 UTC12120INData Raw: 2b 86 b5 e2 47 4b 8e c5 e7 1a 6a f2 45 69 6c 16 11 17 d1 c2 66 3b 3d c7 8a 6c d7 0f 59 54 cc 70 1e 49 54 c4 55 6f 7a 1a 15 99 88 a5 ce d3 3d 13 b3 6b 7b 0f cd c2 3a 7e 91 bd fe 4a a2 cd 4d 56 7e 24 65 70 70 e1 e1 75 a3 51 55 ae dc cd 3d 97 5b 9d 31 7b 4e 21 b0 e6 76 b0 0f 04 75 3f 86 3e aa 5b c9 75 1a 4f db 71 f3 e0 99 53 f8 63 ea fb d6 2b 6a 98 1a 40 39 ee d6 d3 07 49 8d 78 fb 93 5d b5 76 0a e1 fe af b9 73 b4 4a 81 e5 6a 62 a6 19 ad 3b c7 91 58 94 30 d9 dd 95 c2 06 77 4c 76 05 e8 31 c2 68 b7 b0 8f 24 aa 43 ea 9d da e5 67 47 b1 60 c4 3c 0d 04 1b 20 c1 e3 33 e2 2b 61 9e 7a 4c 7b cb 3b 5b 3e ef 2e 09 d8 61 15 3b 8a c2 c5 b8 8c 4d 4a 94 8c 54 65 47 c1 ed 07 de b0 d3 d4 6c 54 f1 4c 75 3f f3 34 84 be 9f 5d a3 fe e5 3f b4 de d2 35 6f ee 53 70 75 c6 22 8b 6a 83
                                                Data Ascii: +GKjEilf;=lYTpITUoz=k{:~JMV~$eppuQU=[1{N!vu?>[uOqSc+j@9Ix]vsJjb;X0wLv1h$CgG`< 3+azL{;[>.a;MJTeGlTLu?4]?5oSpu"j
                                                2025-04-02 10:51:07 UTC16384INData Raw: 8e a6 04 8e c3 b7 e7 6a ba f6 07 b6 e0 10 41 99 59 6f a6 ec fc db 7d 2b 65 f4 1c 7e d3 66 f4 ce f8 f2 2d 3b 0a e9 86 5a 63 29 b5 cd 50 14 4d 21 c0 39 a6 41 12 0e f0 54 39 7a 5c 3a 0a 12 a5 42 20 14 29 21 42 0e d1 72 95 08 22 54 28 2b 90 4c ae 94 2b a5 01 4a e9 42 b9 07 4a e5 cb 90 74 a9 42 a5 07 12 8a 50 ae 40 72 ba 50 a9 40 4a 65 42 ed 50 48 32 8e 50 01 08 82 8a 30 53 98 92 d1 2a cb 1b 08 0f 2a 90 0a 21 70 b8 ac a9 65 74 a1 72 85 43 0a eb a1 06 17 4a 02 5d 08 73 2e 2e 94 04 0c 28 26 50 4a 99 40 c6 14 79 a1 27 34 28 2e 50 34 b9 0e 64 b9 51 28 19 99 46 64 b9 5d 2a 86 4c a2 4a 95 32 81 b2 a0 ba 10 02 a0 95 34 a9 25 74 a0 5c 2e a8 68 ba 6b 42 4b 53 8c b4 28 18 4c 2a ee 2a 1c f2 82 50 49 2b a5 04 ae 95 50 72 ba 50 4a e4 07 2b 90 ae 40 48 4a 89 5d 28 89 50 b9
                                                Data Ascii: jAYo}+e~f-;Zc)PM!9AT9z\:B )!Br"T(+L+JBJtBP@rP@JeBPH2P0S**!petrCJ]s..(&PJ@y'4(.P4dQ(Fd]*LJ24%t\.hkBKS(L**PI+PrPJ+@HJ](P
                                                2025-04-02 10:51:07 UTC16384INData Raw: 54 66 48 35 0a 1c eb 5a 4d ac e6 53 99 55 ce 88 54 29 a3 6b 39 97 66 55 f3 92 a7 32 9a 36 b0 1c 8e 52 1a 51 ca ce 9a 95 e6 03 03 9f 87 24 5f 30 56 31 c3 eb 29 7a cc f3 4a d2 a5 0f 58 27 e3 87 d6 52 f5 99 e6 82 39 4c 7d 40 ef f3 56 b1 22 29 3b 81 f2 49 e5 16 17 d2 0d 6e a6 75 30 35 45 5b 13 4e ad 37 f3 44 3b 28 be b0 82 79 3c 46 14 1f c2 ef d4 a3 93 9e d6 54 2c 2e 19 de f7 10 d1 73 11 b7 77 9a a9 c9 98 87 bc ba 94 c3 05 37 10 d0 34 39 9b df b7 69 28 79 3a d8 e0 06 99 9f e4 54 6b 48 c6 d7 7d 2a a7 29 03 6c 80 03 b5 df af 84 27 63 cc d0 11 bf de a2 b6 06 ae 2e bf 40 74 74 cc 6c 35 f6 f7 2b b9 30 fc d7 f9 82 20 13 a9 8d 38 5d 02 39 2d a4 e1 1e 00 92 5f a0 d7 46 a7 60 39 2c d1 78 ac f3 d2 17 ca 36 13 da 9c ca b3 87 73 a8 37 9b 00 80 dc cd 89 ed 84 ac 06 7a c6
                                                Data Ascii: TfH5ZMSUT)k9fU26RQ$_0V1)zJX'R9L}@V");Inu05E[N7D;(y<FT,.sw749i(y:TkH}*)l'c.@ttl5+0 8]9-_F`9,x6s7z
                                                2025-04-02 10:51:07 UTC7952INData Raw: 1d 40 e1 5e a9 04 e8 c8 dc 25 be f8 51 52 ce 93 2a 0d 99 1e ab b6 83 69 52 68 68 89 00 fb 15 aa 2d b3 c4 eb 4d c8 2a 08 60 6e e1 ee 54 66 f2 bd 27 3f 11 47 2c f5 0e 86 24 ca b2 c0 ec 0e 08 9a 42 4b 5c 2d 3a ce b1 bb b1 5b c5 50 6b de c7 9d 5a c1 1d f2 aa 63 da 4e 06 a6 53 04 39 ba 6c b8 41 73 07 5d 95 da 1e c3 2d 3b 54 b6 8e 4a d9 c1 b1 cd e2 56 7f 24 d0 34 79 c7 cd cb 5c e8 3a 5b 6f 1f 72 bb 81 c5 b7 14 d0 ed 08 30 e1 f7 5d 1a 7c ea 14 54 d0 1f e6 c9 fc 4f 43 85 e8 f3 a7 f0 9f 35 6a 9d 20 da a2 a6 a6 6f de ab d1 68 02 a7 6b 5d e6 83 2b 17 4c d5 a1 94 7f e4 a7 fd 4a f0 ac d0 69 b0 9b b8 54 02 4e e2 2d f3 bb b5 04 06 d1 7f 16 7f 52 0a cc f4 2f 8b 0e 73 da 5a 82 dd 5b d4 27 79 72 9f b1 4b 8f f5 28 ad e9 1d c4 a2 fb 14 fd 6f ea 40 ac d1 4c ef 2e f8 2c 8e 5c
                                                Data Ascii: @^%QR*iRhh-M*`nTf'?G,$BK\-:[PkZcNS9lAs]-;TJV$4y\:[or0]|TOC5j ohk]+LJiTN-R/sZ['yrK(o@L.,\
                                                2025-04-02 10:51:07 UTC16384INData Raw: fc 7d c8 2a d8 fe 66 29 6c 73 8f e3 ee 4b ac 40 3d ec 51 57 29 75 87 7a a0 1a d1 5c bd e4 35 81 b9 64 90 2f 33 17 57 a8 c6 61 75 83 8e 73 5b 58 9d b0 a4 1a b5 dc da 98 49 04 65 24 dc 5c 6d 54 db 88 c3 b1 ad a2 d0 e7 18 ca 09 80 2f ed 46 d7 4f 26 07 4f df f3 72 c7 a5 7a 8c be d0 8b a6 b6 3a bb a8 bd ae 66 51 23 52 d0 48 e1 29 fc 93 88 75 76 d5 2f 71 74 06 ea 77 e6 54 b9 50 66 73 44 ec f7 05 6f 91 e8 d4 a4 ca b9 c1 12 1b 12 3d 64 b0 8c 8a f0 d7 b8 0b 1c c5 6a d2 13 c9 ec 9f c7 e6 e4 9f f0 ea b5 5e 5c 04 49 3a db f7 5a 74 f0 47 e8 ed a0 48 04 66 b8 be a4 fc 52 8f 2f cc 93 bf 45 af 8b 64 e1 e2 62 5d f0 56 c6 1b 07 48 e5 aa f1 3f 89 e1 a8 99 88 a3 87 61 75 52 00 cc 60 c1 3a 20 c9 c2 e0 5e 6a b1 cd 04 80 e6 93 02 d6 2b 63 1f 85 75 78 0d 12 2d b9 70 e5 36 3d c1
                                                Data Ascii: }*f)lsK@=QW)uz\5d/3Waus[XIe$\mT/FO&Orz:fQ#RH)uv/qtwTPfsDo=dj^\I:ZtGHfR/Edb]VH?auR`: ^j+cux-p6=
                                                2025-04-02 10:51:07 UTC8048INData Raw: 34 cc 45 e5 66 d5 d2 c6 0a b8 a1 52 a8 74 dd c0 5b bd 68 d5 a8 1f 44 41 da 7d e9 14 70 f4 99 a3 47 7d fc d5 81 61 10 a4 5a cc c3 55 7d 1a 4d 80 60 17 12 03 49 3a a6 62 83 aa d0 76 50 4b 89 26 00 bd e1 69 5f 39 20 44 85 02 b0 60 32 40 e2 40 41 97 86 0e 6b 98 e3 4d fd 17 12 6d bf e0 ad 72 93 4e 21 a5 8c b9 b6 c3 b0 ca 63 f1 74 da d3 f5 8c 9f 5c 24 bb 1b 87 69 f4 80 eb a4 95 4d 07 0b 4a ab 32 b9 c2 40 74 f6 ea 9d 8e a2 ec 53 4b 59 69 03 5f d9 07 f8 96 19 ad 8c c4 f0 61 41 fe 2d 87 07 47 1e e1 f1 40 da c1 d4 46 77 09 1d 9d aa b6 22 b6 66 ba 99 16 92 26 7b 50 62 79 5a 9d 51 01 a4 77 85 49 f8 d6 ba 60 6a 67 55 3a 55 ca 27 9b 66 50 0d 8d ba 5a 71 df ee 56 4e 24 be 93 58 47 54 44 ce ab 23 e9 c4 68 3c d4 1c 73 f6 01 e1 fb ab d2 76 6f d0 5a e1 0e 75 e5 5f c1 b9 b8
                                                Data Ascii: 4EfRt[hDA}pG}aZU}M`I:bvPK&i_9 D`2@@AkMmrN!ct\$iMJ2@tSKYi_aA-G@Fw"f&{PbyZQwI`jgU:U'fPZqVN$XGTD#h<svoZu_


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                11192.168.2.84972840.126.24.814435832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2025-04-02 10:51:07 UTC3539OUTPOST /common/instrumentation/dssostatus HTTP/1.1
                                                Host: login.microsoftonline.com
                                                Connection: keep-alive
