Edit tour

Windows Analysis Report
https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d99d20d2d-8923-45d8-b9ad-5038c97582e3%26user%3d1e1aadac-fe48-43cc-8022-e2f9bbd92e33%26ticket%3dlLVj1lKTxCDGt1cqkCQXytiMqw4wvbQIxUgS7dyj1lA%253d%26ver%3d2.0

Overview

General Information

Sample URL:https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d99d20d2d-8923-45d8-b9ad-5038c97582e3%26user%3d1e1aadac-fe48-43cc-8022-e2f9bbd92e33%26ticket%3
Analysis ID:1654629
Infos:

Detection

Score:48
Range:0 - 100
Confidence:100%

Signatures

Suricata IDS alerts for network traffic
Creates files inside the system directory
Deletes files inside the Windows folder
Detected hidden input values containing email addresses (often used in phishing pages)
Detected suspicious crossdomain redirect
HTML body contains low number of good links
HTML title does not match URL

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • chrome.exe (PID: 60 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 1628 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2056,i,15854164184118796374,10831690738144022138,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2084 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 7056 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d99d20d2d-8923-45d8-b9ad-5038c97582e3%26user%3d1e1aadac-fe48-43cc-8022-e2f9bbd92e33%26ticket%3dlLVj1lKTxCDGt1cqkCQXytiMqw4wvbQIxUgS7dyj1lA%25253d%26ver%3d2.0" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-04-02T13:36:05.248482+020028321801Successful Credential Theft Detected192.168.2.64974340.126.29.8443TCP
2025-04-02T13:36:32.719245+020028321801Successful Credential Theft Detected192.168.2.64974440.126.29.8443TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-04-02T13:36:05.248482+020028460451Successful Credential Theft Detected192.168.2.64974340.126.29.8443TCP
2025-04-02T13:36:32.719245+020028460451Successful Credential Theft Detected192.168.2.64974440.126.29.8443TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-04-02T13:36:05.248482+020028320461Successful Credential Theft Detected192.168.2.64974340.126.29.8443TCP
2025-04-02T13:36:32.719245+020028320461Successful Credential Theft Detected192.168.2.64974440.126.29.8443TCP

Click to jump to signature section

Show All Signature Results
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DWmEn4Xg5_cdsyNcY-T3-ScEJLLB6iSTYtlCSQ4O2uXdjTlBMMpAhHAj1O9VfFqBuXscTipOA1JEED6kEOlKBod492UHENDdZ-9s6aYjI8_h3joryCd7bMu7O7wmpSh6oj254tXwVBlFnJFmkOK_2nWQ6Al62wztUuWgxoQaPM78HC7s6iNpJOpJdwse6eTMRgXqSRhiXJtDWaeItoX_hfrkLwZSrKQVLufQnbooZjoD27YvHfkUeAct52Pp3H_e7CH8BlIuVExtUPeCBiKURlVJJkpFCplXDXqBgxajjl0rc7ZLpjI7CcuW63SedK9gy9a1zIoPrQgM4JL9-fhNPWGDFcEQWLHVL7uy2-zzuUOBZqS_mrfHS9kNOVOarjXmtBPq_tbmTLPYTDSr0j1Vk2RO8GuFu0nZ_5fh-xWcLUVxn0KneiNGmH9VLsG1fIR-HuPWw8tVMysB1yEYVgOWrrpIm10gefC4ffCS1kSQvM5nPBoETzhtwSkZq3O00IMw6KMEiTOScmEKqo0tBS3ly7b2I6xb7Eru7xnwrMlb7YjArWrqqco1usJs3FNz5mLmjhhvCoeBpIfsjqJf_7Az5fA8QjYPji32SN651bgQE1PCPM8luzEVlYLZIKB_gStd9xxttwQRoQfsRtveZILol1lWBqTVGFnwcUSB7SXoS80VAkB2YPPXZHuG_PqA_OwY9z-QY233ZmzH_xxBgS4R9QiF7y2iNnneoUa7NRG1L1l4zARcWfNPPW9Ju-W1F67eu2meBHrjLwxyy2iouWBtk_g&response_mode=form_post&nonce=155da9ce-6ffb-4b87-951f-01eaac26babb&lc=1033&login_hint=richard.parkinson%40ocs.com&invitation_username=Richard.parkinson%40ocs.com&invite_redirect_url=https%3A%2F%2Fmyapplications.microsoft.com%2F%3Ftenantid%3D99d20d2d-8923-45d8-b9ad-5038c97582e3&x-client-SKU=ID_NET462&x-client-ver=8.0.1.0&sso_reload=trueHTTP Parser: richard.parkinson@ocs.com
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DWmEn4Xg5_cdsyNcY-T3-ScEJLLB6iSTYtlCSQ4O2uXdjTlBMMpAhHAj1O9VfFqBuXscTipOA1JEED6kEOlKBod492UHENDdZ-9s6aYjI8_h3joryCd7bMu7O7wmpSh6oj254tXwVBlFnJFmkOK_2nWQ6Al62wztUuWgxoQaPM78HC7s6iNpJOpJdwse6eTMRgXqSRhiXJtDWaeItoX_hfrkLwZSrKQVLufQnbooZjoD27YvHfkUeAct52Pp3H_e7CH8BlIuVExtUPeCBiKURlVJJkpFCplXDXqBgxajjl0rc7ZLpjI7CcuW63SedK9gy9a1zIoPrQgM4JL9-fhNPWGDFcEQWLHVL7uy2-zzuUOBZqS_mrfHS9kNOVOarjXmtBPq_tbmTLPYTDSr0j1Vk2RO8GuFu0nZ_5fh-xWcLUVxn0KneiNGmH9VLsG1fIR-HuPWw8tVMysB1yEYVgOWrrpIm10gefC4ffCS1kSQvM5nPBoETzhtwSkZq3O00IMw6KMEiTOScmEKqo0tBS3ly7b2I6xb7Eru7xnwrMlb7YjArWrqqco1usJs3FNz5mLmjhhvCoeBpIfsjqJf_7Az5fA8QjYPji32SN651bgQE1PCPM8luzEVlYLZIKB_gStd9xxttwQRoQfsRtveZILol1lWBqTVGFnwcUSB7SXoS80VAkB2YPPXZHuG_PqA_OwY9z-QY233ZmzH_xxBgS4R9QiF7y2iNnneoUa7NRG1...HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DWmEn4Xg5_cdsyNcY-T3-ScEJLLB6iSTYtlCSQ4O2uXdjTlBMMpAhHAj1O9VfFqBuXscTipOA1JEED6kEOlKBod492UHENDdZ-9s6aYjI8_h3joryCd7bMu7O7wmpSh6oj254tXwVBlFnJFmkOK_2nWQ6Al62wztUuWgxoQaPM78HC7s6iNpJOpJdwse6eTMRgXqSRhiXJtDWaeItoX_hfrkLwZSrKQVLufQnbooZjoD27YvHfkUeAct52Pp3H_e7CH8BlIuVExtUPeCBiKURlVJJkpFCplXDXqBgxajjl0rc7ZLpjI7CcuW63SedK9gy9a1zIoPrQgM4JL9-fhNPWGDFcEQWLHVL7uy2-zzuUOBZqS_mrfHS9kNOVOarjXmtBPq_tbmTLPYTDSr0j1Vk2RO8GuFu0nZ_5fh-xWcLUVxn0KneiNGmH9VLsG1fIR-HuPWw8tVMysB1yEYVgOWrrpIm10gefC4ffCS1kSQvM5nPBoETzhtwSkZq3O00IMw6KMEiTOScmEKqo0tBS3ly7b2I6xb7Eru7xnwrMlb7YjArWrqqco1usJs3FNz5mLmjhhvCoeBpIfsjqJf_7Az5fA8QjYPji32SN651bgQE1PCPM8luzEVlYLZIKB_gStd9xxttwQRoQfsRtveZILol1lWBqTVGFnwcUSB7SXoS80VAkB2YPPXZHuG_PqA_OwY9z-QY233ZmzH_xxBgS4R9QiF7y2iNnneoUa7NRG1...HTTP Parser: Title: Redirecting does not match URL
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/loginHTTP Parser: Title: Sign in to your account does not match URL
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DWmEn4Xg5_cdsyNcY-T3-ScEJLLB6iSTYtlCSQ4O2uXdjTlBMMpAhHAj1O9VfFqBuXscTipOA1JEED6kEOlKBod492UHENDdZ-9s6aYjI8_h3joryCd7bMu7O7wmpSh6oj254tXwVBlFnJFmkOK_2nWQ6Al62wztUuWgxoQaPM78HC7s6iNpJOpJdwse6eTMRgXqSRhiXJtDWaeItoX_hfrkLwZSrKQVLufQnbooZjoD27YvHfkUeAct52Pp3H_e7CH8BlIuVExtUPeCBiKURlVJJkpFCplXDXqBgxajjl0rc7ZLpjI7CcuW63SedK9gy9a1zIoPrQgM4JL9-fhNPWGDFcEQWLHVL7uy2-zzuUOBZqS_mrfHS9kNOVOarjXmtBPq_tbmTLPYTDSr0j1Vk2RO8GuFu0nZ_5fh-xWcLUVxn0KneiNGmH9VLsG1fIR-HuPWw8tVMysB1yEYVgOWrrpIm10gefC4ffCS1kSQvM5nPBoETzhtwSkZq3O00IMw6KMEiTOScmEKqo0tBS3ly7b2I6xb7Eru7xnwrMlb7YjArWrqqco1usJs3FNz5mLmjhhvCoeBpIfsjqJf_7Az5fA8QjYPji32SN651bgQE1PCPM8luzEVlYLZIKB_gStd9xxttwQRoQfsRtveZILol1lWBqTVGFnwcUSB7SXoS80VAkB2YPPXZHuG_PqA_OwY9z-QY233ZmzH_xxBgS4R9QiF7y2iNnneoUa7NRG1...HTTP Parser: <input type="password" .../> found
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/loginHTTP Parser: <input type="password" .../> found
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DWmEn4Xg5_cdsyNcY-T3-ScEJLLB6iSTYtlCSQ4O2uXdjTlBMMpAhHAj1O9VfFqBuXscTipOA1JEED6kEOlKBod492UHENDdZ-9s6aYjI8_h3joryCd7bMu7O7wmpSh6oj254tXwVBlFnJFmkOK_2nWQ6Al62wztUuWgxoQaPM78HC7s6iNpJOpJdwse6eTMRgXqSRhiXJtDWaeItoX_hfrkLwZSrKQVLufQnbooZjoD27YvHfkUeAct52Pp3H_e7CH8BlIuVExtUPeCBiKURlVJJkpFCplXDXqBgxajjl0rc7ZLpjI7CcuW63SedK9gy9a1zIoPrQgM4JL9-fhNPWGDFcEQWLHVL7uy2-zzuUOBZqS_mrfHS9kNOVOarjXmtBPq_tbmTLPYTDSr0j1Vk2RO8GuFu0nZ_5fh-xWcLUVxn0KneiNGmH9VLsG1fIR-HuPWw8tVMysB1yEYVgOWrrpIm10gefC4ffCS1kSQvM5nPBoETzhtwSkZq3O00IMw6KMEiTOScmEKqo0tBS3ly7b2I6xb7Eru7xnwrMlb7YjArWrqqco1usJs3FNz5mLmjhhvCoeBpIfsjqJf_7Az5fA8QjYPji32SN651bgQE1PCPM8luzEVlYLZIKB_gStd9xxttwQRoQfsRtveZILol1lWBqTVGFnwcUSB7SXoS80VAkB2YPPXZHuG_PqA_OwY9z-QY233ZmzH_xxBgS4R9QiF7y2iNnneoUa7NRG1...HTTP Parser: No favicon
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DWmEn4Xg5_cdsyNcY-T3-ScEJLLB6iSTYtlCSQ4O2uXdjTlBMMpAhHAj1O9VfFqBuXscTipOA1JEED6kEOlKBod492UHENDdZ-9s6aYjI8_h3joryCd7bMu7O7wmpSh6oj254tXwVBlFnJFmkOK_2nWQ6Al62wztUuWgxoQaPM78HC7s6iNpJOpJdwse6eTMRgXqSRhiXJtDWaeItoX_hfrkLwZSrKQVLufQnbooZjoD27YvHfkUeAct52Pp3H_e7CH8BlIuVExtUPeCBiKURlVJJkpFCplXDXqBgxajjl0rc7ZLpjI7CcuW63SedK9gy9a1zIoPrQgM4JL9-fhNPWGDFcEQWLHVL7uy2-zzuUOBZqS_mrfHS9kNOVOarjXmtBPq_tbmTLPYTDSr0j1Vk2RO8GuFu0nZ_5fh-xWcLUVxn0KneiNGmH9VLsG1fIR-HuPWw8tVMysB1yEYVgOWrrpIm10gefC4ffCS1kSQvM5nPBoETzhtwSkZq3O00IMw6KMEiTOScmEKqo0tBS3ly7b2I6xb7Eru7xnwrMlb7YjArWrqqco1usJs3FNz5mLmjhhvCoeBpIfsjqJf_7Az5fA8QjYPji32SN651bgQE1PCPM8luzEVlYLZIKB_gStd9xxttwQRoQfsRtveZILol1lWBqTVGFnwcUSB7SXoS80VAkB2YPPXZHuG_PqA_OwY9z-QY233ZmzH_xxBgS4R9QiF7y2iNnneoUa7NRG1HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DWmEn4Xg5_cdsyNcY-T3-ScEJLLB6iSTYtlCSQ4O2uXdjTlBMMpAhHAj1O9VfFqBuXscTipOA1JEED6kEOlKBod492UHENDdZ-9s6aYjI8_h3joryCd7bMu7O7wmpSh6oj254tXwVBlFnJFmkOK_2nWQ6Al62wztUuWgxoQaPM78HC7s6iNpJOpJdwse6eTMRgXqSRhiXJtDWaeItoX_hfrkLwZSrKQVLufQnbooZjoD27YvHfkUeAct52Pp3H_e7CH8BlIuVExtUPeCBiKURlVJJkpFCplXDXqBgxajjl0rc7ZLpjI7CcuW63SedK9gy9a1zIoPrQgM4JL9-fhNPWGDFcEQWLHVL7uy2-zzuUOBZqS_mrfHS9kNOVOarjXmtBPq_tbmTLPYTDSr0j1Vk2RO8GuFu0nZ_5fh-xWcLUVxn0KneiNGmH9VLsG1fIR-HuPWw8tVMysB1yEYVgOWrrpIm10gefC4ffCS1kSQvM5nPBoETzhtwSkZq3O00IMw6KMEiTOScmEKqo0tBS3ly7b2I6xb7Eru7xnwrMlb7YjArWrqqco1usJs3FNz5mLmjhhvCoeBpIfsjqJf_7Az5fA8QjYPji32SN651bgQE1PCPM8luzEVlYLZIKB_gStd9xxttwQRoQfsRtveZILol1lWBqTVGFnwcUSB7SXoS80VAkB2YPPXZHuG_PqA_OwY9z-QY233ZmzH_xxBgS4R9QiF7y2iNnneoUa7NRG1HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DWmEn4Xg5_cdsyNcY-T3-ScEJLLB6iSTYtlCSQ4O2uXdjTlBMMpAhHAj1O9VfFqBuXscTipOA1JEED6kEOlKBod492UHENDdZ-9s6aYjI8_h3joryCd7bMu7O7wmpSh6oj254tXwVBlFnJFmkOK_2nWQ6Al62wztUuWgxoQaPM78HC7s6iNpJOpJdwse6eTMRgXqSRhiXJtDWaeItoX_hfrkLwZSrKQVLufQnbooZjoD27YvHfkUeAct52Pp3H_e7CH8BlIuVExtUPeCBiKURlVJJkpFCplXDXqBgxajjl0rc7ZLpjI7CcuW63SedK9gy9a1zIoPrQgM4JL9-fhNPWGDFcEQWLHVL7uy2-zzuUOBZqS_mrfHS9kNOVOarjXmtBPq_tbmTLPYTDSr0j1Vk2RO8GuFu0nZ_5fh-xWcLUVxn0KneiNGmH9VLsG1fIR-HuPWw8tVMysB1yEYVgOWrrpIm10gefC4ffCS1kSQvM5nPBoETzhtwSkZq3O00IMw6KMEiTOScmEKqo0tBS3ly7b2I6xb7Eru7xnwrMlb7YjArWrqqco1usJs3FNz5mLmjhhvCoeBpIfsjqJf_7Az5fA8QjYPji32SN651bgQE1PCPM8luzEVlYLZIKB_gStd9xxttwQRoQfsRtveZILol1lWBqTVGFnwcUSB7SXoS80VAkB2YPPXZHuG_PqA_OwY9z-QY233ZmzH_xxBgS4R9QiF7y2iNnneoUa7NRG1HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/loginHTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/loginHTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DWmEn4Xg5_cdsyNcY-T3-ScEJLLB6iSTYtlCSQ4O2uXdjTlBMMpAhHAj1O9VfFqBuXscTipOA1JEED6kEOlKBod492UHENDdZ-9s6aYjI8_h3joryCd7bMu7O7wmpSh6oj254tXwVBlFnJFmkOK_2nWQ6Al62wztUuWgxoQaPM78HC7s6iNpJOpJdwse6eTMRgXqSRhiXJtDWaeItoX_hfrkLwZSrKQVLufQnbooZjoD27YvHfkUeAct52Pp3H_e7CH8BlIuVExtUPeCBiKURlVJJkpFCplXDXqBgxajjl0rc7ZLpjI7CcuW63SedK9gy9a1zIoPrQgM4JL9-fhNPWGDFcEQWLHVL7uy2-zzuUOBZqS_mrfHS9kNOVOarjXmtBPq_tbmTLPYTDSr0j1Vk2RO8GuFu0nZ_5fh-xWcLUVxn0KneiNGmH9VLsG1fIR-HuPWw8tVMysB1yEYVgOWrrpIm10gefC4ffCS1kSQvM5nPBoETzhtwSkZq3O00IMw6KMEiTOScmEKqo0tBS3ly7b2I6xb7Eru7xnwrMlb7YjArWrqqco1usJs3FNz5mLmjhhvCoeBpIfsjqJf_7Az5fA8QjYPji32SN651bgQE1PCPM8luzEVlYLZIKB_gStd9xxttwQRoQfsRtveZILol1lWBqTVGFnwcUSB7SXoS80VAkB2YPPXZHuG_PqA_OwY9z-QY233ZmzH_xxBgS4R9QiF7y2iNnneoUa7NRG1...HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DWmEn4Xg5_cdsyNcY-T3-ScEJLLB6iSTYtlCSQ4O2uXdjTlBMMpAhHAj1O9VfFqBuXscTipOA1JEED6kEOlKBod492UHENDdZ-9s6aYjI8_h3joryCd7bMu7O7wmpSh6oj254tXwVBlFnJFmkOK_2nWQ6Al62wztUuWgxoQaPM78HC7s6iNpJOpJdwse6eTMRgXqSRhiXJtDWaeItoX_hfrkLwZSrKQVLufQnbooZjoD27YvHfkUeAct52Pp3H_e7CH8BlIuVExtUPeCBiKURlVJJkpFCplXDXqBgxajjl0rc7ZLpjI7CcuW63SedK9gy9a1zIoPrQgM4JL9-fhNPWGDFcEQWLHVL7uy2-zzuUOBZqS_mrfHS9kNOVOarjXmtBPq_tbmTLPYTDSr0j1Vk2RO8GuFu0nZ_5fh-xWcLUVxn0KneiNGmH9VLsG1fIR-HuPWw8tVMysB1yEYVgOWrrpIm10gefC4ffCS1kSQvM5nPBoETzhtwSkZq3O00IMw6KMEiTOScmEKqo0tBS3ly7b2I6xb7Eru7xnwrMlb7YjArWrqqco1usJs3FNz5mLmjhhvCoeBpIfsjqJf_7Az5fA8QjYPji32SN651bgQE1PCPM8luzEVlYLZIKB_gStd9xxttwQRoQfsRtveZILol1lWBqTVGFnwcUSB7SXoS80VAkB2YPPXZHuG_PqA_OwY9z-QY233ZmzH_xxBgS4R9QiF7y2iNnneoUa7NRG1...HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DWmEn4Xg5_cdsyNcY-T3-ScEJLLB6iSTYtlCSQ4O2uXdjTlBMMpAhHAj1O9VfFqBuXscTipOA1JEED6kEOlKBod492UHENDdZ-9s6aYjI8_h3joryCd7bMu7O7wmpSh6oj254tXwVBlFnJFmkOK_2nWQ6Al62wztUuWgxoQaPM78HC7s6iNpJOpJdwse6eTMRgXqSRhiXJtDWaeItoX_hfrkLwZSrKQVLufQnbooZjoD27YvHfkUeAct52Pp3H_e7CH8BlIuVExtUPeCBiKURlVJJkpFCplXDXqBgxajjl0rc7ZLpjI7CcuW63SedK9gy9a1zIoPrQgM4JL9-fhNPWGDFcEQWLHVL7uy2-zzuUOBZqS_mrfHS9kNOVOarjXmtBPq_tbmTLPYTDSr0j1Vk2RO8GuFu0nZ_5fh-xWcLUVxn0KneiNGmH9VLsG1fIR-HuPWw8tVMysB1yEYVgOWrrpIm10gefC4ffCS1kSQvM5nPBoETzhtwSkZq3O00IMw6KMEiTOScmEKqo0tBS3ly7b2I6xb7Eru7xnwrMlb7YjArWrqqco1usJs3FNz5mLmjhhvCoeBpIfsjqJf_7Az5fA8QjYPji32SN651bgQE1PCPM8luzEVlYLZIKB_gStd9xxttwQRoQfsRtveZILol1lWBqTVGFnwcUSB7SXoS80VAkB2YPPXZHuG_PqA_OwY9z-QY233ZmzH_xxBgS4R9QiF7y2iNnneoUa7NRG1...HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/loginHTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/loginHTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 142.251.40.132:443 -> 192.168.2.6:49696 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.29.8:443 -> 192.168.2.6:49698 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.29.8:443 -> 192.168.2.6:49697 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.55.235.240:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.6:49729 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.6:49728 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.24.147:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.6:49735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.6:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.144.137:443 -> 192.168.2.6:49738 version: TLS 1.2

Networking

barindex
Source: Network trafficSuricata IDS: 2832046 - Severity 1 - ETPRO PHISHING Successful Office 365 Phish 2018-08-01 : 192.168.2.6:49743 -> 40.126.29.8:443
Source: Network trafficSuricata IDS: 2832180 - Severity 1 - ETPRO PHISHING Successful Microsoft Account Phish 2018-08-15 : 192.168.2.6:49743 -> 40.126.29.8:443
Source: Network trafficSuricata IDS: 2846045 - Severity 1 - ETPRO PHISHING Successful Microsoft Account Phish 2020-12-15 : 192.168.2.6:49743 -> 40.126.29.8:443
Source: Network trafficSuricata IDS: 2832046 - Severity 1 - ETPRO PHISHING Successful Office 365 Phish 2018-08-01 : 192.168.2.6:49744 -> 40.126.29.8:443
Source: Network trafficSuricata IDS: 2832180 - Severity 1 - ETPRO PHISHING Successful Microsoft Account Phish 2018-08-15 : 192.168.2.6:49744 -> 40.126.29.8:443
Source: Network trafficSuricata IDS: 2846045 - Severity 1 - ETPRO PHISHING Successful Microsoft Account Phish 2020-12-15 : 192.168.2.6:49744 -> 40.126.29.8:443
Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: login.microsoftonline.com to https://invitations.microsoft.com/redeem/?tenant=99d20d2d-8923-45d8-b9ad-5038c97582e3&user=1e1aadac-fe48-43cc-8022-e2f9bbd92e33&ticket=llvj1lktxcdgt1cqkcqxytimqw4wvbqixugs7dyj1la%253d&ver=2.0#
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.215
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d99d20d2d-8923-45d8-b9ad-5038c97582e3%26user%3d1e1aadac-fe48-43cc-8022-e2f9bbd92e33%26ticket%3dlLVj1lKTxCDGt1cqkCQXytiMqw4wvbQIxUgS7dyj1lA%25253d%26ver%3d2.0 HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DWmEn4Xg5_cdsyNcY-T3-ScEJLLB6iSTYtlCSQ4O2uXdjTlBMMpAhHAj1O9VfFqBuXscTipOA1JEED6kEOlKBod492UHENDdZ-9s6aYjI8_h3joryCd7bMu7O7wmpSh6oj254tXwVBlFnJFmkOK_2nWQ6Al62wztUuWgxoQaPM78HC7s6iNpJOpJdwse6eTMRgXqSRhiXJtDWaeItoX_hfrkLwZSrKQVLufQnbooZjoD27YvHfkUeAct52Pp3H_e7CH8BlIuVExtUPeCBiKURlVJJkpFCplXDXqBgxajjl0rc7ZLpjI7CcuW63SedK9gy9a1zIoPrQgM4JL9-fhNPWGDFcEQWLHVL7uy2-zzuUOBZqS_mrfHS9kNOVOarjXmtBPq_tbmTLPYTDSr0j1Vk2RO8GuFu0nZ_5fh-xWcLUVxn0KneiNGmH9VLsG1fIR-HuPWw8tVMysB1yEYVgOWrrpIm10gefC4ffCS1kSQvM5nPBoETzhtwSkZq3O00IMw6KMEiTOScmEKqo0tBS3ly7b2I6xb7Eru7xnwrMlb7YjArWrqqco1usJs3FNz5mLmjhhvCoeBpIfsjqJf_7Az5fA8QjYPji32SN651bgQE1PCPM8luzEVlYLZIKB_gStd9xxttwQRoQfsRtveZILol1lWBqTVGFnwcUSB7SXoS80VAkB2YPPXZHuG_PqA_OwY9z-QY233ZmzH_xxBgS4R9QiF7y2iNnneoUa7NRG1L1l4zARcWfNPPW9Ju-W1F67eu2meBHrjLwxyy2iouWBtk_g&response_mode=form_post&nonce=155da9ce-6ffb-4b87-951f-01eaac26babb&lc=1033&login_hint=richard.parkinson%40ocs.com&invitation_username=Richard.parkinson%40ocs.com&invite_redirect_url=https%3A%2F%2Fmyapplications.microsoft.com%2F%3Ftenantid%3D99d20d2d-8923-45d8-b9ad-5038c97582e3&x-client-SKU=ID_NET462&x-client-ver=8.0.1.0 HTTP/1.1Host: login.microsoftonline.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: rrc=1; fpc=Avy6ytys1FBNgMyfsW4Njf4; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEWt4v5VTK4zsyVGxpXB9w7sOINxJ0Qbwr0sm2Spz4o6XmSdaTjtgKVBUSKLIbweooEF2ET2B42YScz5pmIBmaVRtMxPW1ZNhQbgOiDMcE1gsWnJjgXUXEupfRIbzeB3ocaSAiStzy9tA12ZCMDVs6SkRULvrPAwsnY6WQO1P_X64gAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global trafficHTTP traffic detected: GET /99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DWmEn4Xg5_cdsyNcY-T3-ScEJLLB6iSTYtlCSQ4O2uXdjTlBMMpAhHAj1O9VfFqBuXscTipOA1JEED6kEOlKBod492UHENDdZ-9s6aYjI8_h3joryCd7bMu7O7wmpSh6oj254tXwVBlFnJFmkOK_2nWQ6Al62wztUuWgxoQaPM78HC7s6iNpJOpJdwse6eTMRgXqSRhiXJtDWaeItoX_hfrkLwZSrKQVLufQnbooZjoD27YvHfkUeAct52Pp3H_e7CH8BlIuVExtUPeCBiKURlVJJkpFCplXDXqBgxajjl0rc7ZLpjI7CcuW63SedK9gy9a1zIoPrQgM4JL9-fhNPWGDFcEQWLHVL7uy2-zzuUOBZqS_mrfHS9kNOVOarjXmtBPq_tbmTLPYTDSr0j1Vk2RO8GuFu0nZ_5fh-xWcLUVxn0KneiNGmH9VLsG1fIR-HuPWw8tVMysB1yEYVgOWrrpIm10gefC4ffCS1kSQvM5nPBoETzhtwSkZq3O00IMw6KMEiTOScmEKqo0tBS3ly7b2I6xb7Eru7xnwrMlb7YjArWrqqco1usJs3FNz5mLmjhhvCoeBpIfsjqJf_7Az5fA8QjYPji32SN651bgQE1PCPM8luzEVlYLZIKB_gStd9xxttwQRoQfsRtveZILol1lWBqTVGFnwcUSB7SXoS80VAkB2YPPXZHuG_PqA_OwY9z-QY233ZmzH_xxBgS4R9QiF7y2iNnneoUa7NRG1L1l4zARcWfNPPW9Ju-W1F67eu2meBHrjLwxyy2iouWBtk_g&response_mode=form_post&nonce=155da9ce-6ffb-4b87-951f-01eaac26babb&lc=1033&login_hint=richard.parkinson%40ocs.com&invitation_username=Richard.parkinson%40ocs.com&invite_redirect_url=https%3A%2F%2Fmyapplications.microsoft.com%2F%3Ftenantid%3D99d20d2d-8923-45d8-b9ad-5038c97582e3&x-client-SKU=ID_NET462&x-client-ver=8.0.1.0&sso_reload=true HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DWmEn4Xg5_cdsyNcY-T3-ScEJLLB6iSTYtlCSQ4O2uXdjTlBMMpAhHAj1O9VfFqBuXscTipOA1JEED6kEOlKBod492UHENDdZ-9s6aYjI8_h3joryCd7bMu7O7wmpSh6oj254tXwVBlFnJFmkOK_2nWQ6Al62wztUuWgxoQaPM78HC7s6iNpJOpJdwse6eTMRgXqSRhiXJtDWaeItoX_hfrkLwZSrKQVLufQnbooZjoD27YvHfkUeAct52Pp3H_e7CH8BlIuVExtUPeCBiKURlVJJkpFCplXDXqBgxajjl0rc7ZLpjI7CcuW63SedK9gy9a1zIoPrQgM4JL9-fhNPWGDFcEQWLHVL7uy2-zzuUOBZqS_mrfHS9kNOVOarjXmtBPq_tbmTLPYTDSr0j1Vk2RO8GuFu0nZ_5fh-xWcLUVxn0KneiNGmH9VLsG1fIR-HuPWw8tVMysB1yEYVgOWrrpIm10gefC4ffCS1kSQvM5nPBoETzhtwSkZq3O00IMw6KMEiTOScmEKqo0tBS3ly7b2I6xb7Eru7xnwrMlb7YjArWrqqco1usJs3FNz5mLmjhhvCoeBpIfsjqJf_7Az5fA8QjYPji32SN651bgQE1PCPM8luzEVlYLZIKB_gStd9xxttwQRoQfsRtveZILol1lWBqTVGFnwcUSB7SXoS80VAkB2YPPXZHuG_PqA_OwY9z-QY233ZmzH_xxBgS4R9QiF7y2iNnneoUa7NRG1L1l4zAR
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DWmEn4Xg5_cdsyNcY-T3-ScEJLLB6iSTYtlCSQ4O2uXdjTlBMMpAhHAj1O9VfFqBuXscTipOA1JEED6kEOlKBod492UHENDdZ-9s6aYjI8_h3joryCd7bMu7O7wmpSh6oj254tXwVBlFnJFmkOK_2nWQ6Al62wztUuWgxoQaPM78HC7s6iNpJOpJdwse6eTMRgXqSRhiXJtDWaeItoX_hfrkLwZSrKQVLufQnbooZjoD27YvHfkUeAct52Pp3H_e7CH8BlIuVExtUPeCBiKURlVJJkpFCplXDXqBgxajjl0rc7ZLpjI7CcuW63SedK9gy9a1zIoPrQgM4JL9-fhNPWGDFcEQWLHVL7uy2-zzuUOBZqS_mrfHS9kNOVOarjXmtBPq_tbmTLPYTDSr0j1Vk2RO8GuFu0nZ_5fh-xWcLUVxn0KneiNGmH9VLsG1fIR-HuPWw8tVMysB1yEYVgOWrrpIm10gefC4ffCS1kSQvM5nPBoETzhtwSkZq3O00IMw6KMEiTOScmEKqo0tBS3ly7b2I6xb7Eru7xnwrMlb7YjArWrqqco1usJs3FNz5mLmjhhvCoeBpIfsjqJf_7Az5fA8QjYPji32SN651bgQE1PCPM8luzEVlYLZIKB_gStd9xxttwQRoQfsRtveZILol1lWBqTVGFnwcUSB7SXoS80VAkB2YPPXZHuG_PqA_OwY9z-QY233ZmzH_xxBgS4R9QiF7y2iNnneoUa7NRG1L1l4zARcWfNPPW9Ju-W1F67eu2meBHrjLwxyy2iouWBtk_g&response_mode=form_post&nonce=155da9ce-6ffb-4b87-951f-01eaac26babb&lc=1033&login_hint=richard.parkinson%40ocs.com&invitation_username=Richard.parkinson%40ocs.com&invite_redirect_url=https%3A%2F%2Fmyapplications.microsoft.com%2F%3Ftenantid%3D99d20d2d-8923-45d8-b9ad-5038c97582e3&x-client-SKU=ID_NET462&x-client-ver=8.0.1.0Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: rrc=1; fpc=Avy6ytys1FBNgMyfsW4Njf4; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEWt4v5VTK4zsyVGxpXB9w7sOINxJ0Qbwr0sm2Spz4o6XmSdaTjtgKVBUSKLIbweooEF2ET2B42YScz5pmIBmaVRtMxPW1ZNhQbgOiDMcE1gsWnJjgXUXEupfRIbzeB3ocaSAiStzy9tA12ZCMDVs6SkRULvrPAwsnY6WQO1P_X64gAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-NFbVQTMJT28=AQABCQEAAABVrSpeuWamRam2jAF1XRQE1s8n82GpRt0DwbBKocG6xhvJa5n_8_bB33yUMrIV6WVGH6l9fq2m0wjqGi-7DAwctEeJFPs07U8EpXnzq-Ev7IenIvhHkOYpCEp6HSj-BFVo0ZYziHRPBp3BJNEzrmiJ9o80-Qy4gi8-63GAqMYyMCAA; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1
Source: global trafficHTTP traffic detected: GET /c1c6b6c8-kfpbhsrpqaiv6ikolpfs7a7vyr0gta6la597txj31zu/logintenantbranding/0/illustration?ts=636403066292715638 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /c1c6b6c8-kfpbhsrpqaiv6ikolpfs7a7vyr0gta6la597txj31zu/logintenantbranding/0/bannerlogo?ts=636403066229197274 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ocs.com/winauth/ssoprobe?client-request-id=7eb4dd40-68f7-4f13-9148-1bf893d40ef2&_=1743593747980 HTTP/1.1Host: autologon.microsoftazuread-sso.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /c1c6b6c8-kfpbhsrpqaiv6ikolpfs7a7vyr0gta6la597txj31zu/logintenantbranding/0/bannerlogo?ts=636403066229197274 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /c1c6b6c8-kfpbhsrpqaiv6ikolpfs7a7vyr0gta6la597txj31zu/logintenantbranding/0/illustration?ts=636403066292715638 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /c1c6b6c8-p0ecqkormrlmmajgzx9e3jyt1y-ehy5oslrpngftngy/logintenantbranding/0/bannerlogo?ts=638260620761652122 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /c1c6b6c8-p0ecqkormrlmmajgzx9e3jyt1y-ehy5oslrpngftngy/logintenantbranding/0/bannerlogo?ts=638260620761652122 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /common/instrumentation/dssostatus HTTP/1.1Host: login.microsoftonline.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: rrc=1; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-NFbVQTMJT28=AQABCQEAAABVrSpeuWamRam2jAF1XRQE1s8n82GpRt0DwbBKocG6xhvJa5n_8_bB33yUMrIV6WVGH6l9fq2m0wjqGi-7DAwctEeJFPs07U8EpXnzq-Ev7IenIvhHkOYpCEp6HSj-BFVo0ZYziHRPBp3BJNEzrmiJ9o80-Qy4gi8-63GAqMYyMCAA; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=1.AUcALQ3SmSOJ2EW5rVA4yXWC40xQYEazRXRGpwlxlRprB2MNAQBHAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEmuY0-5vC_w9NR26clYF285o0trVd9MZRivWolmxHNEgRkpMQruYc3ltzKbQTQOVpyoAXPXCp-L7LMNPgosY0cYfTTAd_83wAot20S-PvfQ4gAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEFukXBz3aL2OxwaoHK9Chwu5eYJjZvNFHET7QU5RRhihgDXsrASeWhIuYM6IvVcqiwyQtQ7MTt0vs5J_g4CiwZpwlZEO5BEQfXhoaIn-acwd2TcJY7SlIf2jR5nHFnEM0S1RD3Qp3oyfIdgtN_4V6dYPnqn3xO-b1CG5QKH3vdpsgAA; esctx-2F38yk4vijY=AQABCQEAAABVrSpeuWamRam2jAF1XRQE0msXXB5pQEyiomrTegvgRcZiCJUR1BMJBrXM5CTZDSvImy3KOsr6CIFRbX9Wx3wW6uLduUTvbPDdttPaK9PjF1ODOLWubSIv3afiyUmTpKogLU2VCmbpBm2depGCM3uHqHFfNF0BwmQWIo7zekKX_CAA; fpc=Avy6ytys1FBNgMyfsW4Njf6S0IzrAQAAABAYf98OAAAA; MicrosoftApplicationsTelemetryDeviceId=7500d086-9144-4f6e-8e01-40b235b98a31; brcap=0; ai_session=VpJpRNoDsDV4Yd/hl2NEPA|1743593748809|1743593748809
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: login.microsoftonline.com
Source: global trafficDNS traffic detected: DNS query: identity.nel.measure.office.net
Source: global trafficDNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global trafficDNS traffic detected: DNS query: aadcdn.msauthimages.net
Source: global trafficDNS traffic detected: DNS query: autologon.microsoftazuread-sso.com
Source: global trafficDNS traffic detected: DNS query: passwordreset.microsoftonline.com
Source: unknownHTTP traffic detected: POST /api/report?catId=GW+estsfd+san HTTP/1.1Host: identity.nel.measure.office.netConnection: keep-aliveContent-Length: 1797Content-Type: application/reports+jsonOrigin: https://login.microsoftonline.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateSet-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponlyStrict-Transport-Security: max-age=31536000; includeSubDomainsX-Content-Type-Options: nosniffP3P: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 055d9134-fbe3-4dcd-a670-337c76724c00x-ms-ests-server: 2.1.20393.4 - SCUS ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+san"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.PReferrer-Policy: strict-origin-when-cross-originContent-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-yOJ0f_QCpj8Z9PszkUUR1w' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-AllX-XSS-Protection: 0Date: Wed, 02 Apr 2025 11:35:45 GMTConnection: closeContent-Length: 0
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49696
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49696 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49681 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49681
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownHTTPS traffic detected: 142.251.40.132:443 -> 192.168.2.6:49696 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.29.8:443 -> 192.168.2.6:49698 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.29.8:443 -> 192.168.2.6:49697 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.55.235.240:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.6:49729 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.6:49728 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.24.147:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.6:49735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.6:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.144.137:443 -> 192.168.2.6:49738 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir60_1857692882Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir60_1857692882Jump to behavior
Source: classification engineClassification label: mal48.win@23/39@20/9
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2056,i,15854164184118796374,10831690738144022138,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2084 /prefetch:3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d99d20d2d-8923-45d8-b9ad-5038c97582e3%26user%3d1e1aadac-fe48-43cc-8022-e2f9bbd92e33%26ticket%3dlLVj1lKTxCDGt1cqkCQXytiMqw4wvbQIxUgS7dyj1lA%25253d%26ver%3d2.0"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2056,i,15854164184118796374,10831690738144022138,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2084 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection
1
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion
Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer
Traffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1654629 URL: https://login.microsoftonli... Startdate: 02/04/2025 Architecture: WINDOWS Score: 48 22 Suricata IDS alerts for network traffic 2->22 6 chrome.exe 2 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 14 192.168.2.6, 138, 443, 49201 unknown unknown 6->14 11 chrome.exe 6->11         started        process5 dnsIp6 16 20.190.144.137, 443, 49738 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 11->16 18 autologon.microsoftazuread-sso.com 40.126.24.147, 443, 49731 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 11->18 20 26 other IPs or domains 11->20

