Edit tour

Windows Analysis Report
https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fwittywebevents.wipro.com%252Femail-analytics%252Fapi%252Ft%252Fl%253FobjId%253D637c92a3e4b00b92caee94cc%26data%3D05%257C02%257Cgary.fa

Overview

General Information

Sample URL:	https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fwittywebevents.wipro.com%252Femail
Analysis ID:	1431959
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Phishing site detected (based on favicon image match)

HTML page contains hidden URLs or javascript code

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4180 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1272 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1984,i,4637780983047938641,9151698695631538514,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6488 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fwittywebevents.wipro.com%252Femail-analytics%252Fapi%252Ft%252Fl%253FobjId%253D637c92a3e4b00b92caee94cc%26data%3D05%257C02%257Cgary.fabrizio1%2540wipro.com%257Cb8fe953db5914d2bac8108dc65645f6b%257C258ac4e4146a411e9dc879a9e12fd6da%257C0%257C0%257C638496729264132835%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DX8fjcrb6FJIv3A6MeNVFttkEvMY37x2gBwDUYM2DULg%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=a0328b22f805eebb5f9c68ee3df482ea7a84065b3bbced70493927bf9ce1f085" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Phishing site detected (based on favicon image match)

Source: https://mcas.ms	Matcher: Template: microsoft matched with high similarity
Source: https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fwittywebevents.wipro.com%252Femail-analytics%252Fapi%252Ft%252Fl%253FobjId%253D637c92a3e4b00b92caee94cc%26data%3D05%257C02%257Cgary.fabrizio1%2540wipro.com%257Cb8fe953db5914d2bac8108dc65645f6b%257C258ac4e4146a411e9dc879a9e12fd6da%257C0%257C0%257C638496729264132835%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DX8fjcrb6FJIv3A6MeNVFttkEvMY37x2gBwDUYM2DULg%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=a0328b22f805eebb5f9c68ee3df482ea7a84065b3bbced70493927bf9ce1f085	Matcher: Template: microsoft matched with high similarity

Source: https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fwittywebevents.wipro.com%252Femail-analytics%252Fapi%252Ft%252Fl%253FobjId%253D637c92a3e4b00b92caee94cc%26data%3D05%257C02%257Cgary.fabrizio1%2540wipro.com%257Cb8fe953db5914d2bac8108dc65645f6b%257C258ac4e4146a411e9dc879a9e12fd6da%257C0%257C0%257C638496729264132835%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DX8fjcrb6FJIv3A6MeNVFttkEvMY37x2gBwDUYM2DULg%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=a0328b22f805eebb5f9c68ee3df482ea7a84065b3bbced70493927bf9ce1f085

HTTP Parser: Base64 decoded: ks"> <a target="_blank" href="http://go.microsoft.com/fwlink/?LinkID=733268">{{ formatMessage (intlGet "translations.PROXYWEB_MONITORED_ACCESS_TERMS")}}</a> | <a target="_blank" href="http://go.microsoft.com...

Source: unknown	HTTPS traffic detected: 104.91.61.188:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.91.61.188:443 -> 192.168.2.4:49746 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 104.91.61.188
Source: unknown	TCP traffic detected without corresponding DNS query: 104.91.61.188
Source: unknown	TCP traffic detected without corresponding DNS query: 104.91.61.188
Source: unknown	TCP traffic detected without corresponding DNS query: 104.91.61.188
Source: unknown	TCP traffic detected without corresponding DNS query: 104.91.61.188
Source: unknown	TCP traffic detected without corresponding DNS query: 104.91.61.188
Source: unknown	TCP traffic detected without corresponding DNS query: 104.91.61.188
Source: unknown	TCP traffic detected without corresponding DNS query: 104.91.61.188
Source: unknown	TCP traffic detected without corresponding DNS query: 104.91.61.188
Source: unknown	TCP traffic detected without corresponding DNS query: 104.91.61.188
Source: unknown	TCP traffic detected without corresponding DNS query: 104.91.61.188
Source: unknown	TCP traffic detected without corresponding DNS query: 104.91.61.188
Source: unknown	TCP traffic detected without corresponding DNS query: 104.91.61.188
Source: unknown	TCP traffic detected without corresponding DNS query: 104.91.61.188
Source: unknown	TCP traffic detected without corresponding DNS query: 104.91.61.188
Source: unknown	TCP traffic detected without corresponding DNS query: 104.91.61.188
Source: unknown	TCP traffic detected without corresponding DNS query: 104.91.61.188
Source: unknown	TCP traffic detected without corresponding DNS query: 104.91.61.188
Source: unknown	TCP traffic detected without corresponding DNS query: 104.91.61.188
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /proxyweb/1.54.36-1-hf/css/proxyweb-all.min.css?cb=1.54.146-6 HTTP/1.1Host: mcasproxy.cdn.mcas.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://mcas-proxyweb.mcas.ms/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /proxyweb/1.54.36-1-hf/js/handlebars.min.js HTTP/1.1Host: mcasproxy.cdn.mcas.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://mcas-proxyweb.mcas.ms/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /proxyweb/1.54.36-1-hf/js/lodash-core.min.js HTTP/1.1Host: mcasproxy.cdn.mcas.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://mcas-proxyweb.mcas.ms/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /proxyweb/1.54.36-1-hf/js/translate.js HTTP/1.1Host: mcasproxy.cdn.mcas.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://mcas-proxyweb.mcas.ms/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /proxyweb/1.54.36-1-hf/js/Handlebars/handlebars-intl.min.js HTTP/1.1Host: mcasproxy.cdn.mcas.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://mcas-proxyweb.mcas.ms/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /proxyweb/1.54.36-1-hf/images/favicon.ico?cb=1.54.146-6 HTTP/1.1Host: mcasproxy.cdn.mcas.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mcas-proxyweb.mcas.ms/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /i18n/0.274.5/proxyweb/en_us.json HTTP/1.1Host: mcasproxy.cdn.mcas.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://mcas-proxyweb.mcas.msSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://mcas-proxyweb.mcas.ms/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /proxyweb/1.54.36-1-hf/js/Handlebars/locale-data/en.js HTTP/1.1Host: mcasproxy.cdn.mcas.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://mcas-proxyweb.mcas.ms/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /i18n/0.274.5/proxyweb/en_us.json HTTP/1.1Host: mcasproxy.cdn.mcas.msConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /proxyweb/1.54.36-1-hf/images/favicon.ico?cb=1.54.146-6 HTTP/1.1Host: mcasproxy.cdn.mcas.msConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /proxyweb/1.54.36-1-hf/images/warning.png HTTP/1.1Host: mcasproxy.cdn.mcas.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mcas-proxyweb.mcas.ms/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /proxyweb/1.54.36-1-hf/images/continue.png HTTP/1.1Host: mcasproxy.cdn.mcas.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mcasproxy.cdn.mcas.ms/proxyweb/1.54.36-1-hf/css/proxyweb-all.min.css?cb=1.54.146-6Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /proxyweb/1.54.36-1-hf/images/continue.png HTTP/1.1Host: mcasproxy.cdn.mcas.msConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /proxyweb/1.54.36-1-hf/images/warning.png HTTP/1.1Host: mcasproxy.cdn.mcas.msConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?url=https%3A%2F%2Fwittywebevents.wipro.com%2Femail-analytics%2Fapi%2Ft%2Fl%3FobjId%3D637c92a3e4b00b92caee94cc&data=05%7C02%7Cgary.fabrizio1%40wipro.com%7Cb8fe953db5914d2bac8108dc65645f6b%7C258ac4e4146a411e9dc879a9e12fd6da%7C0%7C0%7C638496729264132835%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=X8fjcrb6FJIv3A6MeNVFttkEvMY37x2gBwDUYM2DULg%3D&reserved=0 HTTP/1.1Host: apc01.safelinks.protection.outlook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /email-analytics/api/t/l?objId=637c92a3e4b00b92caee94cc HTTP/1.1Host: wittywebevents.wipro.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /email-analytics/api/t/l?objId=637c92a3e4b00b92caee94cc HTTP/1.1Host: wittywebevents.wipro.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /email-analytics/api/t/l?objId=637c92a3e4b00b92caee94cc HTTP/1.1Host: wittywebevents.wipro.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /email-analytics/api/t/l?objId=637c92a3e4b00b92caee94cc HTTP/1.1Host: wittywebevents.wipro.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /email-analytics/api/t/l?objId=637c92a3e4b00b92caee94cc HTTP/1.1Host: wittywebevents.wipro.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: mcas-proxyweb.mcas.ms
Source: global traffic	DNS traffic detected: DNS query: mcasproxy.cdn.mcas.ms
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: c.s-microsoft.com
Source: global traffic	DNS traffic detected: DNS query: apc01.safelinks.protection.outlook.com
Source: global traffic	DNS traffic detected: DNS query: wittywebevents.wipro.com