                                                Content-Length: 67
                                                sec-ch-ua-platform: "Windows"
                                                hpgid: 1104
                                                sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                                hpgact: 1800
                                                canary: PAQABDgEAAABVrSpeuWamRam2jAF1XRQEmw4KBqIu9i6dC9o_6efAj_ux_wwsQa-oC0Lal3_3kKzHeKrQX2vW3-WII8N88QvFzVMbs3Jx6_nF6f2ZsanxUVUg5hU8oiLiSw9jIy13X4qd6zDJGOy0wxsuDPb8Fq1QQWv6pCsCszoe-JGs3y7k5raRm2fDz83CB-MMA0z27y5i-jDcFNgjId-60800chS5koc1Wh97apYAD0AYvEQk7CAA
                                                sec-ch-ua-mobile: ?0
                                                client-request-id: 21dbc2b4-3cbc-41ed-9f3c-0dbc75fc0c8f
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                Accept: application/json
                                                hpgrequestid: 72ed7ed3-75ea-4739-8f69-285087861100
                                                Content-type: application/json; charset=UTF-8
                                                Origin: https://login.microsoftonline.com
                                                Sec-Fetch-Site: same-origin
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DYVtkRE25M_ZZDf-6T1FR4Yjad5bP-n_eTJ0M3Ae5TM_ESKltd-CCbdWJ5QBzZZRqjqgES7faEbgOA470JRH40urpDLxRk9jv7pHNUvOy7FIQ-qj99l3YP4qDk-aV7ypiE1bX5Z3_qMwzUSwBLSAF7y2eec0Vs4WMITSLI5EJDJg3xXKZOzflXWCraNZ9ACKMuf8huqjYmj8kbXWG9SmWc3k3cSMCA0oWf51Q7XpKvhXHHxICZNIrNFLkGoxxD43lEV0cL__CNYO9cOaZpvPtkcTjA85n2YXNLIqnfPj5s5rdm4j08Own3syhiJTuZ7cVRfwoYn_sbSDPb_dYKmbyFppdsepWsT8b6F9eDoqOkY7GI8Ci18OdOPHclNSEL8CZgRwOy8dPCXr25SoLIalM5OtYaC2SOXVEFj8CIVINqJNUFT00HxZlfJLniduCQU-6uyFXc4Mrwl-YB874rnfxNt6jubtFeOE524JAYqT4-ZIayrn6_5rsyHshb14VgRZe0YO338whIaQkZ0UrFzaJ1tZ1S64OKSnlAF7270LQovRa5nu87XnaWHUd0UVjDsuPLbQ9lsksU6SkbdFfV323kUU5SJjKKoutvG8bMifAbBvxG-D--FZPCUP3G3TtQV8xJw7SNfvNa1LpmVBPfL7vMdRoj02lDSr_Oh-o04T-Jvz6xUPEarg7Vc5AF6OlvFELymZAeBDh4oZoK66U7JrX2CMdpIxAee [TRUNCATED]
                                                Accept-Encoding: gzip, deflate, br, zstd
                                                Accept-Language: en-US,en;q=0.9
                                                Cookie: rrc=1; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-L7lu82brbzg=AQABCQEAAABVrSpeuWamRam2jAF1XRQER2jqJRhygbI5Oml3fpaSIxJKuAXHcLTwnGxfA1pQTXkhODjKTuq2i6I9fOBAXu-JTdyBr8r5zghTvxww91ERqPLxMHRXxPtrQAaa_-0IN1vws-SdaWt06UCA7jjQui6d_RpVk5yeK5GGtMmjTfWTASAA; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=1.AUcALQ3SmSOJ2EW5rVA4yXWC40xQYEazRXRGpwlxlRprB2MNAQBHAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEM1kRqPCWGklqdgKVcFpG6xOqvGSQ8VnndyyZDp3Ijx6uKc9gDJ9FZkTOfcf7WlLe3p99zNDX13sd2UmVgupCuqIbSfLSU4INPkVg-ANwGeogAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEZRSTBWPhrKD6uw87ZeI86m76ZMdE8fdTWu2QDl4s9yDU1M5lH3LmgkKSdv96zDwzexqiy53kXe-X_0VD-v5sebrP_8ERsopdI44kiamRRVgDk8naUCvx0GJzGUiz9Mj7B5AF0UXTqQbXtALEo7WR636sUC7IhWsogHl8Ic3TuUAgAA; esctx-LHGHrFTK27M=AQABCQEAAABVrSpeuWamRam2jAF1XRQEmy29c6S1dqJJ9R-MeWfQ21ZG6zzWiCgQedp0UfQOI-1mlzlaqzrNzJ-WD8Q4PqDIxHkHxY7XhODkWJLKiJEY_TKGvjIJrdntiQiwjxrY4jHYVHoDikH7zA7ouwXCDkdpZN7zQOTqqyG4QRElivIbRCAA; fpc=AvDAnQt0nJlPrSSx6rgg6P6S0IzrAQAAAJENf98OAAAA; MicrosoftApplicationsTelemetryDevice [TRUNCATED]
                                                2025-04-02 10:51:07 UTC67OUTData Raw: 7b 22 72 65 73 75 6c 74 43 6f 64 65 22 3a 32 2c 22 73 73 6f 44 65 6c 61 79 22 3a 30 2c 22 6c 6f 67 22 3a 22 50 72 6f 62 65 20 69 6d 61 67 65 20 65 72 72 6f 72 20 65 76 65 6e 74 20 66 69 72 65 64 22 7d
                                                Data Ascii: {"resultCode":2,"ssoDelay":0,"log":"Probe image error event fired"}
                                                2025-04-02 10:51:07 UTC1777INHTTP/1.1 200 OK
                                                Cache-Control: no-store, no-cache
                                                Pragma: no-cache
                                                Content-Type: application/json; charset=utf-8
                                                Expires: -1
                                                Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                X-Content-Type-Options: nosniff
                                                Access-Control-Allow-Origin: https://autologon.microsoftazuread-sso.com/
                                                Access-Control-Allow-Credentials: true
                                                Access-Control-Allow-Methods: POST, OPTIONS
                                                P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                client-request-id: 21dbc2b4-3cbc-41ed-9f3c-0dbc75fc0c8f
                                                x-ms-request-id: abc15bb6-ee17-4ee6-a521-229eadfd3f00
                                                x-ms-ests-server: 2.1.20393.4 - SEC ProdSlices
                                                report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+bno"}]}
                                                nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
                                                x-ms-srs: 1.P
                                                Referrer-Policy: strict-origin-when-cross-origin
                                                Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-aQ_O8VtVpSrIFRIShLskuA' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All
                                                X-XSS-Protection: 0
                                                Set-Cookie: fpc=AvDAnQt0nJlPrSSx6rgg6P6S0IzrAQAAAJENf98OAAAA; expires=Fri, 02-May-2025 10:51:07 GMT; path=/; secure; HttpOnly; SameSite=None
                                                Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
                                                Date: Wed, 02 Apr 2025 10:51:07 GMT
                                                Connection: close
                                                Content-Length: 265
