Edit tour

Windows Analysis Report
Remittance_Details_#20O8N7B.html

Overview

General Information

Sample name:	Remittance_Details_#20O8N7B.html
Analysis ID:	1500388
MD5:	3f6ed66990c9aee78e69d977ed1b08af
SHA1:	cc02fcad82f5e89da7b8dd8cf3810c65977c67ed
SHA256:	100f7d1187d54a1a1f2e844fb2da594044aa16226f6dfc09730cca2987a26fa6
Infos:

Detection

HTMLPhisher

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected HtmlPhish10

HTML document with suspicious name

HTML document with suspicious title

HTML file submission containing password form

Phishing site detected (based on image similarity)

Phishing site detected (based on logo match)

Detected TCP or UDP traffic on non-standard ports

HTML body contains low number of good links

HTML body contains password input but no form action

HTML title does not match URL

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

None HTTPS page querying sensitive user data (password, username or email)

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6328 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\Remittance_Details_#20O8N7B.html MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6876 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1700,i,8673559452662307826,16057132183390467282,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author	Strings
0.2.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4710Host: login.live.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 403 ForbiddenConnection: closecontent-type: text/htmlcontent-length: 146date: Wed, 28 Aug 2024 09:43:31 GMTstrict-transport-security: max-age=31536000; includeSubDomains; preloadx-frame-options: SAMEORIGINx-content-type-options: nosniffvary: User-Agent,Accept-Encodingalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

Source: chromecache_63.2.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_63.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: Remittance_Details_#20O8N7B.html	String found in binary or memory: https://343618095.zenslim.ru:8443/impact?impact=online.support

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49683 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.124.78.146:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.68:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.124.78.146:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.124.78.146:443 -> 192.168.2.16:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.124.78.146:443 -> 192.168.2.16:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.73.194.208:443 -> 192.168.2.16:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.73.194.208:443 -> 192.168.2.16:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49737 version: TLS 1.2

System Summary

HTML document with suspicious name

Source: Name includes: Remittance_Details_#20O8N7B.html

Initial sample: remit

Source: classification engine

Classification label: mal68.phis.winHTML@15/17@14/8

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\Remittance_Details_#20O8N7B.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1700,i,8673559452662307826,16057132183390467282,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1700,i,8673559452662307826,16057132183390467282,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Stealing of Sensitive Information

HTML file submission containing password form

Source: file:///C:/Users/user/Desktop/Remittance_Details_%2320O8N7B.html

HTTP Parser: file:///C:/Users/user/Desktop/Remittance_Details_%2320O8N7B.html

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	5 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	3 Ingress Tool Transfer	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
http://fontawesome.io	0%	URL Reputation	safe
https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg	0%	URL Reputation	safe
https://www.w3schools.com/w3css/4/w3.css	0%	URL Reputation	safe
http://fontawesome.io/license	0%	URL Reputation	safe
file:///C:/Users/user/Desktop/Remittance_Details_%2320O8N7B.html	0%	Avira URL Cloud	safe
https://343618095.zenslim.ru:8443/impact?impact=online.support	0%	Avira URL Cloud	safe
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css	0%	Avira URL Cloud	safe
https://kasumbo.com/smarty/xls_v1.6/tail-spin.svg	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
343618095.zenslim.ru	188.114.96.3	true	false	unknown
kasumbo.com	108.178.43.142	true	false	unknown
cs837.wac.edgecastcdn.net	192.229.133.221	true	false	unknown
cdnjs.cloudflare.com	104.17.24.14	true	false	unknown
sni1gl.wpc.omegacdn.net	152.199.21.175	true	false	unknown
www.google.com	216.58.212.164	true	false	unknown
_8443._https.343618095.zenslim.ru	unknown	unknown	false	unknown
aadcdn.msftauth.net	unknown	unknown	false	unknown
www.w3schools.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg	false	URL Reputation: safe	unknown
https://kasumbo.com/smarty/xls_v1.6/tail-spin.svg	false	Avira URL Cloud: safe	unknown
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css	false	Avira URL Cloud: safe	unknown
file:///C:/Users/user/Desktop/Remittance_Details_%2320O8N7B.html	true	Avira URL Cloud: safe	unknown
https://www.w3schools.com/w3css/4/w3.css	false	URL Reputation: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://fontawesome.io	chromecache_63.2.dr	false	URL Reputation: safe	unknown
https://343618095.zenslim.ru:8443/impact?impact=online.support	Remittance_Details_#20O8N7B.html	false	Avira URL Cloud: safe	unknown
http://fontawesome.io/license	chromecache_63.2.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.17.24.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
216.58.212.164	www.google.com	United States	15169	GOOGLEUS	false
192.229.133.221	cs837.wac.edgecastcdn.net	United States	15133	EDGECASTUS	false
108.178.43.142	kasumbo.com	United States	32475	SINGLEHOP-LLCUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
188.114.96.3	343618095.zenslim.ru	European Union	13335	CLOUDFLARENETUS	false
152.199.21.175	sni1gl.wpc.omegacdn.net	United States	15133	EDGECASTUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1500388
Start date and time:	2024-08-28 11:42:54 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 6s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Remittance_Details_#20O8N7B.html
Detection:	MAL
Classification:	mal68.phis.winHTML@15/17@14/8
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .html

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.67, 142.250.185.206, 74.125.206.84, 34.104.35.123, 216.58.212.170, 172.217.18.10, 142.250.184.202, 142.250.185.106, 142.250.185.74, 172.217.16.202, 142.250.186.106, 216.58.212.138, 172.217.23.106, 142.250.74.202, 216.58.206.42, 216.58.206.74, 142.250.186.138, 142.250.186.42, 172.217.18.106, 172.217.16.138, 142.250.184.227, 142.250.74.206
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, settings-win.data.microsoft.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, t-ring-fallback-s2.msedge.net, clients2.google.com, edgedl.me.gvt1.com, login.live.com, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.17.24.14	http://vtaurl.com	Get hash	malicious	Unknown	Browse	cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/fa-brands-400.woff2
104.17.24.14	http://Voyages.CNTraveler.com	Get hash	malicious	Unknown	Browse	cdnjs.cloudflare.com/ajax/libs/ScrollMagic/2.0.5/plugins/animation.gsap.js
239.255.255.250	https://s3.amazonaws.com/i0a07640/3/reschedule8.htm	Get hash	malicious	Unknown	Browse
	UploadCustomersTemplate(2).xlsm	Get hash	malicious	Unknown	Browse
	UploadCustomersTemplate(2).xlsm	Get hash	malicious	Unknown	Browse
	https://en.aiacademy.tw	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	https://dropbox-files-online.tiiny.site/?token=69090208-80b8-4346-ad00-dfe054582d02=&ci=example@domain.com	Get hash	malicious	HTMLPhisher	Browse
	https://emea.dcv.ms/haHCQHi4RD	Get hash	malicious	HTMLPhisher	Browse
	https://iv1tm.ykrbkt.ru/iV1TM/#hans.wurst@us.com	Get hash	malicious	HTMLPhisher	Browse
	https://aka.ms/LearnAboutSenderIdentification	Get hash	malicious	HTMLPhisher	Browse
	file.exe	Get hash	malicious	Unknown	Browse
192.229.133.221	Status Update ECKY2.html	Get hash	malicious	Unknown	Browse
	original (3).eml	Get hash	malicious	Unknown	Browse
	Status Update T2LIK.html	Get hash	malicious	Unknown	Browse
	Feature Status Update WDWRN.html	Get hash	malicious	Unknown	Browse
	Feature Status Update D583R.html	Get hash	malicious	Unknown	Browse
	https://odyqreazchfhphegqov.medtourindia.ru:8443/impact?impact=reachus	Get hash	malicious	HTMLPhisher	Browse
	https://urumltygvfesfgswiin.medtourindia.ru:8443/impact?impact=info	Get hash	malicious	HTMLPhisher	Browse
	Status Update C7PVO.html	Get hash	malicious	Unknown	Browse
	Status Update 02TZU.html	Get hash	malicious	Unknown	Browse
	Re_ E-Transfer Receipt - Transaction Successful, INV#[53-ZMVGT].eml	Get hash	malicious	Unknown	Browse
108.178.43.142	Status Update ECKY2.html	Get hash	malicious	Unknown	Browse
	original (3).eml	Get hash	malicious	Unknown	Browse
	Status Update T2LIK.html	Get hash	malicious	Unknown	Browse
	Feature Status Update WDWRN.html	Get hash	malicious	Unknown	Browse
	Feature Status Update D583R.html	Get hash	malicious	Unknown	Browse
	https://odyqreazchfhphegqov.medtourindia.ru:8443/impact?impact=reachus	Get hash	malicious	HTMLPhisher	Browse
	https://urumltygvfesfgswiin.medtourindia.ru:8443/impact?impact=info	Get hash	malicious	HTMLPhisher	Browse
	Status Update C7PVO.html	Get hash	malicious	Unknown	Browse
	Status Update 02TZU.html	Get hash	malicious	Unknown	Browse
	Re_ E-Transfer Receipt - Transaction Successful, INV#[53-ZMVGT].eml	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
kasumbo.com	Status Update ECKY2.html	Get hash	malicious	Unknown	Browse	108.178.43.142
	original (3).eml	Get hash	malicious	Unknown	Browse	108.178.43.142
	Status Update T2LIK.html	Get hash	malicious	Unknown	Browse	108.178.43.142
	Feature Status Update WDWRN.html	Get hash	malicious	Unknown	Browse	108.178.43.142
	Feature Status Update D583R.html	Get hash	malicious	Unknown	Browse	108.178.43.142
	https://odyqreazchfhphegqov.medtourindia.ru:8443/impact?impact=reachus	Get hash	malicious	HTMLPhisher	Browse	108.178.43.142
	https://urumltygvfesfgswiin.medtourindia.ru:8443/impact?impact=info	Get hash	malicious	HTMLPhisher	Browse	108.178.43.142
	Status Update C7PVO.html	Get hash	malicious	Unknown	Browse	108.178.43.142
	Status Update 02TZU.html	Get hash	malicious	Unknown	Browse	108.178.43.142
	Re_ E-Transfer Receipt - Transaction Successful, INV#[53-ZMVGT].eml	Get hash	malicious	Unknown	Browse	108.178.43.142
cs837.wac.edgecastcdn.net	Status Update ECKY2.html	Get hash	malicious	Unknown	Browse	192.229.133.221
	original (3).eml	Get hash	malicious	Unknown	Browse	192.229.133.221
	Status Update T2LIK.html	Get hash	malicious	Unknown	Browse	192.229.133.221
	Feature Status Update WDWRN.html	Get hash	malicious	Unknown	Browse	192.229.133.221
	Feature Status Update D583R.html	Get hash	malicious	Unknown	Browse	192.229.133.221
	https://odyqreazchfhphegqov.medtourindia.ru:8443/impact?impact=reachus	Get hash	malicious	HTMLPhisher	Browse	192.229.133.221
	https://urumltygvfesfgswiin.medtourindia.ru:8443/impact?impact=info	Get hash	malicious	HTMLPhisher	Browse	192.229.133.221
	Status Update C7PVO.html	Get hash	malicious	Unknown	Browse	192.229.133.221
	Status Update 02TZU.html	Get hash	malicious	Unknown	Browse	192.229.133.221
	Re_ E-Transfer Receipt - Transaction Successful, INV#[53-ZMVGT].eml	Get hash	malicious	Unknown	Browse	192.229.133.221
sni1gl.wpc.omegacdn.net	https://aka.ms/LearnAboutSenderIdentification	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	https://my-apps-885d2a67.azurewebsites.net	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	https://aka.ms/LearnAboutSenderIdentification	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	Madisonwellsmedia546.pdf	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	http://esc-dot-wind-blade-416540.uk.r.appspot.com	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	https://www.dropbox.com/scl/fi/divczsjhc8wrt1wb18r2b/AT-Society-Directory.docx?rlkey=sjkzm3g8jkcekmsxm460sja78&st=r52leq64&dl=0	Get hash	malicious	HTMLPhisher, ReCaptcha Phish	Browse	152.199.21.175
	https://support.microsoft.com/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	https://www.google.com.uy/url?q=//www.google.tn/amp/s/2kk8g.ubpages.com/ca10b7ff663b7dafeisla8zrrihpgxhbip2lby0aqo	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	https://aka.ms/LearnAboutSenderIdentification	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	virus total.pdf	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
cdnjs.cloudflare.com	https://en.aiacademy.tw	Get hash	malicious	Unknown	Browse	104.17.24.14
	http://tekrollindustrial.com.br/wp-includes/kr.html#kh.jang@hyundaimovex.com	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	https://www.wpspublish.com/customer/account/createPassword/?id=28732&token=k5FPAv4ZQlJ0DbFv9HIliRQV9FN7ztvs	Get hash	malicious	Unknown	Browse	104.17.24.14
	http://wpspublish.com	Get hash	malicious	Unknown	Browse	104.17.24.14
	http://pub-78727057140540a199a7e00bf238a392.r2.dev/index.html	Get hash	malicious	Unknown	Browse	104.17.24.14
	https://hamimtalukdar.github.io/Facebook-Login-To-Link	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	http://pub-85c8ac492a5e41d7b0fad25337aa69f6.r2.dev/index.html	Get hash	malicious	Unknown	Browse	104.17.25.14
	http://autoiothiatowers.web.app/0.05389702077273273	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	http://pub-4fc2ac5871b646109dbe90ceb8933125.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	http://pub-21c884f4185d4edab04434d00584ab27.r2.dev/index.html	Get hash	malicious	Unknown	Browse	104.17.25.14

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
SINGLEHOP-LLCUS	Status Update ECKY2.html	Get hash	malicious	Unknown	Browse	108.178.43.142
	original (3).eml	Get hash	malicious	Unknown	Browse	108.178.43.142
	Status Update T2LIK.html	Get hash	malicious	Unknown	Browse	108.178.43.142
	Feature Status Update WDWRN.html	Get hash	malicious	Unknown	Browse	108.178.43.142
	Feature Status Update D583R.html	Get hash	malicious	Unknown	Browse	108.178.43.142
	Quotation-27-08-24.exe	Get hash	malicious	FormBook	Browse	172.96.186.147
	https://odyqreazchfhphegqov.medtourindia.ru:8443/impact?impact=reachus	Get hash	malicious	HTMLPhisher	Browse	108.178.43.142
	https://urumltygvfesfgswiin.medtourindia.ru:8443/impact?impact=info	Get hash	malicious	HTMLPhisher	Browse	108.178.43.142
	Status Update C7PVO.html	Get hash	malicious	Unknown	Browse	108.178.43.142
	Status Update 02TZU.html	Get hash	malicious	Unknown	Browse	108.178.43.142
CLOUDFLARENETUS	Rebina.exe	Get hash	malicious	LummaC	Browse	104.21.66.182
	setup.exe	Get hash	malicious	LummaC	Browse	104.21.42.119
	Payment Details.exe	Get hash	malicious	FormBook	Browse	104.21.72.245
	https://en.aiacademy.tw	Get hash	malicious	Unknown	Browse	104.17.24.14
	file.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	https://emea.dcv.ms/haHCQHi4RD	Get hash	malicious	HTMLPhisher	Browse	188.114.96.3
	https://iv1tm.ykrbkt.ru/iV1TM/#hans.wurst@us.com	Get hash	malicious	HTMLPhisher	Browse	172.67.153.202
	https://aka.ms/LearnAboutSenderIdentification	Get hash	malicious	HTMLPhisher	Browse	104.18.36.155
	file.exe	Get hash	malicious	Unknown	Browse	188.114.96.3
	file.exe	Get hash	malicious	Unknown	Browse	188.114.96.3
CLOUDFLARENETUS	Rebina.exe	Get hash	malicious	LummaC	Browse	104.21.66.182
	setup.exe	Get hash	malicious	LummaC	Browse	104.21.42.119
	Payment Details.exe	Get hash	malicious	FormBook	Browse	104.21.72.245
	https://en.aiacademy.tw	Get hash	malicious	Unknown	Browse	104.17.24.14
	file.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	https://emea.dcv.ms/haHCQHi4RD	Get hash	malicious	HTMLPhisher	Browse	188.114.96.3
	https://iv1tm.ykrbkt.ru/iV1TM/#hans.wurst@us.com	Get hash	malicious	HTMLPhisher	Browse	172.67.153.202
	https://aka.ms/LearnAboutSenderIdentification	Get hash	malicious	HTMLPhisher	Browse	104.18.36.155
	file.exe	Get hash	malicious	Unknown	Browse	188.114.96.3
	file.exe	Get hash	malicious	Unknown	Browse	188.114.96.3
EDGECASTUS	https://emea.dcv.ms/haHCQHi4RD	Get hash	malicious	HTMLPhisher	Browse	152.199.21.118
	https://aka.ms/LearnAboutSenderIdentification	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	file.exe	Get hash	malicious	Unknown	Browse	152.195.19.97
	https://my-apps-885d2a67.azurewebsites.net	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	file.exe	Get hash	malicious	Unknown	Browse	152.195.19.97
	file.exe	Get hash	malicious	Unknown	Browse	152.195.19.97
	file.exe	Get hash	malicious	Unknown	Browse	152.195.19.97
	file.exe	Get hash	malicious	Unknown	Browse	152.195.19.97
	https://emea.dcv.ms/haHCQHi4RD	Get hash	malicious	HTMLPhisher	Browse	152.199.21.118
	https://mellifluous-squirrel-aca5c4.netlify.app/	Get hash	malicious	Unknown	Browse	93.184.221.165
EDGECASTUS	https://emea.dcv.ms/haHCQHi4RD	Get hash	malicious	HTMLPhisher	Browse	152.199.21.118
	https://aka.ms/LearnAboutSenderIdentification	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	file.exe	Get hash	malicious	Unknown	Browse	152.195.19.97
	https://my-apps-885d2a67.azurewebsites.net	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	file.exe	Get hash	malicious	Unknown	Browse	152.195.19.97
	file.exe	Get hash	malicious	Unknown	Browse	152.195.19.97
	file.exe	Get hash	malicious	Unknown	Browse	152.195.19.97
	file.exe	Get hash	malicious	Unknown	Browse	152.195.19.97
	https://emea.dcv.ms/haHCQHi4RD	Get hash	malicious	HTMLPhisher	Browse	152.199.21.118
	https://mellifluous-squirrel-aca5c4.netlify.app/	Get hash	malicious	Unknown	Browse	93.184.221.165