Source: chromecache_60.2.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Proxy
Source: chromecache_60.2.dr	String found in binary or memory: https://formatjs.io/handlebars/
Source: chromecache_60.2.dr	String found in binary or memory: https://github.com/angular-translate/angular-translate/blob/master/src/service/translate.js
Source: chromecache_60.2.dr	String found in binary or memory: https://github.com/handlebars-lang/allow-prototype-access

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown	HTTPS traffic detected: 104.91.61.188:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.91.61.188:443 -> 192.168.2.4:49746 version: TLS 1.2

Source: classification engine

Classification label: mal48.phis.win@21/26@14/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1984,i,4637780983047938641,9151698695631538514,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fwittywebevents.wipro.com%252Femail-analytics%252Fapi%252Ft%252Fl%253FobjId%253D637c92a3e4b00b92caee94cc%26data%3D05%257C02%257Cgary.fabrizio1%2540wipro.com%257Cb8fe953db5914d2bac8108dc65645f6b%257C258ac4e4146a411e9dc879a9e12fd6da%257C0%257C0%257C638496729264132835%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DX8fjcrb6FJIv3A6MeNVFttkEvMY37x2gBwDUYM2DULg%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=a0328b22f805eebb5f9c68ee3df482ea7a84065b3bbced70493927bf9ce1f085"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1984,i,4637780983047938641,9151698695631538514,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fwittywebevents.wipro.com%252Femail-analytics%252Fapi%252Ft%252Fl%253FobjId%253D637c92a3e4b00b92caee94cc%26data%3D05%257C02%257Cgary.fabrizio1%2540wipro.com%257Cb8fe953db5914d2bac8108dc65645f6b%257C258ac4e4146a411e9dc879a9e12fd6da%257C0%257C0%257C638496729264132835%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DX8fjcrb6FJIv3A6MeNVFttkEvMY37x2gBwDUYM2DULg%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=a0328b22f805eebb5f9c68ee3df482ea7a84065b3bbced70493927bf9ce1f085	0%	Avira URL Cloud	safe
https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fwittywebevents.wipro.com%252Femail-analytics%252Fapi%252Ft%252Fl%253FobjId%253D637c92a3e4b00b92caee94cc%26data%3D05%257C02%257Cgary.fabrizio1%2540wipro.com%257Cb8fe953db5914d2bac8108dc65645f6b%257C258ac4e4146a411e9dc879a9e12fd6da%257C0%257C0%257C638496729264132835%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DX8fjcrb6FJIv3A6MeNVFttkEvMY37x2gBwDUYM2DULg%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=a0328b22f805eebb5f9c68ee3df482ea7a84065b3bbced70493927bf9ce1f085	0%	Virustotal		Browse