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d99d20d2d-8923-45d8-b9ad-5038c97582e3%26user%3d1e1aadac-fe48-43cc-8022-e2f9bbd92e33%26ticket%3dlLVj1lKTxCDGt1cqkCQXytiMqw4wvbQIxUgS7dyj1lA%25253d%26ver%3d2.00%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
s-part-0012.t-0009.t-msedge.net
13.107.246.40
truefalse
    high
    e329293.dscd.akamaiedge.net
    23.209.72.31
    truefalse
      high
      www.tm.f.prd.aadg.trafficmanager.net
      20.190.152.144
      truefalse
        high
        www.google.com
        142.251.40.132
        truefalse
          high
          a1894.dscb.akamai.net
          23.55.235.240
          truefalse
            high
            www.tm.a.prd.aadg.trafficmanager.net
            40.126.29.8
            truefalse
              high
              autologon.microsoftazuread-sso.com
              40.126.24.147
              truefalse
                high
                aadcdn.msauthimages.net
                unknown
                unknownfalse
                  high
                  passwordreset.microsoftonline.com
                  unknown
                  unknownfalse
                    high
                    identity.nel.measure.office.net
                    unknown
                    unknownfalse
                      high
                      aadcdn.msftauth.net
                      unknown
                      unknownfalse
                        high
                        login.microsoftonline.com
                        unknown
                        unknownfalse
                          high
                          NameMaliciousAntivirus DetectionReputation
                          https://autologon.microsoftazuread-sso.com/ocs.com/winauth/ssoprobe?client-request-id=7eb4dd40-68f7-4f13-9148-1bf893d40ef2&_=1743593747980false
                            high
                            https://login.microsoftonline.com/common/instrumentation/dssostatusfalse
                              high
                              https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+bnofalse
                                high
                                https://aadcdn.msauthimages.net/c1c6b6c8-p0ecqkormrlmmajgzx9e3jyt1y-ehy5oslrpngftngy/logintenantbranding/0/bannerlogo?ts=638260620761652122false
                                  high
                                  https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+sanfalse
                                    high
                                    https://aadcdn.msauthimages.net/c1c6b6c8-kfpbhsrpqaiv6ikolpfs7a7vyr0gta6la597txj31zu/logintenantbranding/0/bannerlogo?ts=636403066229197274false
                                      high
                                      https://login.microsoftonline.com/favicon.icofalse
                                        high
                                        https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/loginfalse
                                          high
                                          https://aadcdn.msauthimages.net/c1c6b6c8-kfpbhsrpqaiv6ikolpfs7a7vyr0gta6la597txj31zu/logintenantbranding/0/illustration?ts=636403066292715638false
                                            high
                                            • No. of IPs < 25%
                                            • 25% < No. of IPs < 50%
                                            • 50% < No. of IPs < 75%
                                            • 75% < No. of IPs
                                            IPDomainCountryFlagASNASN NameMalicious
                                            40.126.29.8
                                            www.tm.a.prd.aadg.trafficmanager.netUnited States
                                            8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                            40.126.24.147
                                            autologon.microsoftazuread-sso.comUnited States
                                            8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                            23.209.72.9
                                            unknownUnited States
                                            20940AKAMAI-ASN1EUfalse
                                            142.251.40.132
                                            www.google.comUnited States
                                            15169GOOGLEUSfalse
                                            23.44.201.172
                                            unknownUnited States
                                            20940AKAMAI-ASN1EUfalse
                                            23.55.235.240
                                            a1894.dscb.akamai.netUnited States
                                            20940AKAMAI-ASN1EUfalse
                                            20.190.144.137
                                            unknownUnited States
                                            8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                            IP
                                            192.168.2.6
                                            192.168.2.5
                                            Joe Sandbox version:42.0.0 Malachite
                                            Analysis ID:1654629
                                            Start date and time:2025-04-02 13:34:26 +02:00
                                            Joe Sandbox product:CloudBasic
                                            Overall analysis duration:0h 3m 26s
                                            Hypervisor based Inspection enabled:false
                                            Report type:full
                                            Cookbook file name:browseurl.jbs
                                            Sample URL:https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d99d20d2d-8923-45d8-b9ad-5038c97582e3%26user%3d1e1aadac-fe48-43cc-8022-e2f9bbd92e33%26ticket%3dlLVj1lKTxCDGt1cqkCQXytiMqw4wvbQIxUgS7dyj1lA%253d%26ver%3d2.0
                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                            Number of analysed new started processes analysed:15
                                            Number of new started drivers analysed:0
                                            Number of existing processes analysed:0
                                            Number of existing drivers analysed:0
                                            Number of injected processes analysed:0
                                            Technologies:
                                            • HCA enabled
                                            • EGA enabled
                                            • AMSI enabled
                                            Analysis Mode:default
                                            Analysis stop reason:Timeout
                                            Detection:MAL
                                            Classification:mal48.win@23/39@20/9
                                            EGA Information:Failed
                                            HCA Information:
                                            • Successful, ratio: 100%
                                            • Number of executed functions: 0
                                            • Number of non-executed functions: 0
                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe, TextInputHost.exe
                                            • Excluded IPs from analysis (whitelisted): 142.250.80.110, 142.250.80.35, 142.250.80.14, 172.253.62.84, 142.250.65.206, 142.250.81.238, 142.251.40.174, 23.219.161.71, 20.190.135.6, 20.190.135.4, 40.126.28.11, 40.126.28.22, 40.126.7.35, 20.190.135.7, 20.190.135.2, 20.190.135.17, 142.251.35.174, 142.250.64.110, 142.251.35.170, 142.251.32.106, 142.250.80.42, 142.250.80.74, 142.250.80.106, 142.251.40.202, 142.251.40.106, 142.251.40.234, 142.251.40.170, 142.251.41.10, 142.250.64.106, 142.250.176.202, 142.250.64.74, 142.251.40.138, 142.250.72.106, 142.250.80.10, 20.50.73.4, 20.50.73.13, 142.250.80.78, 142.250.65.227, 142.251.40.110, 142.250.65.174, 142.251.35.163, 184.31.69.3, 20.190.152.144, 4.175.87.197, 13.107.246.40
                                            • Not all processes where analyzed, report is missing behavior information
                                            • Report size getting too big, too many NtOpenFile calls found.
                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                            • VT rate limit hit for: https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d99d20d2d-8923-45d8-b9ad-5038c97582e3%26user%3d1e1aadac-fe48-43cc-8022-e2f9bbd92e33%26ticket%3dlLVj1lKTxCDGt1cqkCQXytiMqw4wvbQIxUgS7dyj1lA%25253d%26ver%3d2.0
                                            No simulations
                                            No context
                                            No context
                                            No context
                                            No context
                                            No context
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:GIF image data, version 89a, 352 x 3
                                            Category:downloaded
                                            Size (bytes):3620
                                            Entropy (8bit):6.867828878374734
                                            Encrypted:false
                                            SSDEEP:48:ZumKaT5ezv47j2/ZiRDlq16x8XvEUcg777shHdpHVGJqFd:Eal647jPDlL8XvEUcg77kVGyd
                                            MD5:B540A8E518037192E32C4FE58BF2DBAB
                                            SHA1:3047C1DB97B86F6981E0AD2F96AF40CDF43511AF
                                            SHA-256:8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
                                            SHA-512:E3612D9E6809EC192F6E2D035290B730871C269A267115E4A5515CADB7E6E14E3DD4290A35ABAA8D14CF1FA3924DC76E11926AC341E0F6F372E9FC5434B546E5
                                            Malicious:false
                                            Reputation:low
                                            URL:https://aadcdn.msauth.net/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif
                                            Preview:GIF89a`.........iii!.......!.&Edited with ezgif.com online GIF maker.!..NETSCAPE2.0.....,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....`.....9..i....Q4......H..j.=.k9-5_..........j7..({.........!.......,....`.....9.......trV.......H....`.[.q6......>.. .CZ.&!.....M...!.......,....`.....8..........:......H..jJ..U..6_....../.el...q.)...*..!.......,....`.....9.....i..l.go.....H..*".U...f......._......5......n..!.......,....`.....:..i......./.....H...5%.kE/5.........In.a..@&3.....J...!.......,....`.....9.......kr.j.....H..*.-.{Im5c..............@&.........!.......,....`.....9.........j..q....H...].&..\.5.........8..S..........!.......,....`.....9.......3q.g..5....H...:u..............Al..x.q.........!.......,....`.....9......\.F....z....H...zX...ov.........h3N.x4......j..!.......,....`.....9........Q.:......H....y..^...1.........n.!.F......E...!.......,....`.....8.........i,......H....*_.21.I.........%...
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:PNG image data, 280 x 60, 8-bit/color RGBA, non-interlaced
                                            Category:downloaded
                                            Size (bytes):2889
                                            Entropy (8bit):7.904874943552236
                                            Encrypted:false
                                            SSDEEP:48:fpnlGwJJN9lgXhFZC0eenZSLiQtfg3+b075d3Yyq+zxLlcg1SMY8svVE1J:fNl3JN96XngenZSLJkW0N9nJqg0n8sti
                                            MD5:423B37101C70C1863F8D997D646CC5EF
                                            SHA1:C6F3235346DB0F75EA08EB413BA26755B3A6FB93
                                            SHA-256:490105CDBED41DD1BC413FE802DB8E2018C3AAA1C39208F34ABC4AF37F4C2226
                                            SHA-512:7AFF47E0A89844675523EA55288FBE01AE268109D83E11BD32C7DC42CA0165787FE146D5938C2599B10E04435B8C3E53F1E1683E2B603B1E2A9E52D7CE4588F6
                                            Malicious:false
                                            Reputation:low
                                            URL:https://aadcdn.msauthimages.net/c1c6b6c8-p0ecqkormrlmmajgzx9e3jyt1y-ehy5oslrpngftngy/logintenantbranding/0/bannerlogo?ts=638260620761652122
                                            Preview:.PNG........IHDR.......<............pHYs...........~.....IDATx..=oc.........(.F..X....mHW)R,...L5B..~A.?.B\.i..I..T.!.....$..+6D...T.q.DD....b0.w.#.........../.....s.)-..F.....hT..H.... R.{i....U...c.._.V.9f..1.N.m2h...s.v.7a..s.7.a.....47.=?.....c|...8..`.q.H<...|......f....[..a..-...>p|.1..[>..'l.5<?.Kc.j.)..b..R2...$&0....{3..D.'ng2hw.|Rx*..F.I....->q.G.D&....^~+'l....".H....a..Q...>i..A...I$aIc.......4.8z~....m/..BC....g..7j7..E._>5\.ig..5...bds.hjes.c<.....#n?N......7j.3L.cof...=..L.\1..ML....~m%}.B...Hd.8X....<f..k....nL.|....M....,.:..'..=....^..2m:N.=..A\.+........f.Id.XX......!..ukz..k...L.....5..L.S...$.......G.X..x~.m.....6d...K.1D.b2.5..c!.3|.;..J..[.^..d.n.....7.D#.c..Y...2l..........'....w..X.).D.F.c!..!6.Tj...2.@..T.lw....AX:.z.-xm:...iu....t5..t2h'f/.c&K.w.!l........^.*.n.\..P8..\...k..........g.....2.........F..!.1...K\8.[.1.C....&....W..Uq...G..^GE....."..........-E)0....\...E.Pd*?;.......,...<.(....G..>-d.T.[A|. .....4].,.E......^._9
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
                                            Category:dropped
                                            Size (bytes):17174
                                            Entropy (8bit):2.9129715116732746
                                            Encrypted:false
                                            SSDEEP:24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
                                            MD5:12E3DAC858061D088023B2BD48E2FA96
                                            SHA1:E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
                                            SHA-256:90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
                                            SHA-512:C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
                                            Malicious:false
                                            Reputation:low
                                            Preview:..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 190152
                                            Category:downloaded
                                            Size (bytes):61052
                                            Entropy (8bit):7.996159932827634
                                            Encrypted:true
                                            SSDEEP:1536:HQaq1Q7XOos5ZBIp+1Zr52IGmCJijm1qAxTe9wzf:fq1HoUBIpU5TG7JSmwuTe+b
                                            MD5:C1E82BF71ADD622AD0F3BF8572F634FC
                                            SHA1:6CA863D4CAB96669202548D301693B3F5F80B0D5
                                            SHA-256:BA48AF15D297DB450DC4870242482145ADDB2D18375A4871C490429E2DC5464A
                                            SHA-512:820A7F8A0C8EA33A8FE1E90CDC35F45DC1E143E836B0D8EA047E1E312F8CAEC72CDEE4E7DB54760A4D749CD0ACFE103A27E39A9A56EB2D704E448A67B0D0C079
                                            Malicious:false
                                            Reputation:low
                                            URL:https://aadcdn.msauth.net/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js
                                            Preview:...........iw.F.0.....'W...4)/qH#..D.L.EK...................().}.{..@.z........Qz.,..Ox.....i4..S.&.p......9..W....);a.].a....Y......Y<,.n..."`Is....5....P..|.-..x1.F...@...yRlG.O..5.Q.|.gy.c.^....r.EC.....xd.oL..$./..|3.......r^.j.}...M... )x.D.....%.....B..t....vZ....2L......px.G.1.*.lZYh...$.....,.../.a..;Q...._..#.....e.T.:trA_.0.:.f...........(I.x?.S...<7...o..0.`r.x.+.2..o+...4/..vzY7.C'.....!.r..4n....]P.+a..........._.8,..G>...{.4B....o.9.....r......X3..U.....'.0.@...lrX....r.W\e...].}....(.l......=........3....S..........^=D..[.zw6..e...<WQ.w.(.X..S....>.^.....^B..O-.(..U.R;h..v.......4.Dc .?..z....r.._.Y......M.a.?,...?..U.....OF.w\h$.Q..5....Q.Oj ....5U..8..Y......gYZM....y..OrY.z]B..y..;o.....oT.r...H..{K...Y&Q.......*..W....N4.......].0m..m........E.bc..~..e.. .nzS.i3^......).,Y}.=1H...... V...g.)....X..G...C....@o,.i.~...as...ehEH....u9l.2...y\J.?.(.I.q%..F#..D../>pr$...,...m.6..:,<s..~S.fl;k.'<..}z.Y.
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:PNG image data, 280 x 60, 8-bit/color RGBA, non-interlaced
                                            Category:dropped
                                            Size (bytes):2889
                                            Entropy (8bit):7.904874943552236
                                            Encrypted:false
                                            SSDEEP:48:fpnlGwJJN9lgXhFZC0eenZSLiQtfg3+b075d3Yyq+zxLlcg1SMY8svVE1J:fNl3JN96XngenZSLJkW0N9nJqg0n8sti
                                            MD5:423B37101C70C1863F8D997D646CC5EF
                                            SHA1:C6F3235346DB0F75EA08EB413BA26755B3A6FB93
                                            SHA-256:490105CDBED41DD1BC413FE802DB8E2018C3AAA1C39208F34ABC4AF37F4C2226
                                            SHA-512:7AFF47E0A89844675523EA55288FBE01AE268109D83E11BD32C7DC42CA0165787FE146D5938C2599B10E04435B8C3E53F1E1683E2B603B1E2A9E52D7CE4588F6
                                            Malicious:false
                                            Reputation:low
                                            Preview:.PNG........IHDR.......<............pHYs...........~.....IDATx..=oc.........(.F..X....mHW)R,...L5B..~A.?.B\.i..I..T.!.....$..+6D...T.q.DD....b0.w.#.........../.....s.)-..F.....hT..H.... R.{i....U...c.._.V.9f..1.N.m2h...s.v.7a..s.7.a.....47.=?.....c|...8..`.q.H<...|......f....[..a..-...>p|.1..[>..'l.5<?.Kc.j.)..b..R2...$&0....{3..D.'ng2hw.|Rx*..F.I....->q.G.D&....^~+'l....".H....a..Q...>i..A...I$aIc.......4.8z~....m/..BC....g..7j7..E._>5\.ig..5...bds.hjes.c<.....#n?N......7j.3L.cof...=..L.\1..ML....~m%}.B...Hd.8X....<f..k....nL.|....M....,.:..'..=....^..2m:N.=..A\.+........f.Id.XX......!..ukz..k...L.....5..L.S...$.......G.X..x~.m.....6d...K.1D.b2.5..c!.3|.;..J..[.^..d.n.....7.D#.c..Y...2l..........'....w..X.).D.F.c!..!6.Tj...2.@..T.lw....AX:.z.-xm:...iu....t5..t2h'f/.c&K.w.!l........^.*.n.\..P8..\...k..........g.....2.........F..!.1...K\8.[.1.C....&....W..Uq...G..^GE....."..........-E)0....\...E.Pd*?;.......,...<.(....G..>-d.T.[A|. .....4].,.E......^._9
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 455667
                                            Category:downloaded
                                            Size (bytes):122924
                                            Entropy (8bit):7.9974224995855785
                                            Encrypted:true
                                            SSDEEP:3072:mXUfU9c2uY2CMsZUpk4VD4yAVOunkOrKXfAE2ss:mkoG7ep8+7kGKXIb
                                            MD5:33E13AB2DB6540C3B64C119CE450CFA8
                                            SHA1:2608E73884B3F039987C3BB31C4ACB31BD48A5F4
                                            SHA-256:06BBD11635362530528A350A84DEA1F961D261BE142B79C56478C703F02334C2
                                            SHA-512:8A3607B7FB58A2510ADDB86FC6C4353CF2D41371DF35A3C42A49BA38FAD9A9B4BA6E74B38180FCA09FE406BD60AF43ACE06457D27C94DE670C0A60B41227BB5A
                                            Malicious:false
                                            Reputation:low
                                            URL:https://aadcdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_GjP1RdcVSKf6ASC7mgkR1g2.js
                                            Preview:...........{w.8.8.....fn..(..o+....*.I.....Merd.v.%.$.1.......([NU....s.Q.H... .....w.......Oit....OJ.O..J..............F....^\.x>+...3....0*y..F.0....f.o..~i...R..J.(..9I\.8.Bc..2T...K;J^K...*..6o..P.....!).a.9.d.....G..."pYTz~...Da.N.R...=A#....M.%;b..%.I.%......!E.15.[...:..P.........8_...L...U..ie..|.JIXz.....x.`Z...bj......I..a.,z...~)..D...%.2....-M#;@...`..i......cTt.Z.fs...L/.8..s...R..^...J.?.0.W..K.z.h..Z.5....d...>L..a1.:.......C.G.....G..?c^....,]....Q8..@.u.b.4..K..!`_.....q|q.?]..<>.L....+..R........d..uO...v.G...c..;...A.KX.Y0M....g...>....'a.:g..;.>...9.b.:0.e[.*....w...T......JE..V..;....wU...TYf....?.....ua8...i....$)W.....\..7... EC.h.&e.6..D,YDA..W.Na!..T..$k..;..2..ju .1,D}LdY=..a.>|k....ND/.A...}{+'V?..W%#..o)a.S....c!P8..UI.".n.{.]C.q...-u..a.....$z%...[*.CX......l.}.U.Q.......\.nT..........Z...LK.~.|."...D;U{>._....T$.C..^|)..'e..!.k2=...)Y! )..+.Y.#%........C..>0.r_oo..%.>....=..g..!.V....<%J.D......
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:JSON data
                                            Category:dropped
                                            Size (bytes):72
                                            Entropy (8bit):4.241202481433726
                                            Encrypted:false
                                            SSDEEP:3:YozDD/RNgQJzRWWlKFiFD3e4xCzY:YovtNgmzR/wYFDxkY
                                            MD5:9E576E34B18E986347909C29AE6A82C6
                                            SHA1:532C767978DC2B55854B3CA2D2DF5B4DB221C934
                                            SHA-256:88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
                                            SHA-512:5EF6DCFFD93434D45760888BF4B95FF134D53F34DA9DC904AD3C5EBEDC58409073483F531FEA4233869ED3EC75F38B022A70B2E179A5D3A13BDB10AB5C46B124
                                            Malicious:false
                                            Reputation:low
                                            Preview:{"Message":"The requested resource does not support http method 'GET'."}
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 15755
                                            Category:downloaded
                                            Size (bytes):5529
                                            Entropy (8bit):7.963357626093036
                                            Encrypted:false
                                            SSDEEP:96:FC4lWyY3aCfrPHSuZ6WTgaPZT1rfaaCEIqgpxXpYUFUUjadVPht:c4lWyK/rvn3TgKdfaaCbqgmUfjIVPht
                                            MD5:2897F2B9FBDFCA48FD9E7C3EBACD4825
                                            SHA1:1AC29A73147FAB24EECEDE0BBF4ABAC2B09B4FDA
                                            SHA-256:34AC02CED788528E58CD6EBB75EDF624F4061D4839369AF860A36AC0BFC3C830
                                            SHA-512:508CE7E7E1D3AE2101737E8D26A1257D516F8644ADC3AB5BE2A6B86C0B21CCFC32C1030B2014BE1280B9AF29AEB78A005D2242A2D12C68D2C3733941BCF64A42
                                            Malicious:false
                                            Reputation:low
                                            URL:https://aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_4ba7c391e6f3f547d8ce.js
                                            Preview:...........[}w.......q.Q.f......q....c..&9:H.$b..E.UK......$!..ss.`vgggg.}...j_i.....G...{.e[..\7.+....].:.......7.6....9p...(.D..a..Q.\hS...n...h.....I...S...H.h...^3...+7I.Z......?.C..F..?OR-.R..57.$../...,.x..O..D...I$.Q.%|..;l"f._.in.5.Sm.%.D.ai]......QHp...{@8....8........5Q....+dD.:.Z.i.h.Q_......6.r../..o6L..c.....A.E.O4.,A.k.!.....8qCby.....'.Oy.20.....Oc."O.4..(.y@w+....[..h.g.._[..f|}t......cSMM.4.....O'..5...^4......[..;..{...P....l.j6..Z3..~..uU.~g..W9./.....tC.G.]......._..~.A... v....C.S1.X|.dZ.LL........_}..=..C:..Y..x...a|m...c.%x.....[...j6t...p......c.fNd.6...&.*....%.. tS..<...A...c.3j=@3.5.. eS.u!>..j........B.kpE_.81.x./Z..&K.nI.L.n.vn.Q..&....Y:.... a8..f...)...."...;z..d(...{\.B.."R..n.g#.@.G<......S.qPt......r..H.V...s......w..['..$../..=.n.&sv...z.Q8...A.H...?..<..Y./....m.Y.........C*.F`M..I..p.?.n2........D.......,.%....GE....|..{....)....u......<!.>..~~.v...|.Cj....V.^s..M.9.i7....8I..8}8%...'.I#...Y..i.........
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 26668
                                            Category:downloaded
                                            Size (bytes):7397
                                            Entropy (8bit):7.97524113662337
                                            Encrypted:false
                                            SSDEEP:192:vv11ns4EL0OgtJ0c6aEWgRM28JPmDLFAFy:vjnsbLAJ0c6nWSMtPkRt
                                            MD5:F1FAE06223E03425D351882922E10846
                                            SHA1:1C1A8E229B1FF88E487174338E27CB6FC69352D0
                                            SHA-256:1371CEF302CFD811D98458BEF647F3E997931A8C4160E87E9B0C1CB471369C7B
                                            SHA-512:ABF856038A4D3DD9F2686564BC0FE3BBD789AA84F622C821448734EC64361052250E5669861043A0D855B0D83000D5D0D010FA8A3A7A30549677499ABFA52801
                                            Malicious:false
                                            Reputation:low
                                            URL:https://aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_9508950c2b89b79b3f88.js
                                            Preview:...........]{w.6...?....[....7.......Ck).I..EB.c.`I.j....o....{{..%..`0...f.2....7......?..h.'..{u.......r.=<^..v....~....j.=r..i,.X.........6......8f3.O....3uy..~...l..@.........&.@..!.vY...S...............C...b.S..wc..1.b.R..:I.P^.hNL..rm.b>.|.Z.k.T...1.......c1P........a.....,1..C~.<h.iK6O./.....6KD?X^........0... .A.1..kBX.....*$.R..N."...s&1.3.r....h......##.M8."......?.f....9a...s../.w....nk{....G.........t.....I.u....=...y..9....,.7......9~...+K.[.~/..%H?......q|q.G........z.M.:....g.Pd+...?|2.h.L...^|...}...5....K.$$..q@.6._.$..m...c....5.._?l.].~.4.._....w..c...P..........G.w..A.W.Y.........1|..[.. S,.. Cd.[c.Y..##.g.y..K.vl...].>..d.Eg...GI...c..w.,#J...8..q....l.<.ADc...u..+..../d...I...Qh.F.......Qe.....~..}...O. .j.J..(....'Q.,/.....!WP6..+.....OX.6...[..$...-...S...9.[....(.8..g..A1..].KQx.....{3K.wN0....5.!......=..J..{B.....?...p..P0.G6`.4$o%..?).C*S..2.BF..&.y.7...p.\......u..sI..'.O.....[NNq....$.y.....G.V....6...B
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 456372
                                            Category:downloaded
                                            Size (bytes):123091
                                            Entropy (8bit):7.997639102191349
                                            Encrypted:true
                                            SSDEEP:3072:mw3Q07yglw5eqV7zN5cBSdG4yYpfXMBf6ZFR+:mwjy6cV3YSdGCMRiE
                                            MD5:1A3ECEC4A1A7BB8A5530250EA22982EB
                                            SHA1:2F70E47B971D30BD2F66910A128A0B3D55569B6E
                                            SHA-256:B12231A2BC2D718AE9F25E84DB0A7D29F4C8F3B6323609FEC071D1943629B1DD
                                            SHA-512:744ACE968B77A7627DDAC1F681F10F473EA3994B454EF584658C89E9507E637F170770C34648DD0740789AA97201A9C4ACB8B055DDD04822C935DB488A4546E0
                                            Malicious:false
                                            Reputation:low
                                            URL:https://aadcdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_XZWzmNsf-98_A243D7S65Q2.js
                                            Preview:...........{w.8.8.....fn..(..o+....*.I.....Merd.v.%.$.1.......([NU....s.Q.H... .....w.......Oit....OJ.O..J..............F....^\.x>+...3....0*y..F.0....f.o..~i...R..J.(..9I\.8.Bc..2T...K;J^K...*..6o..P.....!).a.9.d.....G..."pYTz~...Da.N.R...=A#....M.%;b..%.I.%......!E.15.[...:..P.........8_...L...U..ie..|.JIXz.....x.`Z...bj......I..a.,z...~)..D...%.2....-M#;@...`..i......cTt.Z.fs...L/.8..s...R..^...J.?.0.W..K.z.h..Z.5....d...>L..a1.:.......C.G.....G..?c^....,]....Q8..@.u.b.4..K..!`_.....q|q.?]..<>.L....+..R........d..uO...v.G...c..;...A.KX.Y0M....g...>....'a.:g..;.>...9.b.:0.e[.*....w...T......JE..V..;....wU...TYf....?.....ua8...i....$)W.....\..7... EC.h.&e.6..D,YDA..W.Na!..T..$k..;..2..ju .1,D}LdY=..a.>|k....ND/.A...}{+'V?..W%#..o)a.S....c!P8..UI.".n.{.]C.q...-u..a.....$z%...[*.CX......l.}.U.Q.......\.nT..........Z...LK.~.|."...D;U{>._....T$.C..^|)..'e..!.k2=...)Y! )..+.Y.#%........C..>0.r_oo..%.>....=..g..!.V....<%J.D......
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:JPEG image data, baseline, precision 8, 1921x1080, components 3
                                            Category:downloaded
                                            Size (bytes):236176
                                            Entropy (8bit):7.976676300039493
                                            Encrypted:false
                                            SSDEEP:6144:FXVezE1Z6TEQbV0Dwa2v1GYmLKm68qmhhhK2WX4:FXVdUtbV08pvsYmWEqmhfK2+4
                                            MD5:1A8F3006501735AB31D72D2F8248572A
                                            SHA1:F030C3C9062E15F84D094021CCFDA0A0618768AE
                                            SHA-256:4398401858653F7533C75872F440C7D574062ACB315718C781D21F717E4F6DC4
                                            SHA-512:2227AE96D9766538DBBC8B1DD55062408303A28A9F5A9C010075C9CD280CE90B825560AF0EA9CBA7AE09E4CF43514557D14048EE3F8477758F91A65624F8F385
                                            Malicious:false
                                            Reputation:low
                                            URL:https://aadcdn.msauthimages.net/c1c6b6c8-kfpbhsrpqaiv6ikolpfs7a7vyr0gta6la597txj31zu/logintenantbranding/0/illustration?ts=636403066292715638
                                            Preview:.....Phttp://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about=""/> </rdf:RDF> </x:xmpmeta>
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 406986
                                            Category:downloaded
                                            Size (bytes):116362
                                            Entropy (8bit):7.997473195483862
                                            Encrypted:true
                                            SSDEEP:3072:b4AjEJ6y6ebFHqvxmN75LyWZh7nUOJc4TG91lJa5l+2EqFonU:0AgsnM79PZh7nuN1naTdFoU
                                            MD5:81C7B985343C317ADEEA2C28F5C6FF4D
                                            SHA1:7A04D6215D0B79EEDE6823C4B3621795AD552534
                                            SHA-256:6BDBA6F0D2271DD20E6E6AEA2B459A1A23050EDE1B3BBADE4C913A1716F6E491
                                            SHA-512:DDF40137ED7F870C5E7475685BA9006F9C99C7C0632A9E7738DCF9BD081C105ABA5B94B3302BBD26DFF413DC065FC442D3CDDA33684709D6185B409F08158085
                                            Malicious:false
                                            Reputation:low
                                            URL:https://aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_72a1051aa2aa2943d8c1.js
                                            Preview:...........k{.H.(.}.......c....8=.Ib......#Ca.....K..o..ZU%...q..9...ct).....S..*?U.6..rqyt~Y9}W..........Z.xzy..x.z.Q.w9......^...U.........<..G....=wZ.....Oxe.._.0.*S/..k>..*&T..*gn.?TN....6.....a0...I\......)....$......7.T>x.0..q\...{..H...|.....2..x"..\`IYkD..#*....FP....a.^.].'0h.&.....ie..|.*qPy....l<..S.y.E..>.....a...3..-vq:..P<..dE.....C.h.P..]..\5.......3.<N.^?T...:B#c....|...T.........(...Q.l7[...V.e.W.8.G.....O...0.m...f.F...7..h.......F..b...Yr.=...f.....?......S.}U..g.......t..../...G.......~.+...)y.X\...<.&.........`.v.....`^....c4c.Yh=.a.wB.m.......i..~v-..O..nY....A....5...v...t..FSw...Q/n...c.9Y{.-..>a..7h..o..ec...O...)~..8...j-M..nD....9......f5..'Q#...L.'......fZW."Q[.<.nx..O...LU.;..a.m..&.k.$...;.=L...yv....,.f<Hb{.w.@.8...8F.D.>.04.[K6v.i..2.#?..&.;-.].....1.X0w.H6mZ..A...t..e-.\...MC6.xt`..cu...@_...v....;z'.mV.T/o.i....-...K......\..Sn>B......%x..%......W.|......~.6.%...+.:..x5..s5P.-..!.G...ZT.i...;.&
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 142588
                                            Category:downloaded
                                            Size (bytes):49982
                                            Entropy (8bit):7.995657643114965
                                            Encrypted:true
                                            SSDEEP:1536:Jxgptniucdklf46I3reB9kaGX2VDj/vlzQ4Orr:JehcdSPIbK9ggnnlzor
                                            MD5:47B6359A09BBEE6AA41B82E06C5A6105
                                            SHA1:7049BB7A20217A9153F9AED16A0A6B6DF27B1038
                                            SHA-256:EACBD5A1C958B4A2859D1D59FCDF028EDB6DD7567109218A83AA4E263A253A35
                                            SHA-512:16CAC5CD306721D5A117CA06CC42BBB38680697E811479F51C315A3967F5716ED9AC2A01A049BDBA027984312F268E2711E359936ED748394100A11953B231FC
                                            Malicious:false
                                            Reputation:low
                                            URL:https://aadcdn.msauth.net/shared/1.0/content/js/BssoInterrupt_Core_9810YxmrLqOR1rQ4anyNMg2.js
                                            Preview:...........m[.8.0........OL....;w.....6.ff.X.'V......4.r~........=........,..JU.......T~.l..?..E...r..r.....r.o....^.......(..q...?.......*aP......h.Fn".....|wR.G.C%...i.~..$.L.8.BC1..*U...*gn.<W...:./.6.....(.>..}R.......xT..^.XTf.'...?.....(..qR..H...x...OX.7..X$.q.%..ze....>._......{P.:....~.M...X&.&.u..ie..|.*IXy.g..Y....x{..;..U.M.f....f,.Gl.dR..<...bl{E|..@<y..En.(W...s."!.D.X.<AE....a....Y..'.t*&8.T.....".J.K......Rm5.;...F...$........Q......C.G_.s...../1.8b\....ZP9..\?P.:........)`_.... .......6..#lXU.s.\I....Q..*..Y..\5n,.~.7V.4..su........N\...._.7...........T.....)..L..S}.c_...\_......Y}:...._1-|p..l@..[q.......*....?&.0Z_.Aw:3.RsV...qR5..Bv./..7...b.G,..jt...HfQP..:.).a...&9s.N....d.=_,:...B..@...+{.Mx.8k.,m.Q.B.......j....}.2bdEkE.G.a..5...1....G ...T...~....uV6.....i.=...A*U.!.+."3c...D.&!*q.9L....8..&`>.....v....6aT\.U.S.q"+!.....Xi.@D2.....g..t\.nw.-..L..S.B@QZ.N>.\-...[...pD....sro//..H...i......}.U.....M.yJ........./.
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:PNG image data, 281 x 60, 8-bit/color RGBA, non-interlaced
                                            Category:downloaded
                                            Size (bytes):2720
                                            Entropy (8bit):7.843230930170466
                                            Encrypted:false
                                            SSDEEP:48:198IUOPKKmFUdQzjZWjP/OkrwbCBW4HCSJUs2Ko5/MgoRQHtba49hv8Ka:198IUOBafwjOk8eBW4HCS2sTUMjQHd94
                                            MD5:B810A28B29F68A0CA077D31D0812B76D
                                            SHA1:7A95CC4A1E82A43AFC2109B46995C007261D1FEC
                                            SHA-256:7EE5EEEC7C7D52E159AE852844846F306D8D5E0252F56F4B48735F868ED9E564
                                            SHA-512:441E1A56668E0E9D06DE59DAFE408189783B5186AA7F59CAE016D5DBEE0E5A92CBEA60E34737CC5D6CDAAA8CC897691A84E915002120ABCBBA068D2A71E45FF5
                                            Malicious:false
                                            Reputation:low
                                            URL:https://aadcdn.msauthimages.net/c1c6b6c8-kfpbhsrpqaiv6ikolpfs7a7vyr0gta6la597txj31zu/logintenantbranding/0/bannerlogo?ts=636403066229197274
                                            Preview:.PNG........IHDR.......<.....R..&....pHYs...........~....RIDATx..]A..Y.=W...~..B7.Fd....B._..P.t...)W&.g%"...+a...W...B0...&...E..JD...q!8.....>/s.......D....{....;.s+.B...A...&... ...A$#.. ...A$#..HF..A$#..HF.... ..HF.... .".A.... .".A.... .".A.D2. .".A..l...W..~e$W......].. ..e.......D`.... .<..[f...}%-3......7Y7b.`*.........!.G.>afc..7..Y...O..K..BX......p..H.......|..N..............w.j....lfs3.5l.....9='..A.......T.........^..a......H.._......v2.QS9p.......$......MWo..^BXkaf..5..j..zjf..p...fV..:...@..!...<....J.6.nw.c.w..l..LD2.qh....a.#..\...>.~.A_`.......wNG.."...0t..A.lGh.\..W.?.X.8.zV..mn7..Y.=.6!......].<l.......f.S.......Fry7...x..?.P...........l.q....~r...m...........!d$.kn..{.A........B.B.G..!..!T..6p.8.p..a..H.t.,.:..HI....\....?..g....q.v@.......C.sN.C..S.......f......S...<<..6.,.:li.Q...E..:..$.k3..X.mj...e..2.G_.z..c[u.......Uhg...]..b..Q%.L...I.Zw..j.....=....m......t.H.l./..C....Iy.....v?........{...]..v....WZJ.I.q.....~.Uv.U
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:JPEG image data, baseline, precision 8, 1921x1080, components 3
                                            Category:dropped
                                            Size (bytes):236176
                                            Entropy (8bit):7.976676300039493
                                            Encrypted:false
                                            SSDEEP:6144:FXVezE1Z6TEQbV0Dwa2v1GYmLKm68qmhhhK2WX4:FXVdUtbV08pvsYmWEqmhfK2+4
                                            MD5:1A8F3006501735AB31D72D2F8248572A
                                            SHA1:F030C3C9062E15F84D094021CCFDA0A0618768AE
                                            SHA-256:4398401858653F7533C75872F440C7D574062ACB315718C781D21F717E4F6DC4
                                            SHA-512:2227AE96D9766538DBBC8B1DD55062408303A28A9F5A9C010075C9CD280CE90B825560AF0EA9CBA7AE09E4CF43514557D14048EE3F8477758F91A65624F8F385
                                            Malicious:false
                                            Reputation:low
                                            Preview:.....Phttp://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about=""/> </rdf:RDF> </x:xmpmeta>
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:ASCII text, with no line terminators
                                            Category:downloaded
                                            Size (bytes):100
                                            Entropy (8bit):5.32621000584615
                                            Encrypted:false
                                            SSDEEP:3:JrsczNDrhkI2yLrm0do+qBVcdtwyRKR:BVBeITm02+q6+
                                            MD5:9FBF053785C2798F4358FDE7854BA873
                                            SHA1:0ACEAB2137B525FD7AE3E26F8E0667C97FF10B54
                                            SHA-256:EEBD062BBFC45E917D0ADFCC7BC5E6404DF123B54BD2AAA066EABDA343B332C6
                                            SHA-512:9C49DEACB0E2B69FFC7FA2AE353AB7360356EAFA5CAA3C331E224DCB9B6D8ACF8BCC47CEF73759FDA8AEC8D6DF31EAE1D46D75FCECBEC294592ECE21F9F51FBE
                                            Malicious:false
                                            Reputation:low
                                            URL:https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIgCYICaXLWAdtdEgUNT367vRIFDVd69_0hEtaOfRvJJkU=?alt=proto
                                            Preview:CkgKDQ1Pfru9GgQIVhgCIAEKNw1Xevf9GgQISxgCKioIClImChxAISMuKiQtXyslJj8vXj0pKCw6O348IidcXT5bEAEY/////w8=
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:GIF image data, version 89a, 352 x 3
                                            Category:dropped
                                            Size (bytes):3620
                                            Entropy (8bit):6.867828878374734
                                            Encrypted:false
                                            SSDEEP:48:ZumKaT5ezv47j2/ZiRDlq16x8XvEUcg777shHdpHVGJqFd:Eal647jPDlL8XvEUcg77kVGyd
                                            MD5:B540A8E518037192E32C4FE58BF2DBAB
                                            SHA1:3047C1DB97B86F6981E0AD2F96AF40CDF43511AF
                                            SHA-256:8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
                                            SHA-512:E3612D9E6809EC192F6E2D035290B730871C269A267115E4A5515CADB7E6E14E3DD4290A35ABAA8D14CF1FA3924DC76E11926AC341E0F6F372E9FC5434B546E5
                                            Malicious:false
                                            Reputation:low
                                            Preview:GIF89a`.........iii!.......!.&Edited with ezgif.com online GIF maker.!..NETSCAPE2.0.....,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....`.....9..i....Q4......H..j.=.k9-5_..........j7..({.........!.......,....`.....9.......trV.......H....`.[.q6......>.. .CZ.&!.....M...!.......,....`.....8..........:......H..jJ..U..6_....../.el...q.)...*..!.......,....`.....9.....i..l.go.....H..*".U...f......._......5......n..!.......,....`.....:..i......./.....H...5%.kE/5.........In.a..@&3.....J...!.......,....`.....9.......kr.j.....H..*.-.{Im5c..............@&.........!.......,....`.....9.........j..q....H...].&..\.5.........8..S..........!.......,....`.....9.......3q.g..5....H...:u..............Al..x.q.........!.......,....`.....9......\.F....z....H...zX...ov.........h3N.x4......j..!.......,....`.....9........Q.:......H....y..^...1.........n.!.F......E...!.......,....`.....8.........i,......H....*_.21.I.........%...
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 58644
                                            Category:downloaded
                                            Size (bytes):16624
                                            Entropy (8bit):7.988053289965094
                                            Encrypted:false
                                            SSDEEP:384:gWZV40GhomYB18u1JiDbaRVsa5j8Am0WZlQdLKYt1:gcK0gyB/8bCVJ6WvZt1
                                            MD5:FCA4A90FD7C2D439B087528EEE0F2782
                                            SHA1:7FB04ED94A94FF03E532A52B1387DC29DDAF439E
                                            SHA-256:FB8F15112AF581621E2B19B638B43B655703939AA86392F68F7540D38E2A060D
                                            SHA-512:6348C5A7D8238C6612732C9C2D5592D95E07E51CC4994AA36825B7E195F67ED993ABE92A99B105B63BE5FA6482F29244690D7B4B87BDAA18C173AC67AD8A2D24
                                            Malicious:false
                                            Reputation:low
                                            URL:https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1d0daql8my9m71a_2aaxzg2.js
                                            Preview:...........}Ms#.......f....O..1..3.!....RH2....~......Q.x7...}..'.}..?e#...QU]....Vo.....].U............^..{..w!x..=z....{..._..%.i..q........j<.w...7..."pgbV.C..kYU`..X....'t....<p........x...!..4mx..Q,:.....?&.p.....Q/.............=.m.Q.z.M...=..3'...."....L...{".?..k..../.E8...T.,FqXt.6.].tu6.....w.W..7i..s.Z,&c.)n.[.pcQp...4..`....4X.q..^...E.M.p|qoBh..B+..<q..Pgb.j....\.!...q..Q.k....>.}z'`~....E<.{.B4..w..x~...F.-.........>T..b.,...S.O.z...<.......=.N..S.GB.......m......J.\9........W.2.A)h.V..:t..t.O.J.).CO......K.w&..4?.d..r..4.7.8(L. ..-......:.J.y....%n..<..n....-....Oo_>a....-.i.............{O...1.M....V>..=N..(.4.K.t../.1....\F..`._Bz......u..[,...].3.0.3.....L|..*.a!.!.t.....[x..Xv:.QTp....ZE.u.`...s..o\.....)..a0..5....oN..{h..l)..QL.d.X.E.]...%$.H.|...wWo..........BwPpg...W/|..\X..F.[5.e.[ .o........S.3/..3@n.......=P A.B6...{{.g.=...L...tl.rJ..X.J,...;.}7..O/......Z........)...,`l...7 ...C....QQ.3(..{...Z2...qs....x.....
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
                                            Category:downloaded
                                            Size (bytes):17174
                                            Entropy (8bit):2.9129715116732746
                                            Encrypted:false
                                            SSDEEP:24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
                                            MD5:12E3DAC858061D088023B2BD48E2FA96
                                            SHA1:E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
                                            SHA-256:90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
                                            SHA-512:C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
                                            Malicious:false
                                            Reputation:low
                                            URL:https://aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
                                            Preview:..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:GIF image data, version 89a, 352 x 3
                                            Category:dropped
                                            Size (bytes):2672
                                            Entropy (8bit):6.640973516071413
                                            Encrypted:false
                                            SSDEEP:48:ZaOdwduTYPpS9pZy9vDNi1miicsvrJkafMiS+MGQ09DU/X9/4Xp6m5Z9SQcq:4CIuTYPpSTc9vcPZX9/2gzQ/
                                            MD5:166DE53471265253AB3A456DEFE6DA23
                                            SHA1:17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D
                                            SHA-256:A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
                                            SHA-512:80978C1D262BC225A8BA1758DF546E27B5BE8D84CBCF7E6044910E5E05E04AFFEFEC3C0DA0818145EB8A917E1A8D90F4BAC833B64A1F6DE97AD3D5FC80A02308
                                            Malicious:false
                                            Reputation:low
                                            Preview:GIF89a`............!..NETSCAPE2.0.....!.......,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....0.............<....[.\K8j.tr.g..!.......,....3............^;.*..\UK.]\.%.V.c...!.......,....7........`....lo...[.a..*Rw~i...!.......,....;........h.....l.G-.[K.,_XA]..'g..!.......,....?........i.....g....Z.}..)..u...F..!.......,....C...............P.,nt^.i....Xq...i..!.......,....F...........{^b....n.y..i...\C.-...!.......,....H..............R...o....h.xV!.z#...!.......,"...L.............r.jY..w~aP(.......[i...!.......,(...N.............r....w.aP.j.'.)Y..S..!.......,....H.........`......hew..9`.%z.xVeS..!.......,5...A.........`...\m.Vmtzw.}.d.%...Q..!.......,9...=.........h......3S..s.-W8m...Q..!.......,A...5.........h.....N...:..!..U..!.......,H.............h....M.x...f.i.4..!.......,O...'.........i...tp......(..!.......,X.............j...@.x....!.......,].............j..L..3em..!.......,e.............`......!.......,n..............{i..!..
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:PNG image data, 281 x 60, 8-bit/color RGBA, non-interlaced
                                            Category:dropped
                                            Size (bytes):2720
                                            Entropy (8bit):7.843230930170466
                                            Encrypted:false
                                            SSDEEP:48:198IUOPKKmFUdQzjZWjP/OkrwbCBW4HCSJUs2Ko5/MgoRQHtba49hv8Ka:198IUOBafwjOk8eBW4HCS2sTUMjQHd94
                                            MD5:B810A28B29F68A0CA077D31D0812B76D
                                            SHA1:7A95CC4A1E82A43AFC2109B46995C007261D1FEC
                                            SHA-256:7EE5EEEC7C7D52E159AE852844846F306D8D5E0252F56F4B48735F868ED9E564
                                            SHA-512:441E1A56668E0E9D06DE59DAFE408189783B5186AA7F59CAE016D5DBEE0E5A92CBEA60E34737CC5D6CDAAA8CC897691A84E915002120ABCBBA068D2A71E45FF5
                                            Malicious:false
                                            Reputation:low
                                            Preview:.PNG........IHDR.......<.....R..&....pHYs...........~....RIDATx..]A..Y.=W...~..B7.Fd....B._..P.t...)W&.g%"...+a...W...B0...&...E..JD...q!8.....>/s.......D....{....;.s+.B...A...&... ...A$#.. ...A$#..HF..A$#..HF.... ..HF.... .".A.... .".A.... .".A.D2. .".A..l...W..~e$W......].. ..e.......D`.... .<..[f...}%-3......7Y7b.`*.........!.G.>afc..7..Y...O..K..BX......p..H.......|..N..............w.j....lfs3.5l.....9='..A.......T.........^..a......H.._......v2.QS9p.......$......MWo..^BXkaf..5..j..zjf..p...fV..:...@..!...<....J.6.nw.c.w..l..LD2.qh....a.#..\...>.~.A_`.......wNG.."...0t..A.lGh.\..W.?.X.8.zV..mn7..Y.=.6!......].<l.......f.S.......Fry7...x..?.P...........l.q....~r...m...........!d$.kn..{.A........B.B.G..!..!T..6p.8.p..a..H.t.,.:..HI....\....?..g....q.v@.......C.sN.C..S.......f......S...<<..6.,.:li.Q...E..:..$.k3..X.mj...e..2.G_.z..c[u.......Uhg...]..b..Q%.L...I.Zw..j.....=....m......t.H.l./..C....Iy.....v?........{...]..v....WZJ.I.q.....~.Uv.U
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113424
                                            Category:downloaded
                                            Size (bytes):20410
                                            Entropy (8bit):7.980582012022051
                                            Encrypted:false
                                            SSDEEP:384:8RvmaMFysnOXZ2m9zM+udO6GGUpeAU02oDGnN5EsQwWUQGTS8r2k:8pmm7ZFM+ObGGUIjN5PJV3Tp
                                            MD5:3BA4D76A17ADD0A6C34EE696F28C8541
                                            SHA1:5E8A4B8334539A7EAB798A7799F6E232016CB263
                                            SHA-256:17D6FF63DD857A72F37292B5906B40DC087EA27D7B1DEFCFA6DD1BA82AEA0B59
                                            SHA-512:8DA16A9759BB68A6B408F9F274B882ABB3EE7BA19F888448E495B721094BDB2CE5664E9A26BAE306A00491235EB94C143E53F618CCD6D50307C3C7F2EF1B4455
                                            Malicious:false
                                            Reputation:low
                                            URL:https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css
                                            Preview:...........}k..6..w...R..J.H=GSI..x.9...}T*.....)Q..f<...~.F.h..x..{+.-.....h..n....</v.ev......W.,.bU..rW.I...0x...C..2...6]..W_......../x.........~.z.}.|.#x......Ag*O.|XgU...4 .^'U...mP.A.].Z.U.!..Y.......:.ve.?.!..d.N...xJ...mR......0.@p...lKr/...E.-. .....|l.4.o.i.......L.iF..T{.n....2....VEY.y=..=..T+V./.b....\....7.sH.w{.h.....!.."F.k.!.......d...mS.rh.&G.../..h&..RE"!.A/.......A....L...8.q.M...t[...R...>.6;R..^.Vu..9.[F........>A.:HT}w]......2........p......'T.^]}.^..yJ>.<..pq..h.|..j....j.x..-...c...f...=".)..U.X'.M..l.]ZVtl\.I..}.0.~B0Y'.N...E.4.Xd..e...a.........."..9+d.&..l.$E..R.u.g.Q..w&...~I. .y..D.4;..'.."-.....b...)k.n.M...,3J.z_..&2f.h;.&.R.y..P..X.....\P....*.r...B.$........<....H5.M.."'#.6mQl..mQ5.=.\...O.....^..jM..u*.F..Oh.lNI..j..T..u...I..._........{.\...{..._|..={O..z..>......x..5Q.D7?{...^...^.......o.=.z......v......z.C...Gtw...0!..M@....^...^.x..G....W...{...)..y.<c3...^>{......7._..'d__...;R.
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:GIF image data, version 89a, 352 x 3
                                            Category:downloaded
                                            Size (bytes):2672
                                            Entropy (8bit):6.640973516071413
                                            Encrypted:false
                                            SSDEEP:48:ZaOdwduTYPpS9pZy9vDNi1miicsvrJkafMiS+MGQ09DU/X9/4Xp6m5Z9SQcq:4CIuTYPpSTc9vcPZX9/2gzQ/
                                            MD5:166DE53471265253AB3A456DEFE6DA23
                                            SHA1:17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D
                                            SHA-256:A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
                                            SHA-512:80978C1D262BC225A8BA1758DF546E27B5BE8D84CBCF7E6044910E5E05E04AFFEFEC3C0DA0818145EB8A917E1A8D90F4BAC833B64A1F6DE97AD3D5FC80A02308
                                            Malicious:false
                                            Reputation:low
                                            URL:https://aadcdn.msauth.net/shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif
                                            Preview:GIF89a`............!..NETSCAPE2.0.....!.......,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....0.............<....[.\K8j.tr.g..!.......,....3............^;.*..\UK.]\.%.V.c...!.......,....7........`....lo...[.a..*Rw~i...!.......,....;........h.....l.G-.[K.,_XA]..'g..!.......,....?........i.....g....Z.}..)..u...F..!.......,....C...............P.,nt^.i....Xq...i..!.......,....F...........{^b....n.y..i...\C.-...!.......,....H..............R...o....h.xV!.z#...!.......,"...L.............r.jY..w~aP(.......[i...!.......,(...N.............r....w.aP.j.'.)Y..S..!.......,....H.........`......hew..9`.%z.xVeS..!.......,5...A.........`...\m.Vmtzw.}.d.%...Q..!.......,9...=.........h......3S..s.-W8m...Q..!.......,A...5.........h.....N...:..!..U..!.......,H.............h....M.x...f.i.4..!.......,O...'.........i...tp......(..!.......,X.............j...@.x....!.......,].............j..L..3em..!.......,e.............`......!.......,n..............{i..!..
                                            No static file info