                                                2025-04-02 10:51:07 UTC265INData Raw: 7b 22 61 70 69 43 61 6e 61 72 79 22 3a 22 50 41 51 41 42 44 67 45 41 41 41 42 56 72 53 70 65 75 57 61 6d 52 61 6d 32 6a 41 46 31 58 52 51 45 57 35 61 5f 75 58 78 67 36 65 73 5f 30 37 77 6a 45 72 48 72 57 64 69 33 46 33 58 66 54 7a 59 6c 63 39 73 34 5a 45 35 68 64 58 31 50 50 49 73 32 78 47 70 63 2d 37 68 43 62 4d 35 72 50 4c 63 58 32 35 63 43 52 5f 57 55 61 63 39 6d 61 42 4e 66 4c 4a 6a 63 47 48 67 49 42 4d 7a 59 46 50 55 59 70 45 31 30 63 75 71 39 67 67 2d 35 6c 4f 59 55 63 38 66 6c 4f 48 54 33 52 57 6e 43 50 79 63 59 70 38 4b 7a 33 62 58 4d 66 39 46 55 51 47 76 79 4b 78 5f 50 53 79 7a 51 33 57 72 6d 72 4a 6b 45 37 56 44 6f 38 54 4b 4a 33 6f 6a 4d 34 4f 32 65 64 68 4a 36 6c 79 36 4e 34 4a 59 4f 34 63 75 69 67 31 6c 48 43 4e 66 57 72 31 4d 57 61 76 6c 74
                                                Data Ascii: {"apiCanary":"PAQABDgEAAABVrSpeuWamRam2jAF1XRQEW5a_uXxg6es_07wjErHrWdi3F3XfTzYlc9s4ZE5hdX1PPIs2xGpc-7hCbM5rPLcX25cCR_WUac9maBNfLJjcGHgIBMzYFPUYpE10cuq9gg-5lOYUc8flOHT3RWnCPycYp8Kz3bXMf9FUQGvyKx_PSyzQ3WrmrJkE7VDo8TKJ3ojM4O2edhJ6ly6N4JYO4cuig1lHCNfWr1MWavlt


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                12192.168.2.84973023.209.72.94435832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2025-04-02 10:51:07 UTC740OUTGET /c1c6b6c8-p0ecqkormrlmmajgzx9e3jyt1y-ehy5oslrpngftngy/logintenantbranding/0/bannerlogo?ts=638260620761652122 HTTP/1.1
                                                Host: aadcdn.msauthimages.net
                                                Connection: keep-alive
                                                sec-ch-ua-platform: "Windows"
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                                sec-ch-ua-mobile: ?0
                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: no-cors
                                                Sec-Fetch-Dest: image
                                                Sec-Fetch-Storage-Access: active
                                                Referer: https://login.microsoftonline.com/
                                                Accept-Encoding: gzip, deflate, br, zstd
                                                Accept-Language: en-US,en;q=0.9
                                                2025-04-02 10:51:08 UTC710INHTTP/1.1 200 OK
                                                Content-Length: 2889
                                                Content-Type: image/*
                                                Content-MD5: Qjs3EBxwwYY/jZl9ZGzF7w==
                                                Last-Modified: Thu, 27 Jul 2023 13:41:16 GMT
                                                ETag: 0x8DB8EA726C19FEF
                                                x-ms-request-id: 9ccdcf94-d01e-0060-66fc-676910000000
                                                x-ms-version: 2009-09-19
                                                x-ms-lease-status: unlocked
                                                x-ms-blob-type: BlockBlob
                                                Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                                Access-Control-Allow-Origin: *
                                                Cache-Control: public, max-age=86341
                                                Date: Wed, 02 Apr 2025 10:51:08 GMT
                                                Connection: close
                                                X-Content-Type-Options: nosniff
                                                Akamai-GRN: 0.8904d217.1743591068.2d52289
                                                2025-04-02 10:51:08 UTC2889INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 18 00 00 00 3c 08 06 00 00 00 bd c4 a5 18 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 0a fb 49 44 41 54 78 9c ed 9d 3d 6f 63 c7 15 86 87 ab d8 f0 da 06 28 03 46 dc c4 58 19 10 b0 c1 6d 48 57 29 52 2c f7 b6 2e 4c 35 42 ba a5 7e 41 b8 3f e0 42 5c 10 69 13 aa 49 15 c0 54 e7 a8 21 dd 04 09 82 d0 24 90 da 2b 36 44 82 10 b1 54 c5 71 9c 44 44 04 ac 15 87 62 30 dc 77 b4 23 f2 de f9 ba 9f 92 ce 03 10 ab 15 2f c9 c3 11 e7 e5 99 73 ce 9c 29 2d 16 0b 46 10 04 91 06 f7 68 54 09 82 48 0b 12 18 82 20 52 e3 7b 69 0f ad e7 07 55 c6 d8 16 63 ac 8a 5f d5 56 2e 39 66 8c 9d 31 c6 4e f8 6d 32 68 0f f3 fc 73 cf 76 b7 37 61 ab b0 73 0b 37 19 61 e3 d2 e6 f2 d1 34 37 9b 3d 3f 10 f6 a9 ec 15 63 7c 86
                                                Data Ascii: PNGIHDR<pHYs~IDATx=oc(FXmHW)R,.L5B~A?B\iIT!$+6DTqDDb0w#/s)-FhTH R{iUc_V.9f1Nm2hsv7as7a47=?c|


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                13192.168.2.84973423.209.72.94435832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2025-04-02 10:51:08 UTC494OUTGET /c1c6b6c8-p0ecqkormrlmmajgzx9e3jyt1y-ehy5oslrpngftngy/logintenantbranding/0/bannerlogo?ts=638260620761652122 HTTP/1.1
                                                Host: aadcdn.msauthimages.net
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Sec-Fetch-Storage-Access: active
                                                Accept-Encoding: gzip, deflate, br, zstd
                                                Accept-Language: en-US,en;q=0.9
                                                2025-04-02 10:51:09 UTC710INHTTP/1.1 200 OK
                                                Content-Length: 2889
                                                Content-Type: image/*
                                                Content-MD5: Qjs3EBxwwYY/jZl9ZGzF7w==
                                                Last-Modified: Thu, 27 Jul 2023 13:41:16 GMT
                                                ETag: 0x8DB8EA726C19FEF
                                                x-ms-request-id: 9ccdcf94-d01e-0060-66fc-676910000000
                                                x-ms-version: 2009-09-19
                                                x-ms-lease-status: unlocked
                                                x-ms-blob-type: BlockBlob
                                                Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                                Access-Control-Allow-Origin: *
                                                Cache-Control: public, max-age=86340
                                                Date: Wed, 02 Apr 2025 10:51:09 GMT
                                                Connection: close
                                                X-Content-Type-Options: nosniff
                                                Akamai-GRN: 0.8904d217.1743591069.2d5233d