Source	Detection	Scanner	Label	Link
https://mcasproxy.cdn.mcas.ms/proxyweb/1.54.36-1-hf/js/translate.js	0%	Avira URL Cloud	safe
https://mcasproxy.cdn.mcas.ms/proxyweb/1.54.36-1-hf/js/lodash-core.min.js	0%	Avira URL Cloud	safe
https://mcasproxy.cdn.mcas.ms/proxyweb/1.54.36-1-hf/css/proxyweb-all.min.css?cb=1.54.146-6	0%	Avira URL Cloud	safe
https://mcasproxy.cdn.mcas.ms/proxyweb/1.54.36-1-hf/images/warning.png	0%	Avira URL Cloud	safe
https://mcasproxy.cdn.mcas.ms/i18n/0.274.5/proxyweb/en_us.json	0%	Avira URL Cloud	safe
https://mcasproxy.cdn.mcas.ms/proxyweb/1.54.36-1-hf/js/handlebars.min.js	0%	Avira URL Cloud	safe
https://mcasproxy.cdn.mcas.ms/proxyweb/1.54.36-1-hf/js/Handlebars/locale-data/en.js	0%	Avira URL Cloud	safe
https://formatjs.io/handlebars/	0%	Avira URL Cloud	safe
https://mcasproxy.cdn.mcas.ms/proxyweb/1.54.36-1-hf/js/Handlebars/handlebars-intl.min.js	0%	Avira URL Cloud	safe
https://mcasproxy.cdn.mcas.ms/proxyweb/1.54.36-1-hf/images/continue.png	0%	Avira URL Cloud	safe
https://mcasproxy.cdn.mcas.ms/proxyweb/1.54.36-1-hf/images/favicon.ico?cb=1.54.146-6	0%	Avira URL Cloud	safe
https://formatjs.io/handlebars/	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
part-0013.t-0009.t-msedge.net	13.107.246.41	true	false	unknown
apc01.safelinks.protection.outlook.com	104.47.110.28	true	false	high
www.google.com	172.217.15.196	true	false	high
wittywebevents.wipro.com	52.230.18.38	true	false	high
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	unknown
c.s-microsoft.com	unknown	unknown	false	high
mcas-proxyweb.mcas.ms	unknown	unknown	false	unknown
mcasproxy.cdn.mcas.ms	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://mcasproxy.cdn.mcas.ms/proxyweb/1.54.36-1-hf/images/warning.png	false	Avira URL Cloud: safe	unknown
https://mcasproxy.cdn.mcas.ms/proxyweb/1.54.36-1-hf/css/proxyweb-all.min.css?cb=1.54.146-6	false	Avira URL Cloud: safe	unknown
https://mcasproxy.cdn.mcas.ms/proxyweb/1.54.36-1-hf/js/lodash-core.min.js	false	Avira URL Cloud: safe	unknown
https://mcasproxy.cdn.mcas.ms/proxyweb/1.54.36-1-hf/js/translate.js	false	Avira URL Cloud: safe	unknown
https://mcasproxy.cdn.mcas.ms/i18n/0.274.5/proxyweb/en_us.json	false	Avira URL Cloud: safe	unknown
https://mcasproxy.cdn.mcas.ms/proxyweb/1.54.36-1-hf/js/handlebars.min.js	false	Avira URL Cloud: safe	unknown
https://mcasproxy.cdn.mcas.ms/proxyweb/1.54.36-1-hf/js/Handlebars/locale-data/en.js	false	Avira URL Cloud: safe	unknown
https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fwittywebevents.wipro.com%252Femail-analytics%252Fapi%252Ft%252Fl%253FobjId%253D637c92a3e4b00b92caee94cc%26data%3D05%257C02%257Cgary.fabrizio1%2540wipro.com%257Cb8fe953db5914d2bac8108dc65645f6b%257C258ac4e4146a411e9dc879a9e12fd6da%257C0%257C0%257C638496729264132835%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DX8fjcrb6FJIv3A6MeNVFttkEvMY37x2gBwDUYM2DULg%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=a0328b22f805eebb5f9c68ee3df482ea7a84065b3bbced70493927bf9ce1f085	true		unknown
https://mcasproxy.cdn.mcas.ms/proxyweb/1.54.36-1-hf/js/Handlebars/handlebars-intl.min.js	false	Avira URL Cloud: safe	unknown
https://mcasproxy.cdn.mcas.ms/proxyweb/1.54.36-1-hf/images/continue.png	false	Avira URL Cloud: safe	unknown
https://mcasproxy.cdn.mcas.ms/proxyweb/1.54.36-1-hf/images/favicon.ico?cb=1.54.146-6	false	Avira URL Cloud: safe	unknown
https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwittywebevents.wipro.com%2Femail-analytics%2Fapi%2Ft%2Fl%3FobjId%3D637c92a3e4b00b92caee94cc&data=05%7C02%7Cgary.fabrizio1%40wipro.com%7Cb8fe953db5914d2bac8108dc65645f6b%7C258ac4e4146a411e9dc879a9e12fd6da%7C0%7C0%7C638496729264132835%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=X8fjcrb6FJIv3A6MeNVFttkEvMY37x2gBwDUYM2DULg%3D&reserved=0	false		high
https://wittywebevents.wipro.com/email-analytics/api/t/l?objId=637c92a3e4b00b92caee94cc	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://github.com/handlebars-lang/allow-prototype-access	chromecache_60.2.dr	false		high
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Proxy	chromecache_60.2.dr	false		high
https://formatjs.io/handlebars/	chromecache_60.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/angular-translate/angular-translate/blob/master/src/service/translate.js	chromecache_60.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.47.110.28	apc01.safelinks.protection.outlook.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.246.41	part-0013.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.230.18.38	wittywebevents.wipro.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.217.15.196	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1431959
Start date and time:	2024-04-26 04:36:49 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 9s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fwittywebevents.wipro.com%252Femail-analytics%252Fapi%252Ft%252Fl%253FobjId%253D637c92a3e4b00b92caee94cc%26data%3D05%257C02%257Cgary.fabrizio1%2540wipro.com%257Cb8fe953db5914d2bac8108dc65645f6b%257C258ac4e4146a411e9dc879a9e12fd6da%257C0%257C0%257C638496729264132835%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DX8fjcrb6FJIv3A6MeNVFttkEvMY37x2gBwDUYM2DULg%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=a0328b22f805eebb5f9c68ee3df482ea7a84065b3bbced70493927bf9ce1f085
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.phis.win@21/26@14/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Browse: https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwittywebevents.wipro.com%2Femail-analytics%2Fapi%2Ft%2Fl%3FobjId%3D637c92a3e4b00b92caee94cc&data=05%7C02%7Cgary.fabrizio1%40wipro.com%7Cb8fe953db5914d2bac8108dc65645f6b%7C258ac4e4146a411e9dc879a9e12fd6da%7C0%7C0%7C638496729264132835%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=X8fjcrb6FJIv3A6MeNVFttkEvMY37x2gBwDUYM2DULg%3D&reserved=0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 74.125.139.84, 192.178.50.78, 192.178.50.67, 34.104.35.123, 20.168.249.164, 104.91.61.160, 20.114.59.183, 72.21.81.240, 192.229.211.108, 20.166.126.56, 52.165.164.15, 52.165.165.26, 142.250.189.131, 20.12.23.50
Excluded domains from analysis (whitelisted): mps-mda-ic-mcasproxy-prd-weu.afd.azureedge.net, slscr.update.microsoft.com, clientservices.googleapis.com, wu.azureedge.net, clients2.google.com, mps-mda-ic-mcasproxy-prd-weu.azureedge.net, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, mps-mda-ic-openresty-prd-weu.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, fs.microsoft.com, accounts.google.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, c-s.cms.ms.akadns.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, azureedge-t-prod.trafficmanager.net, c.s-microsoft.com-c.edgekey.net, e13678.dscg.akamaiedge.net, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (649)
Category:	downloaded
Size (bytes):	12684
Entropy (8bit):	5.160531580954149
Encrypted:	false
SSDEEP:	192:AS20fqKbwdY08O0lNUpYsYprxYLsu+yHyYEFgY:D20fqKYkNUpD09EsuNHNXY
MD5:	305753FF93FBC439257153952C2CD20F
SHA1:	486BC31AAE005F9EFC69C701F407734FCBABD3A6
SHA-256:	DE1FAC0AD3A03174F4E49969F48D2E499D19AFCD076DB19431D7B1CD707832FA
SHA-512:	0A167997CF35348071F6CC5D0F2E601329EEA7A6C2E3E13C18F581CA5932458C302B57C702519AEFE0FD9B5A383848EA600FA7CA0C8C478F2F361E6499958F2E
Malicious:	false
Reputation:	low
URL:	https://mcasproxy.cdn.mcas.ms/proxyweb/1.54.36-1-hf/js/lodash-core.min.js
Preview:	/*. @license. * Lodash (Custom Build) lodash.com/license \| Underscore.js 1.8.3 underscorejs.org/LICENSE. * Build: `lodash core -o ./dist/lodash.core.js`. */.;(function(){function n(n){return H(n)&&pn.call(n,"callee")&&!yn.call(n,"callee")}function t(n,t){return n.push.apply(n,t),n}function r(n){return function(t){return null==t?Z:t[n]}}function e(n,t,r,e,u){return u(n,function(n,u,o){r=e?(e=false,n):t(r,n,u,o)}),r}function u(n,t){return j(t,function(t){return n[t]})}function o(n){return n instanceof i?n:new i(n)}function i(n,t){this.__wrapped__=n,this.__actions__=[],this.__chain__=!!t}function c(n,t,r){if(typeof n!="function")throw new TypeError("Expected a function");.return setTimeout(function(){n.apply(Z,r)},t)}function f(n,t){var r=true;return mn(n,function(n,e,u){return r=!!t(n,e,u)}),r}function a(n,t,r){for(var e=-1,u=n.length;++e<u;){var o=n[e],i=t(o);if(null!=i&&(c===Z?i===i:r(i,c)))var c=i,f=o}return f}function l(n,t){var r=[];return mn(n,function(n,e,u){t(n,e,u)&&r.push(n)

Chrome Cache Entry: 56

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	dropped
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	low
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 57