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	https://s3.amazonaws.com/i0a07640/3/reschedule8.htm	Get hash	malicious	Unknown	Browse	13.85.23.86 20.73.194.208 204.79.197.222 204.79.197.200 40.126.32.68 51.124.78.146 184.28.90.27
	UploadCustomersTemplate(2).xlsm	Get hash	malicious	Unknown	Browse	13.85.23.86 20.73.194.208 204.79.197.222 204.79.197.200 40.126.32.68 51.124.78.146 184.28.90.27
	SharkHCShark.exe	Get hash	malicious	PureLog Stealer, zgRAT	Browse	13.85.23.86 20.73.194.208 204.79.197.222 204.79.197.200 40.126.32.68 51.124.78.146 184.28.90.27
	UploadCustomersTemplate(2).xlsm	Get hash	malicious	Unknown	Browse	13.85.23.86 20.73.194.208 204.79.197.222 204.79.197.200 40.126.32.68 51.124.78.146 184.28.90.27
	https://en.aiacademy.tw	Get hash	malicious	Unknown	Browse	13.85.23.86 20.73.194.208 204.79.197.222 204.79.197.200 40.126.32.68 51.124.78.146 184.28.90.27
	file.exe	Get hash	malicious	Unknown	Browse	13.85.23.86 20.73.194.208 204.79.197.222 204.79.197.200 40.126.32.68 51.124.78.146 184.28.90.27
	https://dropbox-files-online.tiiny.site/?token=69090208-80b8-4346-ad00-dfe054582d02=&ci=example@domain.com	Get hash	malicious	HTMLPhisher	Browse	13.85.23.86 20.73.194.208 204.79.197.222 204.79.197.200 40.126.32.68 51.124.78.146 184.28.90.27
	https://emea.dcv.ms/haHCQHi4RD	Get hash	malicious	HTMLPhisher	Browse	13.85.23.86 20.73.194.208 204.79.197.222 204.79.197.200 40.126.32.68 51.124.78.146 184.28.90.27
	https://aka.ms/LearnAboutSenderIdentification	Get hash	malicious	HTMLPhisher	Browse	13.85.23.86 20.73.194.208 204.79.197.222 204.79.197.200 40.126.32.68 51.124.78.146 184.28.90.27
	file.exe	Get hash	malicious	Unknown	Browse	13.85.23.86 20.73.194.208 204.79.197.222 204.79.197.200 40.126.32.68 51.124.78.146 184.28.90.27

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Aug 28 08:43:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9789168826520633
Encrypted:	false
SSDEEP:	48:8Kp/QdgTEg/HiidAKZdA1FehwiZUklqehey+3:8k7P4ty
MD5:	A627EC637740FF945765D482A7717EFF
SHA1:	D4AC4B50B459AD56956F7A15F47546D54AC24959
SHA-256:	E60E04FC0C5EA17C7224C4BDF5B52BAEB4F04CC702A481B68FEB7111F82263FE
SHA-512:	E4D0849AF7AFCFB7757BBAE483D17A96B2C7FB3113CF22799594AE9D41F3DDF3A8A5087AA651C114A0649B84AAFF223886D337355192060BE011EF61E95EEAC4
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....e......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.YcM....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.YmM....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.YmM....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.YmM..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.YnM...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........q5.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Aug 28 08:43:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.997541168787547
Encrypted:	false
SSDEEP:	48:8Ap/QdgTEg/HiidAKZdA1seh/iZUkAQkqehdy+2:8q7PO9Q0y
MD5:	265FDCE6685A4B5C5D134ACF8A85A34F
SHA1:	CEF99054878EB160F60FAF6F6547BFF1753090F1
SHA-256:	28A0AD804A742A52015668B46D73AD274EF20C75968D113E088266CFD56AFDD8
SHA-512:	250955E802517367257EA75DBD53A4B5AF8E99E6148F47043C337E2055738BE2E804762188D11E0F1EF40B68FB46AF90F01BFAAD13C0C89773DE673A6893ADA7
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,...........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.YcM....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.YmM....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.YmM....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.YmM..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.YnM...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........q5.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.006033139387608
Encrypted:	false
SSDEEP:	48:86/QdgTEgAHiidAKZdA14meh7sFiZUkmgqeh7s7y+BX:8a7PrnRy
MD5:	03756583D9FB24EAA7B16431269111F2
SHA1:	5BFA54AFA7BC1EEE96FE81ACF1D61540FF0E142C
SHA-256:	F1B17C84A27AFE4D62EB771CD9CC9A51FF51741CDDAC1E81F5086325B13256E7
SHA-512:	92C203B7D1563D57AF19672DBE40017549D03C20811E8E605A9A70E3192D9E7C0E8FDC38928F5F2CF3F84A72FD0B15C3B1542277AD3311AAA05F3D453E017671
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.YcM....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.YmM....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.YmM....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.YmM..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........q5.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Aug 28 08:43:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9951536155680603
Encrypted:	false
SSDEEP:	48:8ip/QdgTEg/HiidAKZdA1TehDiZUkwqehZy+R:8s7Pljy
MD5:	3BB6C4CC732C47CA55296753EEBDAEA5
SHA1:	8D8BDF138C40CCDBAEDFD2E179D2CE20963659E3
SHA-256:	CBE8BFD4C04EA308A0A5A2B373964228C8A85C3DF6DA519EA0CBA95330A7A4BF
SHA-512:	2FB3236AFDE7D9DAD82679D7C714DA9B494E00A9A136C0FCDEB24A150BED4118E7D9E24C78B86CC1AB841168A9A521C3C8F957A4DCC6B3BF267F6013C21475E4
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....q$......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.YcM....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.YmM....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.YmM....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.YmM..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.YnM...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........q5.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Aug 28 08:43:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.983676800265507
Encrypted:	false
SSDEEP:	48:8ep/QdgTEg/HiidAKZdA1dehBiZUk1W1qeh/y+C:8w7PV9fy
MD5:	21E7DA44FF8B5044574102CCCFC45699
SHA1:	9EAB5909FA42A497F3ABAC81C2EEA99D1B29E754
SHA-256:	84B836B940A2637829DD78A4BEEBF3230E2DBA4EAF5C7B05F12EDACBF3B299C1
SHA-512:	AA9F3166E600163DB71558A8FEB84CB375F1765170514D30D07E5CCDC8F3A51AE5BA17DE3B82D99DE2BFC8C7D9C11A5AC266A3E271C7A78DFBE23BC0558D405E
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,...........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.YcM....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.YmM....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.YmM....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.YmM..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.YnM...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........q5.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Aug 28 08:43:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.991727133456276
Encrypted:	false
SSDEEP:	48:8Rp/QdgTEg/HiidAKZdA1duTeehOuTbbiZUk5OjqehOuTbRy+yT+:8v7PdTfTbxWOvTbRy7T
MD5:	AD3D631BD5E2E52E04239CD1069821EF
SHA1:	7CBCAFB359D13063A4DA673D3A9DCF765B4560F5
SHA-256:	E6D234ACEBFE4B843AFF01FF5A0777BA770D9559FFBEEB65DC66627CC6B17E6A
SHA-512:	C14DE54EF854072E1D7A1C484DCD24E40472CF1E8397179AFD5256520769BF2A3BCD51C813C61887F00DBDE179FBC63E0E85DE234CDBB40721214FFF8FE8ADC8
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....V.......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.YcM....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.YmM....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.YmM....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.YmM..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.YnM...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........q5.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 63

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (30837)
Category:	downloaded
Size (bytes):	31000
Entropy (8bit):	4.746143404849733
Encrypted:	false
SSDEEP:	384:wHu5yWeTUKW+KlkJ5de2UYDyVfwYUas2l8yQ/8dwmaU8G:wwlr+Klk3Yi+fwYUf2l8yQ/e9vf
MD5:	269550530CC127B6AA5A35925A7DE6CE
SHA1:	512C7D79033E3028A9BE61B540CF1A6870C896F8
SHA-256:	799AEB25CC0373FDEE0E1B1DB7AD6C2F6A0E058DFADAA3379689F583213190BD
SHA-512:	49F4E24E55FA924FAA8AD7DEBE5FFB2E26D439E25696DF6B6F20E7F766B50EA58EC3DBD61B6305A1ACACD2C80E6E659ACCEE4140F885B9C9E71008E9001FBF4B
Malicious:	false
Reputation:	high, very likely benign file
URL:	https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
Preview:	/!. Font Awesome 4.7.0 by @davegandy - http://fontawesome.io - @fontawesome. * License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License). */@font-face{font-family:'FontAwesome';src:url('../fonts/fontawesome-webfont.eot?v=4.7.0');src:url('../fonts/fontawesome-webfont.eot?#iefix&v=4.7.0') format('embedded-opentype'),url('../fonts/fontawesome-webfont.woff2?v=4.7.0') format('woff2'),url('../fonts/fontawesome-webfont.woff?v=4.7.0') format('woff'),url('../fonts/fontawesome-webfont.ttf?v=4.7.0') format('truetype'),url('../fonts/fontawesome-webfont.svg?v=4.7.0#fontawesomeregular') format('svg');font-weight:normal;font-style:normal}.fa{display:inline-block;font:normal normal normal 14px/1 FontAwesome;font-size:inherit;text-rendering:auto;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.fa-lg{font-size:1.33333333em;line-height:.75em;vertical-align:-15%}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-fw{width:1.

Chrome Cache Entry: 64

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	3651
Entropy (8bit):	4.094801914706141
Encrypted:	false
SSDEEP:	96:wO4DZ+Stb/jY+eo4hAryAes9mBYYQgWLDm9:wToSBjlevudl9nO
MD5:	EE5C8D9FB6248C938FD0DC19370E90BD
SHA1:	D01A22720918B781338B5BBF9202B241A5F99EE4
SHA-256:	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
SHA-512:	C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
Malicious:	false
Reputation:	high, very likely benign file
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 (with BOM) text
Category:	downloaded
Size (bytes):	23427
Entropy (8bit):	5.112735417225198
Encrypted:	false
SSDEEP:	384:1HHLO7eS0F4bBY/fn6jZcy9/cGK1q8CarY64Cb+dOy:1HHCLYXfl1q8CarY64Cb+dl
MD5:	BA0537E9574725096AF97C27D7E54F76
SHA1:	BD46B47D74D344F435B5805114559D45979762D5
SHA-256:	4A7611BC677873A0F87FE21727BC3A2A43F57A5DED3B10CE33A0F371A2E6030F
SHA-512:	FC43F1A6B95E1CE005A8EFCDB0D38DF8CC12189BEAC18099FD97C278D254D5DA4C24556BD06515D9D6CA495DDB630A052AEFC0BB73D6ED15DEBC0FB1E8E208E7
Malicious:	false
URL:	https://www.w3schools.com/w3css/4/w3.css
Preview:	./* W3.CSS 4.15 December 2020 by Jan Egil and Borge Refsnes /.html{box-sizing:border-box},:before,:after{box-sizing:inherit}./* Extract from normalize.css by Nicolas Gallagher and Jonathan Neal git.io/normalize */.html{-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}.article,aside,details,figcaption,figure,footer,header,main,menu,nav,section{display:block}summary{display:list-item}.audio,canvas,progress,video{display:inline-block}progress{vertical-align:baseline}.audio:not([controls]){display:none;height:0}[hidden],template{display:none}.a{background-color:transparent}a:active,a:hover{outline-width:0}.abbr[title]{border-bottom:none;text-decoration:underline;text-decoration:underline dotted}.b,strong{font-weight:bolder}dfn{font-style:italic}mark{background:#ff0;color:#000}.small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}.sub{bottom:-0.25em}sup{top:-0.5em}figure{margin:1em 40px}img{border-style:none}.code,kbd,p

Chrome Cache Entry: 66

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	28
Entropy (8bit):	4.110577243331642
Encrypted:	false
SSDEEP:	3:DoyCIkYn:My7R
MD5:	86D2F51458C74E8CA9C547F8760B477B
SHA1:	028E46314FBD5C2C075D852B8100E85D9595F7FB
SHA-256:	32F02AC3C8E348CEB77C79A838ECF87FDA43EDA01446E26EC569816F0976D814
SHA-512:	C404F69390FCD86A1DC4D4A4BA5B138EFA164290FD6A65D2A1511E49A9F7D96A8CE15BEBA81DF4DA605DC8CF8B4A6130B256C14DF23FD5590DEADD7CFAE5A466
Malicious:	false
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwmdgwHNQusi4BIFDTAIpukSBQ14RS7i?alt=proto
Preview:	ChIKBw0wCKbpGgAKBw14RS7iGgA=

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	3651
Entropy (8bit):	4.094801914706141
Encrypted:	false
SSDEEP:	96:wO4DZ+Stb/jY+eo4hAryAes9mBYYQgWLDm9:wToSBjlevudl9nO
MD5:	EE5C8D9FB6248C938FD0DC19370E90BD
SHA1:	D01A22720918B781338B5BBF9202B241A5F99EE4
SHA-256:	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
SHA-512:	C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
Malicious:	false
URL:	https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

Chrome Cache Entry: 68

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	downloaded
Size (bytes):	55346
Entropy (8bit):	7.992012499711877
Encrypted:	true
SSDEEP:	1536:hYkcv1BVfDQL63mcAZ6zb6jtLeqCdyJUos9:hWfLOMv6QqCdyK1
MD5:	4D9A705928245542662679435ACBE743
SHA1:	2D8C709715421A7F18F9714854846B115ECDAB6A
SHA-256:	E60F37CB210A4DF6592832BECBDA9C39BDC4BC9D53EC4D3AEC160398068CFA37
SHA-512:	1B7D85D437695C96200A3FCCB5DBBCFC902802E31A55ACC31D593B113BBF6CD03D94D60ACBEF16BBE844F5C3A8DF5B13F71A15E190AE088064BEEFF4519B8423
Malicious:	false
URL:	https://343618095.zenslim.ru:8443/impact?impact=online.support@icomera.com
Preview:	c....QM..@#e......oy.w.g.[.3x.U$..G......=...!.u $.F~............h..}.9l.^...h.."..t,...a`Q.dC.M..)9,2....3.....#.g.S..yX..9..Qn.$..yJx...O{.x...D....=F....K.....!...y..SeQ.....s@.2<....#.B.F.`.+......3}J..%Y6...2.?....a.m.e..c.kc.8..........O.%..4.Q..`[..M.!m...Ra&UB".e.w+..........c.R.p.R..@.....R)bm.`2.!..$....qD.)..I.....N.E.G.P.^.5~.>.W.U.+.j..}...=........A.9.g..[.).....$..G>.C.F.2.g.[..X..j..<.....c.:....~..w.[.u..P..h....M..x~....'.&..Wx~.,X?\|..NL....%....&lH...x........U..A.(...l..........`.y..*...}y;'.<..HT>L.p~$.U.S{.-......I...<8.. ..Eh>..e.gYP9.k.;..v..".........G3.M.&.\|.).o....i.LV.'...._...--.H.}x.0Fx>/.....s.j.V..7..S..[f..jt.....d.Vj..lGZV....4Q......@gs...n..,..6......x.....w6..;.......f.v.^....s..........o....../..F..E..U.wj..+._.....9.0..?........b....~.>...1...q.....5.?...z..W..!...p.....Z..a..0......v...8...K0..S.y.!......?2.0...:..W......t3o...7{5..%..]t...#...C...u...e.Cg......_......a[.#4......,.6K..1;..CP..c..

Static File Info

General

File type:	HTML document, ASCII text, with CRLF line terminators
Entropy (8bit):	4.465168652394784
TrID:	HyperText Markup Language (15015/1) 20.56% HyperText Markup Language (12001/1) 16.44% HyperText Markup Language (12001/1) 16.44% HyperText Markup Language (11501/1) 15.75% HyperText Markup Language (11501/1) 15.75%
File name:	Remittance_Details_#20O8N7B.html
File size:	4'020 bytes
MD5:	3f6ed66990c9aee78e69d977ed1b08af
SHA1:	cc02fcad82f5e89da7b8dd8cf3810c65977c67ed
SHA256:	100f7d1187d54a1a1f2e844fb2da594044aa16226f6dfc09730cca2987a26fa6
SHA512:	1481aadc6d7bcc33855c8d5ecb24ff6f9a9ebf8f52687244d579d22c277c185776333a89b8b8433d9c4ef67a57bd2398569757ce2eb3fff935508d8095e46309
SSDEEP:	48:tJdO7QQ5lZ98F2UtI9XYlkeyWveCJzxQl9yD3HPYQUJVNkquP7mAhyUDEqY0lJSh:LKWFg9YlAWveCJalQr577hyUDPHSYrOl
TLSH:	14815125928250105673C3652FB67A08EA6BC5076742518A7EDC935F4FF37C1C8A3BDC
File Content Preview:	<!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <title>Remittance_Details_071005551682 #797686418397</title>.. <style>.. /* Basic styling rese