                                            Download Network PCAP: filteredfull

                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                            2025-04-02T13:36:05.248482+02002832046ETPRO PHISHING Successful Office 365 Phish 2018-08-011192.168.2.64974340.126.29.8443TCP
                                            2025-04-02T13:36:05.248482+02002832180ETPRO PHISHING Successful Microsoft Account Phish 2018-08-151192.168.2.64974340.126.29.8443TCP
                                            2025-04-02T13:36:05.248482+02002846045ETPRO PHISHING Successful Microsoft Account Phish 2020-12-151192.168.2.64974340.126.29.8443TCP
                                            2025-04-02T13:36:32.719245+02002832046ETPRO PHISHING Successful Office 365 Phish 2018-08-011192.168.2.64974440.126.29.8443TCP
                                            2025-04-02T13:36:32.719245+02002832180ETPRO PHISHING Successful Microsoft Account Phish 2018-08-151192.168.2.64974440.126.29.8443TCP
                                            2025-04-02T13:36:32.719245+02002846045ETPRO PHISHING Successful Microsoft Account Phish 2020-12-151192.168.2.64974440.126.29.8443TCP
                                            • Total Packets: 315
                                            • 443 (HTTPS)
                                            • 53 (DNS)
                                            TimestampSource PortDest PortSource IPDest IP
                                            Apr 2, 2025 13:35:18.853167057 CEST49672443192.168.2.6204.79.197.203
                                            Apr 2, 2025 13:35:19.167754889 CEST49672443192.168.2.6204.79.197.203
                                            Apr 2, 2025 13:35:19.774642944 CEST49672443192.168.2.6204.79.197.203
                                            Apr 2, 2025 13:35:20.979660988 CEST49672443192.168.2.6204.79.197.203
                                            Apr 2, 2025 13:35:23.383915901 CEST49672443192.168.2.6204.79.197.203
                                            Apr 2, 2025 13:35:28.289014101 CEST49672443192.168.2.6204.79.197.203
                                            Apr 2, 2025 13:35:28.419956923 CEST49678443192.168.2.620.42.65.91
                                            Apr 2, 2025 13:35:28.768450022 CEST49678443192.168.2.620.42.65.91
                                            Apr 2, 2025 13:35:29.401890039 CEST49678443192.168.2.620.42.65.91
                                            Apr 2, 2025 13:35:30.602765083 CEST49678443192.168.2.620.42.65.91
                                            Apr 2, 2025 13:35:33.010273933 CEST49678443192.168.2.620.42.65.91
                                            Apr 2, 2025 13:35:33.827991962 CEST49696443192.168.2.6142.251.40.132
                                            Apr 2, 2025 13:35:33.828018904 CEST44349696142.251.40.132192.168.2.6
                                            Apr 2, 2025 13:35:33.828114986 CEST49696443192.168.2.6142.251.40.132
                                            Apr 2, 2025 13:35:33.828381062 CEST49696443192.168.2.6142.251.40.132
                                            Apr 2, 2025 13:35:33.828396082 CEST44349696142.251.40.132192.168.2.6
                                            Apr 2, 2025 13:35:34.034693003 CEST44349696142.251.40.132192.168.2.6
                                            Apr 2, 2025 13:35:34.034900904 CEST49696443192.168.2.6142.251.40.132
                                            Apr 2, 2025 13:35:34.036412954 CEST49696443192.168.2.6142.251.40.132
                                            Apr 2, 2025 13:35:34.036422968 CEST44349696142.251.40.132192.168.2.6
                                            Apr 2, 2025 13:35:34.036814928 CEST44349696142.251.40.132192.168.2.6
                                            Apr 2, 2025 13:35:34.087408066 CEST49696443192.168.2.6142.251.40.132
                                            Apr 2, 2025 13:35:34.528326988 CEST49697443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:34.528346062 CEST4434969740.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:34.529413939 CEST49698443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:34.529431105 CEST4434969840.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:34.529505014 CEST49697443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:34.529608011 CEST49698443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:34.529707909 CEST49698443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:34.529711962 CEST4434969840.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:34.529815912 CEST49697443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:34.529827118 CEST4434969740.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:34.935698032 CEST4434969840.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:34.935827971 CEST49698443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:34.936947107 CEST49698443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:34.936954021 CEST4434969840.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:34.937335014 CEST4434969840.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:34.937728882 CEST49698443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:34.944300890 CEST4434969740.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:34.944406033 CEST49697443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:34.945184946 CEST49697443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:34.945194960 CEST4434969740.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:34.945676088 CEST4434969740.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:34.980295897 CEST4434969840.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:34.997278929 CEST49697443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:35.227531910 CEST4434969840.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:35.227750063 CEST4434969840.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:35.227755070 CEST49698443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:35.227896929 CEST49698443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:35.233129978 CEST49698443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:35.233143091 CEST4434969840.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:37.822750092 CEST49678443192.168.2.620.42.65.91
                                            Apr 2, 2025 13:35:37.886713982 CEST49672443192.168.2.6204.79.197.203
                                            Apr 2, 2025 13:35:43.146198988 CEST49697443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:43.146375895 CEST4434969740.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:43.660605907 CEST4434969740.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:43.660638094 CEST4434969740.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:43.660653114 CEST4434969740.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:43.660674095 CEST49697443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:43.660679102 CEST4434969740.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:43.660692930 CEST4434969740.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:43.660717010 CEST49697443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:43.660732031 CEST4434969740.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:43.660770893 CEST49697443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:43.660783052 CEST49697443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:43.660785913 CEST4434969740.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:43.660804033 CEST4434969740.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:43.660876989 CEST49697443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:43.660876989 CEST49697443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:43.660895109 CEST4434969740.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:43.660914898 CEST4434969740.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:43.660958052 CEST49697443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:43.661958933 CEST49697443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:43.661977053 CEST4434969740.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:44.040795088 CEST44349696142.251.40.132192.168.2.6
                                            Apr 2, 2025 13:35:44.040920019 CEST44349696142.251.40.132192.168.2.6
                                            Apr 2, 2025 13:35:44.041145086 CEST49696443192.168.2.6142.251.40.132
                                            Apr 2, 2025 13:35:44.531192064 CEST49696443192.168.2.6142.251.40.132
                                            Apr 2, 2025 13:35:44.531224966 CEST44349696142.251.40.132192.168.2.6
                                            Apr 2, 2025 13:35:44.576844931 CEST49710443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:44.576879978 CEST4434971040.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:44.576937914 CEST49710443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:44.577176094 CEST49710443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:44.577192068 CEST4434971040.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:44.577941895 CEST49711443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:44.577991009 CEST4434971140.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:44.578141928 CEST49711443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:44.578224897 CEST49711443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:44.578231096 CEST4434971140.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:44.967259884 CEST4434971040.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:44.967616081 CEST49710443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:44.967653990 CEST4434971040.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:44.967901945 CEST49710443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:44.967917919 CEST4434971040.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:44.972104073 CEST4434971140.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:44.972357988 CEST49711443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:44.972381115 CEST4434971140.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:44.972590923 CEST49711443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:44.972600937 CEST4434971140.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:45.234112978 CEST4434971140.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:45.234211922 CEST4434971140.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:45.234338045 CEST49711443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:45.236228943 CEST49711443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:45.236260891 CEST4434971140.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:45.342824936 CEST49714443192.168.2.623.55.235.240
                                            Apr 2, 2025 13:35:45.342884064 CEST4434971423.55.235.240192.168.2.6
                                            Apr 2, 2025 13:35:45.343137026 CEST49714443192.168.2.623.55.235.240
                                            Apr 2, 2025 13:35:45.343137026 CEST49714443192.168.2.623.55.235.240
                                            Apr 2, 2025 13:35:45.343178988 CEST4434971423.55.235.240192.168.2.6
                                            Apr 2, 2025 13:35:45.587814093 CEST4434971423.55.235.240192.168.2.6
                                            Apr 2, 2025 13:35:45.588278055 CEST49714443192.168.2.623.55.235.240
                                            Apr 2, 2025 13:35:45.589735031 CEST49714443192.168.2.623.55.235.240
                                            Apr 2, 2025 13:35:45.589749098 CEST4434971423.55.235.240192.168.2.6
                                            Apr 2, 2025 13:35:45.590081930 CEST4434971423.55.235.240192.168.2.6
                                            Apr 2, 2025 13:35:45.590802908 CEST49714443192.168.2.623.55.235.240
                                            Apr 2, 2025 13:35:45.632275105 CEST4434971423.55.235.240192.168.2.6
                                            Apr 2, 2025 13:35:45.640563011 CEST4434971040.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:45.640619993 CEST4434971040.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:45.640650034 CEST49710443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:45.640660048 CEST4434971040.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:45.640698910 CEST49710443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:45.640700102 CEST4434971040.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:45.640717983 CEST49710443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:45.640762091 CEST49710443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:45.640928984 CEST4434971040.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:45.640969992 CEST4434971040.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:45.640990019 CEST49710443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:45.641005039 CEST4434971040.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:45.641030073 CEST49710443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:45.641043901 CEST49710443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:45.767611027 CEST4434971040.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:45.767683029 CEST4434971040.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:45.767699957 CEST49710443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:45.767735004 CEST4434971040.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:45.767740965 CEST49710443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:45.767785072 CEST49710443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:45.767992973 CEST4434971040.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:45.768047094 CEST4434971040.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:45.768053055 CEST49710443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:45.768064976 CEST4434971040.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:45.768085957 CEST49710443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:45.768167973 CEST4434971040.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:45.768234968 CEST49710443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:45.768326998 CEST49710443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:45.768346071 CEST4434971040.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:45.768353939 CEST49710443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:45.768573046 CEST49710443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:45.797533989 CEST4434971423.55.235.240192.168.2.6
                                            Apr 2, 2025 13:35:45.797756910 CEST4434971423.55.235.240192.168.2.6
                                            Apr 2, 2025 13:35:45.797836065 CEST49714443192.168.2.623.55.235.240
                                            Apr 2, 2025 13:35:45.797988892 CEST49714443192.168.2.623.55.235.240
                                            Apr 2, 2025 13:35:45.798027039 CEST4434971423.55.235.240192.168.2.6
                                            Apr 2, 2025 13:35:45.798572063 CEST49718443192.168.2.623.55.235.240
                                            Apr 2, 2025 13:35:45.798599005 CEST4434971823.55.235.240192.168.2.6
                                            Apr 2, 2025 13:35:45.798835993 CEST49718443192.168.2.623.55.235.240
                                            Apr 2, 2025 13:35:45.798968077 CEST49718443192.168.2.623.55.235.240
                                            Apr 2, 2025 13:35:45.798979044 CEST4434971823.55.235.240192.168.2.6
                                            Apr 2, 2025 13:35:46.050717115 CEST4434971823.55.235.240192.168.2.6
                                            Apr 2, 2025 13:35:46.051227093 CEST49718443192.168.2.623.55.235.240
                                            Apr 2, 2025 13:35:46.051227093 CEST49718443192.168.2.623.55.235.240
                                            Apr 2, 2025 13:35:46.051264048 CEST4434971823.55.235.240192.168.2.6
                                            Apr 2, 2025 13:35:46.051280975 CEST4434971823.55.235.240192.168.2.6
                                            Apr 2, 2025 13:35:46.051295042 CEST49718443192.168.2.623.55.235.240
                                            Apr 2, 2025 13:35:46.051304102 CEST4434971823.55.235.240192.168.2.6
                                            Apr 2, 2025 13:35:46.641207933 CEST4434971823.55.235.240192.168.2.6
                                            Apr 2, 2025 13:35:46.641382933 CEST4434971823.55.235.240192.168.2.6
                                            Apr 2, 2025 13:35:46.641596079 CEST49718443192.168.2.623.55.235.240
                                            Apr 2, 2025 13:35:46.641882896 CEST49718443192.168.2.623.55.235.240
                                            Apr 2, 2025 13:35:46.641897917 CEST4434971823.55.235.240192.168.2.6
                                            Apr 2, 2025 13:35:47.426016092 CEST49678443192.168.2.620.42.65.91
                                            Apr 2, 2025 13:35:48.875596046 CEST49728443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:48.875639915 CEST4434972823.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:48.875916004 CEST49729443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:48.875945091 CEST49728443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:48.875965118 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:48.876020908 CEST49729443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:48.876684904 CEST49729443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:48.876728058 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:48.876755953 CEST49728443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:48.876773119 CEST4434972823.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:48.978043079 CEST49731443192.168.2.640.126.24.147
                                            Apr 2, 2025 13:35:48.978090048 CEST4434973140.126.24.147192.168.2.6
                                            Apr 2, 2025 13:35:48.978149891 CEST49731443192.168.2.640.126.24.147
                                            Apr 2, 2025 13:35:48.979434013 CEST49731443192.168.2.640.126.24.147
                                            Apr 2, 2025 13:35:48.979451895 CEST4434973140.126.24.147192.168.2.6
                                            Apr 2, 2025 13:35:49.069766045 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.069869041 CEST49729443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:49.073349953 CEST4434972823.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.073421955 CEST49728443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:49.079772949 CEST49729443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:49.079806089 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.080168962 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.080823898 CEST49728443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:49.080832005 CEST4434972823.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.081084013 CEST49729443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:49.081233978 CEST4434972823.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.081490040 CEST49728443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:49.128267050 CEST4434972823.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.128283024 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.256517887 CEST4434972823.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.256572962 CEST4434972823.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.256670952 CEST49728443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:49.256701946 CEST4434972823.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.256724119 CEST4434972823.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.262092113 CEST49728443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:49.263915062 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.263952971 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.263978004 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.264154911 CEST49729443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:49.264154911 CEST49729443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:49.264197111 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.264276981 CEST49729443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:49.312618017 CEST4434973140.126.24.147192.168.2.6
                                            Apr 2, 2025 13:35:49.312728882 CEST49731443192.168.2.640.126.24.147
                                            Apr 2, 2025 13:35:49.370404959 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.370443106 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.370517969 CEST49729443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:49.370539904 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.370560884 CEST49729443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:49.370580912 CEST49729443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:49.376755953 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.376833916 CEST49729443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:49.395092010 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.395112991 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.395168066 CEST49729443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:49.395185947 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.395214081 CEST49729443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:49.395243883 CEST49729443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:49.443484068 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.443536997 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.443589926 CEST49729443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:49.443612099 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.443645954 CEST49729443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:49.452842951 CEST49731443192.168.2.640.126.24.147
                                            Apr 2, 2025 13:35:49.452877998 CEST4434973140.126.24.147192.168.2.6
                                            Apr 2, 2025 13:35:49.453736067 CEST4434973140.126.24.147192.168.2.6
                                            Apr 2, 2025 13:35:49.454725027 CEST49731443192.168.2.640.126.24.147
                                            Apr 2, 2025 13:35:49.460807085 CEST49728443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:49.460840940 CEST4434972823.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.465687990 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.465718031 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.465764046 CEST49729443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:49.465786934 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.465800047 CEST49729443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:49.489413977 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.489434004 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.489490032 CEST49729443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:49.489515066 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.489550114 CEST49729443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:49.496294975 CEST4434973140.126.24.147192.168.2.6
                                            Apr 2, 2025 13:35:49.502302885 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.502372026 CEST49729443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:49.502398014 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.523154020 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.523194075 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.523286104 CEST49729443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:49.523286104 CEST49729443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:49.523299932 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.531794071 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.531887054 CEST49729443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:49.531903028 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.546961069 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.546989918 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.547060013 CEST49729443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:49.547086000 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.547112942 CEST49729443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:49.559967995 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.559997082 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.560075998 CEST49729443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:49.560103893 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.560143948 CEST49729443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:49.565443993 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.565515041 CEST49729443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:49.565532923 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.577512026 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.577545881 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.577647924 CEST49729443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:49.577647924 CEST49729443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:49.577662945 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.582990885 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.583050966 CEST49729443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:49.583066940 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.595217943 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.595244884 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.595313072 CEST49729443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:49.595339060 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.595352888 CEST49729443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:49.607455969 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.607502937 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.607517958 CEST49729443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:49.607536077 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.607563972 CEST49729443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:49.612135887 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.612234116 CEST49729443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:49.612270117 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.614492893 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.614578009 CEST49729443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:49.614597082 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.614690065 CEST49729443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:49.614916086 CEST49729443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:49.614936113 CEST4434972923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:49.618463039 CEST4434973140.126.24.147192.168.2.6
                                            Apr 2, 2025 13:35:49.618563890 CEST49731443192.168.2.640.126.24.147
                                            Apr 2, 2025 13:35:49.618591070 CEST4434973140.126.24.147192.168.2.6
                                            Apr 2, 2025 13:35:49.618638992 CEST4434973140.126.24.147192.168.2.6
                                            Apr 2, 2025 13:35:49.618690014 CEST49731443192.168.2.640.126.24.147
                                            Apr 2, 2025 13:35:49.685517073 CEST49731443192.168.2.640.126.24.147
                                            Apr 2, 2025 13:35:49.685563087 CEST4434973140.126.24.147192.168.2.6
                                            Apr 2, 2025 13:35:49.695599079 CEST49732443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:49.695627928 CEST4434973240.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:49.695776939 CEST49732443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:49.697098970 CEST49732443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:49.697112083 CEST4434973240.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:50.093616009 CEST4434973240.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:50.093913078 CEST49732443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:50.093950987 CEST4434973240.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:50.094213963 CEST49732443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:50.094228983 CEST4434973240.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:50.094518900 CEST49732443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:50.094523907 CEST4434973240.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:50.152299881 CEST49734443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.152338982 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.152394056 CEST49734443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.152498960 CEST49735443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.152534008 CEST4434973523.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.152575016 CEST49735443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.152704000 CEST49734443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.152715921 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.152784109 CEST49735443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.152796030 CEST4434973523.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.338645935 CEST4434973523.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.338742971 CEST49735443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.339246988 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.339303017 CEST49734443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.339411020 CEST49735443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.339420080 CEST4434973523.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.339744091 CEST4434973523.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.339931011 CEST49734443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.339941025 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.340150118 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.340178013 CEST49735443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.340432882 CEST49734443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.380266905 CEST4434973523.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.384263992 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.481745958 CEST4434973240.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:50.481843948 CEST49732443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:50.481858015 CEST4434973240.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:50.481940031 CEST4434973240.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:50.481987000 CEST49732443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:50.482006073 CEST49736443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.482033968 CEST4434973623.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.482115030 CEST49736443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.483618975 CEST49736443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.483628035 CEST4434973623.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.483926058 CEST49732443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:35:50.483932018 CEST4434973240.126.29.8192.168.2.6
                                            Apr 2, 2025 13:35:50.523679972 CEST4434973523.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.523705006 CEST4434973523.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.523767948 CEST49735443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.523782969 CEST4434973523.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.524652958 CEST4434973523.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.524723053 CEST49735443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.530148029 CEST49735443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.530157089 CEST4434973523.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.530222893 CEST49735443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.530241966 CEST49735443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.534137964 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.534181118 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.534195900 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.534235954 CEST49734443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.534250021 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.534285069 CEST49734443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.534383059 CEST49734443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.638262987 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.638288021 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.638339996 CEST49734443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.638355017 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.638381958 CEST49734443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.638397932 CEST49734443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.641736984 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.641792059 CEST49734443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.667563915 CEST4434973623.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.668240070 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.668263912 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.668318987 CEST49734443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.668334007 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.668361902 CEST49734443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.668380976 CEST49734443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.669759035 CEST49736443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.669778109 CEST4434973623.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.669965982 CEST49736443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.669971943 CEST4434973623.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.716295004 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.716389894 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.716415882 CEST49734443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.716430902 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.716443062 CEST49734443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.742168903 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.742187023 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.742264986 CEST49734443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.742288113 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.742311954 CEST49734443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.761508942 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.761523962 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.761568069 CEST49734443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.761584997 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.761600018 CEST49734443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.775238991 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.775428057 CEST49734443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.775458097 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.806291103 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.806319952 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.806371927 CEST49734443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.806390047 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.806410074 CEST49734443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.810530901 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.810583115 CEST49734443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.810589075 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.827646971 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.827661991 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.827717066 CEST49734443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.827723980 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.836443901 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.836458921 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.836515903 CEST49734443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.836524010 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.842133045 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.842216015 CEST49734443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.842222929 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.854537964 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.854557037 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.854610920 CEST49734443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.854618073 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.859755993 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.859812975 CEST49734443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.859819889 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.865988970 CEST4434973623.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.866005898 CEST4434973623.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.866060019 CEST49736443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.866090059 CEST4434973623.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.866453886 CEST4434973623.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.866497993 CEST49736443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.867727995 CEST49736443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.867742062 CEST4434973623.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.871587038 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.871634007 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.871675968 CEST49734443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.871686935 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.871716022 CEST49734443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.883291006 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.883307934 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.883353949 CEST49734443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.883367062 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.883394003 CEST49734443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.888343096 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.888426065 CEST49734443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.888432980 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.890810013 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.890908957 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.890922070 CEST49734443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.890949965 CEST49734443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.891350031 CEST49734443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:50.891364098 CEST4434973423.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:50.935905933 CEST49738443192.168.2.620.190.144.137
                                            Apr 2, 2025 13:35:50.935947895 CEST4434973820.190.144.137192.168.2.6
                                            Apr 2, 2025 13:35:50.936023951 CEST49738443192.168.2.620.190.144.137
                                            Apr 2, 2025 13:35:50.938925028 CEST49738443192.168.2.620.190.144.137
                                            Apr 2, 2025 13:35:50.938941002 CEST4434973820.190.144.137192.168.2.6
                                            Apr 2, 2025 13:35:51.057723045 CEST49739443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:51.057763100 CEST4434973923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:51.057946920 CEST49739443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:51.058096886 CEST49739443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:51.058111906 CEST4434973923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:51.244410038 CEST4434973923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:51.244720936 CEST49739443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:51.244750977 CEST4434973923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:51.244978905 CEST49739443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:51.244985104 CEST4434973923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:51.431391001 CEST4434973923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:51.431406975 CEST4434973923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:51.431482077 CEST49739443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:51.431497097 CEST4434973923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:51.432588100 CEST49739443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:51.432640076 CEST4434973923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:51.432825089 CEST4434973923.209.72.9192.168.2.6
                                            Apr 2, 2025 13:35:51.432878017 CEST49739443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:51.432890892 CEST49739443192.168.2.623.209.72.9
                                            Apr 2, 2025 13:35:51.897517920 CEST4434973820.190.144.137192.168.2.6
                                            Apr 2, 2025 13:35:51.897665977 CEST49738443192.168.2.620.190.144.137
                                            Apr 2, 2025 13:35:51.915090084 CEST49738443192.168.2.620.190.144.137
                                            Apr 2, 2025 13:35:51.915121078 CEST4434973820.190.144.137192.168.2.6
                                            Apr 2, 2025 13:35:51.915431976 CEST4434973820.190.144.137192.168.2.6
                                            Apr 2, 2025 13:35:51.916455984 CEST49738443192.168.2.620.190.144.137
                                            Apr 2, 2025 13:35:51.916508913 CEST4434973820.190.144.137192.168.2.6
                                            Apr 2, 2025 13:35:52.740530014 CEST4434973820.190.144.137192.168.2.6
                                            Apr 2, 2025 13:35:52.740587950 CEST49738443192.168.2.620.190.144.137
                                            Apr 2, 2025 13:35:52.740617037 CEST4434973820.190.144.137192.168.2.6
                                            Apr 2, 2025 13:35:52.740632057 CEST4434973820.190.144.137192.168.2.6
                                            Apr 2, 2025 13:35:52.740672112 CEST49738443192.168.2.620.190.144.137
                                            Apr 2, 2025 13:35:52.741661072 CEST49738443192.168.2.620.190.144.137
                                            Apr 2, 2025 13:35:52.741677999 CEST4434973820.190.144.137192.168.2.6
                                            Apr 2, 2025 13:36:03.991377115 CEST49743443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:36:03.991436958 CEST4434974340.126.29.8192.168.2.6