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (27214), with no line terminators
Category:	downloaded
Size (bytes):	27214
Entropy (8bit):	5.013337001667674
Encrypted:	false
SSDEEP:	192:yaRL7VbgFUx+xIhEJ9HTB1GS+DLrkBUSHG0M9Bufgew2Iv33EcTSfSGs0HZgqAmc:yaV7dXA9VsX6VK3GFtDwakIw
MD5:	205853C337B996A55947F9FA3110D048
SHA1:	B5363DF7613D8016033F6EEBCB33C98F2CB03598
SHA-256:	822015D800FF9A8EB76E60087907344761C19298F1CDFA5AF03A547F7C42B7EE
SHA-512:	A732A8C2388DB3505931E9D91995517FB4962A4A8526314A6419F19B5DBC3132D4AC10DA1AAA83C8A22BF1CCBECA3BE28E915303D59000A3E82C546A4510082D
Malicious:	false
Reputation:	low
URL:	https://mcasproxy.cdn.mcas.ms/proxyweb/1.54.36-1-hf/css/proxyweb-all.min.css?cb=1.54.146-6
Preview:	@font-face{font-family:Segoe UI;src:url(https://c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/latest.eot);src:url(https://c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/latest.eot?#iefix) format('embedded-opentype'),url(https://c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/latest.woff2) format('woff2'),url(https://c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/latest.ttf) format('truetype'),url(https://c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/latest.svg#web) format('svg');font-weight:400;font-style:normal}@font-face{font-family:Segoe UI;src:url(https://c.s-microsoft.com/static/fonts/segoe-ui/west-european/bold/latest.eot);src:url(https://c.s-microsoft.com/static/fonts/segoe-ui/west-european/bold/latest.eot?#iefix) format('embedded-opentype'),url(https://c.s-microsoft.com/static/fonts/segoe-ui/west-european/bold/latest.woff2) format('woff2'),url(https://c.s-microsoft.com/static/fonts/segoe-ui/west-european/bol

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2399
Entropy (8bit):	7.582093843474393
Encrypted:	false
SSDEEP:	48:o6vn3sQmLJ3Mhahuxc9IsP0QDoftFv6FlmgSv4VpGmHCGD+K6Fe:h3tm3h9IsZo1FAUvQABo
MD5:	8EB07BD506AF4569CB2BD79DBB7BCCEE
SHA1:	A49244132828DAC2293D618F74BE5BC5598B6627
SHA-256:	590AEBABF7ADDB892DE99B9928F2F040AEFDB283C3371DA563411D4EA3AB119A
SHA-512:	9E391CA07F788EBB39C3DB5B93B9F713E7F3F155FB5C79D82997428C44DE8D74FC7D954D8EB67469B0F309D4AEDE79A68230DB5FBDC3D8E8D5FBB45924888E5B
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...0...0.....W.......tEXtSoftware.Adobe ImageReadyq.e<...#iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c140 79.160451, 2017/05/06-01:08:21 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:7C588D13FF6811E78F2784A059709C7F" xmpMM:InstanceID="xmp.iid:7C588D12FF6811E78F2784A059709C7F" xmp:CreatorTool="Adobe Photoshop CC (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7562995BC2FD11E7A68EBFDE393B0FE9" stRef:documentID="xmp.did:7562995CC2FD11E7A68EBFDE393B0FE9"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..~.....IDATx..ZklTU...w..K[ZJ............W..hT....&.F...R...........~..!...h0..........A..R...9...R.iK.>h.....7.sg.

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	2399
Entropy (8bit):	7.582093843474393
Encrypted:	false
SSDEEP:	48:o6vn3sQmLJ3Mhahuxc9IsP0QDoftFv6FlmgSv4VpGmHCGD+K6Fe:h3tm3h9IsZo1FAUvQABo
MD5:	8EB07BD506AF4569CB2BD79DBB7BCCEE
SHA1:	A49244132828DAC2293D618F74BE5BC5598B6627
SHA-256:	590AEBABF7ADDB892DE99B9928F2F040AEFDB283C3371DA563411D4EA3AB119A
SHA-512:	9E391CA07F788EBB39C3DB5B93B9F713E7F3F155FB5C79D82997428C44DE8D74FC7D954D8EB67469B0F309D4AEDE79A68230DB5FBDC3D8E8D5FBB45924888E5B
Malicious:	false
Reputation:	low
URL:	https://mcasproxy.cdn.mcas.ms/proxyweb/1.54.36-1-hf/images/warning.png
Preview:	.PNG........IHDR...0...0.....W.......tEXtSoftware.Adobe ImageReadyq.e<...#iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c140 79.160451, 2017/05/06-01:08:21 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:7C588D13FF6811E78F2784A059709C7F" xmpMM:InstanceID="xmp.iid:7C588D12FF6811E78F2784A059709C7F" xmp:CreatorTool="Adobe Photoshop CC (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7562995BC2FD11E7A68EBFDE393B0FE9" stRef:documentID="xmp.did:7562995CC2FD11E7A68EBFDE393B0FE9"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..~.....IDATx..ZklTU...w..K[ZJ............W..hT....&.F...R...........~..!...h0..........A..R...9...R.iK.>h.....7.sg.

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	7673
Entropy (8bit):	4.5740201842215935
Encrypted:	false
SSDEEP:	192:FhNDLqYgKCKWQtKjXcF7aO7cgulLfvPIfAKayL2W1javtQDjy:rNDL+k8LHYAK5u
MD5:	E79D3B42FC5C5682F3B763982C8DAB68
SHA1:	C8846AF83D6CE75BE41B41C7D701AF2BF59C586F
SHA-256:	EFBD4ECC6D62A8807DB41A859C613B402C7F1092ADA7B5B75D5A795B71CADFB2
SHA-512:	FCE550B1800BEF83F2A0C335A027A6E78139DF81E4D7C86FD310A8D927559649483057BFF38D10CE9EC34748112B98EF7A0272E6C9A2A4E2F5D9739EA6620122
Malicious:	false
Reputation:	low
URL:	https://mcasproxy.cdn.mcas.ms/proxyweb/1.54.36-1-hf/js/translate.js
Preview:	((root, factory) => {. 'use strict';. //If translate is loaded inside an amd environment it will define a module. Otherwise it will create the module from vanilla javascript (exposing to window).. if (typeof define === 'function' && define.amd) {. define(['./proxy-presence/node_modules/handlebars/dist/handlebars.min', './proxy-presence/node_modules/lodash/core.min'], factory);. } else {. root.Translate = factory(root.Handlebars, root._);. }.})(this, (Handlebars, _) => {. 'use strict';. let DEFAULT_LOCALE = 'en-US';. let casActiveLocale = null;. let casTranslations = null;.. let SUPPORTED_LOCALES = [. 'bg-bg',. 'ca-es',. 'cs-CZ',. 'da-dk',. 'de-DE',. 'el-gr',. 'en-US',. 'es-ES',. 'et-ee',. 'eu-es',. 'fi-fi',. 'fr-FR',. 'gl-es',. 'hi-in',. 'hr-hr',. 'hu-HU',. 'id-id',. 'it-IT',. 'ja-jp',. 'kk-kz',. '

Chrome Cache Entry: 61

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	20577
Entropy (8bit):	5.379538595032803
Encrypted:	false
SSDEEP:	384:W2tleEgHiS7wZpri6g56rVnoHqHN4gWSyuhuWa9qd2zaK9Wbsd:W9rzr6rdomCkyuhja9qd2zaK9Wbsd
MD5:	1B38CA46B5416C0AE3DE8BD225AC5772
SHA1:	7DADBDE6289231BD492B47D3E97055D6BF1D7341
SHA-256:	4C6DC5401FE6C5E2C64F0E7D60045EC97D287AABD47C7FD9E6A86E2DC4C4A040
SHA-512:	DE1E9644001A653495E28F8131048AAF8F385079E41DC02CB49302C379FFEB6D82224717A7AE9E2EF7A0DC626C887E12739D5C3646EEFF7F2D33B1FD86B27026
Malicious:	false
Reputation:	low
Preview:	{. "PROXYWEB_ACTION_BLOCKED_DESCRIPTION": "This action is blocked by your organization's security policy.",. "PROXYWEB_ACTION_BLOCKED_PAGETITLE": "Action blocked",. "PROXYWEB_ACTION_BLOCKED_RETURN_TO_SESSION": "Go back",. "PROXYWEB_ADMIN_VIEW_BYPASS_EXPERIENCE": "Bypass experience",. "PROXYWEB_ADMIN_VIEW_BYPASS_PROXY": "Bypass",. "PROXYWEB_ADMIN_VIEW_DISMISS_CANCEL": "Cancel",. "PROXYWEB_ADMIN_VIEW_DISMISS_DESCRIPTION": "You will not be able to provide feedback for the remainder of this session.",. "PROXYWEB_ADMIN_VIEW_DISMISS_REMOVE": "Disable",. "PROXYWEB_ADMIN_VIEW_DISMISS_TITLE": "Temporarily disable feedback view?",. "PROXYWEB_ADMIN_VIEW_DOMAINS_MANAGEMENT": "Discovered domains",. "PROXYWEB_ADMIN_VIEW_END_FEATURES_PREVIEW": "End Test Mode",. "PROXYWEB_ADMIN_VIEW_END_PREVIEW": "End Preview",. "PROXYWEB_ADMIN_VIEW_FEATURES_PREVIEW": "Test Mode",. "PROXYWEB_ADMIN_VIEW_PREVIEW": "Preview",. "PROXYWEB_ADMIN_VIEW_PRIVACY_STATEMENT": "Privacy statement",. "PROXYWEB_ADMIN_