File Icon


Icon Hash:	173149cccc490307

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 28, 2024 11:43:26.971162081 CEST	49673	443	192.168.2.16	204.79.197.203
Aug 28, 2024 11:43:27.285485983 CEST	49673	443	192.168.2.16	204.79.197.203
Aug 28, 2024 11:43:27.890518904 CEST	49673	443	192.168.2.16	204.79.197.203
Aug 28, 2024 11:43:29.096553087 CEST	49673	443	192.168.2.16	204.79.197.203
Aug 28, 2024 11:43:29.466931105 CEST	49689	80	192.168.2.16	192.229.211.108
Aug 28, 2024 11:43:29.991101980 CEST	49711	8443	192.168.2.16	188.114.96.3
Aug 28, 2024 11:43:29.996068954 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:29.996227026 CEST	49711	8443	192.168.2.16	188.114.96.3
Aug 28, 2024 11:43:29.996509075 CEST	49711	8443	192.168.2.16	188.114.96.3
Aug 28, 2024 11:43:30.001414061 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:30.443892002 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:30.443984032 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:30.444044113 CEST	49711	8443	192.168.2.16	188.114.96.3
Aug 28, 2024 11:43:30.446890116 CEST	49711	8443	192.168.2.16	188.114.96.3
Aug 28, 2024 11:43:30.447139025 CEST	49711	8443	192.168.2.16	188.114.96.3
Aug 28, 2024 11:43:30.447360992 CEST	49711	8443	192.168.2.16	188.114.96.3
Aug 28, 2024 11:43:30.451873064 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:30.451894045 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:30.452212095 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:30.540695906 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:30.541038036 CEST	49711	8443	192.168.2.16	188.114.96.3
Aug 28, 2024 11:43:30.548722982 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:30.811742067 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:30.863574982 CEST	49711	8443	192.168.2.16	188.114.96.3
Aug 28, 2024 11:43:30.940509081 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:30.979135990 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:30.979171038 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:30.979182959 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:30.979217052 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:30.979228973 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:30.979254007 CEST	49711	8443	192.168.2.16	188.114.96.3
Aug 28, 2024 11:43:30.979279041 CEST	49711	8443	192.168.2.16	188.114.96.3
Aug 28, 2024 11:43:30.979316950 CEST	49711	8443	192.168.2.16	188.114.96.3
Aug 28, 2024 11:43:30.979532003 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:30.979577065 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:30.979588985 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:30.979621887 CEST	49711	8443	192.168.2.16	188.114.96.3
Aug 28, 2024 11:43:30.979707003 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:30.979717970 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:30.979746103 CEST	49711	8443	192.168.2.16	188.114.96.3
Aug 28, 2024 11:43:30.984144926 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:30.984158993 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:30.984175920 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:30.984211922 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:30.984217882 CEST	49711	8443	192.168.2.16	188.114.96.3
Aug 28, 2024 11:43:30.984225035 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:30.984282017 CEST	49711	8443	192.168.2.16	188.114.96.3
Aug 28, 2024 11:43:31.004395008 CEST	49712	443	192.168.2.16	192.229.133.221
Aug 28, 2024 11:43:31.004419088 CEST	443	49712	192.229.133.221	192.168.2.16
Aug 28, 2024 11:43:31.004503965 CEST	49712	443	192.168.2.16	192.229.133.221
Aug 28, 2024 11:43:31.004719019 CEST	49712	443	192.168.2.16	192.229.133.221
Aug 28, 2024 11:43:31.004729986 CEST	443	49712	192.229.133.221	192.168.2.16
Aug 28, 2024 11:43:31.005143881 CEST	49713	443	192.168.2.16	104.17.24.14
Aug 28, 2024 11:43:31.005181074 CEST	443	49713	104.17.24.14	192.168.2.16
Aug 28, 2024 11:43:31.005249977 CEST	49713	443	192.168.2.16	104.17.24.14
Aug 28, 2024 11:43:31.005461931 CEST	49713	443	192.168.2.16	104.17.24.14
Aug 28, 2024 11:43:31.005475044 CEST	443	49713	104.17.24.14	192.168.2.16
Aug 28, 2024 11:43:31.065455914 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:31.065560102 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:31.065572023 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:31.065582991 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:31.065629005 CEST	49711	8443	192.168.2.16	188.114.96.3
Aug 28, 2024 11:43:31.065673113 CEST	49711	8443	192.168.2.16	188.114.96.3
Aug 28, 2024 11:43:31.065705061 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:31.065716028 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:31.065726995 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:31.065738916 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:31.065767050 CEST	49711	8443	192.168.2.16	188.114.96.3
Aug 28, 2024 11:43:31.066673040 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:31.066693068 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:31.066704035 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:31.066736937 CEST	49711	8443	192.168.2.16	188.114.96.3
Aug 28, 2024 11:43:31.066823006 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:31.066836119 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:31.066845894 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:31.066858053 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:31.066868067 CEST	49711	8443	192.168.2.16	188.114.96.3
Aug 28, 2024 11:43:31.066893101 CEST	49711	8443	192.168.2.16	188.114.96.3
Aug 28, 2024 11:43:31.067308903 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:31.067326069 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:31.067337990 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:31.067378044 CEST	49711	8443	192.168.2.16	188.114.96.3
Aug 28, 2024 11:43:31.067414999 CEST	49711	8443	192.168.2.16	188.114.96.3
Aug 28, 2024 11:43:31.067621946 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:31.067634106 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:31.067645073 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:31.067667961 CEST	49711	8443	192.168.2.16	188.114.96.3
Aug 28, 2024 11:43:31.068173885 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:31.068222046 CEST	49711	8443	192.168.2.16	188.114.96.3
Aug 28, 2024 11:43:31.068299055 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:31.068310022 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:31.068320036 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:31.068331957 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:31.068342924 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:31.068346977 CEST	49711	8443	192.168.2.16	188.114.96.3
Aug 28, 2024 11:43:31.068372011 CEST	49711	8443	192.168.2.16	188.114.96.3
Aug 28, 2024 11:43:31.113125086 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:31.113142967 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:31.113156080 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:31.113240957 CEST	49711	8443	192.168.2.16	188.114.96.3
Aug 28, 2024 11:43:31.113282919 CEST	49711	8443	192.168.2.16	188.114.96.3
Aug 28, 2024 11:43:31.152398109 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:31.152415037 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:31.152425051 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:31.152436972 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:43:31.152530909 CEST	49711	8443	192.168.2.16	188.114.96.3
Aug 28, 2024 11:43:31.152559996 CEST	49711	8443	192.168.2.16	188.114.96.3
Aug 28, 2024 11:43:31.164211988 CEST	49715	443	192.168.2.16	152.199.21.175
Aug 28, 2024 11:43:31.164251089 CEST	443	49715	152.199.21.175	192.168.2.16
Aug 28, 2024 11:43:31.164330959 CEST	49715	443	192.168.2.16	152.199.21.175
Aug 28, 2024 11:43:31.164525032 CEST	49715	443	192.168.2.16	152.199.21.175
Aug 28, 2024 11:43:31.164535999 CEST	443	49715	152.199.21.175	192.168.2.16
Aug 28, 2024 11:43:31.260076046 CEST	49716	443	192.168.2.16	108.178.43.142
Aug 28, 2024 11:43:31.260123014 CEST	443	49716	108.178.43.142	192.168.2.16
Aug 28, 2024 11:43:31.260240078 CEST	49716	443	192.168.2.16	108.178.43.142
Aug 28, 2024 11:43:31.260459900 CEST	49716	443	192.168.2.16	108.178.43.142
Aug 28, 2024 11:43:31.260471106 CEST	443	49716	108.178.43.142	192.168.2.16
Aug 28, 2024 11:43:31.499558926 CEST	49673	443	192.168.2.16	204.79.197.203
Aug 28, 2024 11:43:31.596153975 CEST	49717	443	192.168.2.16	216.58.212.164
Aug 28, 2024 11:43:31.596190929 CEST	443	49717	216.58.212.164	192.168.2.16
Aug 28, 2024 11:43:31.596266985 CEST	49717	443	192.168.2.16	216.58.212.164
Aug 28, 2024 11:43:31.596462965 CEST	49717	443	192.168.2.16	216.58.212.164
Aug 28, 2024 11:43:31.596474886 CEST	443	49717	216.58.212.164	192.168.2.16
Aug 28, 2024 11:43:31.602912903 CEST	443	49713	104.17.24.14	192.168.2.16
Aug 28, 2024 11:43:31.603108883 CEST	49713	443	192.168.2.16	104.17.24.14
Aug 28, 2024 11:43:31.603132010 CEST	443	49713	104.17.24.14	192.168.2.16
Aug 28, 2024 11:43:31.604288101 CEST	443	49713	104.17.24.14	192.168.2.16
Aug 28, 2024 11:43:31.604357004 CEST	49713	443	192.168.2.16	104.17.24.14
Aug 28, 2024 11:43:31.605274916 CEST	49713	443	192.168.2.16	104.17.24.14
Aug 28, 2024 11:43:31.605362892 CEST	443	49713	104.17.24.14	192.168.2.16
Aug 28, 2024 11:43:31.605441093 CEST	49713	443	192.168.2.16	104.17.24.14
Aug 28, 2024 11:43:31.605449915 CEST	443	49713	104.17.24.14	192.168.2.16
Aug 28, 2024 11:43:31.659519911 CEST	49713	443	192.168.2.16	104.17.24.14
Aug 28, 2024 11:43:31.727277040 CEST	443	49713	104.17.24.14	192.168.2.16
Aug 28, 2024 11:43:31.727323055 CEST	443	49713	104.17.24.14	192.168.2.16
Aug 28, 2024 11:43:31.727366924 CEST	443	49713	104.17.24.14	192.168.2.16
Aug 28, 2024 11:43:31.727384090 CEST	49713	443	192.168.2.16	104.17.24.14
Aug 28, 2024 11:43:31.727411985 CEST	443	49713	104.17.24.14	192.168.2.16
Aug 28, 2024 11:43:31.727466106 CEST	443	49713	104.17.24.14	192.168.2.16
Aug 28, 2024 11:43:31.727467060 CEST	49713	443	192.168.2.16	104.17.24.14
Aug 28, 2024 11:43:31.727478027 CEST	443	49713	104.17.24.14	192.168.2.16
Aug 28, 2024 11:43:31.727528095 CEST	49713	443	192.168.2.16	104.17.24.14
Aug 28, 2024 11:43:31.727535009 CEST	443	49713	104.17.24.14	192.168.2.16
Aug 28, 2024 11:43:31.727772951 CEST	443	49713	104.17.24.14	192.168.2.16
Aug 28, 2024 11:43:31.727806091 CEST	443	49713	104.17.24.14	192.168.2.16
Aug 28, 2024 11:43:31.727823019 CEST	49713	443	192.168.2.16	104.17.24.14
Aug 28, 2024 11:43:31.727829933 CEST	443	49713	104.17.24.14	192.168.2.16
Aug 28, 2024 11:43:31.727874041 CEST	49713	443	192.168.2.16	104.17.24.14
Aug 28, 2024 11:43:31.727880001 CEST	443	49713	104.17.24.14	192.168.2.16
Aug 28, 2024 11:43:31.770544052 CEST	49713	443	192.168.2.16	104.17.24.14
Aug 28, 2024 11:43:31.770562887 CEST	443	49713	104.17.24.14	192.168.2.16
Aug 28, 2024 11:43:31.777956963 CEST	443	49716	108.178.43.142	192.168.2.16
Aug 28, 2024 11:43:31.778237104 CEST	49716	443	192.168.2.16	108.178.43.142
Aug 28, 2024 11:43:31.778248072 CEST	443	49716	108.178.43.142	192.168.2.16
Aug 28, 2024 11:43:31.779298067 CEST	443	49716	108.178.43.142	192.168.2.16
Aug 28, 2024 11:43:31.779393911 CEST	49716	443	192.168.2.16	108.178.43.142
Aug 28, 2024 11:43:31.780381918 CEST	49716	443	192.168.2.16	108.178.43.142
Aug 28, 2024 11:43:31.780456066 CEST	443	49716	108.178.43.142	192.168.2.16
Aug 28, 2024 11:43:31.780698061 CEST	49716	443	192.168.2.16	108.178.43.142
Aug 28, 2024 11:43:31.780705929 CEST	443	49716	108.178.43.142	192.168.2.16
Aug 28, 2024 11:43:31.813939095 CEST	443	49713	104.17.24.14	192.168.2.16
Aug 28, 2024 11:43:31.813996077 CEST	443	49713	104.17.24.14	192.168.2.16
Aug 28, 2024 11:43:31.814003944 CEST	49713	443	192.168.2.16	104.17.24.14
Aug 28, 2024 11:43:31.814028025 CEST	443	49713	104.17.24.14	192.168.2.16
Aug 28, 2024 11:43:31.814062119 CEST	443	49713	104.17.24.14	192.168.2.16
Aug 28, 2024 11:43:31.814073086 CEST	49713	443	192.168.2.16	104.17.24.14
Aug 28, 2024 11:43:31.814080000 CEST	443	49713	104.17.24.14	192.168.2.16
Aug 28, 2024 11:43:31.814129114 CEST	49713	443	192.168.2.16	104.17.24.14
Aug 28, 2024 11:43:31.815237999 CEST	443	49713	104.17.24.14	192.168.2.16
Aug 28, 2024 11:43:31.815313101 CEST	443	49713	104.17.24.14	192.168.2.16
Aug 28, 2024 11:43:31.815344095 CEST	443	49713	104.17.24.14	192.168.2.16
Aug 28, 2024 11:43:31.815360069 CEST	49713	443	192.168.2.16	104.17.24.14
Aug 28, 2024 11:43:31.815367937 CEST	443	49713	104.17.24.14	192.168.2.16
Aug 28, 2024 11:43:31.815414906 CEST	49713	443	192.168.2.16	104.17.24.14
Aug 28, 2024 11:43:31.815421104 CEST	443	49713	104.17.24.14	192.168.2.16
Aug 28, 2024 11:43:31.816443920 CEST	443	49713	104.17.24.14	192.168.2.16
Aug 28, 2024 11:43:31.816459894 CEST	443	49713	104.17.24.14	192.168.2.16
Aug 28, 2024 11:43:31.816497087 CEST	49713	443	192.168.2.16	104.17.24.14
Aug 28, 2024 11:43:31.816509008 CEST	443	49713	104.17.24.14	192.168.2.16
Aug 28, 2024 11:43:31.816543102 CEST	49713	443	192.168.2.16	104.17.24.14
Aug 28, 2024 11:43:31.816550970 CEST	443	49713	104.17.24.14	192.168.2.16
Aug 28, 2024 11:43:31.816565037 CEST	443	49713	104.17.24.14	192.168.2.16
Aug 28, 2024 11:43:31.816601038 CEST	49713	443	192.168.2.16	104.17.24.14
Aug 28, 2024 11:43:31.816760063 CEST	49713	443	192.168.2.16	104.17.24.14
Aug 28, 2024 11:43:31.816771984 CEST	443	49713	104.17.24.14	192.168.2.16
Aug 28, 2024 11:43:31.822798967 CEST	443	49712	192.229.133.221	192.168.2.16
Aug 28, 2024 11:43:31.823025942 CEST	49712	443	192.168.2.16	192.229.133.221
Aug 28, 2024 11:43:31.823039055 CEST	443	49712	192.229.133.221	192.168.2.16
Aug 28, 2024 11:43:31.823899031 CEST	443	49712	192.229.133.221	192.168.2.16
Aug 28, 2024 11:43:31.823965073 CEST	49712	443	192.168.2.16	192.229.133.221
Aug 28, 2024 11:43:31.824913025 CEST	49712	443	192.168.2.16	192.229.133.221
Aug 28, 2024 11:43:31.824965000 CEST	443	49712	192.229.133.221	192.168.2.16
Aug 28, 2024 11:43:31.825185061 CEST	49712	443	192.168.2.16	192.229.133.221
Aug 28, 2024 11:43:31.825191975 CEST	443	49712	192.229.133.221	192.168.2.16
Aug 28, 2024 11:43:31.834517956 CEST	49716	443	192.168.2.16	108.178.43.142
Aug 28, 2024 11:43:31.866533995 CEST	49712	443	192.168.2.16	192.229.133.221
Aug 28, 2024 11:43:31.950407982 CEST	443	49716	108.178.43.142	192.168.2.16
Aug 28, 2024 11:43:31.950647116 CEST	443	49716	108.178.43.142	192.168.2.16
Aug 28, 2024 11:43:31.950704098 CEST	49716	443	192.168.2.16	108.178.43.142
Aug 28, 2024 11:43:31.951546907 CEST	49716	443	192.168.2.16	108.178.43.142
Aug 28, 2024 11:43:31.951562881 CEST	443	49716	108.178.43.142	192.168.2.16
Aug 28, 2024 11:43:31.951575041 CEST	49716	443	192.168.2.16	108.178.43.142
Aug 28, 2024 11:43:31.951611042 CEST	49716	443	192.168.2.16	108.178.43.142
Aug 28, 2024 11:43:31.959104061 CEST	443	49715	152.199.21.175	192.168.2.16
Aug 28, 2024 11:43:31.959358931 CEST	49715	443	192.168.2.16	152.199.21.175
Aug 28, 2024 11:43:31.959368944 CEST	443	49715	152.199.21.175	192.168.2.16
Aug 28, 2024 11:43:31.960578918 CEST	443	49715	152.199.21.175	192.168.2.16
Aug 28, 2024 11:43:31.960648060 CEST	49715	443	192.168.2.16	152.199.21.175
Aug 28, 2024 11:43:31.961684942 CEST	49715	443	192.168.2.16	152.199.21.175
Aug 28, 2024 11:43:31.961756945 CEST	443	49715	152.199.21.175	192.168.2.16
Aug 28, 2024 11:43:31.961854935 CEST	49715	443	192.168.2.16	152.199.21.175
Aug 28, 2024 11:43:31.961860895 CEST	443	49715	152.199.21.175	192.168.2.16
Aug 28, 2024 11:43:32.010572910 CEST	49715	443	192.168.2.16	152.199.21.175
Aug 28, 2024 11:43:32.076690912 CEST	443	49712	192.229.133.221	192.168.2.16
Aug 28, 2024 11:43:32.122515917 CEST	49712	443	192.168.2.16	192.229.133.221
Aug 28, 2024 11:43:32.138343096 CEST	443	49712	192.229.133.221	192.168.2.16
Aug 28, 2024 11:43:32.138356924 CEST	443	49712	192.229.133.221	192.168.2.16
Aug 28, 2024 11:43:32.138400078 CEST	443	49712	192.229.133.221	192.168.2.16
Aug 28, 2024 11:43:32.138434887 CEST	49712	443	192.168.2.16	192.229.133.221
Aug 28, 2024 11:43:32.138449907 CEST	443	49712	192.229.133.221	192.168.2.16
Aug 28, 2024 11:43:32.138467073 CEST	443	49712	192.229.133.221	192.168.2.16
Aug 28, 2024 11:43:32.138477087 CEST	443	49712	192.229.133.221	192.168.2.16
Aug 28, 2024 11:43:32.138485909 CEST	49712	443	192.168.2.16	192.229.133.221
Aug 28, 2024 11:43:32.138516903 CEST	49712	443	192.168.2.16	192.229.133.221
Aug 28, 2024 11:43:32.138531923 CEST	49712	443	192.168.2.16	192.229.133.221
Aug 28, 2024 11:43:32.165115118 CEST	443	49712	192.229.133.221	192.168.2.16
Aug 28, 2024 11:43:32.165199995 CEST	443	49712	192.229.133.221	192.168.2.16
Aug 28, 2024 11:43:32.165210962 CEST	49712	443	192.168.2.16	192.229.133.221
Aug 28, 2024 11:43:32.165265083 CEST	49712	443	192.168.2.16	192.229.133.221
Aug 28, 2024 11:43:32.165508032 CEST	49712	443	192.168.2.16	192.229.133.221
Aug 28, 2024 11:43:32.165522099 CEST	443	49712	192.229.133.221	192.168.2.16
Aug 28, 2024 11:43:32.212116003 CEST	443	49715	152.199.21.175	192.168.2.16
Aug 28, 2024 11:43:32.212177038 CEST	443	49715	152.199.21.175	192.168.2.16
Aug 28, 2024 11:43:32.212232113 CEST	443	49715	152.199.21.175	192.168.2.16
Aug 28, 2024 11:43:32.212241888 CEST	49715	443	192.168.2.16	152.199.21.175
Aug 28, 2024 11:43:32.212285042 CEST	49715	443	192.168.2.16	152.199.21.175
Aug 28, 2024 11:43:32.213083029 CEST	49715	443	192.168.2.16	152.199.21.175
Aug 28, 2024 11:43:32.213098049 CEST	443	49715	152.199.21.175	192.168.2.16
Aug 28, 2024 11:43:32.228971004 CEST	49718	443	192.168.2.16	152.199.21.175
Aug 28, 2024 11:43:32.228988886 CEST	443	49718	152.199.21.175	192.168.2.16
Aug 28, 2024 11:43:32.229063988 CEST	49718	443	192.168.2.16	152.199.21.175
Aug 28, 2024 11:43:32.229804993 CEST	49718	443	192.168.2.16	152.199.21.175
Aug 28, 2024 11:43:32.229815960 CEST	443	49718	152.199.21.175	192.168.2.16
Aug 28, 2024 11:43:32.242508888 CEST	443	49717	216.58.212.164	192.168.2.16
Aug 28, 2024 11:43:32.242785931 CEST	49717	443	192.168.2.16	216.58.212.164
Aug 28, 2024 11:43:32.242794991 CEST	443	49717	216.58.212.164	192.168.2.16
Aug 28, 2024 11:43:32.243833065 CEST	443	49717	216.58.212.164	192.168.2.16
Aug 28, 2024 11:43:32.243910074 CEST	49717	443	192.168.2.16	216.58.212.164
Aug 28, 2024 11:43:32.244829893 CEST	49717	443	192.168.2.16	216.58.212.164
Aug 28, 2024 11:43:32.244891882 CEST	443	49717	216.58.212.164	192.168.2.16
Aug 28, 2024 11:43:32.297503948 CEST	49717	443	192.168.2.16	216.58.212.164
Aug 28, 2024 11:43:32.297513008 CEST	443	49717	216.58.212.164	192.168.2.16
Aug 28, 2024 11:43:32.345520973 CEST	49717	443	192.168.2.16	216.58.212.164
Aug 28, 2024 11:43:33.028851986 CEST	443	49718	152.199.21.175	192.168.2.16
Aug 28, 2024 11:43:33.030113935 CEST	49718	443	192.168.2.16	152.199.21.175
Aug 28, 2024 11:43:33.030127048 CEST	443	49718	152.199.21.175	192.168.2.16
Aug 28, 2024 11:43:33.031162024 CEST	443	49718	152.199.21.175	192.168.2.16
Aug 28, 2024 11:43:33.031248093 CEST	49718	443	192.168.2.16	152.199.21.175
Aug 28, 2024 11:43:33.031800985 CEST	49718	443	192.168.2.16	152.199.21.175
Aug 28, 2024 11:43:33.031858921 CEST	443	49718	152.199.21.175	192.168.2.16
Aug 28, 2024 11:43:33.031954050 CEST	49718	443	192.168.2.16	152.199.21.175
Aug 28, 2024 11:43:33.031960964 CEST	443	49718	152.199.21.175	192.168.2.16
Aug 28, 2024 11:43:33.079519033 CEST	49718	443	192.168.2.16	152.199.21.175
Aug 28, 2024 11:43:33.210011005 CEST	49720	443	192.168.2.16	184.28.90.27
Aug 28, 2024 11:43:33.210042953 CEST	443	49720	184.28.90.27	192.168.2.16
Aug 28, 2024 11:43:33.210114956 CEST	49720	443	192.168.2.16	184.28.90.27
Aug 28, 2024 11:43:33.211599112 CEST	49720	443	192.168.2.16	184.28.90.27
Aug 28, 2024 11:43:33.211612940 CEST	443	49720	184.28.90.27	192.168.2.16
Aug 28, 2024 11:43:33.288089991 CEST	443	49718	152.199.21.175	192.168.2.16
Aug 28, 2024 11:43:33.288126945 CEST	443	49718	152.199.21.175	192.168.2.16
Aug 28, 2024 11:43:33.288212061 CEST	49718	443	192.168.2.16	152.199.21.175
Aug 28, 2024 11:43:33.288228989 CEST	443	49718	152.199.21.175	192.168.2.16
Aug 28, 2024 11:43:33.288252115 CEST	443	49718	152.199.21.175	192.168.2.16
Aug 28, 2024 11:43:33.288301945 CEST	49718	443	192.168.2.16	152.199.21.175
Aug 28, 2024 11:43:33.288978100 CEST	49718	443	192.168.2.16	152.199.21.175
Aug 28, 2024 11:43:33.288990021 CEST	443	49718	152.199.21.175	192.168.2.16
Aug 28, 2024 11:43:33.862370968 CEST	443	49720	184.28.90.27	192.168.2.16
Aug 28, 2024 11:43:33.862449884 CEST	49720	443	192.168.2.16	184.28.90.27
Aug 28, 2024 11:43:33.865844011 CEST	49720	443	192.168.2.16	184.28.90.27
Aug 28, 2024 11:43:33.865854025 CEST	443	49720	184.28.90.27	192.168.2.16
Aug 28, 2024 11:43:33.866229057 CEST	443	49720	184.28.90.27	192.168.2.16
Aug 28, 2024 11:43:33.909168959 CEST	49720	443	192.168.2.16	184.28.90.27
Aug 28, 2024 11:43:33.956495047 CEST	443	49720	184.28.90.27	192.168.2.16
Aug 28, 2024 11:43:34.138982058 CEST	443	49720	184.28.90.27	192.168.2.16
Aug 28, 2024 11:43:34.139051914 CEST	443	49720	184.28.90.27	192.168.2.16
Aug 28, 2024 11:43:34.139097929 CEST	49720	443	192.168.2.16	184.28.90.27
Aug 28, 2024 11:43:34.139169931 CEST	49720	443	192.168.2.16	184.28.90.27
Aug 28, 2024 11:43:34.139195919 CEST	443	49720	184.28.90.27	192.168.2.16
Aug 28, 2024 11:43:34.139209986 CEST	49720	443	192.168.2.16	184.28.90.27
Aug 28, 2024 11:43:34.139215946 CEST	443	49720	184.28.90.27	192.168.2.16
Aug 28, 2024 11:43:34.168812037 CEST	49721	443	192.168.2.16	184.28.90.27
Aug 28, 2024 11:43:34.168847084 CEST	443	49721	184.28.90.27	192.168.2.16
Aug 28, 2024 11:43:34.168912888 CEST	49721	443	192.168.2.16	184.28.90.27
Aug 28, 2024 11:43:34.169164896 CEST	49721	443	192.168.2.16	184.28.90.27
Aug 28, 2024 11:43:34.169179916 CEST	443	49721	184.28.90.27	192.168.2.16
Aug 28, 2024 11:43:34.814587116 CEST	443	49721	184.28.90.27	192.168.2.16
Aug 28, 2024 11:43:34.814659119 CEST	49721	443	192.168.2.16	184.28.90.27
Aug 28, 2024 11:43:34.816157103 CEST	49721	443	192.168.2.16	184.28.90.27
Aug 28, 2024 11:43:34.816164017 CEST	443	49721	184.28.90.27	192.168.2.16
Aug 28, 2024 11:43:34.816391945 CEST	443	49721	184.28.90.27	192.168.2.16
Aug 28, 2024 11:43:34.817437887 CEST	49721	443	192.168.2.16	184.28.90.27
Aug 28, 2024 11:43:34.860502005 CEST	443	49721	184.28.90.27	192.168.2.16
Aug 28, 2024 11:43:35.092365026 CEST	443	49721	184.28.90.27	192.168.2.16
Aug 28, 2024 11:43:35.092436075 CEST	443	49721	184.28.90.27	192.168.2.16
Aug 28, 2024 11:43:35.092587948 CEST	49721	443	192.168.2.16	184.28.90.27
Aug 28, 2024 11:43:35.093211889 CEST	49721	443	192.168.2.16	184.28.90.27
Aug 28, 2024 11:43:35.093228102 CEST	443	49721	184.28.90.27	192.168.2.16
Aug 28, 2024 11:43:35.093238115 CEST	49721	443	192.168.2.16	184.28.90.27
Aug 28, 2024 11:43:35.093242884 CEST	443	49721	184.28.90.27	192.168.2.16
Aug 28, 2024 11:43:35.136909008 CEST	49678	443	192.168.2.16	20.189.173.10
Aug 28, 2024 11:43:35.439544916 CEST	49678	443	192.168.2.16	20.189.173.10
Aug 28, 2024 11:43:35.582734108 CEST	49722	443	192.168.2.16	13.85.23.86
Aug 28, 2024 11:43:35.582763910 CEST	443	49722	13.85.23.86	192.168.2.16
Aug 28, 2024 11:43:35.582851887 CEST	49722	443	192.168.2.16	13.85.23.86
Aug 28, 2024 11:43:35.583920002 CEST	49722	443	192.168.2.16	13.85.23.86
Aug 28, 2024 11:43:35.583933115 CEST	443	49722	13.85.23.86	192.168.2.16
Aug 28, 2024 11:43:36.043538094 CEST	49678	443	192.168.2.16	20.189.173.10
Aug 28, 2024 11:43:36.102953911 CEST	49723	443	192.168.2.16	51.124.78.146
Aug 28, 2024 11:43:36.102989912 CEST	443	49723	51.124.78.146	192.168.2.16
Aug 28, 2024 11:43:36.103091955 CEST	49723	443	192.168.2.16	51.124.78.146
Aug 28, 2024 11:43:36.103996038 CEST	49723	443	192.168.2.16	51.124.78.146
Aug 28, 2024 11:43:36.104010105 CEST	443	49723	51.124.78.146	192.168.2.16
Aug 28, 2024 11:43:36.269397974 CEST	443	49722	13.85.23.86	192.168.2.16
Aug 28, 2024 11:43:36.269464016 CEST	49722	443	192.168.2.16	13.85.23.86
Aug 28, 2024 11:43:36.272015095 CEST	49722	443	192.168.2.16	13.85.23.86
Aug 28, 2024 11:43:36.272022963 CEST	443	49722	13.85.23.86	192.168.2.16
Aug 28, 2024 11:43:36.272274017 CEST	443	49722	13.85.23.86	192.168.2.16
Aug 28, 2024 11:43:36.314519882 CEST	49722	443	192.168.2.16	13.85.23.86
Aug 28, 2024 11:43:36.314645052 CEST	49673	443	192.168.2.16	204.79.197.203
Aug 28, 2024 11:43:36.326987028 CEST	49722	443	192.168.2.16	13.85.23.86
Aug 28, 2024 11:43:36.368508101 CEST	443	49722	13.85.23.86	192.168.2.16
Aug 28, 2024 11:43:36.550838947 CEST	443	49722	13.85.23.86	192.168.2.16
Aug 28, 2024 11:43:36.550865889 CEST	443	49722	13.85.23.86	192.168.2.16
Aug 28, 2024 11:43:36.550873995 CEST	443	49722	13.85.23.86	192.168.2.16
Aug 28, 2024 11:43:36.550884962 CEST	443	49722	13.85.23.86	192.168.2.16
Aug 28, 2024 11:43:36.550904989 CEST	443	49722	13.85.23.86	192.168.2.16
Aug 28, 2024 11:43:36.550939083 CEST	49722	443	192.168.2.16	13.85.23.86
Aug 28, 2024 11:43:36.550947905 CEST	443	49722	13.85.23.86	192.168.2.16
Aug 28, 2024 11:43:36.550972939 CEST	49722	443	192.168.2.16	13.85.23.86
Aug 28, 2024 11:43:36.551021099 CEST	49722	443	192.168.2.16	13.85.23.86
Aug 28, 2024 11:43:36.551657915 CEST	443	49722	13.85.23.86	192.168.2.16
Aug 28, 2024 11:43:36.551719904 CEST	443	49722	13.85.23.86	192.168.2.16
Aug 28, 2024 11:43:36.551744938 CEST	49722	443	192.168.2.16	13.85.23.86
Aug 28, 2024 11:43:36.551963091 CEST	49722	443	192.168.2.16	13.85.23.86
Aug 28, 2024 11:43:36.561794996 CEST	49722	443	192.168.2.16	13.85.23.86