                                            Apr 2, 2025 13:36:03.991529942 CEST49743443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:36:03.992245913 CEST49743443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:36:03.992271900 CEST4434974340.126.29.8192.168.2.6
                                            Apr 2, 2025 13:36:03.996334076 CEST49744443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:36:03.996357918 CEST4434974440.126.29.8192.168.2.6
                                            Apr 2, 2025 13:36:03.996428967 CEST49744443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:36:03.997251034 CEST49744443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:36:03.997258902 CEST4434974440.126.29.8192.168.2.6
                                            Apr 2, 2025 13:36:04.394670010 CEST4434974340.126.29.8192.168.2.6
                                            Apr 2, 2025 13:36:04.395023108 CEST49743443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:36:04.395056009 CEST4434974340.126.29.8192.168.2.6
                                            Apr 2, 2025 13:36:04.395252943 CEST49743443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:36:04.395263910 CEST4434974340.126.29.8192.168.2.6
                                            Apr 2, 2025 13:36:04.395309925 CEST49743443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:36:04.395315886 CEST4434974340.126.29.8192.168.2.6
                                            Apr 2, 2025 13:36:04.399272919 CEST4434974440.126.29.8192.168.2.6
                                            Apr 2, 2025 13:36:04.399473906 CEST49744443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:36:04.399487972 CEST4434974440.126.29.8192.168.2.6
                                            Apr 2, 2025 13:36:05.248634100 CEST4434974340.126.29.8192.168.2.6
                                            Apr 2, 2025 13:36:05.248687983 CEST4434974340.126.29.8192.168.2.6
                                            Apr 2, 2025 13:36:05.248733997 CEST4434974340.126.29.8192.168.2.6
                                            Apr 2, 2025 13:36:05.248774052 CEST4434974340.126.29.8192.168.2.6
                                            Apr 2, 2025 13:36:05.248779058 CEST49743443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:36:05.248811960 CEST4434974340.126.29.8192.168.2.6
                                            Apr 2, 2025 13:36:05.248827934 CEST49743443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:36:05.248863935 CEST49743443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:36:05.249013901 CEST4434974340.126.29.8192.168.2.6
                                            Apr 2, 2025 13:36:05.249058962 CEST4434974340.126.29.8192.168.2.6
                                            Apr 2, 2025 13:36:05.249080896 CEST49743443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:36:05.249089003 CEST4434974340.126.29.8192.168.2.6
                                            Apr 2, 2025 13:36:05.249114037 CEST49743443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:36:05.249126911 CEST49743443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:36:05.374577999 CEST4434974340.126.29.8192.168.2.6
                                            Apr 2, 2025 13:36:05.374639988 CEST4434974340.126.29.8192.168.2.6
                                            Apr 2, 2025 13:36:05.374665976 CEST49743443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:36:05.374680042 CEST4434974340.126.29.8192.168.2.6
                                            Apr 2, 2025 13:36:05.374710083 CEST49743443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:36:05.374721050 CEST49743443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:36:05.375422001 CEST4434974340.126.29.8192.168.2.6
                                            Apr 2, 2025 13:36:05.375472069 CEST4434974340.126.29.8192.168.2.6
                                            Apr 2, 2025 13:36:05.375488997 CEST49743443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:36:05.375493050 CEST4434974340.126.29.8192.168.2.6
                                            Apr 2, 2025 13:36:05.375530958 CEST49743443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:36:05.375539064 CEST4434974340.126.29.8192.168.2.6
                                            Apr 2, 2025 13:36:05.375637054 CEST4434974340.126.29.8192.168.2.6
                                            Apr 2, 2025 13:36:05.375683069 CEST49743443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:36:05.377083063 CEST49743443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:36:05.377105951 CEST4434974340.126.29.8192.168.2.6
                                            Apr 2, 2025 13:36:31.555051088 CEST49744443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:36:31.555080891 CEST4434974440.126.29.8192.168.2.6
                                            Apr 2, 2025 13:36:31.555109978 CEST49744443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:36:31.555116892 CEST4434974440.126.29.8192.168.2.6
                                            Apr 2, 2025 13:36:31.556407928 CEST49752443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:36:31.556456089 CEST4434975240.126.29.8192.168.2.6
                                            Apr 2, 2025 13:36:31.556526899 CEST49752443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:36:31.556934118 CEST49752443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:36:31.556950092 CEST4434975240.126.29.8192.168.2.6
                                            Apr 2, 2025 13:36:31.978769064 CEST4434975240.126.29.8192.168.2.6
                                            Apr 2, 2025 13:36:31.979175091 CEST49752443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:36:31.979193926 CEST4434975240.126.29.8192.168.2.6
                                            Apr 2, 2025 13:36:32.719273090 CEST4434974440.126.29.8192.168.2.6
                                            Apr 2, 2025 13:36:32.719302893 CEST4434974440.126.29.8192.168.2.6
                                            Apr 2, 2025 13:36:32.719341993 CEST4434974440.126.29.8192.168.2.6
                                            Apr 2, 2025 13:36:32.719386101 CEST49744443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:36:32.719403028 CEST4434974440.126.29.8192.168.2.6
                                            Apr 2, 2025 13:36:32.719436884 CEST49744443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:36:32.719439983 CEST4434974440.126.29.8192.168.2.6
                                            Apr 2, 2025 13:36:32.719471931 CEST49744443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:36:32.719499111 CEST49744443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:36:32.849086046 CEST4434974440.126.29.8192.168.2.6
                                            Apr 2, 2025 13:36:32.849108934 CEST4434974440.126.29.8192.168.2.6
                                            Apr 2, 2025 13:36:32.849154949 CEST4434974440.126.29.8192.168.2.6
                                            Apr 2, 2025 13:36:32.849205971 CEST4434974440.126.29.8192.168.2.6
                                            Apr 2, 2025 13:36:32.849220037 CEST49744443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:36:32.849235058 CEST4434974440.126.29.8192.168.2.6
                                            Apr 2, 2025 13:36:32.849261999 CEST4434974440.126.29.8192.168.2.6
                                            Apr 2, 2025 13:36:32.849298954 CEST49744443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:36:32.849319935 CEST49744443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:36:32.940500975 CEST49744443192.168.2.640.126.29.8
                                            Apr 2, 2025 13:36:32.940531015 CEST4434974440.126.29.8192.168.2.6
                                            Apr 2, 2025 13:36:33.799535990 CEST49758443192.168.2.6142.251.40.132
                                            Apr 2, 2025 13:36:33.799570084 CEST44349758142.251.40.132192.168.2.6
                                            Apr 2, 2025 13:36:33.799669027 CEST49758443192.168.2.6142.251.40.132
                                            Apr 2, 2025 13:36:33.800182104 CEST49758443192.168.2.6142.251.40.132
                                            Apr 2, 2025 13:36:33.800194025 CEST44349758142.251.40.132192.168.2.6
                                            Apr 2, 2025 13:36:33.990487099 CEST44349758142.251.40.132192.168.2.6
                                            Apr 2, 2025 13:36:33.990842104 CEST49758443192.168.2.6142.251.40.132
                                            Apr 2, 2025 13:36:33.990870953 CEST44349758142.251.40.132192.168.2.6
                                            Apr 2, 2025 13:36:38.286678076 CEST443496812.23.227.215192.168.2.6
                                            Apr 2, 2025 13:36:38.286709070 CEST443496812.23.227.215192.168.2.6
                                            Apr 2, 2025 13:36:38.287127972 CEST49681443192.168.2.62.23.227.215
                                            Apr 2, 2025 13:36:43.983731031 CEST44349758142.251.40.132192.168.2.6
                                            Apr 2, 2025 13:36:43.983875990 CEST44349758142.251.40.132192.168.2.6
                                            Apr 2, 2025 13:36:43.984013081 CEST49758443192.168.2.6142.251.40.132
                                            Apr 2, 2025 13:36:45.254822969 CEST49758443192.168.2.6142.251.40.132
                                            Apr 2, 2025 13:36:45.254846096 CEST44349758142.251.40.132192.168.2.6
                                            Apr 2, 2025 13:36:45.257853031 CEST49762443192.168.2.623.55.235.240
                                            Apr 2, 2025 13:36:45.257951975 CEST4434976223.55.235.240192.168.2.6
                                            Apr 2, 2025 13:36:45.258053064 CEST49762443192.168.2.623.55.235.240
                                            Apr 2, 2025 13:36:45.260513067 CEST49762443192.168.2.623.55.235.240
                                            Apr 2, 2025 13:36:45.260551929 CEST4434976223.55.235.240192.168.2.6
                                            Apr 2, 2025 13:36:45.454905033 CEST4434976223.55.235.240192.168.2.6
                                            Apr 2, 2025 13:36:45.468575001 CEST49762443192.168.2.623.55.235.240
                                            Apr 2, 2025 13:36:45.468610048 CEST4434976223.55.235.240192.168.2.6
                                            Apr 2, 2025 13:36:45.471688032 CEST49762443192.168.2.623.55.235.240
                                            Apr 2, 2025 13:36:45.471704006 CEST4434976223.55.235.240192.168.2.6
                                            Apr 2, 2025 13:36:45.633152962 CEST4434976223.55.235.240192.168.2.6
                                            Apr 2, 2025 13:36:45.633313894 CEST4434976223.55.235.240192.168.2.6
                                            Apr 2, 2025 13:36:45.633507967 CEST49762443192.168.2.623.55.235.240
                                            Apr 2, 2025 13:36:45.633507967 CEST49762443192.168.2.623.55.235.240
                                            Apr 2, 2025 13:36:45.633567095 CEST4434976223.55.235.240192.168.2.6
                                            Apr 2, 2025 13:36:45.633634090 CEST49762443192.168.2.623.55.235.240
                                            Apr 2, 2025 13:36:45.735923052 CEST49763443192.168.2.623.44.201.172
                                            Apr 2, 2025 13:36:45.736011982 CEST4434976323.44.201.172192.168.2.6
                                            Apr 2, 2025 13:36:45.736093998 CEST49763443192.168.2.623.44.201.172
                                            Apr 2, 2025 13:36:45.736310005 CEST49763443192.168.2.623.44.201.172
                                            Apr 2, 2025 13:36:45.736330032 CEST4434976323.44.201.172192.168.2.6
                                            Apr 2, 2025 13:36:45.934392929 CEST4434976323.44.201.172192.168.2.6
                                            Apr 2, 2025 13:36:45.934762955 CEST49763443192.168.2.623.44.201.172
                                            Apr 2, 2025 13:36:45.934854031 CEST4434976323.44.201.172192.168.2.6
                                            Apr 2, 2025 13:36:45.934911013 CEST49763443192.168.2.623.44.201.172
                                            Apr 2, 2025 13:36:45.934923887 CEST4434976323.44.201.172192.168.2.6
                                            Apr 2, 2025 13:36:48.850400925 CEST4434976323.44.201.172192.168.2.6
                                            Apr 2, 2025 13:36:48.850558996 CEST4434976323.44.201.172192.168.2.6
                                            Apr 2, 2025 13:36:48.850838900 CEST49763443192.168.2.623.44.201.172
                                            Apr 2, 2025 13:36:48.850838900 CEST49763443192.168.2.623.44.201.172
                                            Apr 2, 2025 13:36:48.850838900 CEST49763443192.168.2.623.44.201.172
                                            TimestampSource PortDest PortSource IPDest IP
                                            Apr 2, 2025 13:35:29.329900980 CEST53585701.1.1.1192.168.2.6
                                            Apr 2, 2025 13:35:29.353604078 CEST53528721.1.1.1192.168.2.6
                                            Apr 2, 2025 13:35:30.129172087 CEST53492011.1.1.1192.168.2.6
                                            Apr 2, 2025 13:35:30.280087948 CEST53504641.1.1.1192.168.2.6
                                            Apr 2, 2025 13:35:33.729064941 CEST5703353192.168.2.61.1.1.1
                                            Apr 2, 2025 13:35:33.729271889 CEST5601753192.168.2.61.1.1.1
                                            Apr 2, 2025 13:35:33.826679945 CEST53570331.1.1.1192.168.2.6
                                            Apr 2, 2025 13:35:33.827092886 CEST53560171.1.1.1192.168.2.6
                                            Apr 2, 2025 13:35:34.429797888 CEST5959453192.168.2.61.1.1.1
                                            Apr 2, 2025 13:35:34.430320978 CEST5014253192.168.2.61.1.1.1
                                            Apr 2, 2025 13:35:34.526916981 CEST53595941.1.1.1192.168.2.6
                                            Apr 2, 2025 13:35:34.527065992 CEST53501421.1.1.1192.168.2.6
                                            Apr 2, 2025 13:35:45.235496044 CEST6390353192.168.2.61.1.1.1
                                            Apr 2, 2025 13:35:45.236160994 CEST5317653192.168.2.61.1.1.1
                                            Apr 2, 2025 13:35:45.341932058 CEST53531761.1.1.1192.168.2.6
                                            Apr 2, 2025 13:35:45.341985941 CEST53639031.1.1.1192.168.2.6
                                            Apr 2, 2025 13:35:45.655152082 CEST5671053192.168.2.61.1.1.1
                                            Apr 2, 2025 13:35:45.655510902 CEST5209653192.168.2.61.1.1.1
                                            Apr 2, 2025 13:35:45.754146099 CEST53567101.1.1.1192.168.2.6
                                            Apr 2, 2025 13:35:45.754549980 CEST53520961.1.1.1192.168.2.6
                                            Apr 2, 2025 13:35:47.359076977 CEST53625171.1.1.1192.168.2.6
                                            Apr 2, 2025 13:35:48.774868011 CEST5360953192.168.2.61.1.1.1
                                            Apr 2, 2025 13:35:48.775314093 CEST6064053192.168.2.61.1.1.1
                                            Apr 2, 2025 13:35:48.873977900 CEST53536091.1.1.1192.168.2.6
                                            Apr 2, 2025 13:35:48.873995066 CEST53606401.1.1.1192.168.2.6
                                            Apr 2, 2025 13:35:48.878576994 CEST6230053192.168.2.61.1.1.1
                                            Apr 2, 2025 13:35:48.878818989 CEST6397153192.168.2.61.1.1.1
                                            Apr 2, 2025 13:35:48.976975918 CEST53623001.1.1.1192.168.2.6
                                            Apr 2, 2025 13:35:48.977025032 CEST53639711.1.1.1192.168.2.6
                                            Apr 2, 2025 13:35:50.009943962 CEST4984853192.168.2.61.1.1.1
                                            Apr 2, 2025 13:35:50.010555029 CEST5044053192.168.2.61.1.1.1
                                            Apr 2, 2025 13:35:50.142107010 CEST53498481.1.1.1192.168.2.6
                                            Apr 2, 2025 13:35:50.150129080 CEST53504401.1.1.1192.168.2.6
                                            Apr 2, 2025 13:35:50.661539078 CEST53505151.1.1.1192.168.2.6
                                            Apr 2, 2025 13:35:50.823906898 CEST5592353192.168.2.61.1.1.1
                                            Apr 2, 2025 13:35:50.824067116 CEST5886253192.168.2.61.1.1.1
                                            Apr 2, 2025 13:35:50.922061920 CEST53588621.1.1.1192.168.2.6
                                            Apr 2, 2025 13:35:50.933449984 CEST53559231.1.1.1192.168.2.6
                                            Apr 2, 2025 13:36:06.461461067 CEST53596381.1.1.1192.168.2.6
                                            Apr 2, 2025 13:36:18.362060070 CEST5390153192.168.2.61.1.1.1
                                            Apr 2, 2025 13:36:18.362308979 CEST6529453192.168.2.61.1.1.1
                                            Apr 2, 2025 13:36:18.472023964 CEST53652941.1.1.1192.168.2.6
                                            Apr 2, 2025 13:36:18.503065109 CEST53539011.1.1.1192.168.2.6
                                            Apr 2, 2025 13:36:25.517236948 CEST138138192.168.2.6192.168.2.255
                                            Apr 2, 2025 13:36:29.144710064 CEST53586181.1.1.1192.168.2.6
                                            Apr 2, 2025 13:36:29.530869961 CEST53528821.1.1.1192.168.2.6
                                            Apr 2, 2025 13:36:32.130736113 CEST53578151.1.1.1192.168.2.6
                                            Apr 2, 2025 13:36:45.634196043 CEST6421353192.168.2.61.1.1.1
                                            Apr 2, 2025 13:36:45.634387970 CEST5410153192.168.2.61.1.1.1
                                            Apr 2, 2025 13:36:45.735095024 CEST53642131.1.1.1192.168.2.6
                                            Apr 2, 2025 13:36:45.735111952 CEST53541011.1.1.1192.168.2.6
                                            TimestampSource IPDest IPChecksumCodeType
                                            Apr 2, 2025 13:35:43.854626894 CEST192.168.2.61.1.1.1c2de(Port unreachable)Destination Unreachable
                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                            Apr 2, 2025 13:35:33.729064941 CEST192.168.2.61.1.1.10x4d2bStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:35:33.729271889 CEST192.168.2.61.1.1.10x60beStandard query (0)www.google.com65IN (0x0001)false
                                            Apr 2, 2025 13:35:34.429797888 CEST192.168.2.61.1.1.10xe0dfStandard query (0)login.microsoftonline.comA (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:35:34.430320978 CEST192.168.2.61.1.1.10x8d2fStandard query (0)login.microsoftonline.com65IN (0x0001)false
                                            Apr 2, 2025 13:35:45.235496044 CEST192.168.2.61.1.1.10x8cd2Standard query (0)identity.nel.measure.office.netA (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:35:45.236160994 CEST192.168.2.61.1.1.10x3617Standard query (0)identity.nel.measure.office.net65IN (0x0001)false
                                            Apr 2, 2025 13:35:45.655152082 CEST192.168.2.61.1.1.10x575Standard query (0)aadcdn.msftauth.netA (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:35:45.655510902 CEST192.168.2.61.1.1.10x7aa0Standard query (0)aadcdn.msftauth.net65IN (0x0001)false
                                            Apr 2, 2025 13:35:48.774868011 CEST192.168.2.61.1.1.10x37dStandard query (0)aadcdn.msauthimages.netA (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:35:48.775314093 CEST192.168.2.61.1.1.10x28d7Standard query (0)aadcdn.msauthimages.net65IN (0x0001)false
                                            Apr 2, 2025 13:35:48.878576994 CEST192.168.2.61.1.1.10x5343Standard query (0)autologon.microsoftazuread-sso.comA (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:35:48.878818989 CEST192.168.2.61.1.1.10x5dc1Standard query (0)autologon.microsoftazuread-sso.com65IN (0x0001)false
                                            Apr 2, 2025 13:35:50.009943962 CEST192.168.2.61.1.1.10xeeStandard query (0)aadcdn.msauthimages.netA (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:35:50.010555029 CEST192.168.2.61.1.1.10x2dbfStandard query (0)aadcdn.msauthimages.net65IN (0x0001)false
                                            Apr 2, 2025 13:35:50.823906898 CEST192.168.2.61.1.1.10x1accStandard query (0)login.microsoftonline.comA (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:35:50.824067116 CEST192.168.2.61.1.1.10xc94eStandard query (0)login.microsoftonline.com65IN (0x0001)false
                                            Apr 2, 2025 13:36:18.362060070 CEST192.168.2.61.1.1.10xe1a5Standard query (0)passwordreset.microsoftonline.comA (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:36:18.362308979 CEST192.168.2.61.1.1.10xc655Standard query (0)passwordreset.microsoftonline.com65IN (0x0001)false
                                            Apr 2, 2025 13:36:45.634196043 CEST192.168.2.61.1.1.10x476aStandard query (0)identity.nel.measure.office.netA (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:36:45.634387970 CEST192.168.2.61.1.1.10x325dStandard query (0)identity.nel.measure.office.net65IN (0x0001)false
                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                            Apr 2, 2025 13:35:33.826679945 CEST1.1.1.1192.168.2.60x4d2bNo error (0)www.google.com142.251.40.132A (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:35:33.827092886 CEST1.1.1.1192.168.2.60x60beNo error (0)www.google.com65IN (0x0001)false
                                            Apr 2, 2025 13:35:34.526916981 CEST1.1.1.1192.168.2.60xe0dfNo error (0)login.microsoftonline.comlogin.mso.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:35:34.526916981 CEST1.1.1.1192.168.2.60xe0dfNo error (0)login.mso.msidentity.comak.privatelink.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:35:34.526916981 CEST1.1.1.1192.168.2.60xe0dfNo error (0)ak.privatelink.msidentity.comwww.tm.a.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:35:34.526916981 CEST1.1.1.1192.168.2.60xe0dfNo error (0)www.tm.a.prd.aadg.trafficmanager.net40.126.29.8A (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:35:34.526916981 CEST1.1.1.1192.168.2.60xe0dfNo error (0)www.tm.a.prd.aadg.trafficmanager.net20.190.157.4A (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:35:34.526916981 CEST1.1.1.1192.168.2.60xe0dfNo error (0)www.tm.a.prd.aadg.trafficmanager.net40.126.29.9A (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:35:34.526916981 CEST1.1.1.1192.168.2.60xe0dfNo error (0)www.tm.a.prd.aadg.trafficmanager.net40.126.29.5A (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:35:34.526916981 CEST1.1.1.1192.168.2.60xe0dfNo error (0)www.tm.a.prd.aadg.trafficmanager.net40.126.29.14A (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:35:34.526916981 CEST1.1.1.1192.168.2.60xe0dfNo error (0)www.tm.a.prd.aadg.trafficmanager.net40.126.29.13A (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:35:34.526916981 CEST1.1.1.1192.168.2.60xe0dfNo error (0)www.tm.a.prd.aadg.trafficmanager.net20.190.157.14A (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:35:34.526916981 CEST1.1.1.1192.168.2.60xe0dfNo error (0)www.tm.a.prd.aadg.trafficmanager.net40.126.29.15A (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:35:34.527065992 CEST1.1.1.1192.168.2.60x8d2fNo error (0)login.microsoftonline.comlogin.mso.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:35:34.527065992 CEST1.1.1.1192.168.2.60x8d2fNo error (0)login.mso.msidentity.comak.privatelink.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:35:34.527065992 CEST1.1.1.1192.168.2.60x8d2fNo error (0)ak.privatelink.msidentity.comwww.tm.a.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:35:35.389075041 CEST1.1.1.1192.168.2.60x7c36No error (0)na.privatelink.msidentity.comprdf.aadg.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:35:35.389075041 CEST1.1.1.1192.168.2.60x7c36No error (0)prdf.aadg.msidentity.comwww.tm.f.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:35:35.428852081 CEST1.1.1.1192.168.2.60xe248No error (0)na.privatelink.msidentity.comprdf.aadg.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:35:35.428852081 CEST1.1.1.1192.168.2.60xe248No error (0)prdf.aadg.msidentity.comwww.tm.f.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:35:35.428852081 CEST1.1.1.1192.168.2.60xe248No error (0)www.tm.f.prd.aadg.trafficmanager.net20.190.152.144A (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:35:35.428852081 CEST1.1.1.1192.168.2.60xe248No error (0)www.tm.f.prd.aadg.trafficmanager.net20.190.152.23A (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:35:35.428852081 CEST1.1.1.1192.168.2.60xe248No error (0)www.tm.f.prd.aadg.trafficmanager.net40.126.24.145A (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:35:35.428852081 CEST1.1.1.1192.168.2.60xe248No error (0)www.tm.f.prd.aadg.trafficmanager.net40.126.24.16A (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:35:35.428852081 CEST1.1.1.1192.168.2.60xe248No error (0)www.tm.f.prd.aadg.trafficmanager.net20.190.152.80A (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:35:43.809607029 CEST1.1.1.1192.168.2.60x6ca2No error (0)shed.dual-low.s-part-0012.t-0009.t-msedge.nets-part-0012.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:35:43.809607029 CEST1.1.1.1192.168.2.60x6ca2No error (0)s-part-0012.t-0009.t-msedge.net13.107.246.40A (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:35:45.341932058 CEST1.1.1.1192.168.2.60x3617No error (0)identity.nel.measure.office.netnel.measure.office.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:35:45.341932058 CEST1.1.1.1192.168.2.60x3617No error (0)nel.measure.office.net.edgesuite.neta1894.dscb.akamai.netCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:35:45.341985941 CEST1.1.1.1192.168.2.60x8cd2No error (0)identity.nel.measure.office.netnel.measure.office.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:35:45.341985941 CEST1.1.1.1192.168.2.60x8cd2No error (0)nel.measure.office.net.edgesuite.neta1894.dscb.akamai.netCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:35:45.341985941 CEST1.1.1.1192.168.2.60x8cd2No error (0)a1894.dscb.akamai.net23.55.235.240A (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:35:45.341985941 CEST1.1.1.1192.168.2.60x8cd2No error (0)a1894.dscb.akamai.net23.55.235.168A (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:35:45.754146099 CEST1.1.1.1192.168.2.60x575No error (0)aadcdn.msftauth.netwww.tm.aadcdn.msftauth.akadns.netCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:35:45.754146099 CEST1.1.1.1192.168.2.60x575No error (0)www.tm.aadcdn.msftauth.akadns.netaadcdn.msftauth.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:35:45.754146099 CEST1.1.1.1192.168.2.60x575No error (0)aadcdn.msftauth.edgekey.nete329293.dscd.akamaiedge.netCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:35:45.754146099 CEST1.1.1.1192.168.2.60x575No error (0)e329293.dscd.akamaiedge.net23.209.72.31A (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:35:45.754146099 CEST1.1.1.1192.168.2.60x575No error (0)e329293.dscd.akamaiedge.net23.209.72.9A (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:35:45.754549980 CEST1.1.1.1192.168.2.60x7aa0No error (0)aadcdn.msftauth.netwww.tm.aadcdn.msftauth.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:35:45.754549980 CEST1.1.1.1192.168.2.60x7aa0No error (0)www.tm.aadcdn.msftauth.trafficmanager.netaadcdn.msftauth.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:35:45.754549980 CEST1.1.1.1192.168.2.60x7aa0No error (0)aadcdn.msftauth.edgekey.nete329293.dscd.akamaiedge.netCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:35:48.293767929 CEST1.1.1.1192.168.2.60x9cd9No error (0)shed.dual-low.s-part-0012.t-0009.t-msedge.nets-part-0012.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:35:48.293767929 CEST1.1.1.1192.168.2.60x9cd9No error (0)s-part-0012.t-0009.t-msedge.net13.107.246.40A (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:35:48.873977900 CEST1.1.1.1192.168.2.60x37dNo error (0)aadcdn.msauthimages.netwww.tm.aadmsodsxstore01prod.msauthimages.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:35:48.873977900 CEST1.1.1.1192.168.2.60x37dNo error (0)www.tm.aadmsodsxstore01prod.msauthimages.trafficmanager.netaadmsodsxstore01prod.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:35:48.873977900 CEST1.1.1.1192.168.2.60x37dNo error (0)aadmsodsxstore01prod.edgekey.nete329293.dscd.akamaiedge.netCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:35:48.873977900 CEST1.1.1.1192.168.2.60x37dNo error (0)e329293.dscd.akamaiedge.net23.209.72.9A (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:35:48.873977900 CEST1.1.1.1192.168.2.60x37dNo error (0)e329293.dscd.akamaiedge.net23.209.72.31A (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:35:48.873995066 CEST1.1.1.1192.168.2.60x28d7No error (0)aadcdn.msauthimages.netwww.tm.aadmsodsxstore01prod.msauthimages.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:35:48.873995066 CEST1.1.1.1192.168.2.60x28d7No error (0)www.tm.aadmsodsxstore01prod.msauthimages.trafficmanager.netaadmsodsxstore01prod.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:35:48.873995066 CEST1.1.1.1192.168.2.60x28d7No error (0)aadmsodsxstore01prod.edgekey.nete329293.dscd.akamaiedge.netCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:35:48.976975918 CEST1.1.1.1192.168.2.60x5343No error (0)autologon.microsoftazuread-sso.com40.126.24.147A (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:35:48.976975918 CEST1.1.1.1192.168.2.60x5343No error (0)autologon.microsoftazuread-sso.com20.190.152.21A (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:35:48.976975918 CEST1.1.1.1192.168.2.60x5343No error (0)autologon.microsoftazuread-sso.com40.126.24.81A (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:35:48.976975918 CEST1.1.1.1192.168.2.60x5343No error (0)autologon.microsoftazuread-sso.com20.190.152.19A (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:35:48.976975918 CEST1.1.1.1192.168.2.60x5343No error (0)autologon.microsoftazuread-sso.com40.126.24.83A (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:35:48.976975918 CEST1.1.1.1192.168.2.60x5343No error (0)autologon.microsoftazuread-sso.com40.126.24.84A (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:35:48.976975918 CEST1.1.1.1192.168.2.60x5343No error (0)autologon.microsoftazuread-sso.com40.126.24.146A (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:35:48.976975918 CEST1.1.1.1192.168.2.60x5343No error (0)autologon.microsoftazuread-sso.com20.190.152.22A (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:35:50.142107010 CEST1.1.1.1192.168.2.60xeeNo error (0)aadcdn.msauthimages.netwww.tm.aadmsodsxstore01prod.msauthimages.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:35:50.142107010 CEST1.1.1.1192.168.2.60xeeNo error (0)www.tm.aadmsodsxstore01prod.msauthimages.trafficmanager.netaadmsodsxstore01prod.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:35:50.142107010 CEST1.1.1.1192.168.2.60xeeNo error (0)aadmsodsxstore01prod.edgekey.nete329293.dscd.akamaiedge.netCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:35:50.142107010 CEST1.1.1.1192.168.2.60xeeNo error (0)e329293.dscd.akamaiedge.net23.209.72.9A (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:35:50.142107010 CEST1.1.1.1192.168.2.60xeeNo error (0)e329293.dscd.akamaiedge.net23.209.72.31A (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:35:50.150129080 CEST1.1.1.1192.168.2.60x2dbfNo error (0)aadcdn.msauthimages.netwww.tm.aadmsodsxstore01prod.msauthimages.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:35:50.150129080 CEST1.1.1.1192.168.2.60x2dbfNo error (0)www.tm.aadmsodsxstore01prod.msauthimages.trafficmanager.netaadmsodsxstore01prod.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:35:50.150129080 CEST1.1.1.1192.168.2.60x2dbfNo error (0)aadmsodsxstore01prod.edgekey.nete329293.dscd.akamaiedge.netCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:35:50.922061920 CEST1.1.1.1192.168.2.60xc94eNo error (0)login.microsoftonline.comlogin.mso.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:35:50.922061920 CEST1.1.1.1192.168.2.60xc94eNo error (0)login.mso.msidentity.comak.privatelink.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:35:50.922061920 CEST1.1.1.1192.168.2.60xc94eNo error (0)ak.privatelink.msidentity.comwww.tm.a.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:35:50.933449984 CEST1.1.1.1192.168.2.60x1accNo error (0)login.microsoftonline.comlogin.mso.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:35:50.933449984 CEST1.1.1.1192.168.2.60x1accNo error (0)login.mso.msidentity.comak.privatelink.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:35:50.933449984 CEST1.1.1.1192.168.2.60x1accNo error (0)ak.privatelink.msidentity.comwww.tm.a.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:35:50.933449984 CEST1.1.1.1192.168.2.60x1accNo error (0)www.tm.a.prd.aadg.trafficmanager.net20.190.144.137A (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:35:50.933449984 CEST1.1.1.1192.168.2.60x1accNo error (0)www.tm.a.prd.aadg.trafficmanager.net20.190.144.136A (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:35:50.933449984 CEST1.1.1.1192.168.2.60x1accNo error (0)www.tm.a.prd.aadg.trafficmanager.net20.190.148.167A (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:35:50.933449984 CEST1.1.1.1192.168.2.60x1accNo error (0)www.tm.a.prd.aadg.trafficmanager.net40.126.16.163A (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:35:50.933449984 CEST1.1.1.1192.168.2.60x1accNo error (0)www.tm.a.prd.aadg.trafficmanager.net20.190.144.161A (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:35:50.933449984 CEST1.1.1.1192.168.2.60x1accNo error (0)www.tm.a.prd.aadg.trafficmanager.net40.126.16.164A (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:35:50.933449984 CEST1.1.1.1192.168.2.60x1accNo error (0)www.tm.a.prd.aadg.trafficmanager.net20.190.148.166A (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:35:50.933449984 CEST1.1.1.1192.168.2.60x1accNo error (0)www.tm.a.prd.aadg.trafficmanager.net40.126.16.165A (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:36:18.472023964 CEST1.1.1.1192.168.2.60xc655No error (0)passwordreset.microsoftonline.compasswordreset.mso.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:36:18.472023964 CEST1.1.1.1192.168.2.60xc655No error (0)passwordreset.mso.msidentity.comna.privatelink.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:36:18.472023964 CEST1.1.1.1192.168.2.60xc655No error (0)na.privatelink.msidentity.comprdf.aadg.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:36:18.472023964 CEST1.1.1.1192.168.2.60xc655No error (0)prdf.aadg.msidentity.comwww.tm.f.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:36:18.503065109 CEST1.1.1.1192.168.2.60xe1a5No error (0)passwordreset.microsoftonline.compasswordreset.mso.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:36:18.503065109 CEST1.1.1.1192.168.2.60xe1a5No error (0)passwordreset.mso.msidentity.comna.privatelink.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:36:18.503065109 CEST1.1.1.1192.168.2.60xe1a5No error (0)na.privatelink.msidentity.comprdf.aadg.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:36:18.503065109 CEST1.1.1.1192.168.2.60xe1a5No error (0)prdf.aadg.msidentity.comwww.tm.f.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:36:18.503065109 CEST1.1.1.1192.168.2.60xe1a5No error (0)www.tm.f.prd.aadg.trafficmanager.net20.190.152.23A (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:36:18.503065109 CEST1.1.1.1192.168.2.60xe1a5No error (0)www.tm.f.prd.aadg.trafficmanager.net20.190.152.144A (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:36:18.503065109 CEST1.1.1.1192.168.2.60xe1a5No error (0)www.tm.f.prd.aadg.trafficmanager.net40.126.24.16A (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:36:18.503065109 CEST1.1.1.1192.168.2.60xe1a5No error (0)www.tm.f.prd.aadg.trafficmanager.net40.126.24.145A (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:36:18.503065109 CEST1.1.1.1192.168.2.60xe1a5No error (0)www.tm.f.prd.aadg.trafficmanager.net20.190.152.80A (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:36:45.735095024 CEST1.1.1.1192.168.2.60x476aNo error (0)identity.nel.measure.office.netnel.measure.office.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:36:45.735095024 CEST1.1.1.1192.168.2.60x476aNo error (0)nel.measure.office.net.edgesuite.neta1894.dscb.akamai.netCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:36:45.735095024 CEST1.1.1.1192.168.2.60x476aNo error (0)a1894.dscb.akamai.net23.44.201.172A (IP address)IN (0x0001)false
                                            Apr 2, 2025 13:36:45.735111952 CEST1.1.1.1192.168.2.60x325dNo error (0)identity.nel.measure.office.netnel.measure.office.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                            Apr 2, 2025 13:36:45.735111952 CEST1.1.1.1192.168.2.60x325dNo error (0)nel.measure.office.net.edgesuite.neta1894.dscb.akamai.netCNAME (Canonical name)IN (0x0001)false
                                            • login.microsoftonline.com
                                              • aadcdn.msauthimages.net
                                              • autologon.microsoftazuread-sso.com
                                            • identity.nel.measure.office.net
                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            0192.168.2.64969840.126.29.84431628C:\Program Files\Google\Chrome\Application\chrome.exe
                                            TimestampBytes transferredDirectionData
                                            2025-04-02 11:35:34 UTC904OUTGET /redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d99d20d2d-8923-45d8-b9ad-5038c97582e3%26user%3d1e1aadac-fe48-43cc-8022-e2f9bbd92e33%26ticket%3dlLVj1lKTxCDGt1cqkCQXytiMqw4wvbQIxUgS7dyj1lA%25253d%26ver%3d2.0 HTTP/1.1
                                            Host: login.microsoftonline.com
                                            Connection: keep-alive
                                            sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                            sec-ch-ua-mobile: ?0
                                            sec-ch-ua-platform: "Windows"
                                            Upgrade-Insecure-Requests: 1
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                            Sec-Fetch-Site: none
                                            Sec-Fetch-Mode: navigate
                                            Sec-Fetch-User: ?1
                                            Sec-Fetch-Dest: document
                                            Accept-Encoding: gzip, deflate, br, zstd
                                            Accept-Language: en-US,en;q=0.9
                                            2025-04-02 11:35:35 UTC2221INHTTP/1.1 302 Found
                                            Cache-Control: no-store, no-cache
                                            Pragma: no-cache
                                            Content-Type: text/html; charset=utf-8
                                            Expires: -1
                                            Location: https://invitations.microsoft.com/redeem/?tenant=99d20d2d-8923-45d8-b9ad-5038c97582e3&user=1e1aadac-fe48-43cc-8022-e2f9bbd92e33&ticket=lLVj1lKTxCDGt1cqkCQXytiMqw4wvbQIxUgS7dyj1lA%253d&ver=2.0#
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                            X-Content-Type-Options: nosniff
                                            P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                            x-ms-request-id: 22a45a83-950b-40c5-9a75-61c306a46300
                                            x-ms-ests-server: 2.1.20393.4 - NCUS ProdSlices
                                            report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+san"}]}
                                            nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
                                            x-ms-srs: 1.P
                                            Referrer-Policy: strict-origin-when-cross-origin
                                            Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-cLetfdTSWb9CszrjgR53wQ' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All
                                            X-XSS-Protection: 0
                                            Set-Cookie: rrc=1; expires=Wed, 02-Apr-2025 11:45:35 GMT; path=/; secure; HttpOnly; SameSite=None
                                            Set-Cookie: fpc=Avy6ytys1FBNgMyfsW4Njf4; expires=Fri, 02-May-2025 11:35:35 GMT; path=/; secure; HttpOnly; SameSite=None
                                            Set-Cookie: esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEWt4v5VTK4zsyVGxpXB9w7sOINxJ0Qbwr0sm2Spz4o6XmSdaTjtgKVBUSKLIbweooEF2ET2B42YScz5pmIBmaVRtMxPW1ZNhQbgOiDMcE1gsWnJjgXUXEupfRIbzeB3ocaSAiStzy9tA12ZCMDVs6SkRULvrPAwsnY6WQO1P_X64gAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
                                            Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
                                            Set-Cookie: stsservicecookie=estsfd; path=/; secure; samesite=none; httponly
                                            Date: Wed, 02 Apr 2025 11:35:34 GMT
                                            Connection: close
                                            Content-Length: 321
                                            2025-04-02 11:35:35 UTC321INData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 69 6e 76 69 74 61 74 69 6f 6e 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 72 65 64 65 65 6d 2f 3f 74 65 6e 61 6e 74 3d 39 39 64 32 30 64 32 64 2d 38 39 32 33 2d 34 35 64 38 2d 62 39 61 64 2d 35 30 33 38 63 39 37 35 38 32 65 33 26 61 6d 70 3b 75 73 65 72 3d 31 65 31 61 61 64 61 63 2d 66 65 34 38 2d 34 33 63 63 2d 38 30 32 32 2d 65 32 66 39 62 62 64 39 32 65 33 33 26 61 6d 70 3b 74 69 63 6b 65 74 3d 6c 4c 56 6a 31 6c 4b 54 78 43 44 47 74 31 63 71 6b 43 51 58 79 74 69 4d 71 77 34 77 76
                                            Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="https://invitations.microsoft.com/redeem/?tenant=99d20d2d-8923-45d8-b9ad-5038c97582e3&amp;user=1e1aadac-fe48-43cc-8022-e2f9bbd92e33&amp;ticket=lLVj1lKTxCDGt1cqkCQXytiMqw4wv