Chrome Cache Entry: 62

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32031)
Category:	downloaded
Size (bytes):	88426
Entropy (8bit):	5.555956698485644
Encrypted:	false
SSDEEP:	768:Y816Ge+J4C9z9FiMwvqO4iqWog2dvOBoiWV/xo6hSrdv4UZ3I0mN5ptoCRMeEiAW:Yu6ot9h1WojaMVZSr4tvMiA+78q
MD5:	23A22FFCC70E2746BEADCC16682C2389
SHA1:	146D1FA623A731ACC8B53F07FF0A931BB4FA1213
SHA-256:	0E5416F145E7BF16C58504356C732FE7E99671F4696194C5B140A252DB02F0AF
SHA-512:	13575217183EC2C7C9E072A3BAD93F59A0B32BB4B6C2FD4F3A7D5144F1A1F192BE6A0F65DB8E15AB18E2DEBEB0833F5805FEBEBE14046096694A3A9614F83D82
Malicious:	false
Reputation:	low
URL:	https://mcasproxy.cdn.mcas.ms/proxyweb/1.54.36-1-hf/js/handlebars.min.js
Preview:	/**!.. @license. handlebars v4.7.8..Copyright (C) 2011-2019 by Yehuda Katz..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARI

Chrome Cache Entry: 63

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 34052, version 0.0
Category:	downloaded
Size (bytes):	34052
Entropy (8bit):	7.994131533337155
Encrypted:	true
SSDEEP:	768:WHH8jjaseVFXnmQ8njOkV5c4d7DOgx1J89JzHNBbFOlsy0kQ6lhe:kH8jj3uWxKe5c4xz69hNalP0kQ6lhe
MD5:	36397A3BC139C6E9F81D383F060F080A
SHA1:	3F4F86C10920D4ED345F4858B6CDE9F93E1AEB81
SHA-256:	4F7F4AFE26E71FA9CA1DAC4A43B557A554A46F53251D849F07ED08A04829D74B
SHA-512:	7FFF4870E9142E6E1921F8DD78E3B049547EC1D540EFE573C2938F8B855DB61BA908FA9D3C8DA1BB2AAE6D95217A586D256B9EA2BD8A8F706B1DB75BC21F2CB9
Malicious:	false
Reputation:	low
URL:	https://c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/latest.woff2
Preview:	wOF2.............................................`....."..\.....D..D.6.$........ .. . ..@.S.5x.q..m.5.7Q..2......6..R....v.j.......".c..@.Z.B..G.Y.\S.AtT.iTJt.....l.>..=+z...1.pP..[.+.S..`...c.1.u1...)......`............9.8.......+..4...;..[W.v..p0..qg..=..+...1...\|R..qM..\|/...%..!C.....G:.;7...Z..^P...o..q.B'....a....M.l3k....=&.'.'..8.....K..k........}.?w.i[..q.,...,.0,.....?...o.y..@..U5.:T..E..B..%......YU.....Z..4T..5....m/..,.$.w..`O.s.c.{...;a;..T...9../.......,....BDf.S).ola._e../..z%.:....r..d;.t.....7....jI!-.....{..l.T..H%8.p.*=!.z8.7.k..L...WUW...0.0.....7Q.0.J..Q.\|~P..'Q... m.a..(..p..q...B.:.....e.B...g..<O(..z..o.G...U.x.Tw...^t.._.t..}....q....*K....".UP...Te...<.....f.....{.....I..V...p.+...-<..%.+..?M.A!.ob.9p...7..B. ..R....."4..%M.6..'...!.S.........?.`w.....l@..R.AJ&@..h/H{.(n..I.8..6.4 ..i{..5.I....l...rJ.....N{.^..6..^.V.&..)?Bc.&.u.......fd.H..X.5Fq(c....6...w(O..K...F.......ohh.....Gk...l.2q.t.h..........U9%.n....%...

Chrome Cache Entry: 64

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	20577
Entropy (8bit):	5.379538595032803
Encrypted:	false
SSDEEP:	384:W2tleEgHiS7wZpri6g56rVnoHqHN4gWSyuhuWa9qd2zaK9Wbsd:W9rzr6rdomCkyuhja9qd2zaK9Wbsd
MD5:	1B38CA46B5416C0AE3DE8BD225AC5772
SHA1:	7DADBDE6289231BD492B47D3E97055D6BF1D7341
SHA-256:	4C6DC5401FE6C5E2C64F0E7D60045EC97D287AABD47C7FD9E6A86E2DC4C4A040
SHA-512:	DE1E9644001A653495E28F8131048AAF8F385079E41DC02CB49302C379FFEB6D82224717A7AE9E2EF7A0DC626C887E12739D5C3646EEFF7F2D33B1FD86B27026
Malicious:	false
Reputation:	low
URL:	https://mcasproxy.cdn.mcas.ms/i18n/0.274.5/proxyweb/en_us.json
Preview:	{. "PROXYWEB_ACTION_BLOCKED_DESCRIPTION": "This action is blocked by your organization's security policy.",. "PROXYWEB_ACTION_BLOCKED_PAGETITLE": "Action blocked",. "PROXYWEB_ACTION_BLOCKED_RETURN_TO_SESSION": "Go back",. "PROXYWEB_ADMIN_VIEW_BYPASS_EXPERIENCE": "Bypass experience",. "PROXYWEB_ADMIN_VIEW_BYPASS_PROXY": "Bypass",. "PROXYWEB_ADMIN_VIEW_DISMISS_CANCEL": "Cancel",. "PROXYWEB_ADMIN_VIEW_DISMISS_DESCRIPTION": "You will not be able to provide feedback for the remainder of this session.",. "PROXYWEB_ADMIN_VIEW_DISMISS_REMOVE": "Disable",. "PROXYWEB_ADMIN_VIEW_DISMISS_TITLE": "Temporarily disable feedback view?",. "PROXYWEB_ADMIN_VIEW_DOMAINS_MANAGEMENT": "Discovered domains",. "PROXYWEB_ADMIN_VIEW_END_FEATURES_PREVIEW": "End Test Mode",. "PROXYWEB_ADMIN_VIEW_END_PREVIEW": "End Preview",. "PROXYWEB_ADMIN_VIEW_FEATURES_PREVIEW": "Test Mode",. "PROXYWEB_ADMIN_VIEW_PREVIEW": "Preview",. "PROXYWEB_ADMIN_VIEW_PRIVACY_STATEMENT": "Privacy statement",. "PROXYWEB_ADMIN_