Aug 28, 2024 11:43:36.561821938 CEST	443	49722	13.85.23.86	192.168.2.16
Aug 28, 2024 11:43:36.561831951 CEST	49722	443	192.168.2.16	13.85.23.86
Aug 28, 2024 11:43:36.561839104 CEST	443	49722	13.85.23.86	192.168.2.16
Aug 28, 2024 11:43:36.897041082 CEST	443	49723	51.124.78.146	192.168.2.16
Aug 28, 2024 11:43:36.897242069 CEST	49723	443	192.168.2.16	51.124.78.146
Aug 28, 2024 11:43:36.898935080 CEST	49723	443	192.168.2.16	51.124.78.146
Aug 28, 2024 11:43:36.898942947 CEST	443	49723	51.124.78.146	192.168.2.16
Aug 28, 2024 11:43:36.899327040 CEST	443	49723	51.124.78.146	192.168.2.16
Aug 28, 2024 11:43:36.936681986 CEST	49723	443	192.168.2.16	51.124.78.146
Aug 28, 2024 11:43:36.936738968 CEST	443	49723	51.124.78.146	192.168.2.16
Aug 28, 2024 11:43:36.936789989 CEST	49723	443	192.168.2.16	51.124.78.146
Aug 28, 2024 11:43:36.994190931 CEST	49724	443	192.168.2.16	40.126.32.68
Aug 28, 2024 11:43:36.994220018 CEST	443	49724	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:36.994306087 CEST	49724	443	192.168.2.16	40.126.32.68
Aug 28, 2024 11:43:36.994545937 CEST	49724	443	192.168.2.16	40.126.32.68
Aug 28, 2024 11:43:36.994561911 CEST	443	49724	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:37.254513025 CEST	49678	443	192.168.2.16	20.189.173.10
Aug 28, 2024 11:43:37.778954029 CEST	443	49724	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:37.779026985 CEST	49724	443	192.168.2.16	40.126.32.68
Aug 28, 2024 11:43:37.789910078 CEST	49724	443	192.168.2.16	40.126.32.68
Aug 28, 2024 11:43:37.789930105 CEST	443	49724	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:37.790132046 CEST	443	49724	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:37.790604115 CEST	49724	443	192.168.2.16	40.126.32.68
Aug 28, 2024 11:43:37.790661097 CEST	49724	443	192.168.2.16	40.126.32.68
Aug 28, 2024 11:43:37.790683031 CEST	443	49724	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:38.225775003 CEST	443	49724	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:38.225795984 CEST	443	49724	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:38.225846052 CEST	443	49724	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:38.225864887 CEST	443	49724	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:38.225878954 CEST	49724	443	192.168.2.16	40.126.32.68
Aug 28, 2024 11:43:38.225954056 CEST	49724	443	192.168.2.16	40.126.32.68
Aug 28, 2024 11:43:38.226188898 CEST	49724	443	192.168.2.16	40.126.32.68
Aug 28, 2024 11:43:38.226188898 CEST	49724	443	192.168.2.16	40.126.32.68
Aug 28, 2024 11:43:38.226206064 CEST	443	49724	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:38.226217985 CEST	443	49724	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:38.246335030 CEST	49725	443	192.168.2.16	51.124.78.146
Aug 28, 2024 11:43:38.246371984 CEST	443	49725	51.124.78.146	192.168.2.16
Aug 28, 2024 11:43:38.246530056 CEST	49725	443	192.168.2.16	51.124.78.146
Aug 28, 2024 11:43:38.246828079 CEST	49725	443	192.168.2.16	51.124.78.146
Aug 28, 2024 11:43:38.246848106 CEST	443	49725	51.124.78.146	192.168.2.16
Aug 28, 2024 11:43:39.036123991 CEST	443	49725	51.124.78.146	192.168.2.16
Aug 28, 2024 11:43:39.036201000 CEST	49725	443	192.168.2.16	51.124.78.146
Aug 28, 2024 11:43:39.037332058 CEST	49725	443	192.168.2.16	51.124.78.146
Aug 28, 2024 11:43:39.037339926 CEST	443	49725	51.124.78.146	192.168.2.16
Aug 28, 2024 11:43:39.037543058 CEST	443	49725	51.124.78.146	192.168.2.16
Aug 28, 2024 11:43:39.038711071 CEST	49725	443	192.168.2.16	51.124.78.146
Aug 28, 2024 11:43:39.038747072 CEST	443	49725	51.124.78.146	192.168.2.16
Aug 28, 2024 11:43:39.038800001 CEST	49725	443	192.168.2.16	51.124.78.146
Aug 28, 2024 11:43:39.109431028 CEST	49726	443	192.168.2.16	40.126.32.68
Aug 28, 2024 11:43:39.109466076 CEST	443	49726	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:39.109555006 CEST	49726	443	192.168.2.16	40.126.32.68
Aug 28, 2024 11:43:39.109731913 CEST	49726	443	192.168.2.16	40.126.32.68
Aug 28, 2024 11:43:39.109745979 CEST	443	49726	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:39.598725080 CEST	49680	80	192.168.2.16	192.229.211.108
Aug 28, 2024 11:43:39.662542105 CEST	49678	443	192.168.2.16	20.189.173.10
Aug 28, 2024 11:43:39.884717941 CEST	443	49726	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:39.885433912 CEST	49726	443	192.168.2.16	40.126.32.68
Aug 28, 2024 11:43:39.885458946 CEST	443	49726	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:39.886018991 CEST	49726	443	192.168.2.16	40.126.32.68
Aug 28, 2024 11:43:39.886025906 CEST	443	49726	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:39.886076927 CEST	49726	443	192.168.2.16	40.126.32.68
Aug 28, 2024 11:43:39.886085987 CEST	443	49726	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:39.901537895 CEST	49680	80	192.168.2.16	192.229.211.108
Aug 28, 2024 11:43:40.509541988 CEST	49680	80	192.168.2.16	192.229.211.108
Aug 28, 2024 11:43:40.629251003 CEST	443	49726	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:40.629268885 CEST	443	49726	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:40.629316092 CEST	443	49726	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:40.629331112 CEST	443	49726	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:40.629336119 CEST	49726	443	192.168.2.16	40.126.32.68
Aug 28, 2024 11:43:40.629395962 CEST	49726	443	192.168.2.16	40.126.32.68
Aug 28, 2024 11:43:40.629662037 CEST	49726	443	192.168.2.16	40.126.32.68
Aug 28, 2024 11:43:40.629678965 CEST	443	49726	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:40.629688978 CEST	49726	443	192.168.2.16	40.126.32.68
Aug 28, 2024 11:43:40.629694939 CEST	443	49726	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:40.648489952 CEST	49727	443	192.168.2.16	51.124.78.146
Aug 28, 2024 11:43:40.648526907 CEST	443	49727	51.124.78.146	192.168.2.16
Aug 28, 2024 11:43:40.648603916 CEST	49727	443	192.168.2.16	51.124.78.146
Aug 28, 2024 11:43:40.648817062 CEST	49727	443	192.168.2.16	51.124.78.146
Aug 28, 2024 11:43:40.648829937 CEST	443	49727	51.124.78.146	192.168.2.16
Aug 28, 2024 11:43:41.434791088 CEST	443	49727	51.124.78.146	192.168.2.16
Aug 28, 2024 11:43:41.434916973 CEST	49727	443	192.168.2.16	51.124.78.146
Aug 28, 2024 11:43:41.436021090 CEST	49727	443	192.168.2.16	51.124.78.146
Aug 28, 2024 11:43:41.436033010 CEST	443	49727	51.124.78.146	192.168.2.16
Aug 28, 2024 11:43:41.436240911 CEST	443	49727	51.124.78.146	192.168.2.16
Aug 28, 2024 11:43:41.437299967 CEST	49727	443	192.168.2.16	51.124.78.146
Aug 28, 2024 11:43:41.437338114 CEST	443	49727	51.124.78.146	192.168.2.16
Aug 28, 2024 11:43:41.437396049 CEST	49727	443	192.168.2.16	51.124.78.146
Aug 28, 2024 11:43:41.496953964 CEST	49728	443	192.168.2.16	40.126.32.68
Aug 28, 2024 11:43:41.496980906 CEST	443	49728	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:41.497067928 CEST	49728	443	192.168.2.16	40.126.32.68
Aug 28, 2024 11:43:41.497235060 CEST	49728	443	192.168.2.16	40.126.32.68
Aug 28, 2024 11:43:41.497245073 CEST	443	49728	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:41.721653938 CEST	49680	80	192.168.2.16	192.229.211.108
Aug 28, 2024 11:43:42.168297052 CEST	443	49717	216.58.212.164	192.168.2.16
Aug 28, 2024 11:43:42.168358088 CEST	443	49717	216.58.212.164	192.168.2.16
Aug 28, 2024 11:43:42.168422937 CEST	49717	443	192.168.2.16	216.58.212.164
Aug 28, 2024 11:43:42.299926996 CEST	443	49728	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:42.300465107 CEST	49728	443	192.168.2.16	40.126.32.68
Aug 28, 2024 11:43:42.300488949 CEST	443	49728	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:42.301116943 CEST	49728	443	192.168.2.16	40.126.32.68
Aug 28, 2024 11:43:42.301121950 CEST	443	49728	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:42.301151037 CEST	49728	443	192.168.2.16	40.126.32.68
Aug 28, 2024 11:43:42.301157951 CEST	443	49728	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:42.662142038 CEST	443	49728	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:42.662163973 CEST	443	49728	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:42.662200928 CEST	443	49728	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:42.662276983 CEST	49728	443	192.168.2.16	40.126.32.68
Aug 28, 2024 11:43:42.662286043 CEST	443	49728	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:42.662302971 CEST	49728	443	192.168.2.16	40.126.32.68
Aug 28, 2024 11:43:42.662547112 CEST	443	49728	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:42.662566900 CEST	49728	443	192.168.2.16	40.126.32.68
Aug 28, 2024 11:43:42.662590027 CEST	443	49728	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:42.662600040 CEST	49728	443	192.168.2.16	40.126.32.68
Aug 28, 2024 11:43:42.662606001 CEST	443	49728	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:42.662622929 CEST	49728	443	192.168.2.16	40.126.32.68
Aug 28, 2024 11:43:42.662626028 CEST	443	49728	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:42.680378914 CEST	49729	443	192.168.2.16	51.124.78.146
Aug 28, 2024 11:43:42.680406094 CEST	443	49729	51.124.78.146	192.168.2.16
Aug 28, 2024 11:43:42.680548906 CEST	49729	443	192.168.2.16	51.124.78.146
Aug 28, 2024 11:43:42.680748940 CEST	49729	443	192.168.2.16	51.124.78.146
Aug 28, 2024 11:43:42.680758953 CEST	443	49729	51.124.78.146	192.168.2.16
Aug 28, 2024 11:43:42.808970928 CEST	49717	443	192.168.2.16	216.58.212.164
Aug 28, 2024 11:43:42.808984041 CEST	443	49717	216.58.212.164	192.168.2.16
Aug 28, 2024 11:43:43.472048044 CEST	443	49729	51.124.78.146	192.168.2.16
Aug 28, 2024 11:43:43.472147942 CEST	49729	443	192.168.2.16	51.124.78.146
Aug 28, 2024 11:43:43.473351955 CEST	49729	443	192.168.2.16	51.124.78.146
Aug 28, 2024 11:43:43.473356009 CEST	443	49729	51.124.78.146	192.168.2.16
Aug 28, 2024 11:43:43.473587036 CEST	443	49729	51.124.78.146	192.168.2.16
Aug 28, 2024 11:43:43.474709988 CEST	49729	443	192.168.2.16	51.124.78.146
Aug 28, 2024 11:43:43.474756956 CEST	443	49729	51.124.78.146	192.168.2.16
Aug 28, 2024 11:43:43.474821091 CEST	49729	443	192.168.2.16	51.124.78.146
Aug 28, 2024 11:43:43.535207033 CEST	49730	443	192.168.2.16	40.126.32.68
Aug 28, 2024 11:43:43.535233974 CEST	443	49730	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:43.535309076 CEST	49730	443	192.168.2.16	40.126.32.68
Aug 28, 2024 11:43:43.535479069 CEST	49730	443	192.168.2.16	40.126.32.68
Aug 28, 2024 11:43:43.535486937 CEST	443	49730	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:44.129534006 CEST	49680	80	192.168.2.16	192.229.211.108
Aug 28, 2024 11:43:44.345360041 CEST	443	49730	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:44.345915079 CEST	49730	443	192.168.2.16	40.126.32.68
Aug 28, 2024 11:43:44.345940113 CEST	443	49730	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:44.346539974 CEST	49730	443	192.168.2.16	40.126.32.68
Aug 28, 2024 11:43:44.346544981 CEST	443	49730	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:44.346577883 CEST	49730	443	192.168.2.16	40.126.32.68
Aug 28, 2024 11:43:44.346585989 CEST	443	49730	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:44.464551926 CEST	49678	443	192.168.2.16	20.189.173.10
Aug 28, 2024 11:43:44.694554090 CEST	443	49730	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:44.694574118 CEST	443	49730	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:44.694601059 CEST	443	49730	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:44.694644928 CEST	443	49730	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:44.694670916 CEST	49730	443	192.168.2.16	40.126.32.68
Aug 28, 2024 11:43:44.694704056 CEST	49730	443	192.168.2.16	40.126.32.68
Aug 28, 2024 11:43:44.694953918 CEST	49730	443	192.168.2.16	40.126.32.68
Aug 28, 2024 11:43:44.694977045 CEST	443	49730	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:44.694988012 CEST	49730	443	192.168.2.16	40.126.32.68
Aug 28, 2024 11:43:44.694993019 CEST	443	49730	40.126.32.68	192.168.2.16
Aug 28, 2024 11:43:44.723797083 CEST	49731	443	192.168.2.16	20.73.194.208
Aug 28, 2024 11:43:44.723846912 CEST	443	49731	20.73.194.208	192.168.2.16
Aug 28, 2024 11:43:44.723933935 CEST	49731	443	192.168.2.16	20.73.194.208
Aug 28, 2024 11:43:44.724159956 CEST	49731	443	192.168.2.16	20.73.194.208
Aug 28, 2024 11:43:44.724180937 CEST	443	49731	20.73.194.208	192.168.2.16
Aug 28, 2024 11:43:45.519961119 CEST	443	49731	20.73.194.208	192.168.2.16
Aug 28, 2024 11:43:45.520035982 CEST	49731	443	192.168.2.16	20.73.194.208
Aug 28, 2024 11:43:45.521233082 CEST	49731	443	192.168.2.16	20.73.194.208
Aug 28, 2024 11:43:45.521240950 CEST	443	49731	20.73.194.208	192.168.2.16
Aug 28, 2024 11:43:45.521451950 CEST	443	49731	20.73.194.208	192.168.2.16
Aug 28, 2024 11:43:45.522562981 CEST	49731	443	192.168.2.16	20.73.194.208
Aug 28, 2024 11:43:45.522598028 CEST	443	49731	20.73.194.208	192.168.2.16
Aug 28, 2024 11:43:45.522654057 CEST	49731	443	192.168.2.16	20.73.194.208
Aug 28, 2024 11:43:45.770930052 CEST	49732	443	192.168.2.16	20.73.194.208
Aug 28, 2024 11:43:45.770967007 CEST	443	49732	20.73.194.208	192.168.2.16
Aug 28, 2024 11:43:45.771071911 CEST	49732	443	192.168.2.16	20.73.194.208
Aug 28, 2024 11:43:45.771301031 CEST	49732	443	192.168.2.16	20.73.194.208
Aug 28, 2024 11:43:45.771313906 CEST	443	49732	20.73.194.208	192.168.2.16
Aug 28, 2024 11:43:45.930531025 CEST	49673	443	192.168.2.16	204.79.197.203
Aug 28, 2024 11:43:46.547863007 CEST	443	49732	20.73.194.208	192.168.2.16
Aug 28, 2024 11:43:46.548005104 CEST	49732	443	192.168.2.16	20.73.194.208
Aug 28, 2024 11:43:46.549190998 CEST	49732	443	192.168.2.16	20.73.194.208
Aug 28, 2024 11:43:46.549199104 CEST	443	49732	20.73.194.208	192.168.2.16
Aug 28, 2024 11:43:46.549402952 CEST	443	49732	20.73.194.208	192.168.2.16
Aug 28, 2024 11:43:46.550510883 CEST	49732	443	192.168.2.16	20.73.194.208
Aug 28, 2024 11:43:46.550549030 CEST	443	49732	20.73.194.208	192.168.2.16
Aug 28, 2024 11:43:46.550601006 CEST	49732	443	192.168.2.16	20.73.194.208
Aug 28, 2024 11:43:48.930558920 CEST	49680	80	192.168.2.16	192.229.211.108
Aug 28, 2024 11:43:54.068573952 CEST	49678	443	192.168.2.16	20.189.173.10
Aug 28, 2024 11:43:58.532601118 CEST	49680	80	192.168.2.16	192.229.211.108
Aug 28, 2024 11:44:12.963887930 CEST	49733	443	192.168.2.16	13.85.23.86
Aug 28, 2024 11:44:12.963915110 CEST	443	49733	13.85.23.86	192.168.2.16
Aug 28, 2024 11:44:12.964013100 CEST	49733	443	192.168.2.16	13.85.23.86
Aug 28, 2024 11:44:12.964360952 CEST	49733	443	192.168.2.16	13.85.23.86
Aug 28, 2024 11:44:12.964371920 CEST	443	49733	13.85.23.86	192.168.2.16
Aug 28, 2024 11:44:13.420747042 CEST	80	49698	43.152.28.41	192.168.2.16
Aug 28, 2024 11:44:13.420896053 CEST	49698	80	192.168.2.16	43.152.28.41
Aug 28, 2024 11:44:13.421057940 CEST	49698	80	192.168.2.16	43.152.28.41
Aug 28, 2024 11:44:13.425853968 CEST	80	49698	43.152.28.41	192.168.2.16
Aug 28, 2024 11:44:13.685003042 CEST	443	49733	13.85.23.86	192.168.2.16
Aug 28, 2024 11:44:13.685158968 CEST	49733	443	192.168.2.16	13.85.23.86
Aug 28, 2024 11:44:13.686472893 CEST	49733	443	192.168.2.16	13.85.23.86
Aug 28, 2024 11:44:13.686484098 CEST	443	49733	13.85.23.86	192.168.2.16
Aug 28, 2024 11:44:13.686721087 CEST	443	49733	13.85.23.86	192.168.2.16
Aug 28, 2024 11:44:13.688009024 CEST	49733	443	192.168.2.16	13.85.23.86
Aug 28, 2024 11:44:13.732496977 CEST	443	49733	13.85.23.86	192.168.2.16
Aug 28, 2024 11:44:13.962615967 CEST	443	49733	13.85.23.86	192.168.2.16
Aug 28, 2024 11:44:13.962636948 CEST	443	49733	13.85.23.86	192.168.2.16
Aug 28, 2024 11:44:13.962652922 CEST	443	49733	13.85.23.86	192.168.2.16
Aug 28, 2024 11:44:13.962698936 CEST	49733	443	192.168.2.16	13.85.23.86
Aug 28, 2024 11:44:13.962722063 CEST	443	49733	13.85.23.86	192.168.2.16
Aug 28, 2024 11:44:13.962773085 CEST	49733	443	192.168.2.16	13.85.23.86
Aug 28, 2024 11:44:13.963963032 CEST	443	49733	13.85.23.86	192.168.2.16
Aug 28, 2024 11:44:13.963998079 CEST	443	49733	13.85.23.86	192.168.2.16
Aug 28, 2024 11:44:13.964020967 CEST	49733	443	192.168.2.16	13.85.23.86
Aug 28, 2024 11:44:13.964023113 CEST	443	49733	13.85.23.86	192.168.2.16
Aug 28, 2024 11:44:13.964051008 CEST	49733	443	192.168.2.16	13.85.23.86
Aug 28, 2024 11:44:13.964080095 CEST	49733	443	192.168.2.16	13.85.23.86
Aug 28, 2024 11:44:13.965600967 CEST	49733	443	192.168.2.16	13.85.23.86
Aug 28, 2024 11:44:13.965614080 CEST	443	49733	13.85.23.86	192.168.2.16
Aug 28, 2024 11:44:13.965627909 CEST	49733	443	192.168.2.16	13.85.23.86
Aug 28, 2024 11:44:13.965631962 CEST	443	49733	13.85.23.86	192.168.2.16
Aug 28, 2024 11:44:14.075731039 CEST	49699	80	192.168.2.16	43.152.28.41
Aug 28, 2024 11:44:14.078685999 CEST	80	49699	43.152.28.41	192.168.2.16
Aug 28, 2024 11:44:14.078742981 CEST	49699	80	192.168.2.16	43.152.28.41
Aug 28, 2024 11:44:14.080507994 CEST	80	49699	43.152.28.41	192.168.2.16
Aug 28, 2024 11:44:16.162638903 CEST	49711	8443	192.168.2.16	188.114.96.3
Aug 28, 2024 11:44:16.167588949 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:44:31.486639977 CEST	49735	443	192.168.2.16	216.58.212.164
Aug 28, 2024 11:44:31.486676931 CEST	443	49735	216.58.212.164	192.168.2.16
Aug 28, 2024 11:44:31.486764908 CEST	49735	443	192.168.2.16	216.58.212.164
Aug 28, 2024 11:44:31.486977100 CEST	49735	443	192.168.2.16	216.58.212.164
Aug 28, 2024 11:44:31.486989021 CEST	443	49735	216.58.212.164	192.168.2.16
Aug 28, 2024 11:44:32.117160082 CEST	443	49735	216.58.212.164	192.168.2.16
Aug 28, 2024 11:44:32.117512941 CEST	49735	443	192.168.2.16	216.58.212.164
Aug 28, 2024 11:44:32.117527962 CEST	443	49735	216.58.212.164	192.168.2.16
Aug 28, 2024 11:44:32.117851019 CEST	443	49735	216.58.212.164	192.168.2.16
Aug 28, 2024 11:44:32.118189096 CEST	49735	443	192.168.2.16	216.58.212.164
Aug 28, 2024 11:44:32.118247986 CEST	443	49735	216.58.212.164	192.168.2.16
Aug 28, 2024 11:44:32.168667078 CEST	49735	443	192.168.2.16	216.58.212.164
Aug 28, 2024 11:44:42.034183979 CEST	443	49735	216.58.212.164	192.168.2.16
Aug 28, 2024 11:44:42.034255981 CEST	443	49735	216.58.212.164	192.168.2.16
Aug 28, 2024 11:44:42.034329891 CEST	49735	443	192.168.2.16	216.58.212.164
Aug 28, 2024 11:44:42.805181980 CEST	49735	443	192.168.2.16	216.58.212.164
Aug 28, 2024 11:44:42.805228949 CEST	443	49735	216.58.212.164	192.168.2.16
Aug 28, 2024 11:44:52.358570099 CEST	49683	443	192.168.2.16	204.79.197.222
Aug 28, 2024 11:44:52.358757973 CEST	49736	443	192.168.2.16	204.79.197.222
Aug 28, 2024 11:44:52.358791113 CEST	443	49736	204.79.197.222	192.168.2.16
Aug 28, 2024 11:44:52.358889103 CEST	49736	443	192.168.2.16	204.79.197.222
Aug 28, 2024 11:44:52.359098911 CEST	49736	443	192.168.2.16	204.79.197.222
Aug 28, 2024 11:44:52.359110117 CEST	443	49736	204.79.197.222	192.168.2.16
Aug 28, 2024 11:44:52.663810968 CEST	49683	443	192.168.2.16	204.79.197.222
Aug 28, 2024 11:44:53.266805887 CEST	49683	443	192.168.2.16	204.79.197.222
Aug 28, 2024 11:44:53.824013948 CEST	443	49736	204.79.197.222	192.168.2.16
Aug 28, 2024 11:44:53.824110985 CEST	49736	443	192.168.2.16	204.79.197.222
Aug 28, 2024 11:44:53.840002060 CEST	49736	443	192.168.2.16	204.79.197.222
Aug 28, 2024 11:44:53.840023994 CEST	443	49736	204.79.197.222	192.168.2.16
Aug 28, 2024 11:44:53.840136051 CEST	49736	443	192.168.2.16	204.79.197.222
Aug 28, 2024 11:44:53.840142012 CEST	443	49736	204.79.197.222	192.168.2.16
Aug 28, 2024 11:44:53.840255976 CEST	443	49736	204.79.197.222	192.168.2.16
Aug 28, 2024 11:44:53.840321064 CEST	49736	443	192.168.2.16	204.79.197.222
Aug 28, 2024 11:44:54.085117102 CEST	443	49736	204.79.197.222	192.168.2.16
Aug 28, 2024 11:44:54.085139990 CEST	443	49736	204.79.197.222	192.168.2.16
Aug 28, 2024 11:44:54.085197926 CEST	49736	443	192.168.2.16	204.79.197.222
Aug 28, 2024 11:44:54.085216045 CEST	443	49736	204.79.197.222	192.168.2.16
Aug 28, 2024 11:44:54.085230112 CEST	49736	443	192.168.2.16	204.79.197.222
Aug 28, 2024 11:44:54.085268974 CEST	49736	443	192.168.2.16	204.79.197.222
Aug 28, 2024 11:44:54.085777998 CEST	443	49736	204.79.197.222	192.168.2.16
Aug 28, 2024 11:44:54.085834026 CEST	49736	443	192.168.2.16	204.79.197.222
Aug 28, 2024 11:44:54.086218119 CEST	443	49736	204.79.197.222	192.168.2.16
Aug 28, 2024 11:44:54.086287022 CEST	49736	443	192.168.2.16	204.79.197.222
Aug 28, 2024 11:44:54.087059021 CEST	443	49736	204.79.197.222	192.168.2.16
Aug 28, 2024 11:44:54.087131977 CEST	49736	443	192.168.2.16	204.79.197.222
Aug 28, 2024 11:44:54.185894966 CEST	443	49736	204.79.197.222	192.168.2.16
Aug 28, 2024 11:44:54.185980082 CEST	49736	443	192.168.2.16	204.79.197.222
Aug 28, 2024 11:44:54.185981035 CEST	443	49736	204.79.197.222	192.168.2.16
Aug 28, 2024 11:44:54.186028004 CEST	49736	443	192.168.2.16	204.79.197.222
Aug 28, 2024 11:44:54.186058044 CEST	49736	443	192.168.2.16	204.79.197.222
Aug 28, 2024 11:44:54.186073065 CEST	443	49736	204.79.197.222	192.168.2.16
Aug 28, 2024 11:44:54.186084032 CEST	49736	443	192.168.2.16	204.79.197.222
Aug 28, 2024 11:44:54.186115026 CEST	49736	443	192.168.2.16	204.79.197.222
Aug 28, 2024 11:44:54.308350086 CEST	49675	443	192.168.2.16	204.79.197.200
Aug 28, 2024 11:44:54.308350086 CEST	49677	443	192.168.2.16	204.79.197.200
Aug 28, 2024 11:44:54.308351994 CEST	49674	443	192.168.2.16	204.79.197.200
Aug 28, 2024 11:44:54.308579922 CEST	49737	443	192.168.2.16	204.79.197.200
Aug 28, 2024 11:44:54.308604956 CEST	443	49737	204.79.197.200	192.168.2.16
Aug 28, 2024 11:44:54.308744907 CEST	49737	443	192.168.2.16	204.79.197.200
Aug 28, 2024 11:44:54.308891058 CEST	49737	443	192.168.2.16	204.79.197.200
Aug 28, 2024 11:44:54.308902979 CEST	443	49737	204.79.197.200	192.168.2.16
Aug 28, 2024 11:44:54.480843067 CEST	49683	443	192.168.2.16	204.79.197.222
Aug 28, 2024 11:44:54.608849049 CEST	49674	443	192.168.2.16	204.79.197.200
Aug 28, 2024 11:44:54.608850956 CEST	49675	443	192.168.2.16	204.79.197.200
Aug 28, 2024 11:44:54.608850956 CEST	49677	443	192.168.2.16	204.79.197.200
Aug 28, 2024 11:44:54.883198023 CEST	443	49737	204.79.197.200	192.168.2.16
Aug 28, 2024 11:44:54.883316994 CEST	49737	443	192.168.2.16	204.79.197.200
Aug 28, 2024 11:44:54.884632111 CEST	443	49737	204.79.197.200	192.168.2.16
Aug 28, 2024 11:44:54.884721994 CEST	49737	443	192.168.2.16	204.79.197.200
Aug 28, 2024 11:44:54.887698889 CEST	49737	443	192.168.2.16	204.79.197.200
Aug 28, 2024 11:44:54.887706041 CEST	443	49737	204.79.197.200	192.168.2.16
Aug 28, 2024 11:44:54.888006926 CEST	443	49737	204.79.197.200	192.168.2.16
Aug 28, 2024 11:44:54.888073921 CEST	49737	443	192.168.2.16	204.79.197.200
Aug 28, 2024 11:44:54.888410091 CEST	49737	443	192.168.2.16	204.79.197.200
Aug 28, 2024 11:44:54.888432980 CEST	443	49737	204.79.197.200	192.168.2.16
Aug 28, 2024 11:44:54.888484955 CEST	49737	443	192.168.2.16	204.79.197.200
Aug 28, 2024 11:44:54.932504892 CEST	443	49737	204.79.197.200	192.168.2.16
Aug 28, 2024 11:44:55.003787041 CEST	443	49737	204.79.197.200	192.168.2.16
Aug 28, 2024 11:44:55.003854036 CEST	443	49737	204.79.197.200	192.168.2.16
Aug 28, 2024 11:44:55.003882885 CEST	49737	443	192.168.2.16	204.79.197.200
Aug 28, 2024 11:44:55.003905058 CEST	49737	443	192.168.2.16	204.79.197.200
Aug 28, 2024 11:44:55.003979921 CEST	49737	443	192.168.2.16	204.79.197.200
Aug 28, 2024 11:44:55.003995895 CEST	443	49737	204.79.197.200	192.168.2.16
Aug 28, 2024 11:44:55.004004002 CEST	49737	443	192.168.2.16	204.79.197.200
Aug 28, 2024 11:44:55.004044056 CEST	49737	443	192.168.2.16	204.79.197.200
Aug 28, 2024 11:44:55.214703083 CEST	49674	443	192.168.2.16	204.79.197.200
Aug 28, 2024 11:44:55.214709044 CEST	49675	443	192.168.2.16	204.79.197.200
Aug 28, 2024 11:44:55.217907906 CEST	49677	443	192.168.2.16	204.79.197.200
Aug 28, 2024 11:44:56.210810900 CEST	49738	443	192.168.2.16	13.107.226.254
Aug 28, 2024 11:44:56.210858107 CEST	443	49738	13.107.226.254	192.168.2.16
Aug 28, 2024 11:44:56.210942030 CEST	49738	443	192.168.2.16	13.107.226.254
Aug 28, 2024 11:44:56.211303949 CEST	49738	443	192.168.2.16	13.107.226.254
Aug 28, 2024 11:44:56.211316109 CEST	443	49738	13.107.226.254	192.168.2.16
Aug 28, 2024 11:44:56.420710087 CEST	49674	443	192.168.2.16	204.79.197.200
Aug 28, 2024 11:44:56.420711994 CEST	49675	443	192.168.2.16	204.79.197.200
Aug 28, 2024 11:44:56.421900034 CEST	49677	443	192.168.2.16	204.79.197.200
Aug 28, 2024 11:44:56.880757093 CEST	49683	443	192.168.2.16	204.79.197.222
Aug 28, 2024 11:44:58.823741913 CEST	49675	443	192.168.2.16	204.79.197.200
Aug 28, 2024 11:44:58.823749065 CEST	49674	443	192.168.2.16	204.79.197.200
Aug 28, 2024 11:44:58.824132919 CEST	49677	443	192.168.2.16	204.79.197.200
Aug 28, 2024 11:45:01.168579102 CEST	49711	8443	192.168.2.16	188.114.96.3
Aug 28, 2024 11:45:01.174151897 CEST	8443	49711	188.114.96.3	192.168.2.16
Aug 28, 2024 11:45:01.692734003 CEST	49683	443	192.168.2.16	204.79.197.222
Aug 28, 2024 11:45:03.637845039 CEST	49675	443	192.168.2.16	204.79.197.200
Aug 28, 2024 11:45:03.637845993 CEST	49674	443	192.168.2.16	204.79.197.200
Aug 28, 2024 11:45:03.637845039 CEST	49677	443	192.168.2.16	204.79.197.200
Aug 28, 2024 11:45:04.193037987 CEST	49701	80	192.168.2.16	192.229.221.95
Aug 28, 2024 11:45:04.198448896 CEST	80	49701	192.229.221.95	192.168.2.16
Aug 28, 2024 11:45:04.198544025 CEST	49701	80	192.168.2.16	192.229.221.95
Aug 28, 2024 11:45:11.303781033 CEST	49683	443	192.168.2.16	204.79.197.222
Aug 28, 2024 11:45:13.243813992 CEST	49674	443	192.168.2.16	204.79.197.200
Aug 28, 2024 11:45:13.243814945 CEST	49675	443	192.168.2.16	204.79.197.200
Aug 28, 2024 11:45:13.243899107 CEST	49677	443	192.168.2.16	204.79.197.200