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            1192.168.2.64969740.126.29.84431628C:\Program Files\Google\Chrome\Application\chrome.exe
                                            TimestampBytes transferredDirectionData
                                            2025-04-02 11:35:43 UTC2345OUTGET /99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DWmEn4Xg5_cdsyNcY-T3-ScEJLLB6iSTYtlCSQ4O2uXdjTlBMMpAhHAj1O9VfFqBuXscTipOA1JEED6kEOlKBod492UHENDdZ-9s6aYjI8_h3joryCd7bMu7O7wmpSh6oj254tXwVBlFnJFmkOK_2nWQ6Al62wztUuWgxoQaPM78HC7s6iNpJOpJdwse6eTMRgXqSRhiXJtDWaeItoX_hfrkLwZSrKQVLufQnbooZjoD27YvHfkUeAct52Pp3H_e7CH8BlIuVExtUPeCBiKURlVJJkpFCplXDXqBgxajjl0rc7ZLpjI7CcuW63SedK9gy9a1zIoPrQgM4JL9-fhNPWGDFcEQWLHVL7uy2-zzuUOBZqS_mrfHS9kNOVOarjXmtBPq_tbmTLPYTDSr0j1Vk2RO8GuFu0nZ_5fh-xWcLUVxn0KneiNGmH9VLsG1fIR-HuPWw8tVMysB1yEYVgOWrrpIm10gefC4ffCS1kSQvM5nPBoETzhtwSkZq3O00IMw6KMEiTOScmEKqo0tBS3ly7b2I6xb7Eru7xnwrMlb7YjArWrqqco1usJs3FNz5mLmjhhvCoeBpIfsjqJf_7Az5fA8QjYPji32SN651bgQE1PCPM8luzEVlYLZIKB_gStd9xxttwQRoQfsRtveZILol1lWBqTVGFnwcUSB7SXoS80VAkB2YPPXZHuG_PqA_OwY9z-QY233ZmzH_xxBgS4R9QiF7y2iNnneoUa7NRG1L1l4zARcWfNPPW9Ju-W1F67eu2meB [TRUNCATED]
                                            Host: login.microsoftonline.com
                                            Connection: keep-alive
                                            Upgrade-Insecure-Requests: 1
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                            Sec-Fetch-Site: none
                                            Sec-Fetch-Mode: navigate
                                            Sec-Fetch-User: ?1
                                            Sec-Fetch-Dest: document
                                            sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                            sec-ch-ua-mobile: ?0
                                            sec-ch-ua-platform: "Windows"
                                            Accept-Encoding: gzip, deflate, br, zstd
                                            Accept-Language: en-US,en;q=0.9
                                            Cookie: rrc=1; fpc=Avy6ytys1FBNgMyfsW4Njf4; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEWt4v5VTK4zsyVGxpXB9w7sOINxJ0Qbwr0sm2Spz4o6XmSdaTjtgKVBUSKLIbweooEF2ET2B42YScz5pmIBmaVRtMxPW1ZNhQbgOiDMcE1gsWnJjgXUXEupfRIbzeB3ocaSAiStzy9tA12ZCMDVs6SkRULvrPAwsnY6WQO1P_X64gAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
                                            2025-04-02 11:35:43 UTC1858INHTTP/1.1 200 OK
                                            Cache-Control: no-store, no-cache
                                            Pragma: no-cache
                                            Content-Type: text/html; charset=utf-8
                                            Expires: -1
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                            X-Content-Type-Options: nosniff
                                            P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                            x-ms-request-id: dac30e4d-b780-4cbe-90be-a0a1ce000e00
                                            x-ms-ests-server: 2.1.20465.4 - WEULR1 ProdSlices
                                            report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+san"}]}
                                            nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
                                            x-ms-clitelem: 1,50168,0,,
                                            x-ms-srs: 1.P
                                            Referrer-Policy: strict-origin-when-cross-origin
                                            Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-UJDw2Fx_trWSKn2wqunafQ' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All
                                            X-XSS-Protection: 0
                                            Set-Cookie: esctx-NFbVQTMJT28=AQABCQEAAABVrSpeuWamRam2jAF1XRQE1s8n82GpRt0DwbBKocG6xhvJa5n_8_bB33yUMrIV6WVGH6l9fq2m0wjqGi-7DAwctEeJFPs07U8EpXnzq-Ev7IenIvhHkOYpCEp6HSj-BFVo0ZYziHRPBp3BJNEzrmiJ9o80-Qy4gi8-63GAqMYyMCAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
                                            Set-Cookie: fpc=Avy6ytys1FBNgMyfsW4Njf4; expires=Fri, 02-May-2025 11:35:43 GMT; path=/; secure; HttpOnly; SameSite=None
                                            Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
                                            Date: Wed, 02 Apr 2025 11:35:42 GMT
                                            Connection: close
                                            Content-Length: 22051
                                            2025-04-02 11:35:43 UTC14526INData Raw: 0d 0a 0d 0a 3c 21 2d 2d 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 20 2d 2d 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 52 65 64 69 72 65 63 74 69 6e 67 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e
                                            Data Ascii: ... Copyright (C) Microsoft Corporation. All rights reserved. --><!DOCTYPE html><html><head> <title>Redirecting</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" conten
                                            2025-04-02 11:35:43 UTC7525INData Raw: 69 6f 6e 28 65 2c 72 29 7b 68 28 30 2c 65 2c 72 29 7d 7d 76 61 72 20 64 2c 6c 2c 66 3d 77 69 6e 64 6f 77 2c 67 3d 66 2e 64 6f 63 75 6d 65 6e 74 2c 76 3d 22 2e 63 73 73 22 3b 63 2e 4f 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 72 2c 74 29 7b 69 66 28 21 65 29 7b 74 68 72 6f 77 22 54 68 65 20 74 61 72 67 65 74 20 65 6c 65 6d 65 6e 74 20 6d 75 73 74 20 62 65 20 70 72 6f 76 69 64 65 64 20 61 6e 64 20 63 61 6e 6e 6f 74 20 62 65 20 6e 75 6c 6c 2e 22 7d 72 3f 63 2e 4f 6e 45 72 72 6f 72 28 65 2c 74 29 3a 63 2e 4f 6e 53 75 63 63 65 73 73 28 65 2c 74 29 7d 2c 63 2e 4f 6e 53 75 63 63 65 73 73 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 69 66 28 21 65 29 7b 74 68 72 6f 77 22 54 68 65 20 74 61 72 67 65 74 20 65 6c 65 6d 65 6e 74 20 6d 75 73 74 20 62 65 20 70 72 6f 76 69
                                            Data Ascii: ion(e,r){h(0,e,r)}}var d,l,f=window,g=f.document,v=".css";c.On=function(e,r,t){if(!e){throw"The target element must be provided and cannot be null."}r?c.OnError(e,t):c.OnSuccess(e,t)},c.OnSuccess=function(e,t){if(!e){throw"The target element must be provi


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            2192.168.2.64971040.126.29.84431628C:\Program Files\Google\Chrome\Application\chrome.exe
                                            TimestampBytes transferredDirectionData
                                            2025-04-02 11:35:44 UTC3998OUTGET /99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DWmEn4Xg5_cdsyNcY-T3-ScEJLLB6iSTYtlCSQ4O2uXdjTlBMMpAhHAj1O9VfFqBuXscTipOA1JEED6kEOlKBod492UHENDdZ-9s6aYjI8_h3joryCd7bMu7O7wmpSh6oj254tXwVBlFnJFmkOK_2nWQ6Al62wztUuWgxoQaPM78HC7s6iNpJOpJdwse6eTMRgXqSRhiXJtDWaeItoX_hfrkLwZSrKQVLufQnbooZjoD27YvHfkUeAct52Pp3H_e7CH8BlIuVExtUPeCBiKURlVJJkpFCplXDXqBgxajjl0rc7ZLpjI7CcuW63SedK9gy9a1zIoPrQgM4JL9-fhNPWGDFcEQWLHVL7uy2-zzuUOBZqS_mrfHS9kNOVOarjXmtBPq_tbmTLPYTDSr0j1Vk2RO8GuFu0nZ_5fh-xWcLUVxn0KneiNGmH9VLsG1fIR-HuPWw8tVMysB1yEYVgOWrrpIm10gefC4ffCS1kSQvM5nPBoETzhtwSkZq3O00IMw6KMEiTOScmEKqo0tBS3ly7b2I6xb7Eru7xnwrMlb7YjArWrqqco1usJs3FNz5mLmjhhvCoeBpIfsjqJf_7Az5fA8QjYPji32SN651bgQE1PCPM8luzEVlYLZIKB_gStd9xxttwQRoQfsRtveZILol1lWBqTVGFnwcUSB7SXoS80VAkB2YPPXZHuG_PqA_OwY9z-QY233ZmzH_xxBgS4R9QiF7y2iNnneoUa7NRG1L1l4zARcWfNPPW9Ju-W1F67eu2meB [TRUNCATED]
                                            Host: login.microsoftonline.com
                                            Connection: keep-alive
                                            sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                            sec-ch-ua-mobile: ?0
                                            sec-ch-ua-platform: "Windows"
                                            Upgrade-Insecure-Requests: 1
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                            Sec-Fetch-Site: same-origin
                                            Sec-Fetch-Mode: navigate
                                            Sec-Fetch-Dest: document
                                            Referer: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DWmEn4Xg5_cdsyNcY-T3-ScEJLLB6iSTYtlCSQ4O2uXdjTlBMMpAhHAj1O9VfFqBuXscTipOA1JEED6kEOlKBod492UHENDdZ-9s6aYjI8_h3joryCd7bMu7O7wmpSh6oj254tXwVBlFnJFmkOK_2nWQ6Al62wztUuWgxoQaPM78HC7s6iNpJOpJdwse6eTMRgXqSRhiXJtDWaeItoX_hfrkLwZSrKQVLufQnbooZjoD27YvHfkUeAct52Pp3H_e7CH8BlIuVExtUPeCBiKURlVJJkpFCplXDXqBgxajjl0rc7ZLpjI7CcuW63SedK9gy9a1zIoPrQgM4JL9-fhNPWGDFcEQWLHVL7uy2-zzuUOBZqS_mrfHS9kNOVOarjXmtBPq_tbmTLPYTDSr0j1Vk2RO8GuFu0nZ_5fh-xWcLUVxn0KneiNGmH9VLsG1fIR-HuPWw8tVMysB1yEYVgOWrrpIm10gefC4ffCS1kSQvM5nPBoETzhtwSkZq3O00IMw6KMEiTOScmEKqo0tBS3ly7b2I6xb7Eru7xnwrMlb7YjArWrqqco1usJs3FNz5mLmjhhvCoeBpIfsjqJf_7Az5fA8QjYPji32SN651bgQE1PCPM8luzEVlYLZIKB_gStd9xxttwQRoQfsRtveZILol1lWBqTVGFnwcUSB7SXoS80VAkB2YPPXZHuG_PqA_OwY9z-QY233ZmzH_xxBgS4R9QiF7y2iNnn [TRUNCATED]
                                            Accept-Encoding: gzip, deflate, br, zstd
                                            Accept-Language: en-US,en;q=0.9
                                            Cookie: rrc=1; fpc=Avy6ytys1FBNgMyfsW4Njf4; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEWt4v5VTK4zsyVGxpXB9w7sOINxJ0Qbwr0sm2Spz4o6XmSdaTjtgKVBUSKLIbweooEF2ET2B42YScz5pmIBmaVRtMxPW1ZNhQbgOiDMcE1gsWnJjgXUXEupfRIbzeB3ocaSAiStzy9tA12ZCMDVs6SkRULvrPAwsnY6WQO1P_X64gAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-NFbVQTMJT28=AQABCQEAAABVrSpeuWamRam2jAF1XRQE1s8n82GpRt0DwbBKocG6xhvJa5n_8_bB33yUMrIV6WVGH6l9fq2m0wjqGi-7DAwctEeJFPs07U8EpXnzq-Ev7IenIvhHkOYpCEp6HSj-BFVo0ZYziHRPBp3BJNEzrmiJ9o80-Qy4gi8-63GAqMYyMCAA; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1
                                            2025-04-02 11:35:45 UTC2685INHTTP/1.1 200 OK
                                            Cache-Control: no-store, no-cache
                                            Pragma: no-cache
                                            Content-Type: text/html; charset=utf-8
                                            Expires: -1
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                            X-Content-Type-Options: nosniff
                                            X-Frame-Options: DENY
                                            Link: <https://aadcdn.msauth.net>; rel=preconnect; crossorigin,<https://aadcdn.msauth.net>; rel=dns-prefetch,<https://aadcdn.msftauth.net>; rel=dns-prefetch
                                            X-DNS-Prefetch-Control: on
                                            P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                            x-ms-request-id: 6246fe56-ba23-40c6-8c58-2d9e07852f00
                                            x-ms-ests-server: 2.1.20393.4 - NEULR1 ProdSlices
                                            report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+san"}]}
                                            nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
                                            x-ms-clitelem: 1,0,0,,
                                            x-ms-srs: 1.P
                                            Referrer-Policy: strict-origin-when-cross-origin
                                            Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-1rjhpCgs0VOIeqBAd1GrfA' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All
                                            X-XSS-Protection: 0
                                            Set-Cookie: buid=1.AUcALQ3SmSOJ2EW5rVA4yXWC40xQYEazRXRGpwlxlRprB2MNAQBHAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEmuY0-5vC_w9NR26clYF285o0trVd9MZRivWolmxHNEgRkpMQruYc3ltzKbQTQOVpyoAXPXCp-L7LMNPgosY0cYfTTAd_83wAot20S-PvfQ4gAA; expires=Fri, 02-May-2025 11:35:45 GMT; path=/; secure; HttpOnly; SameSite=None
                                            Set-Cookie: esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEFukXBz3aL2OxwaoHK9Chwu5eYJjZvNFHET7QU5RRhihgDXsrASeWhIuYM6IvVcqiwyQtQ7MTt0vs5J_g4CiwZpwlZEO5BEQfXhoaIn-acwd2TcJY7SlIf2jR5nHFnEM0S1RD3Qp3oyfIdgtN_4V6dYPnqn3xO-b1CG5QKH3vdpsgAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
                                            Set-Cookie: esctx-2F38yk4vijY=AQABCQEAAABVrSpeuWamRam2jAF1XRQE0msXXB5pQEyiomrTegvgRcZiCJUR1BMJBrXM5CTZDSvImy3KOsr6CIFRbX9Wx3wW6uLduUTvbPDdttPaK9PjF1ODOLWubSIv3afiyUmTpKogLU2VCmbpBm2depGCM3uHqHFfNF0BwmQWIo7zekKX_CAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
                                            Set-Cookie: fpc=Avy6ytys1FBNgMyfsW4Njf6S0IzrAQAAABAYf98OAAAA; expires=Fri, 02-May-2025 11:35:45 GMT; path=/; secure; HttpOnly; SameSite=None
                                            Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
                                            Date: Wed, 02 Apr 2025 11:35:44 GMT
                                            Connection: close
                                            Content-Length: 57729
                                            2025-04-02 11:35:45 UTC13699INData Raw: 0d 0a 0d 0a 3c 21 2d 2d 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 20 2d 2d 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 63 6c 61 73 73 3d 22 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 69 67 6e 20 69 6e 20 74 6f 20 79 6f 75 72 20 61 63 63 6f 75 6e 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20
                                            Data Ascii: ... Copyright (C) Microsoft Corporation. All rights reserved. --><!DOCTYPE html><html dir="ltr" class="" lang="en"><head> <title>Sign in to your account</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
                                            2025-04-02 11:35:45 UTC16384INData Raw: 54 6d 4e 31 4d 77 57 51 5a 4b 44 35 43 61 77 38 38 66 69 57 33 73 33 45 49 4a 77 54 4d 5a 32 49 64 4c 7a 4c 41 69 33 61 41 72 61 68 66 41 67 47 48 46 4e 30 30 5a 4a 79 37 53 73 65 33 74 58 70 57 5a 5a 2d 4f 6a 6a 41 62 4a 67 36 7a 37 59 75 2d 53 42 4c 44 5a 53 6b 42 63 66 37 58 39 7a 4b 4b 56 75 49 6a 67 74 6b 43 53 75 58 54 51 65 79 39 79 6b 43 4f 77 5f 41 38 6f 5a 53 4e 32 73 43 4e 7a 38 54 49 75 35 42 4e 66 6e 68 47 45 37 2d 57 5a 67 54 36 45 78 42 69 6b 32 31 78 56 46 6c 67 79 55 38 62 53 49 57 73 6f 51 6c 39 42 53 64 38 4a 78 78 50 62 37 61 64 50 6e 6d 79 45 69 4d 61 72 58 57 62 4b 6c 6e 74 76 6a 49 4a 57 61 53 4a 66 6a 32 75 53 43 6b 36 49 65 43 78 79 63 51 53 63 38 4e 32 67 37 4d 34 6a 4a 53 58 4d 61 43 72 54 68 59 79 48 49 4e 69 32 48 73 76 6f 6c
                                            Data Ascii: TmN1MwWQZKD5Caw88fiW3s3EIJwTMZ2IdLzLAi3aArahfAgGHFN00ZJy7Sse3tXpWZZ-OjjAbJg6z7Yu-SBLDZSkBcf7X9zKKVuIjgtkCSuXTQey9ykCOw_A8oZSN2sCNz8TIu5BNfnhGE7-WZgT6ExBik21xVFlgyU8bSIWsoQl9BSd8JxxPb7adPnmyEiMarXWbKlntvjIJWaSJfj2uSCk6IeCxycQSc8N2g7M4jJSXMaCrThYyHINi2Hsvol
                                            2025-04-02 11:35:45 UTC16384INData Raw: 4c 44 4c 55 46 4b 56 69 4d 4e 4d 73 33 64 4f 66 6c 6c 65 62 7a 2d 43 46 78 52 71 56 54 50 74 54 69 5f 49 49 34 31 75 6a 70 30 35 65 73 2d 4f 50 4c 71 32 30 59 6e 48 65 48 75 4e 35 54 51 67 4e 4e 61 37 33 55 7a 5a 65 48 52 42 6b 61 32 58 61 47 31 58 43 33 69 6c 4b 51 64 55 4d 74 72 4e 50 58 35 65 44 63 59 4b 64 59 56 58 4d 32 4a 79 2d 44 51 6a 76 38 62 47 78 48 69 70 6e 75 79 62 71 58 63 74 6c 64 32 38 6d 65 36 76 49 74 75 66 54 77 56 4a 38 4a 31 78 38 43 35 56 4f 42 71 4b 5a 6d 67 78 74 45 4b 6a 5a 64 4b 77 53 41 77 58 64 39 6f 61 38 39 49 6f 49 4c 54 6d 41 33 79 6b 38 65 46 6e 4f 63 39 31 76 57 59 4e 48 46 44 61 5f 5f 53 77 4f 69 69 35 79 50 65 4e 69 39 37 55 43 75 4f 30 52 58 5a 4a 66 65 52 57 55 34 6c 31 6e 79 71 63 7a 77 49 74 49 45 6c 6c 2d 64 38 6a
                                            Data Ascii: LDLUFKViMNMs3dOfllebz-CFxRqVTPtTi_II41ujp05es-OPLq20YnHeHuN5TQgNNa73UzZeHRBka2XaG1XC3ilKQdUMtrNPX5eDcYKdYVXM2Jy-DQjv8bGxHipnuybqXctld28me6vItufTwVJ8J1x8C5VOBqKZmgxtEKjZdKwSAwXd9oa89IoILTmA3yk8eFnOc91vWYNHFDa__SwOii5yPeNi97UCuO0RXZJfeRWU4l1nyqczwItIEll-d8j
                                            2025-04-02 11:35:45 UTC11262INData Raw: 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 75 2e 73 65 74 41 74 74 72 69 62 75 74 65 26 26 28 75 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 63 72 6f 73 73 6f 72 69 67 69 6e 22 2c 22 61 6e 6f 6e 79 6d 6f 75 73 22 29 2c 74 26 26 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 74 26 26 75 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 69 6e 74 65 67 72 69 74 79 22 2c 74 29 29 2c 75 7d 66 75 6e 63 74 69 6f 6e 20 69 28 65 29 7b 76 61 72 20 72 3d 67 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 6c 69 6e 6b 22 29 3b 72 65 74 75 72 6e 20 72 2e 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 2c 72 2e 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 2c 72 2e 68 72 65 66 3d 65 2c 72 7d 66 75 6e 63 74 69 6f 6e 20 61 28 65 29 7b 0a 76 61 72 20 72 3d 67
                                            Data Ascii: "function"==typeof u.setAttribute&&(u.setAttribute("crossorigin","anonymous"),t&&"string"==typeof t&&u.setAttribute("integrity",t)),u}function i(e){var r=g.createElement("link");return r.rel="stylesheet",r.type="text/css",r.href=e,r}function a(e){var r=g


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            3192.168.2.64971140.126.29.84431628C:\Program Files\Google\Chrome\Application\chrome.exe
                                            TimestampBytes transferredDirectionData
                                            2025-04-02 11:35:44 UTC2529OUTGET /favicon.ico HTTP/1.1
                                            Host: login.microsoftonline.com
                                            Connection: keep-alive
                                            sec-ch-ua-platform: "Windows"
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                            sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                            sec-ch-ua-mobile: ?0
                                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                            Sec-Fetch-Site: same-origin
                                            Sec-Fetch-Mode: no-cors
                                            Sec-Fetch-Dest: image
                                            Referer: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DWmEn4Xg5_cdsyNcY-T3-ScEJLLB6iSTYtlCSQ4O2uXdjTlBMMpAhHAj1O9VfFqBuXscTipOA1JEED6kEOlKBod492UHENDdZ-9s6aYjI8_h3joryCd7bMu7O7wmpSh6oj254tXwVBlFnJFmkOK_2nWQ6Al62wztUuWgxoQaPM78HC7s6iNpJOpJdwse6eTMRgXqSRhiXJtDWaeItoX_hfrkLwZSrKQVLufQnbooZjoD27YvHfkUeAct52Pp3H_e7CH8BlIuVExtUPeCBiKURlVJJkpFCplXDXqBgxajjl0rc7ZLpjI7CcuW63SedK9gy9a1zIoPrQgM4JL9-fhNPWGDFcEQWLHVL7uy2-zzuUOBZqS_mrfHS9kNOVOarjXmtBPq_tbmTLPYTDSr0j1Vk2RO8GuFu0nZ_5fh-xWcLUVxn0KneiNGmH9VLsG1fIR-HuPWw8tVMysB1yEYVgOWrrpIm10gefC4ffCS1kSQvM5nPBoETzhtwSkZq3O00IMw6KMEiTOScmEKqo0tBS3ly7b2I6xb7Eru7xnwrMlb7YjArWrqqco1usJs3FNz5mLmjhhvCoeBpIfsjqJf_7Az5fA8QjYPji32SN651bgQE1PCPM8luzEVlYLZIKB_gStd9xxttwQRoQfsRtveZILol1lWBqTVGFnwcUSB7SXoS80VAkB2YPPXZHuG_PqA_OwY9z-QY233ZmzH_xxBgS4R9QiF7y2iNnn [TRUNCATED]
                                            Accept-Encoding: gzip, deflate, br, zstd
                                            Accept-Language: en-US,en;q=0.9
                                            Cookie: rrc=1; fpc=Avy6ytys1FBNgMyfsW4Njf4; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEWt4v5VTK4zsyVGxpXB9w7sOINxJ0Qbwr0sm2Spz4o6XmSdaTjtgKVBUSKLIbweooEF2ET2B42YScz5pmIBmaVRtMxPW1ZNhQbgOiDMcE1gsWnJjgXUXEupfRIbzeB3ocaSAiStzy9tA12ZCMDVs6SkRULvrPAwsnY6WQO1P_X64gAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-NFbVQTMJT28=AQABCQEAAABVrSpeuWamRam2jAF1XRQE1s8n82GpRt0DwbBKocG6xhvJa5n_8_bB33yUMrIV6WVGH6l9fq2m0wjqGi-7DAwctEeJFPs07U8EpXnzq-Ev7IenIvhHkOYpCEp6HSj-BFVo0ZYziHRPBp3BJNEzrmiJ9o80-Qy4gi8-63GAqMYyMCAA; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1
                                            2025-04-02 11:35:45 UTC1336INHTTP/1.1 404 Not Found
                                            Cache-Control: private
                                            Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                            X-Content-Type-Options: nosniff
                                            P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                            x-ms-request-id: 055d9134-fbe3-4dcd-a670-337c76724c00
                                            x-ms-ests-server: 2.1.20393.4 - SCUS ProdSlices
                                            report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+san"}]}
                                            nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
                                            x-ms-srs: 1.P
                                            Referrer-Policy: strict-origin-when-cross-origin
                                            Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-yOJ0f_QCpj8Z9PszkUUR1w' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All
                                            X-XSS-Protection: 0
                                            Date: Wed, 02 Apr 2025 11:35:45 GMT
                                            Connection: close
                                            Content-Length: 0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            4192.168.2.64971423.55.235.2404431628C:\Program Files\Google\Chrome\Application\chrome.exe
                                            TimestampBytes transferredDirectionData
                                            2025-04-02 11:35:45 UTC441OUTOPTIONS /api/report?catId=GW+estsfd+san HTTP/1.1
                                            Host: identity.nel.measure.office.net
                                            Connection: keep-alive
                                            Origin: https://login.microsoftonline.com
                                            Access-Control-Request-Method: POST
                                            Access-Control-Request-Headers: content-type
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                            Accept-Encoding: gzip, deflate, br, zstd
                                            Accept-Language: en-US,en;q=0.9
                                            2025-04-02 11:35:45 UTC319INHTTP/1.1 200 OK
                                            Content-Type: text/html
                                            Content-Length: 7
                                            Date: Wed, 02 Apr 2025 11:35:45 GMT
                                            Connection: close
                                            Access-Control-Allow-Headers: content-type
                                            Access-Control-Allow-Credentials: false
                                            Access-Control-Allow-Methods: *
                                            Access-Control-Allow-Methods: GET, OPTIONS, POST
                                            Access-Control-Allow-Origin: *
                                            2025-04-02 11:35:45 UTC7INData Raw: 4f 50 54 49 4f 4e 53
                                            Data Ascii: OPTIONS