                                                2025-04-02 10:51:09 UTC2889INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 18 00 00 00 3c 08 06 00 00 00 bd c4 a5 18 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 0a fb 49 44 41 54 78 9c ed 9d 3d 6f 63 c7 15 86 87 ab d8 f0 da 06 28 03 46 dc c4 58 19 10 b0 c1 6d 48 57 29 52 2c f7 b6 2e 4c 35 42 ba a5 7e 41 b8 3f e0 42 5c 10 69 13 aa 49 15 c0 54 e7 a8 21 dd 04 09 82 d0 24 90 da 2b 36 44 82 10 b1 54 c5 71 9c 44 44 04 ac 15 87 62 30 dc 77 b4 23 f2 de f9 ba 9f 92 ce 03 10 ab 15 2f c9 c3 11 e7 e5 99 73 ce 9c 29 2d 16 0b 46 10 04 91 06 f7 68 54 09 82 48 0b 12 18 82 20 52 e3 7b 69 0f ad e7 07 55 c6 d8 16 63 ac 8a 5f d5 56 2e 39 66 8c 9d 31 c6 4e f8 6d 32 68 0f f3 fc 73 cf 76 b7 37 61 ab b0 73 0b 37 19 61 e3 d2 e6 f2 d1 34 37 9b 3d 3f 10 f6 a9 ec 15 63 7c 86
                                                Data Ascii: PNGIHDR<pHYs~IDATx=oc(FXmHW)R,.L5B~A?B\iIT!$+6DTqDDb0w#/s)-FhTH R{iUc_V.9f1Nm2hsv7as7a47=?c|


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                14192.168.2.84973240.126.24.1464435832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2025-04-02 10:51:08 UTC1559OUTGET /common/instrumentation/dssostatus HTTP/1.1
                                                Host: login.microsoftonline.com
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Sec-Fetch-Storage-Access: active
                                                Accept-Encoding: gzip, deflate, br, zstd
                                                Accept-Language: en-US,en;q=0.9
                                                Cookie: rrc=1; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-L7lu82brbzg=AQABCQEAAABVrSpeuWamRam2jAF1XRQER2jqJRhygbI5Oml3fpaSIxJKuAXHcLTwnGxfA1pQTXkhODjKTuq2i6I9fOBAXu-JTdyBr8r5zghTvxww91ERqPLxMHRXxPtrQAaa_-0IN1vws-SdaWt06UCA7jjQui6d_RpVk5yeK5GGtMmjTfWTASAA; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=1.AUcALQ3SmSOJ2EW5rVA4yXWC40xQYEazRXRGpwlxlRprB2MNAQBHAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEM1kRqPCWGklqdgKVcFpG6xOqvGSQ8VnndyyZDp3Ijx6uKc9gDJ9FZkTOfcf7WlLe3p99zNDX13sd2UmVgupCuqIbSfLSU4INPkVg-ANwGeogAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEZRSTBWPhrKD6uw87ZeI86m76ZMdE8fdTWu2QDl4s9yDU1M5lH3LmgkKSdv96zDwzexqiy53kXe-X_0VD-v5sebrP_8ERsopdI44kiamRRVgDk8naUCvx0GJzGUiz9Mj7B5AF0UXTqQbXtALEo7WR636sUC7IhWsogHl8Ic3TuUAgAA; esctx-LHGHrFTK27M=AQABCQEAAABVrSpeuWamRam2jAF1XRQEmy29c6S1dqJJ9R-MeWfQ21ZG6zzWiCgQedp0UfQOI-1mlzlaqzrNzJ-WD8Q4PqDIxHkHxY7XhODkWJLKiJEY_TKGvjIJrdntiQiwjxrY4jHYVHoDikH7zA7ouwXCDkdpZN7zQOTqqyG4QRElivIbRCAA; fpc=AvDAnQt0nJlPrSSx6rgg6P6S0IzrAQAAAJENf98OAAAA; MicrosoftApplicationsTelemetryDevice [TRUNCATED]
                                                2025-04-02 10:51:09 UTC1723INHTTP/1.1 200 OK
                                                Cache-Control: no-store, no-cache
                                                Pragma: no-cache
                                                Content-Type: application/json; charset=utf-8
                                                Expires: -1
                                                Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                X-Content-Type-Options: nosniff
                                                Access-Control-Allow-Origin: https://autologon.microsoftazuread-sso.com/
                                                Access-Control-Allow-Credentials: true
                                                Access-Control-Allow-Methods: POST, OPTIONS
                                                P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                x-ms-request-id: 543be60d-f813-4ba1-abf1-0eadd35f2b00
                                                x-ms-ests-server: 2.1.20393.4 - NEULR1 ProdSlices
                                                report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+bno"}]}
                                                nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
                                                x-ms-srs: 1.P
                                                Referrer-Policy: strict-origin-when-cross-origin
                                                Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-R1zpBnStH3H13d78X_YgAg' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All
                                                X-XSS-Protection: 0
                                                Set-Cookie: fpc=AvDAnQt0nJlPrSSx6rgg6P6S0IzrAQAAAJENf98OAAAA; expires=Fri, 02-May-2025 10:51:09 GMT; path=/; secure; HttpOnly; SameSite=None
                                                Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
                                                Date: Wed, 02 Apr 2025 10:51:09 GMT
                                                Connection: close
                                                Content-Length: 164
                                                2025-04-02 10:51:09 UTC164INData Raw: 7b 22 65 72 72 6f 72 22 3a 7b 22 63 6f 64 65 22 3a 36 31 30 30 2c 22 73 74 73 45 72 72 6f 72 22 3a 22 41 41 44 53 54 53 39 30 30 35 36 31 22 2c 22 63 6f 72 72 65 6c 61 74 69 6f 6e 49 64 22 3a 22 36 32 37 66 66 62 63 36 2d 39 39 35 32 2d 34 66 61 30 2d 61 65 39 39 2d 39 39 65 62 65 31 34 33 36 66 64 34 22 2c 22 74 69 6d 65 73 74 61 6d 70 22 3a 22 32 30 32 35 2d 30 34 2d 30 32 20 31 30 3a 35 31 3a 30 39 5a 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 41 41 44 53 54 53 39 30 30 35 36 31 22 7d 7d
                                                Data Ascii: {"error":{"code":6100,"stsError":"AADSTS900561","correlationId":"627ffbc6-9952-4fa0-ae99-99ebe1436fd4","timestamp":"2025-04-02 10:51:09Z","message":"AADSTS900561"}}


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                15192.168.2.84974140.126.24.814435832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2025-04-02 10:51:19 UTC3540OUTPOST /99d20d2d-8923-45d8-b9ad-5038c97582e3/login HTTP/1.1
                                                Host: login.microsoftonline.com
                                                Connection: keep-alive
                                                Content-Length: 2704
                                                Cache-Control: max-age=0
                                                sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                                sec-ch-ua-mobile: ?0