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 28, 2024 11:43:26.544063091 CEST	53	51709	1.1.1.1	192.168.2.16
Aug 28, 2024 11:43:26.559935093 CEST	53	62759	1.1.1.1	192.168.2.16
Aug 28, 2024 11:43:27.528237104 CEST	53	51145	1.1.1.1	192.168.2.16
Aug 28, 2024 11:43:29.870604992 CEST	50965	53	192.168.2.16	1.1.1.1
Aug 28, 2024 11:43:29.870840073 CEST	56468	53	192.168.2.16	1.1.1.1
Aug 28, 2024 11:43:29.958308935 CEST	53	50965	1.1.1.1	192.168.2.16
Aug 28, 2024 11:43:30.140165091 CEST	53	56468	1.1.1.1	192.168.2.16
Aug 28, 2024 11:43:30.995657921 CEST	55125	53	192.168.2.16	1.1.1.1
Aug 28, 2024 11:43:30.995843887 CEST	56938	53	192.168.2.16	1.1.1.1
Aug 28, 2024 11:43:30.996129036 CEST	58727	53	192.168.2.16	1.1.1.1
Aug 28, 2024 11:43:30.996273041 CEST	59590	53	192.168.2.16	1.1.1.1
Aug 28, 2024 11:43:31.003320932 CEST	53	59590	1.1.1.1	192.168.2.16
Aug 28, 2024 11:43:31.003349066 CEST	53	56938	1.1.1.1	192.168.2.16
Aug 28, 2024 11:43:31.003966093 CEST	53	55125	1.1.1.1	192.168.2.16
Aug 28, 2024 11:43:31.004640102 CEST	53	58727	1.1.1.1	192.168.2.16
Aug 28, 2024 11:43:31.156166077 CEST	60170	53	192.168.2.16	1.1.1.1
Aug 28, 2024 11:43:31.156342983 CEST	53581	53	192.168.2.16	1.1.1.1
Aug 28, 2024 11:43:31.156667948 CEST	50646	53	192.168.2.16	1.1.1.1
Aug 28, 2024 11:43:31.156794071 CEST	53051	53	192.168.2.16	1.1.1.1
Aug 28, 2024 11:43:31.163460016 CEST	53	53581	1.1.1.1	192.168.2.16
Aug 28, 2024 11:43:31.163758993 CEST	53	60170	1.1.1.1	192.168.2.16
Aug 28, 2024 11:43:31.238745928 CEST	53	50646	1.1.1.1	192.168.2.16
Aug 28, 2024 11:43:31.420646906 CEST	54366	53	192.168.2.16	1.1.1.1
Aug 28, 2024 11:43:31.420798063 CEST	51686	53	192.168.2.16	1.1.1.1
Aug 28, 2024 11:43:31.593070984 CEST	53	53051	1.1.1.1	192.168.2.16
Aug 28, 2024 11:43:31.594897032 CEST	53	51686	1.1.1.1	192.168.2.16
Aug 28, 2024 11:43:31.595247030 CEST	53	54366	1.1.1.1	192.168.2.16
Aug 28, 2024 11:43:32.215981960 CEST	51037	53	192.168.2.16	1.1.1.1
Aug 28, 2024 11:43:32.216120958 CEST	64841	53	192.168.2.16	1.1.1.1
Aug 28, 2024 11:43:32.226473093 CEST	53	64841	1.1.1.1	192.168.2.16
Aug 28, 2024 11:43:32.227210999 CEST	53	51037	1.1.1.1	192.168.2.16
Aug 28, 2024 11:43:32.241473913 CEST	53	53148	1.1.1.1	192.168.2.16
Aug 28, 2024 11:43:44.652993917 CEST	53	58247	1.1.1.1	192.168.2.16
Aug 28, 2024 11:44:03.577641010 CEST	53	51341	1.1.1.1	192.168.2.16
Aug 28, 2024 11:44:26.542648077 CEST	53	52903	1.1.1.1	192.168.2.16
Aug 28, 2024 11:44:26.648339987 CEST	53	54943	1.1.1.1	192.168.2.16
Aug 28, 2024 11:44:31.301835060 CEST	138	138	192.168.2.16	192.168.2.255
Aug 28, 2024 11:44:54.169464111 CEST	53	57707	1.1.1.1	192.168.2.16