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1482)
Category:	downloaded
Size (bytes):	10710
Entropy (8bit):	4.850433361836286
Encrypted:	false
SSDEEP:	96:fYjZYx03xCcwK13oFY2a9l4R03xCcwK1E3hDvMeRMykPLLOjYnN3mXD8fghdn+jj:YExKVlExKY8IhCj
MD5:	5C3EB2F22B0FAA0DE97830425054A081
SHA1:	8F3D0A40E1235B823171BE7EED9E1B0D4FBC56CA
SHA-256:	ABF0F186A9CCBACCF9AF905894E5A323B20B0808961403549903F637A7708686
SHA-512:	7AF310C86D5010B4BA28F7A218E44AD41E6DFE2AF6A05FE2380A6EC235279A319BAD9FD81BEBB7B8F2717BF21C48185276B0A9CE688ADD0517BDC6270EC47D47
Malicious:	false
Reputation:	low
URL:	https://mcasproxy.cdn.mcas.ms/proxyweb/1.54.36-1-hf/js/Handlebars/locale-data/en.js
Preview:	HandlebarsIntl.__addLocaleData({"locale":"en","pluralRuleFunction":function (n,ord){var s=String(n).split("."),v0=!s[1],t0=Number(s[0])==n,n10=t0&&s[0].slice(-1),n100=t0&&s[0].slice(-2);if(ord)return n10==1&&n100!=11?"one":n10==2&&n100!=12?"two":n10==3&&n100!=13?"few":"other";return n==1&&v0?"one":"other"},"fields":{"year":{"displayName":"Year","relative":{"0":"this year","1":"next year","-1":"last year"},"relativeTime":{"future":{"one":"in {0} year","other":"in {0} years"},"past":{"one":"{0} year ago","other":"{0} years ago"}}},"month":{"displayName":"Month","relative":{"0":"this month","1":"next month","-1":"last month"},"relativeTime":{"future":{"one":"in {0} month","other":"in {0} months"},"past":{"one":"{0} month ago","other":"{0} months ago"}}},"day":{"displayName":"Day","relative":{"0":"today","1":"tomorrow","-1":"yesterday"},"relativeTime":{"future":{"one":"in {0} day","other":"in {0} days"},"past":{"one":"{0} day ago","other":"{0} days ago"}}},"hour":{"displayName":"Hour","rel

Chrome Cache Entry: 66

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	low
URL:	https://mcasproxy.cdn.mcas.ms/proxyweb/1.54.36-1-hf/images/favicon.ico?cb=1.54.146-6
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 62 x 62, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	2769
Entropy (8bit):	7.906511905665657
Encrypted:	false
SSDEEP:	48:hk8aW7YtUhLzkvHc9K3eMiyvWsP6h8AGJessDJHYwUnyCZumfng+wk:xWfreM3WsPNJesOYwfC7PRwk
MD5:	CD42E93E9D1FD611E162BA4F564C4D2D
SHA1:	8F3218E707BEE17BE7D811622ACDBC537A9BB66E
SHA-256:	8B0175905D6E243143D465E9BD664FE9C9C16BFBDC75BC7B11EE3F8CBB3ABD42
SHA-512:	1C4B11201D5B0239419A32168F271009F39E16047DB63115C65F177CE2B15F1D07388214782B0FFCF3747D06451D51E29A9F4C819D4FBED0404583E725C07F28
Malicious:	false
Reputation:	low
URL:	https://mcasproxy.cdn.mcas.ms/proxyweb/1.54.36-1-hf/images/continue.png
Preview:	.PNG........IHDR...>...>.....s..D....sBIT....\|.d.....pHYs.........C......tEXtSoftware.www.inkscape.org..<....NIDATh..{pT...?.K^..JvC....+"....h.je.jU...c...Fi;.u:..VEAHb...A%j..v.....T... ...I.ACBr......7..nrW...{......ws~.w~g.<..q......p.Q`<P.......;A.A?..O...]..o.m.\|.&~.,ol;...U.?Q8.0C4e....?PY...}...........[......+....COS).p...xL.....T~C.+.m`#........0d....3l.....v .).zE6.boB.-A.wn;`...0.e. .N...b.}U.m.-[=..s&.y.....?...0.K.&....77_?.3.Ibj"....6.+z-..&..EE={....c.r."'..['.c?7..R..D..b.......^.....T..S[..%.fM\|\|C.G64..Nce...yKU..l......3lK.@...].\.\.z=.[Y..X..%....G{...zx.}.+'.....*.........U...6..`f.%.m.~..,..n.x;0B....M...."..`.2`..%.......?`rQ..\|Uy..i.]R....4@....`Q...S.G....6$..h\|...x..X....Z:G.!^........I....FDop.]"..\..nXZ.-k%.I..G.5._...P.hc.C....`Q..t.i.W]....V.%....\|t.?.hsU.."x..=..K7....E.3..=.......4.w:.h.%?.6x..T.x..^u7.&..C.G.....\3....u..-......#..&u.h..H[.z......w..VW....s..N....q....i.._{.\|.......A.....#.L._..`.....

Chrome Cache Entry: 68

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 62 x 62, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2769
Entropy (8bit):	7.906511905665657
Encrypted:	false
SSDEEP:	48:hk8aW7YtUhLzkvHc9K3eMiyvWsP6h8AGJessDJHYwUnyCZumfng+wk:xWfreM3WsPNJesOYwfC7PRwk
MD5:	CD42E93E9D1FD611E162BA4F564C4D2D
SHA1:	8F3218E707BEE17BE7D811622ACDBC537A9BB66E
SHA-256:	8B0175905D6E243143D465E9BD664FE9C9C16BFBDC75BC7B11EE3F8CBB3ABD42
SHA-512:	1C4B11201D5B0239419A32168F271009F39E16047DB63115C65F177CE2B15F1D07388214782B0FFCF3747D06451D51E29A9F4C819D4FBED0404583E725C07F28
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...>...>.....s..D....sBIT....\|.d.....pHYs.........C......tEXtSoftware.www.inkscape.org..<....NIDATh..{pT...?.K^..JvC....+"....h.je.jU...c...Fi;.u:..VEAHb...A%j..v.....T... ...I.ACBr......7..nrW...{......ws~.w~g.<..q......p.Q`<P.......;A.A?..O...]..o.m.\|.&~.,ol;...U.?Q8.0C4e....?PY...}...........[......+....COS).p...xL.....T~C.+.m`#........0d....3l.....v .).zE6.boB.-A.wn;`...0.e. .N...b.}U.m.-[=..s&.y.....?...0.K.&....77_?.3.Ibj"....6.+z-..&..EE={....c.r."'..['.c?7..R..D..b.......^.....T..S[..%.fM\|\|C.G64..Nce...yKU..l......3lK.@...].\.\.z=.[Y..X..%....G{...zx.}.+'.....*.........U...6..`f.%.m.~..,..n.x;0B....M...."..`.2`..%.......?`rQ..\|Uy..i.]R....4@....`Q...S.G....6$..h\|...x..X....Z:G.!^........I....FDop.]"..\..nXZ.-k%.I..G.5._...P.hc.C....`Q..t.i.W]....V.%....\|t.?.hsU.."x..=..K7....E.3..=.......4.w:.h.%?.6x..T.x..^u7.&..C.G.....\3....u..-......#..&u.h..H[.z......w..VW....s..N....q....i.._{.\|.......A.....#.L._..`.....