                                                sec-ch-ua-platform: "Windows"
                                                Origin: https://login.microsoftonline.com
                                                Content-Type: application/x-www-form-urlencoded
                                                Upgrade-Insecure-Requests: 1
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Sec-Fetch-Site: same-origin
                                                Sec-Fetch-Mode: navigate
                                                Sec-Fetch-User: ?1
                                                Sec-Fetch-Dest: document
                                                Referer: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DYVtkRE25M_ZZDf-6T1FR4Yjad5bP-n_eTJ0M3Ae5TM_ESKltd-CCbdWJ5QBzZZRqjqgES7faEbgOA470JRH40urpDLxRk9jv7pHNUvOy7FIQ-qj99l3YP4qDk-aV7ypiE1bX5Z3_qMwzUSwBLSAF7y2eec0Vs4WMITSLI5EJDJg3xXKZOzflXWCraNZ9ACKMuf8huqjYmj8kbXWG9SmWc3k3cSMCA0oWf51Q7XpKvhXHHxICZNIrNFLkGoxxD43lEV0cL__CNYO9cOaZpvPtkcTjA85n2YXNLIqnfPj5s5rdm4j08Own3syhiJTuZ7cVRfwoYn_sbSDPb_dYKmbyFppdsepWsT8b6F9eDoqOkY7GI8Ci18OdOPHclNSEL8CZgRwOy8dPCXr25SoLIalM5OtYaC2SOXVEFj8CIVINqJNUFT00HxZlfJLniduCQU-6uyFXc4Mrwl-YB874rnfxNt6jubtFeOE524JAYqT4-ZIayrn6_5rsyHshb14VgRZe0YO338whIaQkZ0UrFzaJ1tZ1S64OKSnlAF7270LQovRa5nu87XnaWHUd0UVjDsuPLbQ9lsksU6SkbdFfV323kUU5SJjKKoutvG8bMifAbBvxG-D--FZPCUP3G3TtQV8xJw7SNfvNa1LpmVBPfL7vMdRoj02lDSr_Oh-o04T-Jvz6xUPEarg7Vc5AF6OlvFELymZAeBDh4oZoK66U7JrX2CMdpIxAee [TRUNCATED]
                                                Accept-Encoding: gzip, deflate, br, zstd
                                                Accept-Language: en-US,en;q=0.9
                                                Cookie: rrc=1; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-L7lu82brbzg=AQABCQEAAABVrSpeuWamRam2jAF1XRQER2jqJRhygbI5Oml3fpaSIxJKuAXHcLTwnGxfA1pQTXkhODjKTuq2i6I9fOBAXu-JTdyBr8r5zghTvxww91ERqPLxMHRXxPtrQAaa_-0IN1vws-SdaWt06UCA7jjQui6d_RpVk5yeK5GGtMmjTfWTASAA; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=1.AUcALQ3SmSOJ2EW5rVA4yXWC40xQYEazRXRGpwlxlRprB2MNAQBHAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEM1kRqPCWGklqdgKVcFpG6xOqvGSQ8VnndyyZDp3Ijx6uKc9gDJ9FZkTOfcf7WlLe3p99zNDX13sd2UmVgupCuqIbSfLSU4INPkVg-ANwGeogAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEZRSTBWPhrKD6uw87ZeI86m76ZMdE8fdTWu2QDl4s9yDU1M5lH3LmgkKSdv96zDwzexqiy53kXe-X_0VD-v5sebrP_8ERsopdI44kiamRRVgDk8naUCvx0GJzGUiz9Mj7B5AF0UXTqQbXtALEo7WR636sUC7IhWsogHl8Ic3TuUAgAA; esctx-LHGHrFTK27M=AQABCQEAAABVrSpeuWamRam2jAF1XRQEmy29c6S1dqJJ9R-MeWfQ21ZG6zzWiCgQedp0UfQOI-1mlzlaqzrNzJ-WD8Q4PqDIxHkHxY7XhODkWJLKiJEY_TKGvjIJrdntiQiwjxrY4jHYVHoDikH7zA7ouwXCDkdpZN7zQOTqqyG4QRElivIbRCAA; fpc=AvDAnQt0nJlPrSSx6rgg6P6S0IzrAQAAAJENf98OAAAA; MicrosoftApplicationsTelemetryDevice [TRUNCATED]
                                                2025-04-02 10:51:19 UTC2704OUTData Raw: 69 31 33 3d 30 26 6c 6f 67 69 6e 3d 72 69 63 68 61 72 64 2e 70 61 72 6b 69 6e 73 6f 6e 25 34 30 6f 63 73 2e 63 6f 6d 26 6c 6f 67 69 6e 66 6d 74 3d 72 69 63 68 61 72 64 2e 70 61 72 6b 69 6e 73 6f 6e 25 34 30 6f 63 73 2e 63 6f 6d 26 74 79 70 65 3d 31 31 26 4c 6f 67 69 6e 4f 70 74 69 6f 6e 73 3d 33 26 6c 72 74 3d 26 6c 72 74 50 61 72 74 69 74 69 6f 6e 3d 26 68 69 73 52 65 67 69 6f 6e 3d 26 68 69 73 53 63 61 6c 65 55 6e 69 74 3d 26 70 61 73 73 77 64 3d 67 39 38 76 25 37 44 74 25 34 30 51 58 6a 54 58 57 25 37 44 25 34 30 33 26 70 73 3d 32 26 70 73 52 4e 47 43 44 65 66 61 75 6c 74 54 79 70 65 3d 26 70 73 52 4e 47 43 45 6e 74 72 6f 70 79 3d 26 70 73 52 4e 47 43 53 4c 4b 3d 26 63 61 6e 61 72 79 3d 4b 38 64 4f 7a 45 64 6b 4c 74 47 49 63 7a 6f 51 55 35 38 34 46 30
                                                Data Ascii: i13=0&login=richard.parkinson%40ocs.com&loginfmt=richard.parkinson%40ocs.com&type=11&LoginOptions=3&lrt=&lrtPartition=&hisRegion=&hisScaleUnit=&passwd=g98v%7Dt%40QXjTXW%7D%403&ps=2&psRNGCDefaultType=&psRNGCEntropy=&psRNGCSLK=&canary=K8dOzEdkLtGIczoQU584F0
                                                2025-04-02 10:51:20 UTC2809INHTTP/1.1 200 OK
                                                Cache-Control: no-store, no-cache
                                                Pragma: no-cache
                                                Content-Type: text/html; charset=utf-8
                                                Expires: -1
                                                Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                X-Content-Type-Options: nosniff
                                                X-Frame-Options: DENY
                                                Link: <https://aadcdn.msauth.net>; rel=preconnect; crossorigin,<https://aadcdn.msauth.net>; rel=dns-prefetch,<https://aadcdn.msftauth.net>; rel=dns-prefetch
                                                X-DNS-Prefetch-Control: on
                                                P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                x-ms-request-id: 7276260c-6207-4d3e-94cd-6c795ecd3700
                                                x-ms-ests-server: 2.1.20393.4 - FRC ProdSlices
                                                report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+bno"}]}
                                                nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
                                                x-ms-srs: 1.P
                                                Referrer-Policy: strict-origin-when-cross-origin
                                                Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-dRZqo7SNs7fqUVk4UCA57g' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All
                                                X-XSS-Protection: 0
                                                Set-Cookie: esctx-LHGHrFTK27M=; domain=.login.microsoftonline.com; expires=Tue, 01-Apr-2025 10:51:19 GMT; path=/; SameSite=None
                                                Set-Cookie: buid=1.AUcALQ3SmSOJ2EW5rVA4yXWC40xQYEazRXRGpwlxlRprB2MNAQBHAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEaqYnEE_NH-NiOYYxwtyEZbc5KyEsP9oPnfpxunSUeJQc0WqE8nuffE5EnS2WDfF5pJXMKjRPp8x_6VAOoOmTHj6Yzn7DJVR9XFjhCymUM6wgAA; expires=Fri, 02-May-2025 10:51:20 GMT; path=/; secure; HttpOnly; SameSite=None
                                                Set-Cookie: esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEi3MkOUIQ2Fw79jfrIoXX6UNhMXAclAKQsHOf0CORWtc7S4FxSR7tZJuOABST9OyOwJ0UTI4sepbX41fLcMlq-QIxi3gOAJ2bW_rDQc3T9O-9cT6Mu8cGNHZ55n3BF8LliKeGdDKUt3IqQVS0id35PJgpbcmnsEn6G7XQE4SmioIgAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