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            5192.168.2.64971823.55.235.2404431628C:\Program Files\Google\Chrome\Application\chrome.exe
                                            TimestampBytes transferredDirectionData
                                            2025-04-02 11:35:46 UTC417OUTPOST /api/report?catId=GW+estsfd+san HTTP/1.1
                                            Host: identity.nel.measure.office.net
                                            Connection: keep-alive
                                            Content-Length: 1797
                                            Content-Type: application/reports+json
                                            Origin: https://login.microsoftonline.com
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                            Accept-Encoding: gzip, deflate, br, zstd
                                            Accept-Language: en-US,en;q=0.9
                                            2025-04-02 11:35:46 UTC1797OUTData Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 36 35 36 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 6d 69 63 72 6f 73 6f 66 74 6f 6e 6c 69 6e 65 2e 63 6f 6d 2f 39 39 64 32 30 64 32 64 2d 38 39 32 33 2d 34 35 64 38 2d 62 39 61 64 2d 35 30 33 38 63 39 37 35 38 32 65 33 2f 6f 61 75 74 68 32 2f 61 75 74 68 6f 72 69 7a 65 3f 63 6c 69 65 6e 74 5f 69 64 3d 34 36 36 30 35 30 34 63 2d 34 35 62 33 2d 34 36 37 34 2d 61 37 30 39 2d 37 31 39 35 31 61 36 62 30 37 36 33 26 72 65 64 69 72 65 63 74 5f 75 72 69
                                            Data Ascii: [{"age":0,"body":{"elapsed_time":656,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri
                                            2025-04-02 11:35:46 UTC399INHTTP/1.1 429 Too Many Requests
                                            Content-Length: 0
                                            x-ms-middleware-request-id: 00000000-0000-0000-0000-000000000000
                                            Request-Context: appId=cid-v1:c5439fe0-35f1-4a99-812a-3bd3cd696c31
                                            Date: Wed, 02 Apr 2025 11:35:46 GMT
                                            Connection: close
                                            Access-Control-Allow-Credentials: false
                                            Access-Control-Allow-Methods: *
                                            Access-Control-Allow-Methods: GET, OPTIONS, POST
                                            Access-Control-Allow-Origin: *


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            6192.168.2.64972923.209.72.94431628C:\Program Files\Google\Chrome\Application\chrome.exe
                                            TimestampBytes transferredDirectionData
                                            2025-04-02 11:35:49 UTC742OUTGET /c1c6b6c8-kfpbhsrpqaiv6ikolpfs7a7vyr0gta6la597txj31zu/logintenantbranding/0/illustration?ts=636403066292715638 HTTP/1.1
                                            Host: aadcdn.msauthimages.net
                                            Connection: keep-alive
                                            sec-ch-ua-platform: "Windows"
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                            sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                            sec-ch-ua-mobile: ?0
                                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                            Sec-Fetch-Site: cross-site
                                            Sec-Fetch-Mode: no-cors
                                            Sec-Fetch-Dest: image
                                            Sec-Fetch-Storage-Access: active
                                            Referer: https://login.microsoftonline.com/
                                            Accept-Encoding: gzip, deflate, br, zstd
                                            Accept-Language: en-US,en;q=0.9
                                            2025-04-02 11:35:49 UTC715INHTTP/1.1 200 OK
                                            Content-Length: 236176
                                            Content-Type: image/jpeg
                                            Content-MD5: Go8wBlAXNasx1y0vgkhXKg==
                                            Last-Modified: Wed, 06 Sep 2017 14:57:09 GMT
                                            ETag: 0x8D4F5378C9D63D7
                                            x-ms-request-id: 47e18ced-f01e-005e-3db8-68df31000000
                                            x-ms-version: 2009-09-19
                                            x-ms-lease-status: unlocked
                                            x-ms-blob-type: BlockBlob
                                            Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                            Access-Control-Allow-Origin: *
                                            Cache-Control: public, max-age=70230
                                            Date: Wed, 02 Apr 2025 11:35:49 GMT
                                            Connection: close
                                            X-Content-Type-Options: nosniff
                                            Akamai-GRN: 0.8904d217.1743593749.2df6242
                                            2025-04-02 11:35:49 UTC15669INData Raw: ff d8 ff e1 09 50 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 36 2d 63 31 33 38 20 37 39 2e 31 35 39 38 32 34 2c 20 32 30 31 36 2f 30 39 2f 31 34 2d 30 31 3a 30 39 3a 30 31 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d 6c 6e 73 3a 72 64 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 30 32 2f 32 32 2d 72 64 66 2d 73 79 6e
                                            Data Ascii: Phttp://ns.adobe.com/xap/1.0/<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syn
                                            2025-04-02 11:35:49 UTC16384INData Raw: 5d 64 c0 25 03 86 54 09 72 51 4c 72 51 54 74 a8 5d aa 20 10 42 95 cb 80 41 01 12 e8 52 02 20 82 95 01 4a 28 c5 d1 a1 08 c2 94 10 52 10 82 8a 50 1c a8 2a 25 44 a8 04 a5 b9 30 a1 89 55 0b ca 9a c6 2e 0c 4e 60 85 2d 58 26 c0 b2 78 75 92 75 29 ed 6d 97 3a e9 00 41 2a 1d 02 c9 b3 09 2e 32 91 69 6e 29 64 23 37 50 b4 e7 50 04 28 21 12 82 11 12 14 ea a3 45 28 a8 d1 75 8a 55 47 c1 5c c7 83 a6 c5 74 9b 3d b6 47 aa 53 09 29 ed 12 b3 5b 80 84 8c 47 a2 7f a8 ff 00 25 69 e2 15 6c 47 a2 7f aa ff 00 24 57 98 fa 1f 3b 51 d5 aa 1c b4 da 47 17 76 27 d7 a6 71 38 ae 65 e7 a0 1b 98 81 b7 b3 e7 82 87 97 62 eb 73 23 a2 c6 dc ef 89 d9 da 7d 81 35 b7 c7 1e d6 3b cc 2a 9b 15 5b 63 69 7e 7f d2 52 f9 45 b9 8b 84 c0 cc db 9d 82 02 66 20 86 62 e9 b8 98 00 3c 93 b0 08 2a 96 3a ab 6b 30
                                            Data Ascii: ]d%TrQLrQTt] BAR J(RP*%D0U.N`-X&xuu)m:A*.2in)d#7PP(!E(uUG\t=GS)[G%ilG$W;QGv'q8ebs#}5;*[ci~REf b<*:k0
                                            2025-04-02 11:35:49 UTC2571INData Raw: 9b c1 de 65 62 62 3d 3b bb bd a3 cb d9 bc 15 6a 42 da d8 9e c9 bf 0f 2f 77 da 90 40 5b 5c 99 e8 48 fc 47 c8 7c ec 1b 80 59 2d 19 47 68 d9 b6 df 0e e2 01 07 43 95 6b 72 67 a3 23 f1 1d 34 d0 69 bf 8d 92 25 75 3e b9 4f 09 0c eb 9e e4 f1 65 15 5b 1b 1c cb b8 b3 f5 04 ea bd 66 7c ec 49 c6 fa 17 0f 53 f5 b5 3a a6 ac f9 d8 ac e9 29 a8 5d a1 44 14 3b 42 a0 65 5e a1 e0 17 9f c4 7a 47 f7 58 fe f6 1f 9a c7 ec c3 a4 af 43 53 d1 f7 05 e7 f1 02 2b 38 de c6 d1 a9 27 76 d2 7b 04 18 d5 c4 59 55 80 75 9f 1b 64 74 b6 f1 fb c3 86 6c e7 ec bb 2d 95 ce 49 11 55 de ab bc c7 74 9d dd 61 f6 89 55 74 b0 b8 fc 37 10 75 d2 04 0f b7 60 07 da 6b f6 5b e4 bb 56 3d 8d 20 76 80 46 9b db da 20 6e 68 42 ac f2 a7 a1 3c 0a c2 a6 09 ed 96 cf 65 bc c7 e2 bb 06 d6 ad fe 52 f4 47 81 58 94 9a e7
                                            Data Ascii: ebb=;jB/w@[\HG|Y-GhCkrg#4i%u>Oe[f|IS:)]D;Be^zGXCS+8'v{YUudtl-IUtaUt7u`k[V= vF nhB<eRGX
                                            2025-04-02 11:35:49 UTC16384INData Raw: ba de a0 ed 6f f4 aa 78 cb 54 c3 fa c1 6d 96 be 0c 74 cf 05 9f 8c 6e 6c 5d 31 db 53 c8 ad 1c 29 e9 77 2c 8e 56 7b 85 42 dd 1a 66 77 d8 a6 5d 98 f2 bd 85 ab 48 56 6b 1a ec ce 33 d5 b8 10 36 9f 72 c9 e5 3b 56 9d a6 57 72 4b e7 16 ce 0f fd 2a d5 7c 23 f1 55 e1 a3 a2 26 5c 74 17 58 bc b7 38 66 60 c1 e7 41 2b 74 e0 59 53 2d 6a c7 a2 05 9b a0 ef 3e e5 35 69 50 c2 52 34 99 d7 74 76 b8 df 6e e1 e0 16 66 39 f5 9e fa 6c 2f 86 b8 81 6d 83 b3 e3 aa 0d 1a 9c a0 05 46 d0 a0 24 66 6b 49 68 90 01 3e 03 bf b9 57 e5 f6 82 c0 7b 07 99 4e c2 d1 6d 2c ac 60 80 08 ed da 87 97 87 d5 f8 7b d5 d3 3b 4b 34 0a ed 7b 61 db c0 79 2a 94 fa a3 80 56 eb ff 00 0e de ef 25 bc ba 66 76 c6 c0 7a 33 eb 15 68 fd 9d f9 bd ca 9e 08 c5 32 36 e6 2a cc 10 1a e2 0c 17 01 ec 4f 4b ec ba e0 1c 5b 01
                                            Data Ascii: oxTmtnl]1S)w,V{Bfw]HVk36r;VWrK*|#U&\tX8f`A+tYS-j>5iPR4tvnf9l/mF$fkIh>W{Nm,`{;K4{ay*V%fvz3h26*OK[
                                            2025-04-02 11:35:49 UTC12120INData Raw: 2b 86 b5 e2 47 4b 8e c5 e7 1a 6a f2 45 69 6c 16 11 17 d1 c2 66 3b 3d c7 8a 6c d7 0f 59 54 cc 70 1e 49 54 c4 55 6f 7a 1a 15 99 88 a5 ce d3 3d 13 b3 6b 7b 0f cd c2 3a 7e 91 bd fe 4a a2 cd 4d 56 7e 24 65 70 70 e1 e1 75 a3 51 55 ae dc cd 3d 97 5b 9d 31 7b 4e 21 b0 e6 76 b0 0f 04 75 3f 86 3e aa 5b c9 75 1a 4f db 71 f3 e0 99 53 f8 63 ea fb d6 2b 6a 98 1a 40 39 ee d6 d3 07 49 8d 78 fb 93 5d b5 76 0a e1 fe af b9 73 b4 4a 81 e5 6a 62 a6 19 ad 3b c7 91 58 94 30 d9 dd 95 c2 06 77 4c 76 05 e8 31 c2 68 b7 b0 8f 24 aa 43 ea 9d da e5 67 47 b1 60 c4 3c 0d 04 1b 20 c1 e3 33 e2 2b 61 9e 7a 4c 7b cb 3b 5b 3e ef 2e 09 d8 61 15 3b 8a c2 c5 b8 8c 4d 4a 94 8c 54 65 47 c1 ed 07 de b0 d3 d4 6c 54 f1 4c 75 3f f3 34 84 be 9f 5d a3 fe e5 3f b4 de d2 35 6f ee 53 70 75 c6 22 8b 6a 83
                                            Data Ascii: +GKjEilf;=lYTpITUoz=k{:~JMV~$eppuQU=[1{N!vu?>[uOqSc+j@9Ix]vsJjb;X0wLv1h$CgG`< 3+azL{;[>.a;MJTeGlTLu?4]?5oSpu"j
                                            2025-04-02 11:35:49 UTC16384INData Raw: 8e a6 04 8e c3 b7 e7 6a ba f6 07 b6 e0 10 41 99 59 6f a6 ec fc db 7d 2b 65 f4 1c 7e d3 66 f4 ce f8 f2 2d 3b 0a e9 86 5a 63 29 b5 cd 50 14 4d 21 c0 39 a6 41 12 0e f0 54 39 7a 5c 3a 0a 12 a5 42 20 14 29 21 42 0e d1 72 95 08 22 54 28 2b 90 4c ae 94 2b a5 01 4a e9 42 b9 07 4a e5 cb 90 74 a9 42 a5 07 12 8a 50 ae 40 72 ba 50 a9 40 4a 65 42 ed 50 48 32 8e 50 01 08 82 8a 30 53 98 92 d1 2a cb 1b 08 0f 2a 90 0a 21 70 b8 ac a9 65 74 a1 72 85 43 0a eb a1 06 17 4a 02 5d 08 73 2e 2e 94 04 0c 28 26 50 4a 99 40 c6 14 79 a1 27 34 28 2e 50 34 b9 0e 64 b9 51 28 19 99 46 64 b9 5d 2a 86 4c a2 4a 95 32 81 b2 a0 ba 10 02 a0 95 34 a9 25 74 a0 5c 2e a8 68 ba 6b 42 4b 53 8c b4 28 18 4c 2a ee 2a 1c f2 82 50 49 2b a5 04 ae 95 50 72 ba 50 4a e4 07 2b 90 ae 40 48 4a 89 5d 28 89 50 b9
                                            Data Ascii: jAYo}+e~f-;Zc)PM!9AT9z\:B )!Br"T(+L+JBJtBP@rP@JeBPH2P0S**!petrCJ]s..(&PJ@y'4(.P4dQ(Fd]*LJ24%t\.hkBKS(L**PI+PrPJ+@HJ](P
                                            2025-04-02 11:35:49 UTC16384INData Raw: 54 66 48 35 0a 1c eb 5a 4d ac e6 53 99 55 ce 88 54 29 a3 6b 39 97 66 55 f3 92 a7 32 9a 36 b0 1c 8e 52 1a 51 ca ce 9a 95 e6 03 03 9f 87 24 5f 30 56 31 c3 eb 29 7a cc f3 4a d2 a5 0f 58 27 e3 87 d6 52 f5 99 e6 82 39 4c 7d 40 ef f3 56 b1 22 29 3b 81 f2 49 e5 16 17 d2 0d 6e a6 75 30 35 45 5b 13 4e ad 37 f3 44 3b 28 be b0 82 79 3c 46 14 1f c2 ef d4 a3 93 9e d6 54 2c 2e 19 de f7 10 d1 73 11 b7 77 9a a9 c9 98 87 bc ba 94 c3 05 37 10 d0 34 39 9b df b7 69 28 79 3a d8 e0 06 99 9f e4 54 6b 48 c6 d7 7d 2a a7 29 03 6c 80 03 b5 df af 84 27 63 cc d0 11 bf de a2 b6 06 ae 2e bf 40 74 74 cc 6c 35 f6 f7 2b b9 30 fc d7 f9 82 20 13 a9 8d 38 5d 02 39 2d a4 e1 1e 00 92 5f a0 d7 46 a7 60 39 2c d1 78 ac f3 d2 17 ca 36 13 da 9c ca b3 87 73 a8 37 9b 00 80 dc cd 89 ed 84 ac 06 7a c6
                                            Data Ascii: TfH5ZMSUT)k9fU26RQ$_0V1)zJX'R9L}@V");Inu05E[N7D;(y<FT,.sw749i(y:TkH}*)l'c.@ttl5+0 8]9-_F`9,x6s7z
                                            2025-04-02 11:35:49 UTC7952INData Raw: 1d 40 e1 5e a9 04 e8 c8 dc 25 be f8 51 52 ce 93 2a 0d 99 1e ab b6 83 69 52 68 68 89 00 fb 15 aa 2d b3 c4 eb 4d c8 2a 08 60 6e e1 ee 54 66 f2 bd 27 3f 11 47 2c f5 0e 86 24 ca b2 c0 ec 0e 08 9a 42 4b 5c 2d 3a ce b1 bb b1 5b c5 50 6b de c7 9d 5a c1 1d f2 aa 63 da 4e 06 a6 53 04 39 ba 6c b8 41 73 07 5d 95 da 1e c3 2d 3b 54 b6 8e 4a d9 c1 b1 cd e2 56 7f 24 d0 34 79 c7 cd cb 5c e8 3a 5b 6f 1f 72 bb 81 c5 b7 14 d0 ed 08 30 e1 f7 5d 1a 7c ea 14 54 d0 1f e6 c9 fc 4f 43 85 e8 f3 a7 f0 9f 35 6a 9d 20 da a2 a6 a6 6f de ab d1 68 02 a7 6b 5d e6 83 2b 17 4c d5 a1 94 7f e4 a7 fd 4a f0 ac d0 69 b0 9b b8 54 02 4e e2 2d f3 bb b5 04 06 d1 7f 16 7f 52 0a cc f4 2f 8b 0e 73 da 5a 82 dd 5b d4 27 79 72 9f b1 4b 8f f5 28 ad e9 1d c4 a2 fb 14 fd 6f ea 40 ac d1 4c ef 2e f8 2c 8e 5c
                                            Data Ascii: @^%QR*iRhh-M*`nTf'?G,$BK\-:[PkZcNS9lAs]-;TJV$4y\:[or0]|TOC5j ohk]+LJiTN-R/sZ['yrK(o@L.,\
                                            2025-04-02 11:35:49 UTC16384INData Raw: fc 7d c8 2a d8 fe 66 29 6c 73 8f e3 ee 4b ac 40 3d ec 51 57 29 75 87 7a a0 1a d1 5c bd e4 35 81 b9 64 90 2f 33 17 57 a8 c6 61 75 83 8e 73 5b 58 9d b0 a4 1a b5 dc da 98 49 04 65 24 dc 5c 6d 54 db 88 c3 b1 ad a2 d0 e7 18 ca 09 80 2f ed 46 d7 4f 26 07 4f df f3 72 c7 a5 7a 8c be d0 8b a6 b6 3a bb a8 bd ae 66 51 23 52 d0 48 e1 29 fc 93 88 75 76 d5 2f 71 74 06 ea 77 e6 54 b9 50 66 73 44 ec f7 05 6f 91 e8 d4 a4 ca b9 c1 12 1b 12 3d 64 b0 8c 8a f0 d7 b8 0b 1c c5 6a d2 13 c9 ec 9f c7 e6 e4 9f f0 ea b5 5e 5c 04 49 3a db f7 5a 74 f0 47 e8 ed a0 48 04 66 b8 be a4 fc 52 8f 2f cc 93 bf 45 af 8b 64 e1 e2 62 5d f0 56 c6 1b 07 48 e5 aa f1 3f 89 e1 a8 99 88 a3 87 61 75 52 00 cc 60 c1 3a 20 c9 c2 e0 5e 6a b1 cd 04 80 e6 93 02 d6 2b 63 1f 85 75 78 0d 12 2d b9 70 e5 36 3d c1
                                            Data Ascii: }*f)lsK@=QW)uz\5d/3Waus[XIe$\mT/FO&Orz:fQ#RH)uv/qtwTPfsDo=dj^\I:ZtGHfR/Edb]VH?auR`: ^j+cux-p6=
                                            2025-04-02 11:35:49 UTC8048INData Raw: 34 cc 45 e5 66 d5 d2 c6 0a b8 a1 52 a8 74 dd c0 5b bd 68 d5 a8 1f 44 41 da 7d e9 14 70 f4 99 a3 47 7d fc d5 81 61 10 a4 5a cc c3 55 7d 1a 4d 80 60 17 12 03 49 3a a6 62 83 aa d0 76 50 4b 89 26 00 bd e1 69 5f 39 20 44 85 02 b0 60 32 40 e2 40 41 97 86 0e 6b 98 e3 4d fd 17 12 6d bf e0 ad 72 93 4e 21 a5 8c b9 b6 c3 b0 ca 63 f1 74 da d3 f5 8c 9f 5c 24 bb 1b 87 69 f4 80 eb a4 95 4d 07 0b 4a ab 32 b9 c2 40 74 f6 ea 9d 8e a2 ec 53 4b 59 69 03 5f d9 07 f8 96 19 ad 8c c4 f0 61 41 fe 2d 87 07 47 1e e1 f1 40 da c1 d4 46 77 09 1d 9d aa b6 22 b6 66 ba 99 16 92 26 7b 50 62 79 5a 9d 51 01 a4 77 85 49 f8 d6 ba 60 6a 67 55 3a 55 ca 27 9b 66 50 0d 8d ba 5a 71 df ee 56 4e 24 be 93 58 47 54 44 ce ab 23 e9 c4 68 3c d4 1c 73 f6 01 e1 fb ab d2 76 6f d0 5a e1 0e 75 e5 5f c1 b9 b8
                                            Data Ascii: 4EfRt[hDA}pG}aZU}M`I:bvPK&i_9 D`2@@AkMmrN!ct\$iMJ2@tSKYi_aA-G@Fw"f&{PbyZQwI`jgU:U'fPZqVN$XGTD#h<svoZu_


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            7192.168.2.64972823.209.72.94431628C:\Program Files\Google\Chrome\Application\chrome.exe
                                            TimestampBytes transferredDirectionData
                                            2025-04-02 11:35:49 UTC740OUTGET /c1c6b6c8-kfpbhsrpqaiv6ikolpfs7a7vyr0gta6la597txj31zu/logintenantbranding/0/bannerlogo?ts=636403066229197274 HTTP/1.1
                                            Host: aadcdn.msauthimages.net
                                            Connection: keep-alive
                                            sec-ch-ua-platform: "Windows"
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                            sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                            sec-ch-ua-mobile: ?0
                                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                            Sec-Fetch-Site: cross-site
                                            Sec-Fetch-Mode: no-cors
                                            Sec-Fetch-Dest: image
                                            Sec-Fetch-Storage-Access: active
                                            Referer: https://login.microsoftonline.com/
                                            Accept-Encoding: gzip, deflate, br, zstd
                                            Accept-Language: en-US,en;q=0.9
                                            2025-04-02 11:35:49 UTC712INHTTP/1.1 200 OK
                                            Content-Length: 2720
                                            Content-Type: image/png
                                            Content-MD5: uBCiiyn2igygd9MdCBK3bQ==
                                            Last-Modified: Wed, 06 Sep 2017 14:57:03 GMT
                                            ETag: 0x8D4F53788B483DE
                                            x-ms-request-id: 492c764f-601e-0014-5eb8-68ef56000000
                                            x-ms-version: 2009-09-19
                                            x-ms-lease-status: unlocked
                                            x-ms-blob-type: BlockBlob
                                            Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                            Access-Control-Allow-Origin: *
                                            Cache-Control: public, max-age=70063
                                            Date: Wed, 02 Apr 2025 11:35:49 GMT
                                            Connection: close
                                            X-Content-Type-Options: nosniff
                                            Akamai-GRN: 0.8904d217.1743593749.2df6243
                                            2025-04-02 11:35:49 UTC2720INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 19 00 00 00 3c 08 06 00 00 00 52 06 ce 26 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 0a 52 49 44 41 54 78 da ed 5d 41 a8 1c 59 15 3d 57 83 b8 10 7e 8b cc 42 37 bf 46 64 dc e8 a4 dc e8 42 86 5f 83 b8 50 94 74 b2 13 17 29 57 26 e2 a2 67 25 22 92 0a 82 2b 61 1a 14 06 57 d3 d9 e8 42 30 15 9d c5 ac 26 15 9c 11 45 c1 0e 4a 44 11 ac 16 71 21 38 f6 d7 9d 0b 9f 8b 3e 2f 73 ff b3 aa ab ff ef ee 9f 44 cf 81 a6 7f f5 7b f5 ea be fb ee 3b ef bd 73 2b c4 42 08 10 04 41 d8 17 de 26 17 08 82 20 92 11 04 41 24 23 08 82 20 92 11 04 41 24 23 08 82 48 46 10 04 41 24 23 08 82 48 46 10 04 91 8c 20 08 82 48 46 10 04 91 8c 20 08 22 19 41 10 04 91 8c 20 08 22 19 41 10 04 91 8c 20 08 22 19 41 10 44
                                            Data Ascii: PNGIHDR<R&pHYs~RIDATx]AY=W~B7FdB_Pt)W&g%"+aWB0&EJDq!8>/sD{;s+BA& A$# A$#HFA$#HF HF "A "A "AD


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            8192.168.2.64973140.126.24.1474431628C:\Program Files\Google\Chrome\Application\chrome.exe
                                            TimestampBytes transferredDirectionData
                                            2025-04-02 11:35:49 UTC739OUTGET /ocs.com/winauth/ssoprobe?client-request-id=7eb4dd40-68f7-4f13-9148-1bf893d40ef2&_=1743593747980 HTTP/1.1
                                            Host: autologon.microsoftazuread-sso.com
                                            Connection: keep-alive
                                            sec-ch-ua-platform: "Windows"
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                            sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                            sec-ch-ua-mobile: ?0
                                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                            Sec-Fetch-Site: cross-site
                                            Sec-Fetch-Mode: no-cors
                                            Sec-Fetch-Dest: image
                                            Sec-Fetch-Storage-Access: active
                                            Referer: https://login.microsoftonline.com/
                                            Accept-Encoding: gzip, deflate, br, zstd
                                            Accept-Language: en-US,en;q=0.9
                                            2025-04-02 11:35:49 UTC1733INHTTP/1.1 401 Unauthorized
                                            Cache-Control: no-store, no-cache
                                            Pragma: no-cache
                                            Content-Type: image/png; charset=utf-8
                                            Expires: -1
                                            Vary: Origin
                                            X-Content-Type-Options: nosniff
                                            Access-Control-Allow-Origin: https://login.microsoftonline.com
                                            Access-Control-Allow-Credentials: true
                                            Access-Control-Allow-Methods: GET, OPTIONS
                                            P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                            x-ms-request-id: 57c8a813-ccba-41e1-b081-344b0bb91400
                                            x-ms-ests-server: 2.1.20465.4 - WUS3 ProdSlices
                                            report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+bno"}]}
                                            nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
                                            Referrer-Policy: strict-origin-when-cross-origin
                                            Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-MkH26QEb-0mSVikd4m_D7g' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All
                                            X-XSS-Protection: 0
                                            WWW-Authenticate: Negotiate
                                            Set-Cookie: fpc=AnURGbogGdZPqstTRnY-8KI; expires=Fri, 02-May-2025 11:35:49 GMT; path=/; secure; HttpOnly; SameSite=None
                                            Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
                                            Set-Cookie: stsservicecookie=estsfd; path=/; secure; samesite=none; httponly
                                            Date: Wed, 02 Apr 2025 11:35:49 GMT
                                            Connection: close
                                            Content-Length: 12
                                            2025-04-02 11:35:49 UTC12INData Raw: 55 6e 61 75 74 68 6f 72 69 7a 65 64
                                            Data Ascii: Unauthorized


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            9192.168.2.64973240.126.29.84431628C:\Program Files\Google\Chrome\Application\chrome.exe
                                            TimestampBytes transferredDirectionData
                                            2025-04-02 11:35:50 UTC3539OUTPOST /common/instrumentation/dssostatus HTTP/1.1
                                            Host: login.microsoftonline.com
                                            Connection: keep-alive
                                            Content-Length: 67
                                            sec-ch-ua-platform: "Windows"
                                            hpgid: 1104
                                            sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                            hpgact: 1800
                                            canary: PAQABDgEAAABVrSpeuWamRam2jAF1XRQEp-RAM2UYkHlpR2JaABsZGvc1WU9NOwdq9mR_BXZWeRptm4EJU1eIAXFzyu1nKA5Rl1oVHH6zIb4VfY4jdIwmYtB-_aYXjp9uHqgTo1Z6dUC3snNEV8MOI7gsPILdxOTL1FtabADul-Rf1tnH33hV1cBPTo6Gzfh2wcP3IZTNHE7w5Y2nX_Qw-r0CX6PvICyCURWCQiGw9Fc2q4qKJK5MJyAA
                                            sec-ch-ua-mobile: ?0
                                            client-request-id: 7eb4dd40-68f7-4f13-9148-1bf893d40ef2
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                            Accept: application/json
                                            hpgrequestid: 6246fe56-ba23-40c6-8c58-2d9e07852f00
                                            Content-type: application/json; charset=UTF-8
                                            Origin: https://login.microsoftonline.com
                                            Sec-Fetch-Site: same-origin
                                            Sec-Fetch-Mode: cors
                                            Sec-Fetch-Dest: empty
                                            Referer: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DWmEn4Xg5_cdsyNcY-T3-ScEJLLB6iSTYtlCSQ4O2uXdjTlBMMpAhHAj1O9VfFqBuXscTipOA1JEED6kEOlKBod492UHENDdZ-9s6aYjI8_h3joryCd7bMu7O7wmpSh6oj254tXwVBlFnJFmkOK_2nWQ6Al62wztUuWgxoQaPM78HC7s6iNpJOpJdwse6eTMRgXqSRhiXJtDWaeItoX_hfrkLwZSrKQVLufQnbooZjoD27YvHfkUeAct52Pp3H_e7CH8BlIuVExtUPeCBiKURlVJJkpFCplXDXqBgxajjl0rc7ZLpjI7CcuW63SedK9gy9a1zIoPrQgM4JL9-fhNPWGDFcEQWLHVL7uy2-zzuUOBZqS_mrfHS9kNOVOarjXmtBPq_tbmTLPYTDSr0j1Vk2RO8GuFu0nZ_5fh-xWcLUVxn0KneiNGmH9VLsG1fIR-HuPWw8tVMysB1yEYVgOWrrpIm10gefC4ffCS1kSQvM5nPBoETzhtwSkZq3O00IMw6KMEiTOScmEKqo0tBS3ly7b2I6xb7Eru7xnwrMlb7YjArWrqqco1usJs3FNz5mLmjhhvCoeBpIfsjqJf_7Az5fA8QjYPji32SN651bgQE1PCPM8luzEVlYLZIKB_gStd9xxttwQRoQfsRtveZILol1lWBqTVGFnwcUSB7SXoS80VAkB2YPPXZHuG_PqA_OwY9z-QY233ZmzH_xxBgS4R9QiF7y2iNnn [TRUNCATED]
                                            Accept-Encoding: gzip, deflate, br, zstd
                                            Accept-Language: en-US,en;q=0.9
                                            Cookie: rrc=1; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-NFbVQTMJT28=AQABCQEAAABVrSpeuWamRam2jAF1XRQE1s8n82GpRt0DwbBKocG6xhvJa5n_8_bB33yUMrIV6WVGH6l9fq2m0wjqGi-7DAwctEeJFPs07U8EpXnzq-Ev7IenIvhHkOYpCEp6HSj-BFVo0ZYziHRPBp3BJNEzrmiJ9o80-Qy4gi8-63GAqMYyMCAA; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=1.AUcALQ3SmSOJ2EW5rVA4yXWC40xQYEazRXRGpwlxlRprB2MNAQBHAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEmuY0-5vC_w9NR26clYF285o0trVd9MZRivWolmxHNEgRkpMQruYc3ltzKbQTQOVpyoAXPXCp-L7LMNPgosY0cYfTTAd_83wAot20S-PvfQ4gAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEFukXBz3aL2OxwaoHK9Chwu5eYJjZvNFHET7QU5RRhihgDXsrASeWhIuYM6IvVcqiwyQtQ7MTt0vs5J_g4CiwZpwlZEO5BEQfXhoaIn-acwd2TcJY7SlIf2jR5nHFnEM0S1RD3Qp3oyfIdgtN_4V6dYPnqn3xO-b1CG5QKH3vdpsgAA; esctx-2F38yk4vijY=AQABCQEAAABVrSpeuWamRam2jAF1XRQE0msXXB5pQEyiomrTegvgRcZiCJUR1BMJBrXM5CTZDSvImy3KOsr6CIFRbX9Wx3wW6uLduUTvbPDdttPaK9PjF1ODOLWubSIv3afiyUmTpKogLU2VCmbpBm2depGCM3uHqHFfNF0BwmQWIo7zekKX_CAA; fpc=Avy6ytys1FBNgMyfsW4Njf6S0IzrAQAAABAYf98OAAAA; MicrosoftApplicationsTelemetryDevice [TRUNCATED]
                                            2025-04-02 11:35:50 UTC67OUTData Raw: 7b 22 72 65 73 75 6c 74 43 6f 64 65 22 3a 32 2c 22 73 73 6f 44 65 6c 61 79 22 3a 30 2c 22 6c 6f 67 22 3a 22 50 72 6f 62 65 20 69 6d 61 67 65 20 65 72 72 6f 72 20 65 76 65 6e 74 20 66 69 72 65 64 22 7d
                                            Data Ascii: {"resultCode":2,"ssoDelay":0,"log":"Probe image error event fired"}
                                            2025-04-02 11:35:50 UTC1777INHTTP/1.1 200 OK
                                            Cache-Control: no-store, no-cache
                                            Pragma: no-cache
                                            Content-Type: application/json; charset=utf-8
                                            Expires: -1
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                            X-Content-Type-Options: nosniff
                                            Access-Control-Allow-Origin: https://autologon.microsoftazuread-sso.com/
                                            Access-Control-Allow-Credentials: true
                                            Access-Control-Allow-Methods: POST, OPTIONS
                                            P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                            client-request-id: 7eb4dd40-68f7-4f13-9148-1bf893d40ef2
                                            x-ms-request-id: 07314099-e52c-4574-b735-20dcec953800
                                            x-ms-ests-server: 2.1.20393.4 - FRC ProdSlices
                                            report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+san"}]}
                                            nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
                                            x-ms-srs: 1.P
                                            Referrer-Policy: strict-origin-when-cross-origin
                                            Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-2p09U9QzmJVP5y6CYS0fRg' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All
                                            X-XSS-Protection: 0
                                            Set-Cookie: fpc=Avy6ytys1FBNgMyfsW4Njf6S0IzrAQAAABAYf98OAAAA; expires=Fri, 02-May-2025 11:35:50 GMT; path=/; secure; HttpOnly; SameSite=None
                                            Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
                                            Date: Wed, 02 Apr 2025 11:35:49 GMT
                                            Connection: close
                                            Content-Length: 265
                                            2025-04-02 11:35:50 UTC265INData Raw: 7b 22 61 70 69 43 61 6e 61 72 79 22 3a 22 50 41 51 41 42 44 67 45 41 41 41 42 56 72 53 70 65 75 57 61 6d 52 61 6d 32 6a 41 46 31 58 52 51 45 47 59 6c 56 41 46 49 79 64 68 34 54 4d 75 48 7a 53 2d 67 35 41 37 34 2d 59 58 66 6b 77 48 6a 42 44 2d 56 72 49 55 44 72 6d 54 30 67 6c 73 5a 56 78 38 55 73 61 38 67 78 61 46 55 79 41 69 67 6e 6d 54 66 4a 38 45 57 4f 78 53 69 30 52 68 68 68 64 47 72 43 4b 58 72 33 49 76 79 67 7a 71 6a 46 43 31 48 6e 55 41 73 4f 59 41 58 67 68 5f 41 79 6a 49 74 65 50 56 72 7a 49 47 42 47 2d 53 41 41 31 67 54 62 4a 73 33 6d 74 6f 35 58 35 67 54 43 45 4e 45 39 6d 59 58 63 33 62 50 7a 37 4c 50 6f 71 32 53 42 56 4e 45 5a 48 55 65 6e 32 64 32 63 67 66 5a 6b 70 4f 56 79 4a 6e 2d 47 54 32 55 67 76 69 38 61 4b 2d 79 38 61 4c 4d 73 46 38 76 65
                                            Data Ascii: {"apiCanary":"PAQABDgEAAABVrSpeuWamRam2jAF1XRQEGYlVAFIydh4TMuHzS-g5A74-YXfkwHjBD-VrIUDrmT0glsZVx8Usa8gxaFUyAignmTfJ8EWOxSi0RhhhdGrCKXr3IvygzqjFC1HnUAsOYAXgh_AyjItePVrzIGBG-SAA1gTbJs3mto5X5gTCENE9mYXc3bPz7LPoq2SBVNEZHUen2d2cgfZkpOVyJn-GT2Ugvi8aK-y8aLMsF8ve