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Aug 28, 2024 11:43:30.140285015 CEST	192.168.2.16	1.1.1.1	c297	(Port unreachable)	Destination Unreachable
Aug 28, 2024 11:43:31.593158960 CEST	192.168.2.16	1.1.1.1	c22f	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Aug 28, 2024 11:43:29.870604992 CEST	192.168.2.16	1.1.1.1	0xd1f3	Standard query (0)	343618095.zenslim.ru	A (IP address)	IN (0x0001)	false
Aug 28, 2024 11:43:29.870840073 CEST	192.168.2.16	1.1.1.1	0x5b72	Standard query (0)	_8443._https.343618095.zenslim.ru	65	IN (0x0001)	false
Aug 28, 2024 11:43:30.995657921 CEST	192.168.2.16	1.1.1.1	0x1e46	Standard query (0)	www.w3schools.com	A (IP address)	IN (0x0001)	false
Aug 28, 2024 11:43:30.995843887 CEST	192.168.2.16	1.1.1.1	0xdf2c	Standard query (0)	www.w3schools.com	65	IN (0x0001)	false
Aug 28, 2024 11:43:30.996129036 CEST	192.168.2.16	1.1.1.1	0xfee7	Standard query (0)	cdnjs.cloudflare.com	A (IP address)	IN (0x0001)	false
Aug 28, 2024 11:43:30.996273041 CEST	192.168.2.16	1.1.1.1	0x10cb	Standard query (0)	cdnjs.cloudflare.com	65	IN (0x0001)	false
Aug 28, 2024 11:43:31.156166077 CEST	192.168.2.16	1.1.1.1	0x5ff5	Standard query (0)	aadcdn.msftauth.net	A (IP address)	IN (0x0001)	false
Aug 28, 2024 11:43:31.156342983 CEST	192.168.2.16	1.1.1.1	0x2d7b	Standard query (0)	aadcdn.msftauth.net	65	IN (0x0001)	false
Aug 28, 2024 11:43:31.156667948 CEST	192.168.2.16	1.1.1.1	0xf716	Standard query (0)	kasumbo.com	A (IP address)	IN (0x0001)	false
Aug 28, 2024 11:43:31.156794071 CEST	192.168.2.16	1.1.1.1	0x7d9	Standard query (0)	kasumbo.com	65	IN (0x0001)	false
Aug 28, 2024 11:43:31.420646906 CEST	192.168.2.16	1.1.1.1	0xa47e	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Aug 28, 2024 11:43:31.420798063 CEST	192.168.2.16	1.1.1.1	0x60bd	Standard query (0)	www.google.com	65	IN (0x0001)	false
Aug 28, 2024 11:43:32.215981960 CEST	192.168.2.16	1.1.1.1	0x64d6	Standard query (0)	aadcdn.msftauth.net	A (IP address)	IN (0x0001)	false
Aug 28, 2024 11:43:32.216120958 CEST	192.168.2.16	1.1.1.1	0x8aa4	Standard query (0)	aadcdn.msftauth.net	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Aug 28, 2024 11:43:29.958308935 CEST	1.1.1.1	192.168.2.16	0xd1f3	No error (0)	343618095.zenslim.ru		188.114.96.3	A (IP address)	IN (0x0001)	false
Aug 28, 2024 11:43:29.958308935 CEST	1.1.1.1	192.168.2.16	0xd1f3	No error (0)	343618095.zenslim.ru		188.114.97.3	A (IP address)	IN (0x0001)	false
Aug 28, 2024 11:43:30.140165091 CEST	1.1.1.1	192.168.2.16	0x5b72	No error (0)	_8443._https.343618095.zenslim.ru			65	IN (0x0001)	false
Aug 28, 2024 11:43:31.003320932 CEST	1.1.1.1	192.168.2.16	0x10cb	No error (0)	cdnjs.cloudflare.com			65	IN (0x0001)	false
Aug 28, 2024 11:43:31.003349066 CEST	1.1.1.1	192.168.2.16	0xdf2c	No error (0)	www.w3schools.com	cs837.wac.edgecastcdn.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 28, 2024 11:43:31.003966093 CEST	1.1.1.1	192.168.2.16	0x1e46	No error (0)	www.w3schools.com	cs837.wac.edgecastcdn.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 28, 2024 11:43:31.003966093 CEST	1.1.1.1	192.168.2.16	0x1e46	No error (0)	cs837.wac.edgecastcdn.net		192.229.133.221	A (IP address)	IN (0x0001)	false
Aug 28, 2024 11:43:31.004640102 CEST	1.1.1.1	192.168.2.16	0xfee7	No error (0)	cdnjs.cloudflare.com		104.17.24.14	A (IP address)	IN (0x0001)	false
Aug 28, 2024 11:43:31.004640102 CEST	1.1.1.1	192.168.2.16	0xfee7	No error (0)	cdnjs.cloudflare.com		104.17.25.14	A (IP address)	IN (0x0001)	false
Aug 28, 2024 11:43:31.163460016 CEST	1.1.1.1	192.168.2.16	0x2d7b	No error (0)	aadcdn.msftauth.net	scdn38e6f.wpc.9be8f.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 28, 2024 11:43:31.163460016 CEST	1.1.1.1	192.168.2.16	0x2d7b	No error (0)	scdn38e6f.wpc.9be8f.omegacdn.net	sni1gl.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 28, 2024 11:43:31.163758993 CEST	1.1.1.1	192.168.2.16	0x5ff5	No error (0)	aadcdn.msftauth.net	scdn38e6f.wpc.9be8f.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 28, 2024 11:43:31.163758993 CEST	1.1.1.1	192.168.2.16	0x5ff5	No error (0)	scdn38e6f.wpc.9be8f.omegacdn.net	sni1gl.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 28, 2024 11:43:31.163758993 CEST	1.1.1.1	192.168.2.16	0x5ff5	No error (0)	sni1gl.wpc.omegacdn.net		152.199.21.175	A (IP address)	IN (0x0001)	false
Aug 28, 2024 11:43:31.238745928 CEST	1.1.1.1	192.168.2.16	0xf716	No error (0)	kasumbo.com		108.178.43.142	A (IP address)	IN (0x0001)	false
Aug 28, 2024 11:43:31.594897032 CEST	1.1.1.1	192.168.2.16	0x60bd	No error (0)	www.google.com			65	IN (0x0001)	false
Aug 28, 2024 11:43:31.595247030 CEST	1.1.1.1	192.168.2.16	0xa47e	No error (0)	www.google.com		216.58.212.164	A (IP address)	IN (0x0001)	false
Aug 28, 2024 11:43:32.226473093 CEST	1.1.1.1	192.168.2.16	0x8aa4	No error (0)	aadcdn.msftauth.net	scdn38e6f.wpc.9be8f.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 28, 2024 11:43:32.226473093 CEST	1.1.1.1	192.168.2.16	0x8aa4	No error (0)	scdn38e6f.wpc.9be8f.omegacdn.net	sni1gl.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 28, 2024 11:43:32.227210999 CEST	1.1.1.1	192.168.2.16	0x64d6	No error (0)	aadcdn.msftauth.net	scdn38e6f.wpc.9be8f.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 28, 2024 11:43:32.227210999 CEST	1.1.1.1	192.168.2.16	0x64d6	No error (0)	scdn38e6f.wpc.9be8f.omegacdn.net	sni1gl.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 28, 2024 11:43:32.227210999 CEST	1.1.1.1	192.168.2.16	0x64d6	No error (0)	sni1gl.wpc.omegacdn.net		152.199.21.175	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

https:

cdnjs.cloudflare.com

kasumbo.com

www.w3schools.com

aadcdn.msftauth.net

fp.msedge.net

www.bing.com

fs.microsoft.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.16	49713	104.17.24.14	443	6876	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-28 09:43:31 UTC	596	OUT	GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1 Host: cdnjs.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://343618095.zenslim.ru:8443/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-28 09:43:31 UTC	949	IN	HTTP/1.1 200 OK Date: Wed, 28 Aug 2024 09:43:31 GMT Content-Type: text/css; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=30672000 ETag: W/"5eb03e5f-7918" Last-Modified: Mon, 04 May 2020 16:10:07 GMT cf-cdnjs-via: cfworker/kv Cross-Origin-Resource-Policy: cross-origin Timing-Allow-Origin: * X-Content-Type-Options: nosniff CF-Cache-Status: HIT Age: 1281342 Expires: Mon, 18 Aug 2025 09:43:31 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GpodU3Vqs5PbVSth%2F36z950zPbECmWrfe8n2GaoQiEOVrJ%2Baf3gSe3FnAneOJTzAQMmyEwn7Q4WRdiNHHe0%2Bgb6%2FaKCnk1oaOBRhSKAD5QTsN07yK2m%2BfWTET8tc6qMegGidozl9"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} Strict-Transport-Security: max-age=15780000 Server: cloudflare CF-RAY: 8ba35b86fed28cee-EWR alt-svc: h3=":443"; ma=86400
2024-08-28 09:43:31 UTC	420	IN	Data Raw: 37 39 31 38 0d 0a 2f 2a 21 0a 20 2a 20 20 46 6f 6e 74 20 41 77 65 73 6f 6d 65 20 34 2e 37 2e 30 20 62 79 20 40 64 61 76 65 67 61 6e 64 79 20 2d 20 68 74 74 70 3a 2f 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2e 69 6f 20 2d 20 40 66 6f 6e 74 61 77 65 73 6f 6d 65 0a 20 2a 20 20 4c 69 63 65 6e 73 65 20 2d 20 68 74 74 70 3a 2f 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2e 69 6f 2f 6c 69 63 65 6e 73 65 20 28 46 6f 6e 74 3a 20 53 49 4c 20 4f 46 4c 20 31 2e 31 2c 20 43 53 53 3a 20 4d 49 54 20 4c 69 63 65 6e 73 65 29 0a 20 2a 2f 40 66 6f 6e 74 2d 66 61 63 65 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 27 46 6f 6e 74 41 77 65 73 6f 6d 65 27 3b 73 72 63 3a 75 72 6c 28 27 2e 2e 2f 66 6f 6e 74 73 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2d 77 65 62 66 6f 6e 74 2e 65 6f 74 3f 76 3d 34 2e 37 Data Ascii: 7918/! Font Awesome 4.7.0 by @davegandy - http://fontawesome.io - @fontawesome * License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License) */@font-face{font-family:'FontAwesome';src:url('../fonts/fontawesome-webfont.eot?v=4.7
2024-08-28 09:43:31 UTC	1369	IN	Data Raw: 2f 66 6f 6e 74 73 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2d 77 65 62 66 6f 6e 74 2e 77 6f 66 66 3f 76 3d 34 2e 37 2e 30 27 29 20 66 6f 72 6d 61 74 28 27 77 6f 66 66 27 29 2c 75 72 6c 28 27 2e 2e 2f 66 6f 6e 74 73 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2d 77 65 62 66 6f 6e 74 2e 74 74 66 3f 76 3d 34 2e 37 2e 30 27 29 20 66 6f 72 6d 61 74 28 27 74 72 75 65 74 79 70 65 27 29 2c 75 72 6c 28 27 2e 2e 2f 66 6f 6e 74 73 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2d 77 65 62 66 6f 6e 74 2e 73 76 67 3f 76 3d 34 2e 37 2e 30 23 66 6f 6e 74 61 77 65 73 6f 6d 65 72 65 67 75 6c 61 72 27 29 20 66 6f 72 6d 61 74 28 27 73 76 67 27 29 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 7d 2e 66 61 7b 64 69 73 70 6c 61 79 3a 69 Data Ascii: /fonts/fontawesome-webfont.woff?v=4.7.0') format('woff'),url('../fonts/fontawesome-webfont.ttf?v=4.7.0') format('truetype'),url('../fonts/fontawesome-webfont.svg?v=4.7.0#fontawesomeregular') format('svg');font-weight:normal;font-style:normal}.fa{display:i
2024-08-28 09:43:31 UTC	1369	IN	Data Raw: 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 30 64 65 67 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 30 64 65 67 29 7d 31 30 30 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 33 35 39 64 65 67 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 33 35 39 64 65 67 29 7d 7d 40 6b 65 79 66 72 61 6d 65 73 20 66 61 2d 73 70 69 6e 7b 30 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 30 64 65 67 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 30 64 65 67 29 7d 31 30 30 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 33 35 39 64 65 67 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 33 35 39 64 65 67 29 Data Ascii: webkit-transform:rotate(0deg);transform:rotate(0deg)}100%{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}@keyframes fa-spin{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}100%{-webkit-transform:rotate(359deg);transform:rotate(359deg)
2024-08-28 09:43:31 UTC	1369	IN	Data Raw: 6b 2d 31 78 2c 2e 66 61 2d 73 74 61 63 6b 2d 32 78 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6c 65 66 74 3a 30 3b 77 69 64 74 68 3a 31 30 30 25 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 66 61 2d 73 74 61 63 6b 2d 31 78 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 69 6e 68 65 72 69 74 7d 2e 66 61 2d 73 74 61 63 6b 2d 32 78 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 65 6d 7d 2e 66 61 2d 69 6e 76 65 72 73 65 7b 63 6f 6c 6f 72 3a 23 66 66 66 7d 2e 66 61 2d 67 6c 61 73 73 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 30 30 22 7d 2e 66 61 2d 6d 75 73 69 63 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 30 31 22 7d 2e 66 61 2d 73 65 61 72 63 68 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 30 32 22 7d Data Ascii: k-1x,.fa-stack-2x{position:absolute;left:0;width:100%;text-align:center}.fa-stack-1x{line-height:inherit}.fa-stack-2x{font-size:2em}.fa-inverse{color:#fff}.fa-glass:before{content:"\f000"}.fa-music:before{content:"\f001"}.fa-search:before{content:"\f002"}
2024-08-28 09:43:31 UTC	1369	IN	Data Raw: 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 32 33 22 7d 2e 66 61 2d 66 6c 61 67 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 32 34 22 7d 2e 66 61 2d 68 65 61 64 70 68 6f 6e 65 73 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 32 35 22 7d 2e 66 61 2d 76 6f 6c 75 6d 65 2d 6f 66 66 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 32 36 22 7d 2e 66 61 2d 76 6f 6c 75 6d 65 2d 64 6f 77 6e 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 32 37 22 7d 2e 66 61 2d 76 6f 6c 75 6d 65 2d 75 70 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 32 38 22 7d 2e 66 61 2d 71 72 63 6f 64 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 32 39 22 7d 2e 66 61 2d 62 61 72 63 6f 64 65 3a 62 65 66 6f 72 65 7b 63 Data Ascii: {content:"\f023"}.fa-flag:before{content:"\f024"}.fa-headphones:before{content:"\f025"}.fa-volume-off:before{content:"\f026"}.fa-volume-down:before{content:"\f027"}.fa-volume-up:before{content:"\f028"}.fa-qrcode:before{content:"\f029"}.fa-barcode:before{c
2024-08-28 09:43:31 UTC	1369	IN	Data Raw: 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 34 38 22 7d 2e 66 61 2d 66 61 73 74 2d 62 61 63 6b 77 61 72 64 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 34 39 22 7d 2e 66 61 2d 62 61 63 6b 77 61 72 64 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 34 61 22 7d 2e 66 61 2d 70 6c 61 79 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 34 62 22 7d 2e 66 61 2d 70 61 75 73 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 34 63 22 7d 2e 66 61 2d 73 74 6f 70 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 34 64 22 7d 2e 66 61 2d 66 6f 72 77 61 72 64 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 34 65 22 7d 2e 66 61 2d 66 61 73 74 2d 66 6f 72 77 61 72 64 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 Data Ascii: e{content:"\f048"}.fa-fast-backward:before{content:"\f049"}.fa-backward:before{content:"\f04a"}.fa-play:before{content:"\f04b"}.fa-pause:before{content:"\f04c"}.fa-stop:before{content:"\f04d"}.fa-forward:before{content:"\f04e"}.fa-fast-forward:before{cont
2024-08-28 09:43:31 UTC	1369	IN	Data Raw: 61 2d 65 79 65 2d 73 6c 61 73 68 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 37 30 22 7d 2e 66 61 2d 77 61 72 6e 69 6e 67 3a 62 65 66 6f 72 65 2c 2e 66 61 2d 65 78 63 6c 61 6d 61 74 69 6f 6e 2d 74 72 69 61 6e 67 6c 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 37 31 22 7d 2e 66 61 2d 70 6c 61 6e 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 37 32 22 7d 2e 66 61 2d 63 61 6c 65 6e 64 61 72 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 37 33 22 7d 2e 66 61 2d 72 61 6e 64 6f 6d 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 37 34 22 7d 2e 66 61 2d 63 6f 6d 6d 65 6e 74 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 37 35 22 7d 2e 66 61 2d 6d 61 67 6e 65 74 3a 62 65 66 6f Data Ascii: a-eye-slash:before{content:"\f070"}.fa-warning:before,.fa-exclamation-triangle:before{content:"\f071"}.fa-plane:before{content:"\f072"}.fa-calendar:before{content:"\f073"}.fa-random:before{content:"\f074"}.fa-comment:before{content:"\f075"}.fa-magnet:befo
2024-08-28 09:43:31 UTC	1369	IN	Data Raw: 6f 6e 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 39 35 22 7d 2e 66 61 2d 73 71 75 61 72 65 2d 6f 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 39 36 22 7d 2e 66 61 2d 62 6f 6f 6b 6d 61 72 6b 2d 6f 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 39 37 22 7d 2e 66 61 2d 70 68 6f 6e 65 2d 73 71 75 61 72 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 39 38 22 7d 2e 66 61 2d 74 77 69 74 74 65 72 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 39 39 22 7d 2e 66 61 2d 66 61 63 65 62 6f 6f 6b 2d 66 3a 62 65 66 6f 72 65 2c 2e 66 61 2d 66 61 63 65 62 6f 6f 6b 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 39 61 22 7d 2e 66 61 2d 67 69 74 68 75 62 3a 62 65 66 6f 72 65 7b 63 6f 6e Data Ascii: one:before{content:"\f095"}.fa-square-o:before{content:"\f096"}.fa-bookmark-o:before{content:"\f097"}.fa-phone-square:before{content:"\f098"}.fa-twitter:before{content:"\f099"}.fa-facebook-f:before,.fa-facebook:before{content:"\f09a"}.fa-github:before{con
2024-08-28 09:43:31 UTC	1369	IN	Data Raw: 66 30 63 36 22 7d 2e 66 61 2d 73 61 76 65 3a 62 65 66 6f 72 65 2c 2e 66 61 2d 66 6c 6f 70 70 79 2d 6f 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 63 37 22 7d 2e 66 61 2d 73 71 75 61 72 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 63 38 22 7d 2e 66 61 2d 6e 61 76 69 63 6f 6e 3a 62 65 66 6f 72 65 2c 2e 66 61 2d 72 65 6f 72 64 65 72 3a 62 65 66 6f 72 65 2c 2e 66 61 2d 62 61 72 73 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 63 39 22 7d 2e 66 61 2d 6c 69 73 74 2d 75 6c 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 63 61 22 7d 2e 66 61 2d 6c 69 73 74 2d 6f 6c 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 63 62 22 7d 2e 66 61 2d 73 74 72 69 6b 65 74 68 72 6f 75 67 68 3a 62 65 66 6f 72 Data Ascii: f0c6"}.fa-save:before,.fa-floppy-o:before{content:"\f0c7"}.fa-square:before{content:"\f0c8"}.fa-navicon:before,.fa-reorder:before,.fa-bars:before{content:"\f0c9"}.fa-list-ul:before{content:"\f0ca"}.fa-list-ol:before{content:"\f0cb"}.fa-strikethrough:befor
2024-08-28 09:43:31 UTC	1369	IN	Data Raw: 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 65 39 22 7d 2e 66 61 2d 70 61 73 74 65 3a 62 65 66 6f 72 65 2c 2e 66 61 2d 63 6c 69 70 62 6f 61 72 64 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 65 61 22 7d 2e 66 61 2d 6c 69 67 68 74 62 75 6c 62 2d 6f 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 65 62 22 7d 2e 66 61 2d 65 78 63 68 61 6e 67 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 65 63 22 7d 2e 66 61 2d 63 6c 6f 75 64 2d 64 6f 77 6e 6c 6f 61 64 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 65 64 22 7d 2e 66 61 2d 63 6c 6f 75 64 2d 75 70 6c 6f 61 64 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 65 65 22 7d 2e 66 61 2d 75 73 65 72 2d 6d 64 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 Data Ascii: fore{content:"\f0e9"}.fa-paste:before,.fa-clipboard:before{content:"\f0ea"}.fa-lightbulb-o:before{content:"\f0eb"}.fa-exchange:before{content:"\f0ec"}.fa-cloud-download:before{content:"\f0ed"}.fa-cloud-upload:before{content:"\f0ee"}.fa-user-md:before{cont

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.16	49716	108.178.43.142	443	6876	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-28 09:43:31 UTC	609	OUT	GET /smarty/xls_v1.6/tail-spin.svg HTTP/1.1 Host: kasumbo.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://343618095.zenslim.ru:8443/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-28 09:43:31 UTC	475	IN	HTTP/1.1 403 Forbidden Connection: close content-type: text/html content-length: 146 date: Wed, 28 Aug 2024 09:43:31 GMT strict-transport-security: max-age=31536000; includeSubDomains; preload x-frame-options: SAMEORIGIN x-content-type-options: nosniff vary: User-Agent,Accept-Encoding alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-08-28 09:43:31 UTC	146	IN	Data Raw: 3c 70 3e 54 68 69 73 20 77 65 62 73 69 74 65 20 68 61 73 20 62 65 65 6e 20 64 69 73 61 62 6c 65 64 2e 20 3c 2f 70 3e 3c 70 3e 20 49 66 20 79 6f 75 20 61 72 65 20 74 68 65 20 73 69 74 65 2d 6f 77 6e 65 72 2c 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 54 65 63 68 6e 69 63 61 6c 20 53 75 70 70 6f 72 74 20 66 6f 72 20 66 75 72 74 68 65 72 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 6e 64 20 61 73 73 69 73 74 61 6e 63 65 2e 3c 2f 70 3e Data Ascii: <p>This website has been disabled. </p><p> If you are the site-owner, please contact Technical Support for further information and assistance.</p>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.16	49712	192.229.133.221	443	6876	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-28 09:43:31 UTC	554	OUT	GET /w3css/4/w3.css HTTP/1.1 Host: www.w3schools.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://343618095.zenslim.ru:8443/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-28 09:43:32 UTC	575	IN	HTTP/1.1 200 OK Age: 77400 Cache-Control: public,max-age=31536000,public Content-Security-Policy: frame-ancestors 'self' https://mycourses.w3schools.com https://pathfinder.w3schools.com; Content-Type: text/css Date: Wed, 28 Aug 2024 09:43:31 GMT Etag: "0f2b3f976f8da1:0+ident" Last-Modified: Tue, 27 Aug 2024 11:48:04 GMT Server: ECS (lhd/35B3) Vary: Accept-Encoding X-Cache: HIT X-Content-Security-Policy: frame-ancestors 'self' https://mycourses.w3schools.com https://pathfinder.w3schools.com; X-Powered-By: ASP.NET Content-Length: 23427 Connection: close
2024-08-28 09:43:32 UTC	16383	IN	Data Raw: ef bb bf 2f 2a 20 57 33 2e 43 53 53 20 34 2e 31 35 20 44 65 63 65 6d 62 65 72 20 32 30 32 30 20 62 79 20 4a 61 6e 20 45 67 69 6c 20 61 6e 64 20 42 6f 72 67 65 20 52 65 66 73 6e 65 73 20 2a 2f 0a 68 74 6d 6c 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 7d 2a 2c 2a 3a 62 65 66 6f 72 65 2c 2a 3a 61 66 74 65 72 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 69 6e 68 65 72 69 74 7d 0a 2f 2a 20 45 78 74 72 61 63 74 20 66 72 6f 6d 20 6e 6f 72 6d 61 6c 69 7a 65 2e 63 73 73 20 62 79 20 4e 69 63 6f 6c 61 73 20 47 61 6c 6c 61 67 68 65 72 20 61 6e 64 20 4a 6f 6e 61 74 68 61 6e 20 4e 65 61 6c 20 67 69 74 2e 69 6f 2f 6e 6f 72 6d 61 6c 69 7a 65 20 2a 2f 0a 68 74 6d 6c 7b 2d 6d 73 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 2d 77 65 62 Data Ascii: /* W3.CSS 4.15 December 2020 by Jan Egil and Borge Refsnes /html{box-sizing:border-box},:before,:after{box-sizing:inherit}/* Extract from normalize.css by Nicolas Gallagher and Jonathan Neal git.io/normalize */html{-ms-text-size-adjust:100%;-web
2024-08-28 09:43:32 UTC	7044	IN	Data Raw: 21 69 6d 70 6f 72 74 61 6e 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 62 63 64 34 21 69 6d 70 6f 72 74 61 6e 74 7d 0a 2e 77 33 2d 62 6c 75 65 2d 67 72 65 79 2c 2e 77 33 2d 68 6f 76 65 72 2d 62 6c 75 65 2d 67 72 65 79 3a 68 6f 76 65 72 2c 2e 77 33 2d 62 6c 75 65 2d 67 72 61 79 2c 2e 77 33 2d 68 6f 76 65 72 2d 62 6c 75 65 2d 67 72 61 79 3a 68 6f 76 65 72 7b 63 6f 6c 6f 72 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 36 30 37 64 38 62 21 69 6d 70 6f 72 74 61 6e 74 7d 0a 2e 77 33 2d 67 72 65 65 6e 2c 2e 77 33 2d 68 6f 76 65 72 2d 67 72 65 65 6e 3a 68 6f 76 65 72 7b 63 6f 6c 6f 72 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 Data Ascii: !important;background-color:#00bcd4!important}.w3-blue-grey,.w3-hover-blue-grey:hover,.w3-blue-gray,.w3-hover-blue-gray:hover{color:#fff!important;background-color:#607d8b!important}.w3-green,.w3-hover-green:hover{color:#fff!important;background-color:#