                                                Set-Cookie: esctx-x5LoupbTc5Y=AQABCQEAAABVrSpeuWamRam2jAF1XRQEOLlevFSddZD8XtHHmuEG9WPLxXL3hdqJM6J7XA0kTM-z9J-H76fIWyTOaB1KMpDB63DW_PtI_C1kB13ludzLmtXk-PIa9H0355qDQ1bQCEFxzaTwSnFt4FCYXmYGPyaz3bPO5xT8cwyz_L3gPrrTFSAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
                                                Set-Cookie: fpc=AvDAnQt0nJlPrSSx6rgg6P6S0IzrAQAAAJENf98OAAAALGRsDAEAAACnDX_fDgAAAA; expires=Fri, 02-May-2025 10:51:20 GMT; path=/; secure; HttpOnly; SameSite=None
                                                Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
                                                Date: Wed, 02 Apr 2025 10:51:20 GMT
                                                Connection: close
                                                Content-Length: 56795
                                                2025-04-02 10:51:20 UTC13575INData Raw: 0d 0a 0d 0a 3c 21 2d 2d 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 20 2d 2d 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 63 6c 61 73 73 3d 22 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 69 67 6e 20 69 6e 20 74 6f 20 79 6f 75 72 20 61 63 63 6f 75 6e 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20
                                                Data Ascii: ... Copyright (C) Microsoft Corporation. All rights reserved. --><!DOCTYPE html><html dir="ltr" class="" lang="en"><head> <title>Sign in to your account</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
                                                2025-04-02 10:51:20 UTC16384INData Raw: 69 4b 49 34 45 5a 77 32 56 55 52 46 31 49 71 69 4f 36 36 4b 67 67 69 72 59 4b 4b 43 79 6c 55 70 4b 73 75 52 4a 79 4b 62 6f 53 69 6d 77 4d 48 50 73 34 35 66 42 5f 6e 64 5f 49 34 58 51 49 6c 74 41 52 65 32 45 52 4c 36 50 35 46 53 4a 4b 41 41 4e 42 47 49 47 48 68 43 43 51 70 69 4a 67 55 59 42 41 4b 5a 51 6a 55 4a 43 31 41 6b 58 6a 36 31 4d 6e 64 54 37 2d 38 65 2d 48 6d 35 66 76 73 52 35 64 50 33 5a 7a 2d 5f 75 54 56 61 38 58 6e 68 33 6d 65 5a 50 74 37 65 33 34 30 38 33 4d 7a 39 2d 4d 6f 4b 34 31 39 4f 34 32 7a 32 4d 74 4c 64 6a 7a 65 2d 36 78 59 76 46 30 73 5f 6c 49 73 76 72 4f 78 68 51 49 63 66 32 5f 6a 58 4f 72 62 51 7a 4e 31 53 6f 6d 5a 6a 76 77 6f 69 36 4e 58 59 6a 74 37 4a 4c 36 32 63 52 46 6e 50 4e 77 6a 4d 51 77 42 44 6b 55 68 30 4d 5a 4d 78 45 4c 52
                                                Data Ascii: iKI4EZw2VURF1IqiO66KggirYKKCylUpKsuRJyKboSimwMHPs45fB_nd_I4XQIltARe2ERL6P5FSJKAANBGIGHhCCQpiJgUYBAKZQjUJC1AkXj61MndT7-8e-Hm5fvsR5dP3Zz-_uTVa8Xnh3meZPt7e34083Mz9-MoK419O42z2MtLdjze-6xYvF0s_lIsvrOxhQIcf2_jXOrbQzN1SomZjvwoi6NXYjt7JL62cRFnPNwjMQwBDkUh0MZMxELR
                                                2025-04-02 10:51:20 UTC16384INData Raw: 74 48 4f 6c 54 78 30 78 33 62 75 31 54 49 37 6e 34 52 4a 6b 53 5a 76 70 57 37 78 37 50 6a 4f 7a 6e 57 63 43 66 43 41 78 44 41 45 65 42 53 46 51 42 65 7a 45 51 64 46 74 34 4a 49 41 73 55 44 7a 33 4d 59 33 48 6d 77 63 30 6c 6c 35 2d 55 59 65 7a 62 53 50 4e 7a 34 54 33 62 4f 42 57 6b 2d 74 62 4b 30 4b 44 5f 65 5f 57 70 66 7a 66 78 45 38 72 67 30 53 58 79 33 72 44 30 37 38 35 4d 79 64 50 38 53 32 4d 6e 54 7a 4d 5f 4c 30 43 39 75 6a 66 72 6c 52 42 4d 77 6f 6d 57 5a 4a 68 38 67 5a 41 38 56 4e 54 69 4b 62 49 39 77 4f 6b 68 69 2d 54 30 5a 74 48 44 57 4a 33 6f 74 53 39 43 62 63 65 6b 68 48 4f 64 34 41 35 6e 6f 6e 6d 78 4d 55 35 74 46 73 31 4e 42 70 77 4a 62 63 45 35 56 46 6c 4a 41 31 68 6f 51 7a 50 4f 4d 56 31 62 61 68 49 6b 57 56 4e 5a 6f 47 77 74 31 54 59 6c 53
                                                Data Ascii: tHOlTx0x3bu1TI7n4RJkSZvpW7x7PjOznWcCfCAxDAEeBSFQBezEQdFt4JIAsUDz3MY3Hmwc0ll5-UYezbSPNz4T3bOBWk-tbK0KD_e_WpfzfxE8rg0SXy3rD0785MydP8S2MnTzM_L0C9ujfrlRBMwomWZJh8gZA8VNTiKbI9wOkhi-T0ZtHDWJ3otS9CbcekhHOd4A5nonmxMU5tFs1NBpwJbcE5VFlJA1hoQzPOMV1bahIkWVNZoGwt1TYlS
                                                2025-04-02 10:51:20 UTC10452INData Raw: 62 73 74 72 69 6e 67 28 74 5b 6e 5d 2e 6c 65 6e 67 74 68 29 3b 72 65 74 75 72 6e 22 68 74 74 70 73 3a 2f 2f 22 21 3d 3d 74 5b 6e 5d 2e 73 75 62 73 74 72 69 6e 67 28 30 2c 22 68 74 74 70 73 3a 2f 2f 22 2e 6c 65 6e 67 74 68 29 26 26 28 6f 3d 22 68 74 74 70 73 3a 2f 2f 22 2b 6f 2c 69 3d 69 2e 73 75 62 73 74 72 69 6e 67 28 22 68 74 74 70 73 3a 2f 2f 22 2e 6c 65 6e 67 74 68 29 29 2c 6f 2b 69 7d 7d 72 65 74 75 72 6e 20 72 7d 69 66 28 21 28 62 26 26 62 2e 6c 65 6e 67 74 68 3e 31 29 29 7b 72 65 74 75 72 6e 20 72 7d 66 6f 72 28 76 61 72 20 61 3d 30 3b 61 3c 62 2e 6c 65 6e 67 74 68 3b 61 2b 2b 29 7b 69 66 28 30 3d 3d 3d 72 2e 69 6e 64 65 78 4f 66 28 62 5b 61 5d 29 29 7b 72 65 74 75 72 6e 20 62 5b 61 2b 31 3c 62 2e 6c 65 6e 67 74 68 3f 61 2b 31 3a 30 5d 2b 72 2e 73
                                                Data Ascii: bstring(t[n].length);return"https://"!==t[n].substring(0,"https://".length)&&(o="https://"+o,i=i.substring("https://".length)),o+i}}return r}if(!(b&&b.length>1)){return r}for(var a=0;a<b.length;a++){if(0===r.indexOf(b[a])){return b[a+1<b.length?a+1:0]+r.s


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                16192.168.2.84974040.126.24.814435832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2025-04-02 10:51:57 UTC2414OUTPOST /99d20d2d-8923-45d8-b9ad-5038c97582e3/login HTTP/1.1
                                                Host: login.microsoftonline.com
                                                Connection: keep-alive
                                                Content-Length: 2797
                                                Cache-Control: max-age=0
                                                sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                                sec-ch-ua-mobile: ?0
                                                sec-ch-ua-platform: "Windows"
                                                Origin: https://login.microsoftonline.com
                                                Content-Type: application/x-www-form-urlencoded
                                                Upgrade-Insecure-Requests: 1
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Sec-Fetch-Site: same-origin
                                                Sec-Fetch-Mode: navigate