Chrome Cache Entry: 69

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	downloaded
Size (bytes):	27266
Entropy (8bit):	5.366385960506858
Encrypted:	false
SSDEEP:	384:rZL034FvL2lbBiq9pIinFZSGGItR6c3BKtQjsLe99e9pU8wjceAc/uM+Jjw:rZLf2l9iq9pvFZQ2RH3lsKBAtw
MD5:	89EA5E2F7371EAA822146F790BE59CBD
SHA1:	DC817D7568F963C50AB8A11F6D7BFFCFDF16E86A
SHA-256:	9B1118BBBB0BB2E70EEEE882C915AF42927A6255E80578202A5AF131B9DC4CAB
SHA-512:	AC085189132FF9329FBCA2C7F7D9DD241F55D57C3F716C69D902DEB9942424BC94BDEB35ACEF559546B94C40065F56E42E6CC6E7D6DF0B9793F964ABED1E6F1D
Malicious:	false
Reputation:	low
URL:	https://mcasproxy.cdn.mcas.ms/proxyweb/1.54.36-1-hf/js/Handlebars/handlebars-intl.min.js
Preview:	(function(){"use strict";function a(a){var b,c,d,e,f=Array.prototype.slice.call(arguments,1);for(b=0,c=f.length;c>b;b+=1)if(d=f[b])for(e in d)p.call(d,e)&&(a[e]=d[e]);return a}function b(a,b,c){this.locales=a,this.formats=b,this.pluralFn=c}function c(a){this.id=a}function d(a,b,c,d,e){this.id=a,this.useOrdinal=b,this.offset=c,this.options=d,this.pluralFn=e}function e(a,b,c,d){this.id=a,this.offset=b,this.numberFormat=c,this.string=d}function f(a,b){this.id=a,this.options=b}function g(a,b,c){var d="string"==typeof a?g.__parse(a):a;if(!d\|\|"messageFormatPattern"!==d.type)throw new TypeError("A message must be provided as a String or AST.");c=this._mergeFormats(g.formats,c),r(this,"_locale",{value:this._resolveLocale(b)});var e=this._findPluralRuleFunction(this._locale),f=this._compilePattern(d,b,c,e),h=this;this.format=function(a){return h._format(f,a)}}function h(a){return 400*a/146097}function i(a,b){b=b\|\|{},G(a)&&(a=a.concat()),D(this,"_locale",{value:this._resolveLocale(a)}),D(this,"_