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.16	49715	152.199.21.175	443	6876	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-28 09:43:31 UTC	665	OUT	GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://343618095.zenslim.ru:8443/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-28 09:43:32 UTC	738	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 13579335 Cache-Control: public, max-age=31536000 Content-MD5: nzaLxFgP7ZB3dfMcaybWzw== Content-Type: image/svg+xml Date: Wed, 28 Aug 2024 09:43:32 GMT Etag: 0x8DB5C3F495F4B8C Last-Modified: Wed, 24 May 2023 10:11:48 GMT Server: ECAcc (lhc/7892) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 002cd9d5-201e-00e1-69ad-7d6453000000 x-ms-version: 2009-09-19 Content-Length: 3651 Connection: close
2024-08-28 09:43:32 UTC	3651	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 30 38 22 20 68 65 69 67 68 74 3d 22 32 34 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 38 20 32 34 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 64 3d 22 4d 34 34 2e 38 33 36 2c 34 2e 36 56 31 38 2e 34 68 2d 32 2e 34 56 37 2e 35 38 33 48 34 32 2e 34 4c 33 38 2e 31 31 39 2c 31 38 2e 34 48 33 36 2e 35 33 31 4c 33 32 2e 31 34 32 2c 37 2e 35 38 33 68 2d 2e 30 32 39 56 31 38 2e 34 48 32 39 2e 39 56 34 2e 36 68 33 2e 34 33 36 4c 33 37 2e 33 2c 31 34 2e 38 33 68 2e 30 35 38 4c 34 31 2e 35 34 35 2c 34 2e 36 5a 6d 32 2c 31 2e 30 34 39 61 31 2e 32 36 38 2c 31 2e 32 36 38 2c 30 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.16	49718	152.199.21.175	443	6876	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-28 09:43:33 UTC	420	OUT	GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-28 09:43:33 UTC	738	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 13579336 Cache-Control: public, max-age=31536000 Content-MD5: nzaLxFgP7ZB3dfMcaybWzw== Content-Type: image/svg+xml Date: Wed, 28 Aug 2024 09:43:33 GMT Etag: 0x8DB5C3F495F4B8C Last-Modified: Wed, 24 May 2023 10:11:48 GMT Server: ECAcc (lhc/7892) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 002cd9d5-201e-00e1-69ad-7d6453000000 x-ms-version: 2009-09-19 Content-Length: 3651 Connection: close
2024-08-28 09:43:33 UTC	3651	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 30 38 22 20 68 65 69 67 68 74 3d 22 32 34 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 38 20 32 34 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 64 3d 22 4d 34 34 2e 38 33 36 2c 34 2e 36 56 31 38 2e 34 68 2d 32 2e 34 56 37 2e 35 38 33 48 34 32 2e 34 4c 33 38 2e 31 31 39 2c 31 38 2e 34 48 33 36 2e 35 33 31 4c 33 32 2e 31 34 32 2c 37 2e 35 38 33 68 2d 2e 30 32 39 56 31 38 2e 34 48 32 39 2e 39 56 34 2e 36 68 33 2e 34 33 36 4c 33 37 2e 33 2c 31 34 2e 38 33 68 2e 30 35 38 4c 34 31 2e 35 34 35 2c 34 2e 36 5a 6d 32 2c 31 2e 30 34 39 61 31 2e 32 36 38 2c 31 2e 32 36 38 2c 30 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.16	49720	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-08-28 09:43:33 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-08-28 09:43:34 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=258799 Date: Wed, 28 Aug 2024 09:43:34 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.16	49721	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-08-28 09:43:34 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-08-28 09:43:35 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=258752 Date: Wed, 28 Aug 2024 09:43:34 GMT Content-Length: 55 Connection: close X-CID: 2
2024-08-28 09:43:35 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.16	49722	13.85.23.86	443

Timestamp	Bytes transferred	Direction	Data
2024-08-28 09:43:36 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=vA9ToKabN4xVgsx&MD=wHez7n3V HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-08-28 09:43:36 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 0d723748-6128-4052-b0df-26efe608ada1 MS-RequestId: c23c3bce-313d-4670-84e5-d9cb757b9821 MS-CV: YZ02zmIW60uTwsYq.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 28 Aug 2024 09:43:35 GMT Connection: close Content-Length: 24490
2024-08-28 09:43:36 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-08-28 09:43:36 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.16	49724	40.126.32.68	443

Timestamp	Bytes transferred	Direction	Data
2024-08-28 09:43:37 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4710 Host: login.live.com
2024-08-28 09:43:37 UTC	4710	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-08-28 09:43:38 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Wed, 28 Aug 2024 09:42:38 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C538_BAY x-ms-request-id: 29bdef18-705d-4ffd-852c-f6e227e6d8b9 PPServer: PPV: 30 H: PH1PEPF00018BC8 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Wed, 28 Aug 2024 09:43:37 GMT Connection: close Content-Length: 10173
2024-08-28 09:43:38 UTC	10173	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.16	49726	40.126.32.68	443

Timestamp	Bytes transferred	Direction	Data
2024-08-28 09:43:39 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4710 Host: login.live.com
2024-08-28 09:43:39 UTC	4710	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-08-28 09:43:40 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Wed, 28 Aug 2024 09:42:40 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C538_SN1 x-ms-request-id: dd1df279-195c-41bb-ae0d-db2ad65b0276 PPServer: PPV: 30 H: SN1PEPF0004014D V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Wed, 28 Aug 2024 09:43:39 GMT Connection: close Content-Length: 10173
2024-08-28 09:43:40 UTC	10173	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.16	49728	40.126.32.68	443

Timestamp	Bytes transferred	Direction	Data
2024-08-28 09:43:42 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4710 Host: login.live.com
2024-08-28 09:43:42 UTC	4710	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-08-28 09:43:42 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Wed, 28 Aug 2024 09:42:42 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C538_BAY x-ms-request-id: 6adeb77b-6371-4651-acd3-b4c65e46c669 PPServer: PPV: 30 H: PH1PEPF00018BC9 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Wed, 28 Aug 2024 09:43:41 GMT Connection: close Content-Length: 10173
2024-08-28 09:43:42 UTC	10173	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.16	49730	40.126.32.68	443

Timestamp	Bytes transferred	Direction	Data
2024-08-28 09:43:44 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4710 Host: login.live.com
2024-08-28 09:43:44 UTC	4710	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-08-28 09:43:44 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Wed, 28 Aug 2024 09:42:44 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C538_BAY x-ms-request-id: d3692415-f957-4f7f-996b-2679391ac338 PPServer: PPV: 30 H: PH1PEPF00011EE0 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Wed, 28 Aug 2024 09:43:43 GMT Connection: close Content-Length: 10173
2024-08-28 09:43:44 UTC	10173	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.16	49733	13.85.23.86	443

Timestamp	Bytes transferred	Direction	Data
2024-08-28 09:44:13 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=vA9ToKabN4xVgsx&MD=wHez7n3V HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-08-28 09:44:13 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 3a87b6c7-e21b-4ecb-8cce-044164062240 MS-RequestId: 02d7f115-6d69-4717-9450-fa543785ce78 MS-CV: CnBAhR75L02vLrlZ.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 28 Aug 2024 09:44:13 GMT Connection: close Content-Length: 30005
2024-08-28 09:44:13 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-08-28 09:44:13 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.16	49736	204.79.197.222	443

Timestamp	Bytes transferred	Direction	Data
2024-08-28 09:44:53 UTC	462	OUT	GET /conf/v2/asgw/fpconfig.min.json?monitorId=asgw HTTP/1.1 Origin: https://www.bing.com Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: fp.msedge.net Connection: Keep-Alive
2024-08-28 09:44:54 UTC	429	IN	HTTP/1.1 200 OK Cache-Control: public,max-age=900 Content-Length: 19801 Content-Type: application/json; charset=utf-8 ETag: "1795667617" Access-Control-Allow-Origin: * Request-Context: appId=cid-v1:b183296d-485b-49fc-81c7-a511e61d1309 X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: DE1314D2B4F44B98A9AA472400151D38 Ref B: EWR30EDGE0714 Ref C: 2024-08-28T09:44:53Z Date: Wed, 28 Aug 2024 09:44:53 GMT Connection: close
2024-08-28 09:44:54 UTC	3750	IN	Data Raw: 7b 22 73 22 3a 35 30 30 30 2c 22 6e 22 3a 33 2c 22 65 22 3a 5b 7b 22 65 22 3a 22 2a 2e 61 7a 72 2e 66 6f 6f 74 70 72 69 6e 74 64 6e 73 2e 63 6f 6d 22 2c 22 77 22 3a 35 30 30 30 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 2a 2e 63 6c 6f 2e 66 6f 6f 74 70 72 69 6e 74 64 6e 73 2e 63 6f 6d 22 2c 22 77 22 3a 32 30 30 30 2c 22 6d 22 3a 31 7d 2c 7b 22 65 22 3a 22 2a 2e 63 6c 6f 2e 66 6f 6f 74 70 72 69 6e 74 64 6e 73 2e 63 6f 6d 22 2c 22 77 22 3a 31 30 30 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 2a 2e 6e 72 62 2e 66 6f 6f 74 70 72 69 6e 74 64 6e 73 2e 63 6f 6d 22 2c 22 77 22 3a 34 32 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 61 66 64 78 74 65 73 74 2e 7a 30 31 2e 61 7a 75 72 65 66 64 2e 6e 65 74 22 2c 22 77 22 3a 35 30 30 2c 22 6d 22 3a 31 7d 2c 7b Data Ascii: {"s":5000,"n":3,"e":[{"e":".azr.footprintdns.com","w":5000,"m":128},{"e":".clo.footprintdns.com","w":2000,"m":1},{"e":".clo.footprintdns.com","w":100,"m":128},{"e":".nrb.footprintdns.com","w":420,"m":3},{"e":"afdxtest.z01.azurefd.net","w":500,"m":1},{
2024-08-28 09:44:54 UTC	48	IN	Data Raw: 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 63 70 71 32 35 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 Data Ascii: re.com","w":3,"m":128},{"e":"cpq25prdapp02-canar
2024-08-28 09:44:54 UTC	4096	IN	Data Raw: 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 63 71 31 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 63 2d 72 69 6e 67 2e 6d 73 65 64 67 65 2e 6e 65 74 22 2c 22 77 22 3a 32 30 30 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 63 2d 72 69 6e 67 2d 66 61 6c 6c 62 61 63 6b 2e 6d 73 65 64 67 65 2e 6e 65 74 22 2c 22 77 22 3a 35 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 63 76 6c 30 32 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 7d 2c 7b 22 65 Data Ascii: y-opaph.netmon.azure.com","w":3,"m":128},{"e":"cq1prdapp01-canary.netmon.azure.com","w":3,"m":128},{"e":"c-ring.msedge.net","w":2000,"m":3},{"e":"c-ring-fallback.msedge.net","w":50,"m":3},{"e":"cvl02prdapp01-canary-opaph.netmon.azure.com","w":3,"m":1},{"e
2024-08-28 09:44:54 UTC	4096	IN	Data Raw: 3a 22 66 72 61 32 33 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 67 72 61 70 68 2e 61 7a 75 72 65 66 64 2e 6e 65 74 22 2c 22 77 22 3a 31 2c 22 6d 22 3a 31 7d 2c 7b 22 65 22 3a 22 67 72 61 70 68 2e 61 7a 75 72 65 66 64 2e 6e 65 74 22 2c 22 77 22 3a 31 2c 22 6d 22 3a 38 7d 2c 7b 22 65 22 3a 22 67 72 61 70 68 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 22 2c 22 77 22 3a 31 2c 22 6d 22 3a 31 7d 2c 7b 22 65 22 3a 22 67 72 61 70 68 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 22 2c 22 77 22 3a 31 2c 22 6d 22 3a 38 7d 2c 7b 22 65 22 3a 22 67 76 78 30 31 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d Data Ascii: :"fra23prdapp02-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"graph.azurefd.net","w":1,"m":1},{"e":"graph.azurefd.net","w":1,"m":8},{"e":"graph.microsoft.com","w":1,"m":1},{"e":"graph.microsoft.com","w":1,"m":8},{"e":"gvx01prdapp01-canary-opaph.netm
2024-08-28 09:44:54 UTC	4096	IN	Data Raw: 7b 22 65 22 3a 22 6e 61 67 32 30 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 6f 2d 72 69 6e 67 2e 6d 73 65 64 67 65 2e 6e 65 74 22 2c 22 77 22 3a 31 30 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 6f 2d 72 69 6e 67 2d 66 61 6c 6c 62 61 63 6b 2e 6d 73 65 64 67 65 2e 6e 65 74 22 2c 22 77 22 3a 35 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 6f 73 61 32 30 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 6f 73 61 32 32 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 Data Ascii: {"e":"nag20prdapp02-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"o-ring.msedge.net","w":100,"m":3},{"e":"o-ring-fallback.msedge.net","w":50,"m":3},{"e":"osa20prdapp01-canary.netmon.azure.com","w":3,"m":128},{"e":"osa22prdapp02-canary-opaph.netmon.a
2024-08-28 09:44:54 UTC	3715	IN	Data Raw: 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 73 6e 37 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 73 70 6f 2d 72 69 6e 67 2e 6d 73 65 64 67 65 2e 6e 65 74 22 2c 22 77 22 3a 32 30 30 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 73 70 6f 2d 72 69 6e 67 2d 66 61 6c 6c 62 61 63 6b 2e 6d 73 65 64 67 65 2e 6e 65 74 22 2c 22 77 22 3a 35 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 73 70 6f 76 2d 72 69 6e 67 2d 66 61 6c 6c 62 61 63 6b 2e 6d 73 65 64 67 65 2e 6e 65 74 22 2c 22 77 22 3a 35 30 Data Ascii: prdapp01-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"sn7prdapp02-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"spo-ring.msedge.net","w":2000,"m":3},{"e":"spo-ring-fallback.msedge.net","w":50,"m":3},{"e":"spov-ring-fallback.msedge.net","w":50

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.16	49737	204.79.197.200	443

Timestamp	Bytes transferred	Direction	Data
2024-08-28 09:44:54 UTC	2230	OUT	POST /threshold/xls.aspx HTTP/1.1 Origin: https://www.bing.com Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH Content-type: text/xml X-Agent-DeviceId: 01000A4109009A83 X-BM-CBT: 1707317755 X-BM-DateFormat: dd/MM/yyyy X-BM-DeviceDimensions: 784x984 X-BM-DeviceDimensionsLogical: 784x984 X-BM-DeviceScale: 100 X-BM-DTZ: 60 X-BM-Market: CH X-BM-Theme: 000000;0078d7 X-BM-WindowsFlights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75 X-Device-ClientSession: B2DC660161784379B3117A8C8CEC12A1 X-Device-isOptin: false X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A} X-Device-OSSKU: 48 X-Device-Touch: false X-DeviceID: 01000A4109009A83 X-MSEdge-ExternalExp: d-thshld42,dsbdailyset_c,expmegaclick_cf,hashexpt3,iffsqloptwin10c,msbdsbedu9cf,wsbqfnewsynonym,wsbref-t,wsbswgc-t2 X-MSEdge-ExternalExpType: JointCoord X-PositionerType: Desktop X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI X-Search-CortanaAvailableCapabilities: None X-Search-SafeSearch: Moderate X-Search-TimeZone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard Time X-UserAgeClass: Unknown Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Content-Length: 1256 Connection: Keep-Alive Cache-Control: no-cache Cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=117ACB7E7D246FD81513DF607C366EB7&CPID=1707317782133&AC=1&CPH=c645c844; _EDGE_S=SID=117ACB7E7D246FD81513DF607C366EB7&mkt=de-ch; SRCHUID=V=2&GUID=E0DD87A720F84B6F91D233EB006F66A1&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1707317784&IPMH=3a628620&IPMID=1707317755885; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
2024-08-28 09:44:54 UTC	1256	OUT	Data Raw: 3c 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 35 30 34 37 45 35 39 34 32 42 42 32 34 36 30 45 41 33 35 42 35 33 43 43 46 37 38 44 44 42 33 44 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 35 35 66 30 38 33 62 65 65 36 39 65 34 31 39 39 38 34 37 66 33 34 64 30 37 38 38 35 62 32 61 39 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 74 6f 74 61 6c 6e 75 6d 62 65 72 4f 66 45 6e 74 72 69 65 73 22 3a 22 30 22 Data Ascii: <ClientInstRequest><CID>5047E5942BB2460EA35B53CCF78DDB3D</CID><Events><E><T>Event.ClientInst</T><IG>55f083bee69e4199847f34d07885b2a9</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","totalnumberOfEntries":"0"
2024-08-28 09:44:54 UTC	426	IN	HTTP/1.1 204 No Content Access-Control-Allow-Origin: * X-Cache: CONFIG_NOCACHE Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: CC46ABD7E97C42CEA9ECA1DE74157249 Ref B: EWR30EDGE0420 Ref C: 2024-08-28T09:44:54Z Date: Wed, 28 Aug 2024 09:44:53 GMT Connection: close

Target ID:	0
Start time:	05:43:24
Start date:	28/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\Remittance_Details_#20O8N7B.html
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	05:43:25
Start date:	28/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1700,i,8673559452662307826,16057132183390467282,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: Joe Sandbox View	IP Address: 104.17.24.14 104.17.24.14
Source: Joe Sandbox View	IP Address: 192.229.133.221 192.229.133.221
Source: Joe Sandbox View	IP Address: 108.178.43.142 108.178.43.142
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250

Source: file:///C:/Users/user/Desktop/Remittance_Details_%2320O8N7B.html	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Remittance_Details_%2320O8N7B.html	HTTP Parser: No favicon

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 51.124.78.146
Source: unknown	TCP traffic detected without corresponding DNS query: 51.124.78.146
Source: unknown	TCP traffic detected without corresponding DNS query: 51.124.78.146
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 51.124.78.146
Source: unknown	TCP traffic detected without corresponding DNS query: 51.124.78.146
Source: unknown	TCP traffic detected without corresponding DNS query: 51.124.78.146
Source: unknown	TCP traffic detected without corresponding DNS query: 51.124.78.146
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68

Source: global traffic	HTTP traffic detected: GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://343618095.zenslim.ru:8443/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /smarty/xls_v1.6/tail-spin.svg HTTP/1.1Host: kasumbo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://343618095.zenslim.ru:8443/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /w3css/4/w3.css HTTP/1.1Host: www.w3schools.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://343618095.zenslim.ru:8443/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://343618095.zenslim.ru:8443/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=vA9ToKabN4xVgsx&MD=wHez7n3V HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=vA9ToKabN4xVgsx&MD=wHez7n3V HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /conf/v2/asgw/fpconfig.min.json?monitorId=asgw HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: /Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: fp.msedge.netConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: 343618095.zenslim.ru
Source: global traffic	DNS traffic detected: DNS query: _8443._https.343618095.zenslim.ru
Source: global traffic	DNS traffic detected: DNS query: www.w3schools.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: kasumbo.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Remittance_Details_#20O8N7B.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Static File Info

General

File Icon

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Windows Analysis Report
Remittance_Details_#20O8N7B.html