                                                Sec-Fetch-User: ?1
                                                Sec-Fetch-Dest: document
                                                Referer: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/login
                                                Accept-Encoding: gzip, deflate, br, zstd
                                                Accept-Language: en-US,en;q=0.9
                                                Cookie: rrc=1; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-L7lu82brbzg=AQABCQEAAABVrSpeuWamRam2jAF1XRQER2jqJRhygbI5Oml3fpaSIxJKuAXHcLTwnGxfA1pQTXkhODjKTuq2i6I9fOBAXu-JTdyBr8r5zghTvxww91ERqPLxMHRXxPtrQAaa_-0IN1vws-SdaWt06UCA7jjQui6d_RpVk5yeK5GGtMmjTfWTASAA; AADSSO=NA|NoExtension; esctx-LHGHrFTK27M=AQABCQEAAABVrSpeuWamRam2jAF1XRQEmy29c6S1dqJJ9R-MeWfQ21ZG6zzWiCgQedp0UfQOI-1mlzlaqzrNzJ-WD8Q4PqDIxHkHxY7XhODkWJLKiJEY_TKGvjIJrdntiQiwjxrY4jHYVHoDikH7zA7ouwXCDkdpZN7zQOTqqyG4QRElivIbRCAA; MicrosoftApplicationsTelemetryDeviceId=787c672d-e892-42a7-b382-264c5337ed25; brcap=0; ai_session=GvHwnIkYwdWfKYlFoy6qyo|1743591065117|1743591065117; MSFPC=GUID=6acfc41a739d4a019088af90f9bc58c0&HASH=6acf&LV=202504&V=4&LU=1743591072024; buid=1.AUcALQ3SmSOJ2EW5rVA4yXWC40xQYEazRXRGpwlxlRprB2MNAQBHAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEaqYnEE_NH-NiOYYxwtyEZbc5KyEsP9oPnfpxunSUeJQc0WqE8nuffE5EnS2WDfF5pJXMKjRPp8x_6VAOoOmTHj6Yzn7DJVR9XFjhCymUM6wgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEi3MkOUIQ2Fw79jfrIoXX6UNhMXAclAKQsHOf0CORWtc7S4 [TRUNCATED]
                                                2025-04-02 10:51:57 UTC2797OUTData Raw: 69 31 33 3d 30 26 6c 6f 67 69 6e 3d 72 69 63 68 61 72 64 2e 70 61 72 6b 69 6e 73 6f 6e 25 34 30 6f 63 73 2e 63 6f 6d 26 6c 6f 67 69 6e 66 6d 74 3d 72 69 63 68 61 72 64 2e 70 61 72 6b 69 6e 73 6f 6e 25 34 30 6f 63 73 2e 63 6f 6d 26 74 79 70 65 3d 31 31 26 4c 6f 67 69 6e 4f 70 74 69 6f 6e 73 3d 33 26 6c 72 74 3d 26 6c 72 74 50 61 72 74 69 74 69 6f 6e 3d 26 68 69 73 52 65 67 69 6f 6e 3d 26 68 69 73 53 63 61 6c 65 55 6e 69 74 3d 26 70 61 73 73 77 64 3d 62 25 33 43 56 66 55 67 41 6a 34 66 38 7a 54 74 6a 5f 26 70 73 3d 32 26 70 73 52 4e 47 43 44 65 66 61 75 6c 74 54 79 70 65 3d 26 70 73 52 4e 47 43 45 6e 74 72 6f 70 79 3d 26 70 73 52 4e 47 43 53 4c 4b 3d 26 63 61 6e 61 72 79 3d 4b 38 64 4f 7a 45 64 6b 4c 74 47 49 63 7a 6f 51 55 35 38 34 46 30 4a 44 39 63 6f 71
                                                Data Ascii: i13=0&login=richard.parkinson%40ocs.com&loginfmt=richard.parkinson%40ocs.com&type=11&LoginOptions=3&lrt=&lrtPartition=&hisRegion=&hisScaleUnit=&passwd=b%3CVfUgAj4f8zTtj_&ps=2&psRNGCDefaultType=&psRNGCEntropy=&psRNGCSLK=&canary=K8dOzEdkLtGIczoQU584F0JD9coq
                                                2025-04-02 10:51:58 UTC2809INHTTP/1.1 200 OK
                                                Cache-Control: no-store, no-cache
                                                Pragma: no-cache
                                                Content-Type: text/html; charset=utf-8
                                                Expires: -1
                                                Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                X-Content-Type-Options: nosniff
                                                X-Frame-Options: DENY
                                                Link: <https://aadcdn.msauth.net>; rel=preconnect; crossorigin,<https://aadcdn.msauth.net>; rel=dns-prefetch,<https://aadcdn.msftauth.net>; rel=dns-prefetch
                                                X-DNS-Prefetch-Control: on
                                                P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                x-ms-request-id: 6191cd63-31df-45b1-bcd4-d78260973b00
                                                x-ms-ests-server: 2.1.20393.4 - SEC ProdSlices
                                                report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+bno"}]}
                                                nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
                                                x-ms-srs: 1.P
                                                Referrer-Policy: strict-origin-when-cross-origin
                                                Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-rg20_T9NBeO1r9siVqK6Ig' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All
                                                X-XSS-Protection: 0
                                                Set-Cookie: esctx-x5LoupbTc5Y=; domain=.login.microsoftonline.com; expires=Tue, 01-Apr-2025 10:51:57 GMT; path=/; SameSite=None
                                                Set-Cookie: buid=1.AUcALQ3SmSOJ2EW5rVA4yXWC40xQYEazRXRGpwlxlRprB2MNAQBHAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEi40WsKJiD4u_BOywE9-f2fzCx8JrIdJfRQd8qDkutWBt5u41ZlDnuJJtk1BF5hGmegakSm4axqsRcodnbvNQ116Yt8L17Hwq6DKA-E0U4u8gAA; expires=Fri, 02-May-2025 10:51:57 GMT; path=/; secure; HttpOnly; SameSite=None
                                                Set-Cookie: esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEerYQadUuafcA4i_NIyhRMsJTiKlD0o6D92rBtgd4tfo-xUnkCu_bzDX7v3Gcp4PIgEYw_g9P9VhcMjIOlQEHxXituxkQDjE6L_5pAmdaWumUJLBDaBN5pCRt7yT-tJw44qf-YVEhkwMvjIj1OlekUNCRo2lVHw2V9tpJZXgzQBggAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
                                                Set-Cookie: esctx-OpcxbYD5Hq8=AQABCQEAAABVrSpeuWamRam2jAF1XRQEVbJ8DAeNnvsLUkv_WQMH9wzCkZl2OA0eq-7Ip-xTMrczgjflVXr4c-UJw_XfnJdJWuozg4-I21hOQKLkqwQN3VURHen2suA-UEOcypQK1M3Ln8IFRDIDTZf_55QW9B8fVLTcmYwNZReJ0FHaD2ykRiAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
                                                Set-Cookie: fpc=AvDAnQt0nJlPrSSx6rgg6P6S0IzrAQAAAJENf98OAAAALGRsDAIAAACnDX_fDgAAAA; expires=Fri, 02-May-2025 10:51:58 GMT; path=/; secure; HttpOnly; SameSite=None
                                                Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
                                                Date: Wed, 02 Apr 2025 10:51:58 GMT
                                                Connection: close
                                                Content-Length: 56761
                                                2025-04-02 10:51:58 UTC13575INData Raw: 0d 0a 0d 0a 3c 21 2d 2d 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 20 2d 2d 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 63 6c 61 73 73 3d 22 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 69 67 6e 20 69 6e 20 74 6f 20 79 6f 75 72 20 61 63 63 6f 75 6e 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20