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            10192.168.2.64973523.209.72.94431628C:\Program Files\Google\Chrome\Application\chrome.exe
                                            TimestampBytes transferredDirectionData
                                            2025-04-02 11:35:50 UTC494OUTGET /c1c6b6c8-kfpbhsrpqaiv6ikolpfs7a7vyr0gta6la597txj31zu/logintenantbranding/0/bannerlogo?ts=636403066229197274 HTTP/1.1
                                            Host: aadcdn.msauthimages.net
                                            Connection: keep-alive
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                            Accept: */*
                                            Sec-Fetch-Site: none
                                            Sec-Fetch-Mode: cors
                                            Sec-Fetch-Dest: empty
                                            Sec-Fetch-Storage-Access: active
                                            Accept-Encoding: gzip, deflate, br, zstd
                                            Accept-Language: en-US,en;q=0.9
                                            2025-04-02 11:35:50 UTC712INHTTP/1.1 200 OK
                                            Content-Length: 2720
                                            Content-Type: image/png
                                            Content-MD5: uBCiiyn2igygd9MdCBK3bQ==
                                            Last-Modified: Wed, 06 Sep 2017 14:57:03 GMT
                                            ETag: 0x8D4F53788B483DE
                                            x-ms-request-id: 492c764f-601e-0014-5eb8-68ef56000000
                                            x-ms-version: 2009-09-19
                                            x-ms-lease-status: unlocked
                                            x-ms-blob-type: BlockBlob
                                            Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                            Access-Control-Allow-Origin: *
                                            Cache-Control: public, max-age=70062
                                            Date: Wed, 02 Apr 2025 11:35:50 GMT
                                            Connection: close
                                            X-Content-Type-Options: nosniff
                                            Akamai-GRN: 0.8904d217.1743593750.2df63d3
                                            2025-04-02 11:35:50 UTC2720INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 19 00 00 00 3c 08 06 00 00 00 52 06 ce 26 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 0a 52 49 44 41 54 78 da ed 5d 41 a8 1c 59 15 3d 57 83 b8 10 7e 8b cc 42 37 bf 46 64 dc e8 a4 dc e8 42 86 5f 83 b8 50 94 74 b2 13 17 29 57 26 e2 a2 67 25 22 92 0a 82 2b 61 1a 14 06 57 d3 d9 e8 42 30 15 9d c5 ac 26 15 9c 11 45 c1 0e 4a 44 11 ac 16 71 21 38 f6 d7 9d 0b 9f 8b 3e 2f 73 ff b3 aa ab ff ef ee 9f 44 cf 81 a6 7f f5 7b f5 ea be fb ee 3b ef bd 73 2b c4 42 08 10 04 41 d8 17 de 26 17 08 82 20 92 11 04 41 24 23 08 82 20 92 11 04 41 24 23 08 82 48 46 10 04 41 24 23 08 82 48 46 10 04 91 8c 20 08 82 48 46 10 04 91 8c 20 08 22 19 41 10 04 91 8c 20 08 22 19 41 10 04 91 8c 20 08 22 19 41 10 44
                                            Data Ascii: PNGIHDR<R&pHYs~RIDATx]AY=W~B7FdB_Pt)W&g%"+aWB0&EJDq!8>/sD{;s+BA& A$# A$#HFA$#HF HF "A "A "AD


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            11192.168.2.64973423.209.72.94431628C:\Program Files\Google\Chrome\Application\chrome.exe
                                            TimestampBytes transferredDirectionData
                                            2025-04-02 11:35:50 UTC496OUTGET /c1c6b6c8-kfpbhsrpqaiv6ikolpfs7a7vyr0gta6la597txj31zu/logintenantbranding/0/illustration?ts=636403066292715638 HTTP/1.1
                                            Host: aadcdn.msauthimages.net
                                            Connection: keep-alive
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                            Accept: */*
                                            Sec-Fetch-Site: none
                                            Sec-Fetch-Mode: cors
                                            Sec-Fetch-Dest: empty
                                            Sec-Fetch-Storage-Access: active
                                            Accept-Encoding: gzip, deflate, br, zstd
                                            Accept-Language: en-US,en;q=0.9
                                            2025-04-02 11:35:50 UTC715INHTTP/1.1 200 OK
                                            Content-Length: 236176
                                            Content-Type: image/jpeg
                                            Content-MD5: Go8wBlAXNasx1y0vgkhXKg==
                                            Last-Modified: Wed, 06 Sep 2017 14:57:09 GMT
                                            ETag: 0x8D4F5378C9D63D7
                                            x-ms-request-id: 47e18ced-f01e-005e-3db8-68df31000000
                                            x-ms-version: 2009-09-19
                                            x-ms-lease-status: unlocked
                                            x-ms-blob-type: BlockBlob
                                            Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                            Access-Control-Allow-Origin: *
                                            Cache-Control: public, max-age=70229
                                            Date: Wed, 02 Apr 2025 11:35:50 GMT
                                            Connection: close
                                            X-Content-Type-Options: nosniff
                                            Akamai-GRN: 0.8904d217.1743593750.2df63d5
                                            2025-04-02 11:35:50 UTC15669INData Raw: ff d8 ff e1 09 50 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 36 2d 63 31 33 38 20 37 39 2e 31 35 39 38 32 34 2c 20 32 30 31 36 2f 30 39 2f 31 34 2d 30 31 3a 30 39 3a 30 31 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d 6c 6e 73 3a 72 64 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 30 32 2f 32 32 2d 72 64 66 2d 73 79 6e
                                            Data Ascii: Phttp://ns.adobe.com/xap/1.0/<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syn
                                            2025-04-02 11:35:50 UTC16384INData Raw: 5d 64 c0 25 03 86 54 09 72 51 4c 72 51 54 74 a8 5d aa 20 10 42 95 cb 80 41 01 12 e8 52 02 20 82 95 01 4a 28 c5 d1 a1 08 c2 94 10 52 10 82 8a 50 1c a8 2a 25 44 a8 04 a5 b9 30 a1 89 55 0b ca 9a c6 2e 0c 4e 60 85 2d 58 26 c0 b2 78 75 92 75 29 ed 6d 97 3a e9 00 41 2a 1d 02 c9 b3 09 2e 32 91 69 6e 29 64 23 37 50 b4 e7 50 04 28 21 12 82 11 12 14 ea a3 45 28 a8 d1 75 8a 55 47 c1 5c c7 83 a6 c5 74 9b 3d b6 47 aa 53 09 29 ed 12 b3 5b 80 84 8c 47 a2 7f a8 ff 00 25 69 e2 15 6c 47 a2 7f aa ff 00 24 57 98 fa 1f 3b 51 d5 aa 1c b4 da 47 17 76 27 d7 a6 71 38 ae 65 e7 a0 1b 98 81 b7 b3 e7 82 87 97 62 eb 73 23 a2 c6 dc ef 89 d9 da 7d 81 35 b7 c7 1e d6 3b cc 2a 9b 15 5b 63 69 7e 7f d2 52 f9 45 b9 8b 84 c0 cc db 9d 82 02 66 20 86 62 e9 b8 98 00 3c 93 b0 08 2a 96 3a ab 6b 30
                                            Data Ascii: ]d%TrQLrQTt] BAR J(RP*%D0U.N`-X&xuu)m:A*.2in)d#7PP(!E(uUG\t=GS)[G%ilG$W;QGv'q8ebs#}5;*[ci~REf b<*:k0
                                            2025-04-02 11:35:50 UTC2571INData Raw: 9b c1 de 65 62 62 3d 3b bb bd a3 cb d9 bc 15 6a 42 da d8 9e c9 bf 0f 2f 77 da 90 40 5b 5c 99 e8 48 fc 47 c8 7c ec 1b 80 59 2d 19 47 68 d9 b6 df 0e e2 01 07 43 95 6b 72 67 a3 23 f1 1d 34 d0 69 bf 8d 92 25 75 3e b9 4f 09 0c eb 9e e4 f1 65 15 5b 1b 1c cb b8 b3 f5 04 ea bd 66 7c ec 49 c6 fa 17 0f 53 f5 b5 3a a6 ac f9 d8 ac e9 29 a8 5d a1 44 14 3b 42 a0 65 5e a1 e0 17 9f c4 7a 47 f7 58 fe f6 1f 9a c7 ec c3 a4 af 43 53 d1 f7 05 e7 f1 02 2b 38 de c6 d1 a9 27 76 d2 7b 04 18 d5 c4 59 55 80 75 9f 1b 64 74 b6 f1 fb c3 86 6c e7 ec bb 2d 95 ce 49 11 55 de ab bc c7 74 9d dd 61 f6 89 55 74 b0 b8 fc 37 10 75 d2 04 0f b7 60 07 da 6b f6 5b e4 bb 56 3d 8d 20 76 80 46 9b db da 20 6e 68 42 ac f2 a7 a1 3c 0a c2 a6 09 ed 96 cf 65 bc c7 e2 bb 06 d6 ad fe 52 f4 47 81 58 94 9a e7
                                            Data Ascii: ebb=;jB/w@[\HG|Y-GhCkrg#4i%u>Oe[f|IS:)]D;Be^zGXCS+8'v{YUudtl-IUtaUt7u`k[V= vF nhB<eRGX
                                            2025-04-02 11:35:50 UTC16384INData Raw: ba de a0 ed 6f f4 aa 78 cb 54 c3 fa c1 6d 96 be 0c 74 cf 05 9f 8c 6e 6c 5d 31 db 53 c8 ad 1c 29 e9 77 2c 8e 56 7b 85 42 dd 1a 66 77 d8 a6 5d 98 f2 bd 85 ab 48 56 6b 1a ec ce 33 d5 b8 10 36 9f 72 c9 e5 3b 56 9d a6 57 72 4b e7 16 ce 0f fd 2a d5 7c 23 f1 55 e1 a3 a2 26 5c 74 17 58 bc b7 38 66 60 c1 e7 41 2b 74 e0 59 53 2d 6a c7 a2 05 9b a0 ef 3e e5 35 69 50 c2 52 34 99 d7 74 76 b8 df 6e e1 e0 16 66 39 f5 9e fa 6c 2f 86 b8 81 6d 83 b3 e3 aa 0d 1a 9c a0 05 46 d0 a0 24 66 6b 49 68 90 01 3e 03 bf b9 57 e5 f6 82 c0 7b 07 99 4e c2 d1 6d 2c ac 60 80 08 ed da 87 97 87 d5 f8 7b d5 d3 3b 4b 34 0a ed 7b 61 db c0 79 2a 94 fa a3 80 56 eb ff 00 0e de ef 25 bc ba 66 76 c6 c0 7a 33 eb 15 68 fd 9d f9 bd ca 9e 08 c5 32 36 e6 2a cc 10 1a e2 0c 17 01 ec 4f 4b ec ba e0 1c 5b 01
                                            Data Ascii: oxTmtnl]1S)w,V{Bfw]HVk36r;VWrK*|#U&\tX8f`A+tYS-j>5iPR4tvnf9l/mF$fkIh>W{Nm,`{;K4{ay*V%fvz3h26*OK[
                                            2025-04-02 11:35:50 UTC12120INData Raw: 2b 86 b5 e2 47 4b 8e c5 e7 1a 6a f2 45 69 6c 16 11 17 d1 c2 66 3b 3d c7 8a 6c d7 0f 59 54 cc 70 1e 49 54 c4 55 6f 7a 1a 15 99 88 a5 ce d3 3d 13 b3 6b 7b 0f cd c2 3a 7e 91 bd fe 4a a2 cd 4d 56 7e 24 65 70 70 e1 e1 75 a3 51 55 ae dc cd 3d 97 5b 9d 31 7b 4e 21 b0 e6 76 b0 0f 04 75 3f 86 3e aa 5b c9 75 1a 4f db 71 f3 e0 99 53 f8 63 ea fb d6 2b 6a 98 1a 40 39 ee d6 d3 07 49 8d 78 fb 93 5d b5 76 0a e1 fe af b9 73 b4 4a 81 e5 6a 62 a6 19 ad 3b c7 91 58 94 30 d9 dd 95 c2 06 77 4c 76 05 e8 31 c2 68 b7 b0 8f 24 aa 43 ea 9d da e5 67 47 b1 60 c4 3c 0d 04 1b 20 c1 e3 33 e2 2b 61 9e 7a 4c 7b cb 3b 5b 3e ef 2e 09 d8 61 15 3b 8a c2 c5 b8 8c 4d 4a 94 8c 54 65 47 c1 ed 07 de b0 d3 d4 6c 54 f1 4c 75 3f f3 34 84 be 9f 5d a3 fe e5 3f b4 de d2 35 6f ee 53 70 75 c6 22 8b 6a 83
                                            Data Ascii: +GKjEilf;=lYTpITUoz=k{:~JMV~$eppuQU=[1{N!vu?>[uOqSc+j@9Ix]vsJjb;X0wLv1h$CgG`< 3+azL{;[>.a;MJTeGlTLu?4]?5oSpu"j
                                            2025-04-02 11:35:50 UTC16384INData Raw: 8e a6 04 8e c3 b7 e7 6a ba f6 07 b6 e0 10 41 99 59 6f a6 ec fc db 7d 2b 65 f4 1c 7e d3 66 f4 ce f8 f2 2d 3b 0a e9 86 5a 63 29 b5 cd 50 14 4d 21 c0 39 a6 41 12 0e f0 54 39 7a 5c 3a 0a 12 a5 42 20 14 29 21 42 0e d1 72 95 08 22 54 28 2b 90 4c ae 94 2b a5 01 4a e9 42 b9 07 4a e5 cb 90 74 a9 42 a5 07 12 8a 50 ae 40 72 ba 50 a9 40 4a 65 42 ed 50 48 32 8e 50 01 08 82 8a 30 53 98 92 d1 2a cb 1b 08 0f 2a 90 0a 21 70 b8 ac a9 65 74 a1 72 85 43 0a eb a1 06 17 4a 02 5d 08 73 2e 2e 94 04 0c 28 26 50 4a 99 40 c6 14 79 a1 27 34 28 2e 50 34 b9 0e 64 b9 51 28 19 99 46 64 b9 5d 2a 86 4c a2 4a 95 32 81 b2 a0 ba 10 02 a0 95 34 a9 25 74 a0 5c 2e a8 68 ba 6b 42 4b 53 8c b4 28 18 4c 2a ee 2a 1c f2 82 50 49 2b a5 04 ae 95 50 72 ba 50 4a e4 07 2b 90 ae 40 48 4a 89 5d 28 89 50 b9
                                            Data Ascii: jAYo}+e~f-;Zc)PM!9AT9z\:B )!Br"T(+L+JBJtBP@rP@JeBPH2P0S**!petrCJ]s..(&PJ@y'4(.P4dQ(Fd]*LJ24%t\.hkBKS(L**PI+PrPJ+@HJ](P
                                            2025-04-02 11:35:50 UTC16384INData Raw: 54 66 48 35 0a 1c eb 5a 4d ac e6 53 99 55 ce 88 54 29 a3 6b 39 97 66 55 f3 92 a7 32 9a 36 b0 1c 8e 52 1a 51 ca ce 9a 95 e6 03 03 9f 87 24 5f 30 56 31 c3 eb 29 7a cc f3 4a d2 a5 0f 58 27 e3 87 d6 52 f5 99 e6 82 39 4c 7d 40 ef f3 56 b1 22 29 3b 81 f2 49 e5 16 17 d2 0d 6e a6 75 30 35 45 5b 13 4e ad 37 f3 44 3b 28 be b0 82 79 3c 46 14 1f c2 ef d4 a3 93 9e d6 54 2c 2e 19 de f7 10 d1 73 11 b7 77 9a a9 c9 98 87 bc ba 94 c3 05 37 10 d0 34 39 9b df b7 69 28 79 3a d8 e0 06 99 9f e4 54 6b 48 c6 d7 7d 2a a7 29 03 6c 80 03 b5 df af 84 27 63 cc d0 11 bf de a2 b6 06 ae 2e bf 40 74 74 cc 6c 35 f6 f7 2b b9 30 fc d7 f9 82 20 13 a9 8d 38 5d 02 39 2d a4 e1 1e 00 92 5f a0 d7 46 a7 60 39 2c d1 78 ac f3 d2 17 ca 36 13 da 9c ca b3 87 73 a8 37 9b 00 80 dc cd 89 ed 84 ac 06 7a c6
                                            Data Ascii: TfH5ZMSUT)k9fU26RQ$_0V1)zJX'R9L}@V");Inu05E[N7D;(y<FT,.sw749i(y:TkH}*)l'c.@ttl5+0 8]9-_F`9,x6s7z
                                            2025-04-02 11:35:50 UTC7952INData Raw: 1d 40 e1 5e a9 04 e8 c8 dc 25 be f8 51 52 ce 93 2a 0d 99 1e ab b6 83 69 52 68 68 89 00 fb 15 aa 2d b3 c4 eb 4d c8 2a 08 60 6e e1 ee 54 66 f2 bd 27 3f 11 47 2c f5 0e 86 24 ca b2 c0 ec 0e 08 9a 42 4b 5c 2d 3a ce b1 bb b1 5b c5 50 6b de c7 9d 5a c1 1d f2 aa 63 da 4e 06 a6 53 04 39 ba 6c b8 41 73 07 5d 95 da 1e c3 2d 3b 54 b6 8e 4a d9 c1 b1 cd e2 56 7f 24 d0 34 79 c7 cd cb 5c e8 3a 5b 6f 1f 72 bb 81 c5 b7 14 d0 ed 08 30 e1 f7 5d 1a 7c ea 14 54 d0 1f e6 c9 fc 4f 43 85 e8 f3 a7 f0 9f 35 6a 9d 20 da a2 a6 a6 6f de ab d1 68 02 a7 6b 5d e6 83 2b 17 4c d5 a1 94 7f e4 a7 fd 4a f0 ac d0 69 b0 9b b8 54 02 4e e2 2d f3 bb b5 04 06 d1 7f 16 7f 52 0a cc f4 2f 8b 0e 73 da 5a 82 dd 5b d4 27 79 72 9f b1 4b 8f f5 28 ad e9 1d c4 a2 fb 14 fd 6f ea 40 ac d1 4c ef 2e f8 2c 8e 5c
                                            Data Ascii: @^%QR*iRhh-M*`nTf'?G,$BK\-:[PkZcNS9lAs]-;TJV$4y\:[or0]|TOC5j ohk]+LJiTN-R/sZ['yrK(o@L.,\
                                            2025-04-02 11:35:50 UTC16384INData Raw: fc 7d c8 2a d8 fe 66 29 6c 73 8f e3 ee 4b ac 40 3d ec 51 57 29 75 87 7a a0 1a d1 5c bd e4 35 81 b9 64 90 2f 33 17 57 a8 c6 61 75 83 8e 73 5b 58 9d b0 a4 1a b5 dc da 98 49 04 65 24 dc 5c 6d 54 db 88 c3 b1 ad a2 d0 e7 18 ca 09 80 2f ed 46 d7 4f 26 07 4f df f3 72 c7 a5 7a 8c be d0 8b a6 b6 3a bb a8 bd ae 66 51 23 52 d0 48 e1 29 fc 93 88 75 76 d5 2f 71 74 06 ea 77 e6 54 b9 50 66 73 44 ec f7 05 6f 91 e8 d4 a4 ca b9 c1 12 1b 12 3d 64 b0 8c 8a f0 d7 b8 0b 1c c5 6a d2 13 c9 ec 9f c7 e6 e4 9f f0 ea b5 5e 5c 04 49 3a db f7 5a 74 f0 47 e8 ed a0 48 04 66 b8 be a4 fc 52 8f 2f cc 93 bf 45 af 8b 64 e1 e2 62 5d f0 56 c6 1b 07 48 e5 aa f1 3f 89 e1 a8 99 88 a3 87 61 75 52 00 cc 60 c1 3a 20 c9 c2 e0 5e 6a b1 cd 04 80 e6 93 02 d6 2b 63 1f 85 75 78 0d 12 2d b9 70 e5 36 3d c1
                                            Data Ascii: }*f)lsK@=QW)uz\5d/3Waus[XIe$\mT/FO&Orz:fQ#RH)uv/qtwTPfsDo=dj^\I:ZtGHfR/Edb]VH?auR`: ^j+cux-p6=
                                            2025-04-02 11:35:50 UTC8048INData Raw: 34 cc 45 e5 66 d5 d2 c6 0a b8 a1 52 a8 74 dd c0 5b bd 68 d5 a8 1f 44 41 da 7d e9 14 70 f4 99 a3 47 7d fc d5 81 61 10 a4 5a cc c3 55 7d 1a 4d 80 60 17 12 03 49 3a a6 62 83 aa d0 76 50 4b 89 26 00 bd e1 69 5f 39 20 44 85 02 b0 60 32 40 e2 40 41 97 86 0e 6b 98 e3 4d fd 17 12 6d bf e0 ad 72 93 4e 21 a5 8c b9 b6 c3 b0 ca 63 f1 74 da d3 f5 8c 9f 5c 24 bb 1b 87 69 f4 80 eb a4 95 4d 07 0b 4a ab 32 b9 c2 40 74 f6 ea 9d 8e a2 ec 53 4b 59 69 03 5f d9 07 f8 96 19 ad 8c c4 f0 61 41 fe 2d 87 07 47 1e e1 f1 40 da c1 d4 46 77 09 1d 9d aa b6 22 b6 66 ba 99 16 92 26 7b 50 62 79 5a 9d 51 01 a4 77 85 49 f8 d6 ba 60 6a 67 55 3a 55 ca 27 9b 66 50 0d 8d ba 5a 71 df ee 56 4e 24 be 93 58 47 54 44 ce ab 23 e9 c4 68 3c d4 1c 73 f6 01 e1 fb ab d2 76 6f d0 5a e1 0e 75 e5 5f c1 b9 b8
                                            Data Ascii: 4EfRt[hDA}pG}aZU}M`I:bvPK&i_9 D`2@@AkMmrN!ct\$iMJ2@tSKYi_aA-G@Fw"f&{PbyZQwI`jgU:U'fPZqVN$XGTD#h<svoZu_


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            12192.168.2.64973623.209.72.94431628C:\Program Files\Google\Chrome\Application\chrome.exe
                                            TimestampBytes transferredDirectionData
                                            2025-04-02 11:35:50 UTC740OUTGET /c1c6b6c8-p0ecqkormrlmmajgzx9e3jyt1y-ehy5oslrpngftngy/logintenantbranding/0/bannerlogo?ts=638260620761652122 HTTP/1.1
                                            Host: aadcdn.msauthimages.net
                                            Connection: keep-alive
                                            sec-ch-ua-platform: "Windows"
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                            sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                            sec-ch-ua-mobile: ?0
                                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                            Sec-Fetch-Site: cross-site
                                            Sec-Fetch-Mode: no-cors
                                            Sec-Fetch-Dest: image
                                            Sec-Fetch-Storage-Access: active
                                            Referer: https://login.microsoftonline.com/
                                            Accept-Encoding: gzip, deflate, br, zstd
                                            Accept-Language: en-US,en;q=0.9
                                            2025-04-02 11:35:50 UTC710INHTTP/1.1 200 OK
                                            Content-Length: 2889
                                            Content-Type: image/*
                                            Content-MD5: Qjs3EBxwwYY/jZl9ZGzF7w==
                                            Last-Modified: Thu, 27 Jul 2023 13:41:16 GMT
                                            ETag: 0x8DB8EA726C19FEF
                                            x-ms-request-id: 9ccdcf94-d01e-0060-66fc-676910000000
                                            x-ms-version: 2009-09-19
                                            x-ms-lease-status: unlocked
                                            x-ms-blob-type: BlockBlob
                                            Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                            Access-Control-Allow-Origin: *
                                            Cache-Control: public, max-age=83659
                                            Date: Wed, 02 Apr 2025 11:35:50 GMT
                                            Connection: close
                                            X-Content-Type-Options: nosniff
                                            Akamai-GRN: 0.8904d217.1743593750.2df6443
                                            2025-04-02 11:35:50 UTC2889INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 18 00 00 00 3c 08 06 00 00 00 bd c4 a5 18 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 0a fb 49 44 41 54 78 9c ed 9d 3d 6f 63 c7 15 86 87 ab d8 f0 da 06 28 03 46 dc c4 58 19 10 b0 c1 6d 48 57 29 52 2c f7 b6 2e 4c 35 42 ba a5 7e 41 b8 3f e0 42 5c 10 69 13 aa 49 15 c0 54 e7 a8 21 dd 04 09 82 d0 24 90 da 2b 36 44 82 10 b1 54 c5 71 9c 44 44 04 ac 15 87 62 30 dc 77 b4 23 f2 de f9 ba 9f 92 ce 03 10 ab 15 2f c9 c3 11 e7 e5 99 73 ce 9c 29 2d 16 0b 46 10 04 91 06 f7 68 54 09 82 48 0b 12 18 82 20 52 e3 7b 69 0f ad e7 07 55 c6 d8 16 63 ac 8a 5f d5 56 2e 39 66 8c 9d 31 c6 4e f8 6d 32 68 0f f3 fc 73 cf 76 b7 37 61 ab b0 73 0b 37 19 61 e3 d2 e6 f2 d1 34 37 9b 3d 3f 10 f6 a9 ec 15 63 7c 86
                                            Data Ascii: PNGIHDR<pHYs~IDATx=oc(FXmHW)R,.L5B~A?B\iIT!$+6DTqDDb0w#/s)-FhTH R{iUc_V.9f1Nm2hsv7as7a47=?c|


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            13192.168.2.64973923.209.72.94431628C:\Program Files\Google\Chrome\Application\chrome.exe
                                            TimestampBytes transferredDirectionData
                                            2025-04-02 11:35:51 UTC494OUTGET /c1c6b6c8-p0ecqkormrlmmajgzx9e3jyt1y-ehy5oslrpngftngy/logintenantbranding/0/bannerlogo?ts=638260620761652122 HTTP/1.1
                                            Host: aadcdn.msauthimages.net
                                            Connection: keep-alive
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                            Accept: */*
                                            Sec-Fetch-Site: none
                                            Sec-Fetch-Mode: cors
                                            Sec-Fetch-Dest: empty
                                            Sec-Fetch-Storage-Access: active
                                            Accept-Encoding: gzip, deflate, br, zstd
                                            Accept-Language: en-US,en;q=0.9
                                            2025-04-02 11:35:51 UTC710INHTTP/1.1 200 OK
                                            Content-Length: 2889
                                            Content-Type: image/*
                                            Content-MD5: Qjs3EBxwwYY/jZl9ZGzF7w==
                                            Last-Modified: Thu, 27 Jul 2023 13:41:16 GMT
                                            ETag: 0x8DB8EA726C19FEF
                                            x-ms-request-id: 9ccdcf94-d01e-0060-66fc-676910000000
                                            x-ms-version: 2009-09-19
                                            x-ms-lease-status: unlocked
                                            x-ms-blob-type: BlockBlob
                                            Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                            Access-Control-Allow-Origin: *
                                            Cache-Control: public, max-age=83658
                                            Date: Wed, 02 Apr 2025 11:35:51 GMT
                                            Connection: close
                                            X-Content-Type-Options: nosniff
                                            Akamai-GRN: 0.8904d217.1743593751.2df6536
                                            2025-04-02 11:35:51 UTC2889INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 18 00 00 00 3c 08 06 00 00 00 bd c4 a5 18 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 0a fb 49 44 41 54 78 9c ed 9d 3d 6f 63 c7 15 86 87 ab d8 f0 da 06 28 03 46 dc c4 58 19 10 b0 c1 6d 48 57 29 52 2c f7 b6 2e 4c 35 42 ba a5 7e 41 b8 3f e0 42 5c 10 69 13 aa 49 15 c0 54 e7 a8 21 dd 04 09 82 d0 24 90 da 2b 36 44 82 10 b1 54 c5 71 9c 44 44 04 ac 15 87 62 30 dc 77 b4 23 f2 de f9 ba 9f 92 ce 03 10 ab 15 2f c9 c3 11 e7 e5 99 73 ce 9c 29 2d 16 0b 46 10 04 91 06 f7 68 54 09 82 48 0b 12 18 82 20 52 e3 7b 69 0f ad e7 07 55 c6 d8 16 63 ac 8a 5f d5 56 2e 39 66 8c 9d 31 c6 4e f8 6d 32 68 0f f3 fc 73 cf 76 b7 37 61 ab b0 73 0b 37 19 61 e3 d2 e6 f2 d1 34 37 9b 3d 3f 10 f6 a9 ec 15 63 7c 86
                                            Data Ascii: PNGIHDR<pHYs~IDATx=oc(FXmHW)R,.L5B~A?B\iIT!$+6DTqDDb0w#/s)-FhTH R{iUc_V.9f1Nm2hsv7as7a47=?c|


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            14192.168.2.64973820.190.144.1374431628C:\Program Files\Google\Chrome\Application\chrome.exe
                                            TimestampBytes transferredDirectionData
                                            2025-04-02 11:35:51 UTC1559OUTGET /common/instrumentation/dssostatus HTTP/1.1
                                            Host: login.microsoftonline.com
                                            Connection: keep-alive
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                            Accept: */*
                                            Sec-Fetch-Site: none
                                            Sec-Fetch-Mode: cors
                                            Sec-Fetch-Dest: empty
                                            Sec-Fetch-Storage-Access: active
                                            Accept-Encoding: gzip, deflate, br, zstd
                                            Accept-Language: en-US,en;q=0.9
                                            Cookie: rrc=1; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-NFbVQTMJT28=AQABCQEAAABVrSpeuWamRam2jAF1XRQE1s8n82GpRt0DwbBKocG6xhvJa5n_8_bB33yUMrIV6WVGH6l9fq2m0wjqGi-7DAwctEeJFPs07U8EpXnzq-Ev7IenIvhHkOYpCEp6HSj-BFVo0ZYziHRPBp3BJNEzrmiJ9o80-Qy4gi8-63GAqMYyMCAA; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=1.AUcALQ3SmSOJ2EW5rVA4yXWC40xQYEazRXRGpwlxlRprB2MNAQBHAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEmuY0-5vC_w9NR26clYF285o0trVd9MZRivWolmxHNEgRkpMQruYc3ltzKbQTQOVpyoAXPXCp-L7LMNPgosY0cYfTTAd_83wAot20S-PvfQ4gAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEFukXBz3aL2OxwaoHK9Chwu5eYJjZvNFHET7QU5RRhihgDXsrASeWhIuYM6IvVcqiwyQtQ7MTt0vs5J_g4CiwZpwlZEO5BEQfXhoaIn-acwd2TcJY7SlIf2jR5nHFnEM0S1RD3Qp3oyfIdgtN_4V6dYPnqn3xO-b1CG5QKH3vdpsgAA; esctx-2F38yk4vijY=AQABCQEAAABVrSpeuWamRam2jAF1XRQE0msXXB5pQEyiomrTegvgRcZiCJUR1BMJBrXM5CTZDSvImy3KOsr6CIFRbX9Wx3wW6uLduUTvbPDdttPaK9PjF1ODOLWubSIv3afiyUmTpKogLU2VCmbpBm2depGCM3uHqHFfNF0BwmQWIo7zekKX_CAA; fpc=Avy6ytys1FBNgMyfsW4Njf6S0IzrAQAAABAYf98OAAAA; MicrosoftApplicationsTelemetryDevice [TRUNCATED]
                                            2025-04-02 11:35:52 UTC1720INHTTP/1.1 200 OK
                                            Cache-Control: no-store, no-cache
                                            Pragma: no-cache
                                            Content-Type: application/json; charset=utf-8
                                            Expires: -1
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                            X-Content-Type-Options: nosniff
                                            Access-Control-Allow-Origin: https://autologon.microsoftazuread-sso.com/
                                            Access-Control-Allow-Credentials: true
                                            Access-Control-Allow-Methods: POST, OPTIONS
                                            P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                            x-ms-request-id: b2bccc8a-f8a5-4cd3-923c-60f1dd983a00
                                            x-ms-ests-server: 2.1.20393.4 - FRC ProdSlices
                                            report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+krc"}]}
                                            nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
                                            x-ms-srs: 1.P
                                            Referrer-Policy: strict-origin-when-cross-origin
                                            Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-yGnquzYxQWFCfslUHaQXtA' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All
                                            X-XSS-Protection: 0
                                            Set-Cookie: fpc=Avy6ytys1FBNgMyfsW4Njf6S0IzrAQAAABAYf98OAAAA; expires=Fri, 02-May-2025 11:35:52 GMT; path=/; secure; HttpOnly; SameSite=None
                                            Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
                                            Date: Wed, 02 Apr 2025 11:35:52 GMT
                                            Connection: close
                                            Content-Length: 164
                                            2025-04-02 11:35:52 UTC164INData Raw: 7b 22 65 72 72 6f 72 22 3a 7b 22 63 6f 64 65 22 3a 36 31 30 30 2c 22 73 74 73 45 72 72 6f 72 22 3a 22 41 41 44 53 54 53 39 30 30 35 36 31 22 2c 22 63 6f 72 72 65 6c 61 74 69 6f 6e 49 64 22 3a 22 33 63 64 38 31 36 32 30 2d 63 39 65 31 2d 34 61 64 32 2d 39 37 62 31 2d 31 63 31 64 37 34 66 34 36 30 30 36 22 2c 22 74 69 6d 65 73 74 61 6d 70 22 3a 22 32 30 32 35 2d 30 34 2d 30 32 20 31 31 3a 33 35 3a 35 32 5a 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 41 41 44 53 54 53 39 30 30 35 36 31 22 7d 7d
                                            Data Ascii: {"error":{"code":6100,"stsError":"AADSTS900561","correlationId":"3cd81620-c9e1-4ad2-97b1-1c1d74f46006","timestamp":"2025-04-02 11:35:52Z","message":"AADSTS900561"}}