                                                Data Ascii: ... Copyright (C) Microsoft Corporation. All rights reserved. --><!DOCTYPE html><html dir="ltr" class="" lang="en"><head> <title>Sign in to your account</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
                                                2025-04-02 10:51:58 UTC16384INData Raw: 51 76 66 56 55 45 45 52 61 42 52 55 50 55 71 68 49 54 7a 32 49 4f 42 57 39 43 45 55 76 48 33 7a 77 35 5f 73 2d 5f 6e 2d 2d 33 2d 6d 54 5a 41 32 73 51 54 58 77 78 55 32 6f 42 68 31 63 52 48 45 63 78 45 44 55 42 6c 44 4d 51 67 41 55 4a 31 44 41 4a 45 41 4b 49 43 41 4b 67 30 7a 63 41 67 6b 63 79 5a 34 2d 76 66 76 70 6c 33 63 76 33 4c 78 38 76 5f 37 52 35 54 4d 33 79 39 2d 66 76 48 71 74 2d 73 4b 34 4b 4e 4c 38 59 48 5f 66 6a 32 64 2d 59 52 5a 2d 45 75 65 31 69 57 39 6e 53 5a 35 34 52 63 31 4f 4a 76 75 66 56 61 75 33 71 39 56 66 71 74 56 33 4e 72 59 67 45 45 48 65 32 7a 69 66 2d 66 62 59 7a 4a 78 61 61 6d 61 68 48 2d 64 4a 5f 45 70 69 35 34 5f 45 31 7a 59 75 49 70 53 48 65 44 67 4d 41 36 42 44 45 41 42 71 77 79 5a 67 51 64 44 36 49 42 79 44 45 4d 39 78 4c 41
                                                Data Ascii: QvfVUEERaBRUPUqhITz2IOBW9CEUvH3zw5_s-_n--3-mTZA2sQTXwxU2oBh1cRHEcxEDUBlDMQgAUJ1DAJEAKICAKg0zcAgkcyZ4-vfvpl3cv3Lx8v_7R5TM3y9-fvHqt-sK4KNL8YH_fj2d-YRZ-Eue1iW9nSZ54Rc1OJvufVau3q9VfqtV3NrYgEEHe2zif-fbYzJxaamahH-dJ_Epi54_E1zYuIpSHeDgMA6BDEABqwyZgQdD6IByDEM9xLA
                                                2025-04-02 10:51:58 UTC16384INData Raw: 38 5a 2d 63 47 51 67 56 49 67 4d 4d 77 41 48 6f 45 41 61 41 75 62 41 4d 4f 42 47 30 46 34 52 69 45 42 4a 37 6e 55 49 6a 7a 63 4f 65 79 30 71 36 72 4b 66 78 38 5a 45 57 34 38 5a 5f 75 6e 41 2d 79 59 6d 62 6c 57 56 6c 39 73 76 76 31 6e 70 4c 37 4b 65 5f 52 57 5a 72 36 62 74 56 36 66 75 61 6e 56 65 6a 2d 4a 56 41 74 73 74 77 76 71 74 41 76 6a 79 66 44 4b 74 5a 59 47 4a 4d 73 30 32 51 43 41 42 39 41 6e 49 5a 4f 49 74 76 44 48 42 56 49 4c 58 38 67 67 42 4c 53 39 72 47 42 5a 4c 46 36 4c 36 6b 38 67 4b 59 64 62 79 52 67 5f 5a 4f 4e 61 57 72 7a 61 48 37 4b 36 6b 52 67 73 38 36 70 30 6b 59 4a 55 4e 43 36 4b 46 67 58 4f 53 4f 75 74 4a 69 4b 46 6b 54 65 6c 59 32 46 73 69 59 34 76 67 5f 4d 49 34 70 4b 6b 49 6d 4b 7a 70 6b 59 73 49 66 45 4f 67 39 5a 79 42 6c 6a 4a 6d
                                                Data Ascii: 8Z-cGQgVIgMMwAHoEAaAubAMOBG0F4RiEBJ7nUIjzcOey0q6rKfx8ZEW48Z_unA-yYmblWVl9svv1npL7Ke_RWZr6btV6fuanVej-JVAtstwvqtAvjyfDKtZYGJMs02QCAB9AnIZOItvDHBVILX8ggBLS9rGBZLF6L6k8gKYdbyRg_ZONaWrzaH7K6kRgs86p0kYJUNC6KFgXOSOutJiKFkTelY2FsiY4vg_MI4pKkImKzpkYsIfEOg9ZyBljJm
                                                2025-04-02 10:51:58 UTC10418INData Raw: 2f 2f 22 21 3d 3d 74 5b 6e 5d 2e 73 75 62 73 74 72 69 6e 67 28 30 2c 22 68 74 74 70 73 3a 2f 2f 22 2e 6c 65 6e 67 74 68 29 26 26 28 6f 3d 22 68 74 74 70 73 3a 2f 2f 22 2b 6f 2c 69 3d 69 2e 73 75 62 73 74 72 69 6e 67 28 22 68 74 74 70 73 3a 2f 2f 22 2e 6c 65 6e 67 74 68 29 29 2c 6f 2b 69 7d 7d 72 65 74 75 72 6e 20 72 7d 69 66 28 21 28 62 26 26 62 2e 6c 65 6e 67 74 68 3e 31 29 29 7b 72 65 74 75 72 6e 20 72 7d 66 6f 72 28 76 61 72 20 61 3d 30 3b 61 3c 62 2e 6c 65 6e 67 74 68 3b 61 2b 2b 29 7b 69 66 28 30 3d 3d 3d 72 2e 69 6e 64 65 78 4f 66 28 62 5b 61 5d 29 29 7b 72 65 74 75 72 6e 20 62 5b 61 2b 31 3c 62 2e 6c 65 6e 67 74 68 3f 61 2b 31 3a 30 5d 2b 72 2e 73 75 62 73 74 72 69 6e 67 28 62 5b 61 5d 2e 6c 65 6e 67 74 68 29 7d 7d 72 65 74 75 72 6e 20 72 7d 66 75
                                                Data Ascii: //"!==t[n].substring(0,"https://".length)&&(o="https://"+o,i=i.substring("https://".length)),o+i}}return r}if(!(b&&b.length>1)){return r}for(var a=0;a<b.length;a++){if(0===r.indexOf(b[a])){return b[a+1<b.length?a+1:0]+r.substring(b[a].length)}}return r}fu


                                                020406080s020406080100

                                                Click to jump to process

                                                020406080s0.0050100MB

                                                Click to jump to process

                                                Target ID:0
                                                Start time:06:50:37
                                                Start date:02/04/2025
                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                                                Imagebase:0x7ff6ba840000
                                                File size:3'388'000 bytes
                                                MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:low
                                                Has exited:false

                                                Target ID:1
                                                Start time:06:50:38
                                                Start date:02/04/2025
                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2116,i,18411507413408680836,5379153762494912250,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2172 /prefetch:3
                                                Imagebase:0x7ff6ba840000
                                                File size:3'388'000 bytes
                                                MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:low
                                                Has exited:false

                                                Target ID:4
                                                Start time:06:50:44
                                                Start date:02/04/2025
                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d99d20d2d-8923-45d8-b9ad-5038c97582e3%26user%3d1e1aadac-fe48-43cc-8022-e2f9bbd92e33%26ticket%3dlLVj1lKTxCDGt1cqkCQXytiMqw4wvbQIxUgS7dyj1lA%25253d%26ver%3d2.0"
                                                Imagebase:0x7ff6ba840000
                                                File size:3'388'000 bytes
                                                MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:low
                                                Has exited:true
                                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                No disassembly