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            15192.168.2.64974340.126.29.84431628C:\Program Files\Google\Chrome\Application\chrome.exe
                                            TimestampBytes transferredDirectionData
                                            2025-04-02 11:36:04 UTC3540OUTPOST /99d20d2d-8923-45d8-b9ad-5038c97582e3/login HTTP/1.1
                                            Host: login.microsoftonline.com
                                            Connection: keep-alive
                                            Content-Length: 2712
                                            Cache-Control: max-age=0
                                            sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                            sec-ch-ua-mobile: ?0
                                            sec-ch-ua-platform: "Windows"
                                            Origin: https://login.microsoftonline.com
                                            Content-Type: application/x-www-form-urlencoded
                                            Upgrade-Insecure-Requests: 1
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                            Sec-Fetch-Site: same-origin
                                            Sec-Fetch-Mode: navigate
                                            Sec-Fetch-User: ?1
                                            Sec-Fetch-Dest: document
                                            Referer: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/oauth2/authorize?client_id=4660504c-45b3-4674-a709-71951a6b0763&redirect_uri=https%3A%2F%2Finvitations.microsoft.com&response_type=id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DWmEn4Xg5_cdsyNcY-T3-ScEJLLB6iSTYtlCSQ4O2uXdjTlBMMpAhHAj1O9VfFqBuXscTipOA1JEED6kEOlKBod492UHENDdZ-9s6aYjI8_h3joryCd7bMu7O7wmpSh6oj254tXwVBlFnJFmkOK_2nWQ6Al62wztUuWgxoQaPM78HC7s6iNpJOpJdwse6eTMRgXqSRhiXJtDWaeItoX_hfrkLwZSrKQVLufQnbooZjoD27YvHfkUeAct52Pp3H_e7CH8BlIuVExtUPeCBiKURlVJJkpFCplXDXqBgxajjl0rc7ZLpjI7CcuW63SedK9gy9a1zIoPrQgM4JL9-fhNPWGDFcEQWLHVL7uy2-zzuUOBZqS_mrfHS9kNOVOarjXmtBPq_tbmTLPYTDSr0j1Vk2RO8GuFu0nZ_5fh-xWcLUVxn0KneiNGmH9VLsG1fIR-HuPWw8tVMysB1yEYVgOWrrpIm10gefC4ffCS1kSQvM5nPBoETzhtwSkZq3O00IMw6KMEiTOScmEKqo0tBS3ly7b2I6xb7Eru7xnwrMlb7YjArWrqqco1usJs3FNz5mLmjhhvCoeBpIfsjqJf_7Az5fA8QjYPji32SN651bgQE1PCPM8luzEVlYLZIKB_gStd9xxttwQRoQfsRtveZILol1lWBqTVGFnwcUSB7SXoS80VAkB2YPPXZHuG_PqA_OwY9z-QY233ZmzH_xxBgS4R9QiF7y2iNnn [TRUNCATED]
                                            Accept-Encoding: gzip, deflate, br, zstd
                                            Accept-Language: en-US,en;q=0.9
                                            Cookie: rrc=1; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-NFbVQTMJT28=AQABCQEAAABVrSpeuWamRam2jAF1XRQE1s8n82GpRt0DwbBKocG6xhvJa5n_8_bB33yUMrIV6WVGH6l9fq2m0wjqGi-7DAwctEeJFPs07U8EpXnzq-Ev7IenIvhHkOYpCEp6HSj-BFVo0ZYziHRPBp3BJNEzrmiJ9o80-Qy4gi8-63GAqMYyMCAA; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=1.AUcALQ3SmSOJ2EW5rVA4yXWC40xQYEazRXRGpwlxlRprB2MNAQBHAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEmuY0-5vC_w9NR26clYF285o0trVd9MZRivWolmxHNEgRkpMQruYc3ltzKbQTQOVpyoAXPXCp-L7LMNPgosY0cYfTTAd_83wAot20S-PvfQ4gAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEFukXBz3aL2OxwaoHK9Chwu5eYJjZvNFHET7QU5RRhihgDXsrASeWhIuYM6IvVcqiwyQtQ7MTt0vs5J_g4CiwZpwlZEO5BEQfXhoaIn-acwd2TcJY7SlIf2jR5nHFnEM0S1RD3Qp3oyfIdgtN_4V6dYPnqn3xO-b1CG5QKH3vdpsgAA; esctx-2F38yk4vijY=AQABCQEAAABVrSpeuWamRam2jAF1XRQE0msXXB5pQEyiomrTegvgRcZiCJUR1BMJBrXM5CTZDSvImy3KOsr6CIFRbX9Wx3wW6uLduUTvbPDdttPaK9PjF1ODOLWubSIv3afiyUmTpKogLU2VCmbpBm2depGCM3uHqHFfNF0BwmQWIo7zekKX_CAA; fpc=Avy6ytys1FBNgMyfsW4Njf6S0IzrAQAAABAYf98OAAAA; MicrosoftApplicationsTelemetryDevice [TRUNCATED]
                                            2025-04-02 11:36:04 UTC2712OUTData Raw: 69 31 33 3d 30 26 6c 6f 67 69 6e 3d 72 69 63 68 61 72 64 2e 70 61 72 6b 69 6e 73 6f 6e 25 34 30 6f 63 73 2e 63 6f 6d 26 6c 6f 67 69 6e 66 6d 74 3d 72 69 63 68 61 72 64 2e 70 61 72 6b 69 6e 73 6f 6e 25 34 30 6f 63 73 2e 63 6f 6d 26 74 79 70 65 3d 31 31 26 4c 6f 67 69 6e 4f 70 74 69 6f 6e 73 3d 33 26 6c 72 74 3d 26 6c 72 74 50 61 72 74 69 74 69 6f 6e 3d 26 68 69 73 52 65 67 69 6f 6e 3d 26 68 69 73 53 63 61 6c 65 55 6e 69 74 3d 26 70 61 73 73 77 64 3d 4a 45 62 43 25 32 31 25 35 45 25 33 42 6b 25 32 36 4a 49 33 26 70 73 3d 32 26 70 73 52 4e 47 43 44 65 66 61 75 6c 74 54 79 70 65 3d 26 70 73 52 4e 47 43 45 6e 74 72 6f 70 79 3d 26 70 73 52 4e 47 43 53 4c 4b 3d 26 63 61 6e 61 72 79 3d 70 76 4c 63 48 34 42 68 5a 4b 56 48 4e 55 46 30 6d 25 32 46 6b 54 56 62 44 79
                                            Data Ascii: i13=0&login=richard.parkinson%40ocs.com&loginfmt=richard.parkinson%40ocs.com&type=11&LoginOptions=3&lrt=&lrtPartition=&hisRegion=&hisScaleUnit=&passwd=JEbC%21%5E%3Bk%26JI3&ps=2&psRNGCDefaultType=&psRNGCEntropy=&psRNGCSLK=&canary=pvLcH4BhZKVHNUF0m%2FkTVbDy
                                            2025-04-02 11:36:05 UTC2986INHTTP/1.1 200 OK
                                            Cache-Control: no-store, no-cache
                                            Pragma: no-cache
                                            Content-Type: text/html; charset=utf-8
                                            Expires: -1
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                            X-Content-Type-Options: nosniff
                                            X-Frame-Options: DENY
                                            Link: <https://aadcdn.msauth.net>; rel=preconnect; crossorigin
                                            Link: <https://aadcdn.msauth.net>; rel=preconnect; crossorigin,<https://aadcdn.msauth.net>; rel=dns-prefetch
                                            Link: <https://aadcdn.msauth.net>; rel=preconnect; crossorigin,<https://aadcdn.msauth.net>; rel=dns-prefetch,<https://aadcdn.msftauth.net>; rel=dns-prefetch
                                            X-DNS-Prefetch-Control: on
                                            P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                            x-ms-request-id: 5f5a82b4-c38a-4ac5-af05-03dd2a2e0a00
                                            x-ms-ests-server: 2.1.20465.4 - WEULR1 ProdSlices
                                            report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+san"}]}
                                            nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
                                            x-ms-srs: 1.P
                                            Referrer-Policy: strict-origin-when-cross-origin
                                            Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-111PuBwj5MnsKRxjWRJlyA' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All
                                            X-XSS-Protection: 0
                                            Set-Cookie: esctx-2F38yk4vijY=; domain=.login.microsoftonline.com; expires=Tue, 01-Apr-2025 11:36:04 GMT; path=/; SameSite=None
                                            Set-Cookie: buid=1.AUcALQ3SmSOJ2EW5rVA4yXWC40xQYEazRXRGpwlxlRprB2MNAQBHAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEuYfwZz8LFNhq6N-ReKs34VrI8iVLOS2H2p5HXZVKciRF2seaDoPjK8qpIq1tjZSsxuOlboYNP9egDIbki4jwa6Kq9TjcZjFRPVw0omIDoYYgAA; expires=Fri, 02-May-2025 11:36:04 GMT; path=/; secure; HttpOnly; SameSite=None
                                            Set-Cookie: esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEbmvnzof61mpIQcuUWa8k8Pp7i7mbqhc7bieq2bs4LtjKusrczKxX8TCo0DLFOJX7GP95d7wM8w0S7rpTBgbOcx9piIH7sc4Qqc73mtdsETMUhBV9apj4oQ4obEWsQWxK0Ls-9EO-UV4JwmJIERPfDMte2eIL0gJSJbnlVnhcfYQgAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
                                            Set-Cookie: esctx-zXREiLAcjLA=AQABCQEAAABVrSpeuWamRam2jAF1XRQEF_s5Lx2_SR8Dhl7BlE_cr2slj6nZF71-gMJlZ5T-UXgMeR4Obo9Gg_TjHtDMV34JOe4rd3f9O9Yeu1atxQ_LW9xeYFIHy6NZw061IlFT8Nkxcqm6cxmM0EBdRig33RZDpJoL8BS6Dpf8J1PqxgpMHiAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
                                            Set-Cookie: fpc=Avy6ytys1FBNgMyfsW4Njf6S0IzrAQAAABAYf98OAAAALGRsDAEAAAAkGH_fDgAAAA; expires=Fri, 02-May-2025 11:36:04 GMT; path=/; secure; HttpOnly; SameSite=None
                                            Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
                                            Date: Wed, 02 Apr 2025 11:36:05 GMT
                                            Connection: close
                                            Content-Length: 56979
                                            2025-04-02 11:36:05 UTC13398INData Raw: 0d 0a 0d 0a 3c 21 2d 2d 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 20 2d 2d 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 63 6c 61 73 73 3d 22 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 69 67 6e 20 69 6e 20 74 6f 20 79 6f 75 72 20 61 63 63 6f 75 6e 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20
                                            Data Ascii: ... Copyright (C) Microsoft Corporation. All rights reserved. --><!DOCTYPE html><html dir="ltr" class="" lang="en"><head> <title>Sign in to your account</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
                                            2025-04-02 11:36:05 UTC16384INData Raw: 73 73 77 6f 72 64 2f 72 65 73 65 74 3f 77 72 65 70 6c 79 3d 68 74 74 70 73 25 33 61 25 32 66 25 32 66 6c 6f 67 69 6e 2e 6d 69 63 72 6f 73 6f 66 74 6f 6e 6c 69 6e 65 2e 63 6f 6d 25 32 66 39 39 64 32 30 64 32 64 2d 38 39 32 33 2d 34 35 64 38 2d 62 39 61 64 2d 35 30 33 38 63 39 37 35 38 32 65 33 25 32 66 72 65 70 72 6f 63 65 73 73 25 33 66 63 74 78 25 33 64 72 51 51 49 41 52 41 41 6a 5a 52 50 69 4e 78 30 46 4d 64 6e 64 72 66 62 62 63 56 32 71 79 49 57 44 31 62 74 51 61 7a 5a 7a 66 39 4d 46 68 61 62 7a 47 51 6d 4d 35 4f 5a 4a 4a 4f 5a 4a 44 4f 58 49 58 38 6e 79 53 54 35 5a 66 4a 6e 35 38 2d 68 42 37 47 67 49 75 49 66 52 50 44 67 77 5a 50 30 59 68 45 50 55 68 45 38 65 65 69 70 42 78 45 70 43 6c 55 38 53 45 48 52 58 74 71 54 4f 42 57 39 43 45 55 76 44 78 35 38
                                            Data Ascii: ssword/reset?wreply=https%3a%2f%2flogin.microsoftonline.com%2f99d20d2d-8923-45d8-b9ad-5038c97582e3%2freprocess%3fctx%3drQQIARAAjZRPiNx0FMdndrfbbcV2qyIWD1btQazZzf9MFhabzGQmM5OZJJOZJDOXIX8nyST5ZfJn58-hB7GgIuIfRPDgwZP0YhEPUhE8eeipBxEpClU8SEHRXtqTOBW9CEUvDx58
                                            2025-04-02 11:36:05 UTC16384INData Raw: 69 6f 6e 49 64 65 6e 74 69 66 69 65 72 4e 61 6d 65 22 3a 22 63 6f 64 65 22 2c 22 73 43 74 78 22 3a 22 72 51 51 49 41 52 41 41 6a 5a 51 39 6a 4e 74 30 47 4d 61 54 75 2d 76 64 74 52 4c 74 46 52 43 69 59 69 6e 51 41 56 47 63 38 37 66 6a 6b 30 37 55 54 70 77 34 69 52 50 62 63 57 49 37 57 53 78 5f 78 6e 5a 73 5f 78 31 5f 58 44 34 47 42 69 51 6b 68 42 44 69 59 32 4e 67 59 45 4a 64 51 49 67 42 46 53 45 78 4d 58 54 71 77 46 53 42 56 44 47 68 44 67 69 36 74 42 4d 69 52 62 41 67 56 62 43 38 30 69 73 39 6a 5f 54 6f 30 66 76 2d 4c 68 7a 55 61 33 41 4e 71 63 47 76 37 69 49 31 35 4f 51 61 54 70 49 77 41 65 4d 32 68 42 4d 57 42 75 45 6b 68 55 4d 6d 42 64 4d 51 68 64 41 45 59 70 49 57 54 4a 46 59 39 76 53 46 6f 78 73 5f 66 66 58 47 51 5f 38 5a 38 51 50 2d 68 55 63 66 5f
                                            Data Ascii: ionIdentifierName":"code","sCtx":"rQQIARAAjZQ9jNt0GMaTu-vdtRLtFRCiYinQAVGc87fjk07UTpw4iRPbcWI7WSx_xnZs_x1_XD4GBiQkhBDiY2NgYEJdQIgBFSExMXTqwFSBVDGhDgi6tBMiRbAgVbC80is9j_To0fv-LhzUa3ANqcGv7iI15OQaTpIwAeM2hBMWBuEkhUMmBdMQhdAEYpIWTJFY9vSFoxs_ffXGQ_8Z8QP-hUcf_
                                            2025-04-02 11:36:05 UTC10813INData Raw: 69 6f 6e 20 73 28 65 2c 72 29 7b 76 61 72 20 74 3d 67 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 72 29 3b 72 65 74 75 72 6e 20 74 2e 73 72 63 3d 65 2c 74 7d 66 75 6e 63 74 69 6f 6e 20 64 28 65 2c 72 29 7b 69 66 28 65 26 26 65 2e 6c 65 6e 67 74 68 3e 30 26 26 72 29 7b 66 6f 72 28 76 61 72 20 74 3d 30 3b 74 3c 65 2e 6c 65 6e 67 74 68 3b 74 2b 2b 29 7b 69 66 28 2d 31 21 3d 3d 72 2e 69 6e 64 65 78 4f 66 28 65 5b 74 5d 29 29 7b 72 65 74 75 72 6e 21 30 7d 7d 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 6c 28 72 29 7b 69 66 28 65 28 29 2e 66 54 65 6e 61 6e 74 42 72 61 6e 64 69 6e 67 43 64 6e 41 64 64 45 76 65 6e 74 48 61 6e 64 6c 65 72 73 29 7b 76 61 72 20 74 3d 64 28 45 2c 72 29 3f 45 3a 62 3b 69 66 28 21 28 74 26 26 74 2e 6c 65 6e 67 74 68 3e 31
                                            Data Ascii: ion s(e,r){var t=g.createElement(r);return t.src=e,t}function d(e,r){if(e&&e.length>0&&r){for(var t=0;t<e.length;t++){if(-1!==r.indexOf(e[t])){return!0}}}return!1}function l(r){if(e().fTenantBrandingCdnAddEventHandlers){var t=d(E,r)?E:b;if(!(t&&t.length>1


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            16192.168.2.64974440.126.29.84431628C:\Program Files\Google\Chrome\Application\chrome.exe
                                            TimestampBytes transferredDirectionData
                                            2025-04-02 11:36:31 UTC2433OUTPOST /99d20d2d-8923-45d8-b9ad-5038c97582e3/login HTTP/1.1
                                            Host: login.microsoftonline.com
                                            Connection: keep-alive
                                            Content-Length: 2823
                                            Cache-Control: max-age=0
                                            sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                            sec-ch-ua-mobile: ?0
                                            sec-ch-ua-platform: "Windows"
                                            Origin: https://login.microsoftonline.com
                                            Content-Type: application/x-www-form-urlencoded
                                            Upgrade-Insecure-Requests: 1
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                            Sec-Fetch-Site: same-origin
                                            Sec-Fetch-Mode: navigate
                                            Sec-Fetch-User: ?1
                                            Sec-Fetch-Dest: document
                                            Referer: https://login.microsoftonline.com/99d20d2d-8923-45d8-b9ad-5038c97582e3/login
                                            Accept-Encoding: gzip, deflate, br, zstd
                                            Accept-Language: en-US,en;q=0.9
                                            Cookie: rrc=1; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-NFbVQTMJT28=AQABCQEAAABVrSpeuWamRam2jAF1XRQE1s8n82GpRt0DwbBKocG6xhvJa5n_8_bB33yUMrIV6WVGH6l9fq2m0wjqGi-7DAwctEeJFPs07U8EpXnzq-Ev7IenIvhHkOYpCEp6HSj-BFVo0ZYziHRPBp3BJNEzrmiJ9o80-Qy4gi8-63GAqMYyMCAA; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; esctx-2F38yk4vijY=AQABCQEAAABVrSpeuWamRam2jAF1XRQE0msXXB5pQEyiomrTegvgRcZiCJUR1BMJBrXM5CTZDSvImy3KOsr6CIFRbX9Wx3wW6uLduUTvbPDdttPaK9PjF1ODOLWubSIv3afiyUmTpKogLU2VCmbpBm2depGCM3uHqHFfNF0BwmQWIo7zekKX_CAA; MicrosoftApplicationsTelemetryDeviceId=7500d086-9144-4f6e-8e01-40b235b98a31; brcap=0; ai_session=VpJpRNoDsDV4Yd/hl2NEPA|1743593748809|1743593748809; MSFPC=GUID=937fab22e7494b79a7954e360490354e&HASH=937f&LV=202504&V=4&LU=1743593753251; buid=1.AUcALQ3SmSOJ2EW5rVA4yXWC40xQYEazRXRGpwlxlRprB2MNAQBHAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEuYfwZz8LFNhq6N-ReKs34VrI8iVLOS2H2p5HXZVKciRF2seaDoPjK8qpIq1tjZSsxuOlboYNP9egDIbki4jwa6Kq9TjcZjFRPVw0omIDoYYgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEbmvnzof61mpIQcuUWa8k8Pp7i7m [TRUNCATED]
                                            2025-04-02 11:36:31 UTC2823OUTData Raw: 69 31 33 3d 30 26 6c 6f 67 69 6e 3d 72 69 63 68 61 72 64 2e 70 61 72 6b 69 6e 73 6f 6e 25 34 30 6f 63 73 2e 63 6f 6d 26 6c 6f 67 69 6e 66 6d 74 3d 72 69 63 68 61 72 64 2e 70 61 72 6b 69 6e 73 6f 6e 25 34 30 6f 63 73 2e 63 6f 6d 26 74 79 70 65 3d 31 31 26 4c 6f 67 69 6e 4f 70 74 69 6f 6e 73 3d 33 26 6c 72 74 3d 26 6c 72 74 50 61 72 74 69 74 69 6f 6e 3d 26 68 69 73 52 65 67 69 6f 6e 3d 26 68 69 73 53 63 61 6c 65 55 6e 69 74 3d 26 70 61 73 73 77 64 3d 25 35 44 25 37 44 25 34 30 6b 25 37 44 75 5f 6c 62 25 32 34 25 33 43 25 32 42 30 31 50 26 70 73 3d 32 26 70 73 52 4e 47 43 44 65 66 61 75 6c 74 54 79 70 65 3d 26 70 73 52 4e 47 43 45 6e 74 72 6f 70 79 3d 26 70 73 52 4e 47 43 53 4c 4b 3d 26 63 61 6e 61 72 79 3d 70 76 4c 63 48 34 42 68 5a 4b 56 48 4e 55 46 30 6d
                                            Data Ascii: i13=0&login=richard.parkinson%40ocs.com&loginfmt=richard.parkinson%40ocs.com&type=11&LoginOptions=3&lrt=&lrtPartition=&hisRegion=&hisScaleUnit=&passwd=%5D%7D%40k%7Du_lb%24%3C%2B01P&ps=2&psRNGCDefaultType=&psRNGCEntropy=&psRNGCSLK=&canary=pvLcH4BhZKVHNUF0m
                                            2025-04-02 11:36:32 UTC2812INHTTP/1.1 200 OK
                                            Cache-Control: no-store, no-cache
                                            Pragma: no-cache
                                            Content-Type: text/html; charset=utf-8
                                            Expires: -1
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                            X-Content-Type-Options: nosniff
                                            X-Frame-Options: DENY
                                            Link: <https://aadcdn.msauth.net>; rel=preconnect; crossorigin,<https://aadcdn.msauth.net>; rel=dns-prefetch,<https://aadcdn.msftauth.net>; rel=dns-prefetch
                                            X-DNS-Prefetch-Control: on
                                            P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                            x-ms-request-id: 176758db-cb67-4942-8585-a3f65ea62c00
                                            x-ms-ests-server: 2.1.20393.4 - NEULR1 ProdSlices
                                            report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+san"}]}
                                            nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
                                            x-ms-srs: 1.P
                                            Referrer-Policy: strict-origin-when-cross-origin
                                            Content-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-jb5Jg_FZi--r7M-Dbydelw' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All
                                            X-XSS-Protection: 0
                                            Set-Cookie: esctx-zXREiLAcjLA=; domain=.login.microsoftonline.com; expires=Tue, 01-Apr-2025 11:36:31 GMT; path=/; SameSite=None
                                            Set-Cookie: buid=1.AUcALQ3SmSOJ2EW5rVA4yXWC40xQYEazRXRGpwlxlRprB2MNAQBHAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEgK-bzxq5XdWlJ25CfdrovXMIA1Qi3wnEIjaPsbWNnq7BUCbYW7KPH1qG0lyb7zSMXopIsauB06o7zwF6h3_t4JlgqCV_-_WcQIxoq6yxBNQgAA; expires=Fri, 02-May-2025 11:36:32 GMT; path=/; secure; HttpOnly; SameSite=None
                                            Set-Cookie: esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEPoPnhYXwn_GB4g8a6OOB7SSU3R7H3WEJyXO4BSxGED2o25wM_GnoCY63C4eoVl--IgwWGqgXabBiun5XNYrMEOKTJ0bUhYmOctpAH6GXjBXlWQxx7zdvwMBBWORAbKP1NYV4cGi_Qb35hMC1cVIt3YewAi7LMHh2X1P1YO2SRncgAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
                                            Set-Cookie: esctx-v3VIeL3Y4Yk=AQABCQEAAABVrSpeuWamRam2jAF1XRQEREsUDzMUkOnT6XFciFOSAah4v40gWO9-Hs3B23k8R9IDQCnMJGAB9ajSDub97wP8TNl4oPunhkd2Kxp6IlAQ10O61EJS_YjcC8w_XFiPH_lS0YF2P7bo1ZiUQqK7GtSmeV1PAZuroYAXC6ulYs2tcSAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
                                            Set-Cookie: fpc=Avy6ytys1FBNgMyfsW4Njf6S0IzrAQAAABAYf98OAAAALGRsDAIAAAAkGH_fDgAAAA; expires=Fri, 02-May-2025 11:36:32 GMT; path=/; secure; HttpOnly; SameSite=None
                                            Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
                                            Date: Wed, 02 Apr 2025 11:36:31 GMT
                                            Connection: close
                                            Content-Length: 56864
                                            2025-04-02 11:36:32 UTC13572INData Raw: 0d 0a 0d 0a 3c 21 2d 2d 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 20 2d 2d 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 63 6c 61 73 73 3d 22 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 69 67 6e 20 69 6e 20 74 6f 20 79 6f 75 72 20 61 63 63 6f 75 6e 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20
                                            Data Ascii: ... Copyright (C) Microsoft Corporation. All rights reserved. --><!DOCTYPE html><html dir="ltr" class="" lang="en"><head> <title>Sign in to your account</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
                                            2025-04-02 11:36:32 UTC16384INData Raw: 4f 30 6d 35 4e 6b 6d 7a 61 76 4a 50 37 65 50 78 53 7a 45 41 52 55 52 48 34 6a 67 77 6f 55 72 6d 59 30 69 4c 6d 52 45 63 4f 56 69 56 72 4d 51 6b 55 46 42 78 59 55 4d 4b 44 71 62 6d 5a 58 59 45 64 30 49 67 32 34 4f 48 50 6a 4f 4f 52 2d 48 63 33 36 6e 54 39 59 71 63 41 57 70 77 4d 39 73 49 78 58 6b 34 41 4a 4f 6b 6a 41 42 34 7a 61 45 45 78 59 47 34 53 53 46 51 79 59 46 30 78 43 46 30 41 52 69 6b 68 5a 4d 6b 56 6a 32 34 4f 6e 39 69 39 39 39 63 75 6e 32 39 43 48 70 44 66 36 78 4f 32 39 39 64 65 62 57 6c 66 4b 54 55 77 44 53 5f 4b 42 61 39 65 4e 6a 48 35 6a 41 54 2d 4b 38 45 76 6c 32 6c 75 53 4a 42 79 70 32 45 6c 55 5f 4c 5a 65 76 6c 38 73 5f 6c 38 75 76 62 4f 30 67 4d 49 61 39 75 58 55 75 38 2d 32 70 6d 54 6d 56 31 4d 78 6d 66 70 77 6e 38 63 58 45 7a 75 2d 4b
                                            Data Ascii: O0m5NkmzavJP7ePxSzEARURH4jgwoUrmY0iLmREcOViVrMQkUFBxYUMKDqbmZXYEd0Ig24OHPjOOR-Hc36nT9YqcAWpwM9sIxXk4AJOkjAB4zaEExYG4SSFQyYF0xCF0ARikhZMkVj24On9i999cun29CHpDf6xO299debWlfKTUwDS_KBa9eNjH5jAT-K8Evl2luSJByp2ElU_LZevl8s_l8uvbO0gMIa9uXUu8-2pmTmV1Mxmfpwn8cXEzu-K
                                            2025-04-02 11:36:32 UTC16384INData Raw: 35 57 6e 35 39 44 6d 42 58 48 39 58 71 59 6e 6f 58 51 68 69 46 49 69 31 6f 53 75 6a 6b 6f 51 41 42 72 4c 6b 6a 71 58 31 61 72 74 36 76 56 58 36 72 56 74 5f 59 4f 4d 4a 51 67 33 74 2d 37 6d 6f 66 75 33 4d 36 39 57 6d 62 6e 69 7a 41 74 51 48 6f 44 75 4d 56 44 38 63 32 39 36 78 68 46 65 54 62 72 2d 67 67 64 42 41 35 43 4f 67 30 47 32 59 55 49 45 42 54 7a 62 64 76 46 61 63 64 32 6e 44 74 37 6c 35 56 6d 43 65 66 34 77 77 48 79 63 4f 76 66 32 37 73 51 67 44 79 78 4d 6c 44 41 44 5f 65 5f 4f 56 51 79 50 35 57 38 46 6b 68 54 33 34 57 31 68 7a 49 5f 68 61 48 37 56 30 41 31 42 35 6d 66 77 39 41 76 54 73 79 45 54 38 6e 78 6a 4c 4a 63 72 39 6a 30 33 51 6b 79 4a 42 44 64 35 54 75 79 7a 4e 47 68 50 70 7a 41 75 4b 56 72 70 49 4b 58 59 79 38 61 78 6c 79 76 6c 7a 58 6e 59
                                            Data Ascii: 5Wn59DmBXH9XqYnoXQhiFIi1oSujkoQABrLkjqX1art6vVX6rVt_YOMJQg3t-7mofu3M69WmbnizAtQHoDuMVD8c296xhFeTbr-ggdBA5COg0G2YUIEBTzbdvFacd2nDt7l5VmCef4wwHycOvf27sQgDyxMlDAD_e_OVQyP5W8FkhT34W1hzI_haH7V0A1B5mfw9AvTsyET8nxjLJcr9j03QkyJBDd5TuyzNGhPpzAuKVrpIKXYy8axlyvlzXnY
                                            2025-04-02 11:36:32 UTC10524INData Raw: 6c 65 6e 67 74 68 3b 6e 2b 2b 29 7b 0a 69 66 28 2d 31 21 3d 3d 72 2e 69 6e 64 65 78 4f 66 28 74 5b 6e 5d 29 29 7b 76 61 72 20 6f 3d 74 5b 6e 2b 31 3c 74 2e 6c 65 6e 67 74 68 3f 6e 2b 31 3a 30 5d 2c 69 3d 72 2e 73 75 62 73 74 72 69 6e 67 28 74 5b 6e 5d 2e 6c 65 6e 67 74 68 29 3b 72 65 74 75 72 6e 22 68 74 74 70 73 3a 2f 2f 22 21 3d 3d 74 5b 6e 5d 2e 73 75 62 73 74 72 69 6e 67 28 30 2c 22 68 74 74 70 73 3a 2f 2f 22 2e 6c 65 6e 67 74 68 29 26 26 28 6f 3d 22 68 74 74 70 73 3a 2f 2f 22 2b 6f 2c 69 3d 69 2e 73 75 62 73 74 72 69 6e 67 28 22 68 74 74 70 73 3a 2f 2f 22 2e 6c 65 6e 67 74 68 29 29 2c 6f 2b 69 7d 7d 72 65 74 75 72 6e 20 72 7d 69 66 28 21 28 62 26 26 62 2e 6c 65 6e 67 74 68 3e 31 29 29 7b 72 65 74 75 72 6e 20 72 7d 66 6f 72 28 76 61 72 20 61 3d 30 3b
                                            Data Ascii: length;n++){if(-1!==r.indexOf(t[n])){var o=t[n+1<t.length?n+1:0],i=r.substring(t[n].length);return"https://"!==t[n].substring(0,"https://".length)&&(o="https://"+o,i=i.substring("https://".length)),o+i}}return r}if(!(b&&b.length>1)){return r}for(var a=0;


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            17192.168.2.64976223.55.235.2404431628C:\Program Files\Google\Chrome\Application\chrome.exe
                                            TimestampBytes transferredDirectionData
                                            2025-04-02 11:36:45 UTC450OUTOPTIONS /api/report?catId=GW+estsfd+bno HTTP/1.1
                                            Host: identity.nel.measure.office.net
                                            Connection: keep-alive
                                            Origin: https://autologon.microsoftazuread-sso.com
                                            Access-Control-Request-Method: POST
                                            Access-Control-Request-Headers: content-type
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                            Accept-Encoding: gzip, deflate, br, zstd
                                            Accept-Language: en-US,en;q=0.9
                                            2025-04-02 11:36:45 UTC319INHTTP/1.1 200 OK
                                            Content-Type: text/html
                                            Content-Length: 7
                                            Date: Wed, 02 Apr 2025 11:36:45 GMT
                                            Connection: close
                                            Access-Control-Allow-Headers: content-type
                                            Access-Control-Allow-Credentials: false
                                            Access-Control-Allow-Methods: *
                                            Access-Control-Allow-Methods: GET, OPTIONS, POST
                                            Access-Control-Allow-Origin: *
                                            2025-04-02 11:36:45 UTC7INData Raw: 4f 50 54 49 4f 4e 53
                                            Data Ascii: OPTIONS


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            18192.168.2.64976323.44.201.1724431628C:\Program Files\Google\Chrome\Application\chrome.exe
                                            TimestampBytes transferredDirectionData
                                            2025-04-02 11:36:45 UTC425OUTPOST /api/report?catId=GW+estsfd+bno HTTP/1.1
                                            Host: identity.nel.measure.office.net
                                            Connection: keep-alive
                                            Content-Length: 537
                                            Content-Type: application/reports+json
                                            Origin: https://autologon.microsoftazuread-sso.com
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                            Accept-Encoding: gzip, deflate, br, zstd
                                            Accept-Language: en-US,en;q=0.9
                                            2025-04-02 11:36:45 UTC537OUTData Raw: 5b 7b 22 61 67 65 22 3a 35 35 35 36 37 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 38 30 35 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 6d 69 63 72 6f 73 6f 66 74 6f 6e 6c 69 6e 65 2e 63 6f 6d 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 34 30 2e 31 32 36 2e 32 34 2e 31 34 37 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 31 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d
                                            Data Ascii: [{"age":55567,"body":{"elapsed_time":805,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://login.microsoftonline.com/","sampling_fraction":1.0,"server_ip":"40.126.24.147","status_code":401,"type":"http.error"},"type":"network-
                                            2025-04-02 11:36:48 UTC399INHTTP/1.1 429 Too Many Requests
                                            Content-Length: 0
                                            x-ms-middleware-request-id: 00000000-0000-0000-0000-000000000000
                                            Request-Context: appId=cid-v1:0df9f0fa-2b61-4bcc-8864-10ea6079c765
                                            Date: Wed, 02 Apr 2025 11:36:48 GMT
                                            Connection: close
                                            Access-Control-Allow-Credentials: false
                                            Access-Control-Allow-Methods: *
                                            Access-Control-Allow-Methods: GET, OPTIONS, POST
                                            Access-Control-Allow-Origin: *


                                            020406080s020406080100

                                            Click to jump to process

                                            020406080s0.0050100MB

                                            Click to jump to process

                                            Target ID:1
                                            Start time:07:35:22
                                            Start date:02/04/2025
                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            Wow64 process (32bit):false
                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                                            Imagebase:0x7ff63b000000
                                            File size:3'388'000 bytes
                                            MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:low
                                            Has exited:false

                                            Target ID:4
                                            Start time:07:35:27
                                            Start date:02/04/2025
                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            Wow64 process (32bit):false
                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2056,i,15854164184118796374,10831690738144022138,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2084 /prefetch:3
                                            Imagebase:0x7ff63b000000
                                            File size:3'388'000 bytes
                                            MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:low
                                            Has exited:false

                                            Target ID:11
                                            Start time:07:35:33
                                            Start date:02/04/2025
                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            Wow64 process (32bit):false
                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d99d20d2d-8923-45d8-b9ad-5038c97582e3%26user%3d1e1aadac-fe48-43cc-8022-e2f9bbd92e33%26ticket%3dlLVj1lKTxCDGt1cqkCQXytiMqw4wvbQIxUgS7dyj1lA%25253d%26ver%3d2.0"
                                            Imagebase:0x7ff63b000000
                                            File size:3'388'000 bytes
                                            MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:low
                                            Has exited:true
                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                            No disassembly