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 26, 2024 04:37:32.159496069 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 26, 2024 04:37:32.315675020 CEST	49678	443	192.168.2.4	104.46.162.224
Apr 26, 2024 04:37:41.232237101 CEST	49737	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:41.232271910 CEST	443	49737	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:41.232342958 CEST	49737	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:41.232407093 CEST	49738	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:41.232486963 CEST	443	49738	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:41.232513905 CEST	49739	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:41.232548952 CEST	443	49739	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:41.232549906 CEST	49738	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:41.232604027 CEST	49739	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:41.232629061 CEST	49740	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:41.232672930 CEST	443	49740	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:41.232722998 CEST	49740	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:41.232883930 CEST	49737	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:41.232897043 CEST	443	49737	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:41.233030081 CEST	49738	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:41.233061075 CEST	443	49738	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:41.233156919 CEST	49739	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:41.233175039 CEST	443	49739	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:41.233285904 CEST	49740	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:41.233304024 CEST	443	49740	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:41.623164892 CEST	443	49738	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:41.623506069 CEST	49738	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:41.623550892 CEST	443	49738	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:41.623739004 CEST	443	49737	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:41.623895884 CEST	49737	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:41.623913050 CEST	443	49737	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:41.624435902 CEST	443	49738	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:41.624511003 CEST	49738	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:41.624520063 CEST	443	49740	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:41.624701977 CEST	49740	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:41.624722004 CEST	443	49739	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:41.624744892 CEST	443	49740	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:41.625225067 CEST	49739	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:41.625245094 CEST	443	49739	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:41.625538111 CEST	443	49737	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:41.625585079 CEST	443	49740	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:41.625602007 CEST	49738	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:41.625616074 CEST	49737	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:41.625657082 CEST	49740	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:41.625658035 CEST	443	49738	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:41.626270056 CEST	49737	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:41.626358986 CEST	443	49737	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:41.626528978 CEST	49738	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:41.626539946 CEST	443	49738	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:41.626729965 CEST	49740	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:41.626789093 CEST	443	49740	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:41.626854897 CEST	443	49739	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:41.626918077 CEST	49739	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:41.627093077 CEST	49737	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:41.627100945 CEST	443	49737	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:41.627659082 CEST	49739	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:41.627733946 CEST	443	49739	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:41.627784014 CEST	49740	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:41.627794027 CEST	443	49740	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:41.627877951 CEST	49739	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:41.627883911 CEST	443	49739	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:41.676574945 CEST	49739	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:41.676573038 CEST	49738	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:41.676582098 CEST	49737	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:41.676595926 CEST	49740	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:41.774072886 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 26, 2024 04:37:41.915232897 CEST	443	49739	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:41.915298939 CEST	443	49739	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:41.915318966 CEST	443	49739	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:41.915369034 CEST	49739	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:41.915385962 CEST	443	49739	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:41.915417910 CEST	49739	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:41.915477991 CEST	443	49739	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:41.915537119 CEST	49739	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:41.929629087 CEST	49739	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:41.929640055 CEST	443	49739	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:41.986433029 CEST	443	49740	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:41.986454010 CEST	443	49740	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:41.986459970 CEST	443	49740	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:41.986510038 CEST	443	49740	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:41.986529112 CEST	49740	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:41.986560106 CEST	443	49740	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:41.986574888 CEST	49740	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:41.986614943 CEST	49740	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:41.994242907 CEST	49740	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:41.994259119 CEST	443	49740	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:42.414011002 CEST	443	49737	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:42.414083958 CEST	443	49737	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:42.414105892 CEST	443	49737	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:42.414145947 CEST	443	49737	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:42.414151907 CEST	49737	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:42.414177895 CEST	443	49737	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:42.414196968 CEST	443	49737	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:42.414216042 CEST	49737	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:42.414243937 CEST	49737	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:42.414261103 CEST	49737	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:42.414638042 CEST	443	49737	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:42.414683104 CEST	443	49737	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:42.414719105 CEST	49737	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:42.414726973 CEST	443	49737	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:42.414767027 CEST	49737	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:42.414789915 CEST	49737	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:42.540323973 CEST	443	49737	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:42.540386915 CEST	443	49737	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:42.540427923 CEST	49737	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:42.540436983 CEST	443	49737	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:42.540487051 CEST	49737	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:42.541621923 CEST	443	49737	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:42.541675091 CEST	443	49737	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:42.541695118 CEST	49737	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:42.541702032 CEST	443	49737	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:42.541753054 CEST	49737	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:42.542617083 CEST	443	49737	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:42.542661905 CEST	443	49737	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:42.542686939 CEST	49737	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:42.542692900 CEST	443	49737	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:42.542745113 CEST	49737	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:42.543087006 CEST	443	49737	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:42.543159008 CEST	49737	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:42.543165922 CEST	443	49737	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:42.543365002 CEST	443	49737	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:42.543548107 CEST	49737	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:42.546471119 CEST	49737	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:42.546478987 CEST	443	49737	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:43.343780041 CEST	443	49738	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:43.343828917 CEST	443	49738	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:43.343837023 CEST	443	49738	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:43.343862057 CEST	443	49738	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:43.343892097 CEST	443	49738	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:43.343898058 CEST	49738	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:43.343975067 CEST	443	49738	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:43.344057083 CEST	49738	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:43.344058037 CEST	49738	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:43.344336987 CEST	443	49738	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:43.344369888 CEST	443	49738	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:43.344422102 CEST	49738	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:43.344435930 CEST	443	49738	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:43.344455957 CEST	443	49738	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:43.344480038 CEST	49738	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:43.344511986 CEST	49738	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:43.345619917 CEST	49738	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:43.345647097 CEST	443	49738	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:43.654540062 CEST	49743	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:43.654630899 CEST	443	49743	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:43.654726982 CEST	49743	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:43.655880928 CEST	49744	443	192.168.2.4	104.91.61.188
Apr 26, 2024 04:37:43.655917883 CEST	443	49744	104.91.61.188	192.168.2.4
Apr 26, 2024 04:37:43.656270027 CEST	49744	443	192.168.2.4	104.91.61.188
Apr 26, 2024 04:37:43.659478903 CEST	49744	443	192.168.2.4	104.91.61.188
Apr 26, 2024 04:37:43.659498930 CEST	443	49744	104.91.61.188	192.168.2.4
Apr 26, 2024 04:37:43.660034895 CEST	49743	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:43.660084963 CEST	443	49743	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:43.778055906 CEST	49745	443	192.168.2.4	172.217.15.196
Apr 26, 2024 04:37:43.778090954 CEST	443	49745	172.217.15.196	192.168.2.4
Apr 26, 2024 04:37:43.778259039 CEST	49745	443	192.168.2.4	172.217.15.196
Apr 26, 2024 04:37:43.778662920 CEST	49745	443	192.168.2.4	172.217.15.196
Apr 26, 2024 04:37:43.778691053 CEST	443	49745	172.217.15.196	192.168.2.4
Apr 26, 2024 04:37:44.046916962 CEST	443	49743	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:44.047775030 CEST	49743	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:44.047811985 CEST	443	49743	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:44.048156977 CEST	443	49743	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:44.052764893 CEST	49743	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:44.052843094 CEST	443	49743	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:44.053968906 CEST	49743	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:44.082540989 CEST	443	49744	104.91.61.188	192.168.2.4
Apr 26, 2024 04:37:44.082622051 CEST	49744	443	192.168.2.4	104.91.61.188
Apr 26, 2024 04:37:44.096139908 CEST	443	49743	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:44.100893021 CEST	49744	443	192.168.2.4	104.91.61.188
Apr 26, 2024 04:37:44.100908995 CEST	443	49744	104.91.61.188	192.168.2.4
Apr 26, 2024 04:37:44.101284981 CEST	443	49744	104.91.61.188	192.168.2.4
Apr 26, 2024 04:37:44.120225906 CEST	443	49745	172.217.15.196	192.168.2.4
Apr 26, 2024 04:37:44.135333061 CEST	49745	443	192.168.2.4	172.217.15.196
Apr 26, 2024 04:37:44.135346889 CEST	443	49745	172.217.15.196	192.168.2.4
Apr 26, 2024 04:37:44.139142990 CEST	443	49745	172.217.15.196	192.168.2.4
Apr 26, 2024 04:37:44.139245033 CEST	49745	443	192.168.2.4	172.217.15.196
Apr 26, 2024 04:37:44.142203093 CEST	49744	443	192.168.2.4	104.91.61.188
Apr 26, 2024 04:37:44.182394028 CEST	49745	443	192.168.2.4	172.217.15.196
Apr 26, 2024 04:37:44.183162928 CEST	443	49745	172.217.15.196	192.168.2.4
Apr 26, 2024 04:37:44.231188059 CEST	49744	443	192.168.2.4	104.91.61.188
Apr 26, 2024 04:37:44.236953974 CEST	49745	443	192.168.2.4	172.217.15.196
Apr 26, 2024 04:37:44.236963987 CEST	443	49745	172.217.15.196	192.168.2.4
Apr 26, 2024 04:37:44.272144079 CEST	443	49744	104.91.61.188	192.168.2.4
Apr 26, 2024 04:37:44.285402060 CEST	49745	443	192.168.2.4	172.217.15.196
Apr 26, 2024 04:37:44.488351107 CEST	443	49744	104.91.61.188	192.168.2.4
Apr 26, 2024 04:37:44.488867044 CEST	443	49744	104.91.61.188	192.168.2.4
Apr 26, 2024 04:37:44.488929033 CEST	49744	443	192.168.2.4	104.91.61.188
Apr 26, 2024 04:37:44.488975048 CEST	49744	443	192.168.2.4	104.91.61.188
Apr 26, 2024 04:37:44.488989115 CEST	443	49744	104.91.61.188	192.168.2.4
Apr 26, 2024 04:37:44.489001036 CEST	49744	443	192.168.2.4	104.91.61.188
Apr 26, 2024 04:37:44.489006042 CEST	443	49744	104.91.61.188	192.168.2.4
Apr 26, 2024 04:37:44.528501034 CEST	49746	443	192.168.2.4	104.91.61.188
Apr 26, 2024 04:37:44.528575897 CEST	443	49746	104.91.61.188	192.168.2.4
Apr 26, 2024 04:37:44.528682947 CEST	49746	443	192.168.2.4	104.91.61.188
Apr 26, 2024 04:37:44.529382944 CEST	49746	443	192.168.2.4	104.91.61.188
Apr 26, 2024 04:37:44.529414892 CEST	443	49746	104.91.61.188	192.168.2.4
Apr 26, 2024 04:37:44.767982006 CEST	443	49743	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:44.768045902 CEST	443	49743	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:44.768089056 CEST	443	49743	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:44.768131971 CEST	49743	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:44.768165112 CEST	443	49743	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:44.768198967 CEST	49743	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:44.768229961 CEST	49743	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:44.768309116 CEST	443	49743	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:44.768377066 CEST	443	49743	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:44.768392086 CEST	49743	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:44.768404961 CEST	443	49743	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:44.768440962 CEST	49743	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:44.768582106 CEST	443	49743	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:44.768656015 CEST	49743	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:44.775451899 CEST	49743	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:44.775476933 CEST	443	49743	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:44.802757025 CEST	49747	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:44.802782059 CEST	443	49747	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:44.802952051 CEST	49747	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:44.803337097 CEST	49747	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:44.803350925 CEST	443	49747	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:44.804348946 CEST	49748	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:44.804430962 CEST	443	49748	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:44.804522038 CEST	49748	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:44.804850101 CEST	49748	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:44.804884911 CEST	443	49748	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:44.946945906 CEST	443	49746	104.91.61.188	192.168.2.4
Apr 26, 2024 04:37:44.947025061 CEST	49746	443	192.168.2.4	104.91.61.188
Apr 26, 2024 04:37:44.948703051 CEST	49746	443	192.168.2.4	104.91.61.188
Apr 26, 2024 04:37:44.948730946 CEST	443	49746	104.91.61.188	192.168.2.4
Apr 26, 2024 04:37:44.949085951 CEST	443	49746	104.91.61.188	192.168.2.4
Apr 26, 2024 04:37:44.950212002 CEST	49746	443	192.168.2.4	104.91.61.188
Apr 26, 2024 04:37:44.992129087 CEST	443	49746	104.91.61.188	192.168.2.4
Apr 26, 2024 04:37:45.187127113 CEST	443	49748	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:45.187402964 CEST	49748	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:45.187448978 CEST	443	49748	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:45.187772036 CEST	443	49748	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:45.188277006 CEST	49748	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:45.188342094 CEST	443	49748	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:45.188489914 CEST	49748	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:45.194549084 CEST	443	49747	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:45.194732904 CEST	49747	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:45.194745064 CEST	443	49747	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:45.197727919 CEST	443	49747	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:45.197797060 CEST	49747	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:45.198369026 CEST	49747	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:45.198445082 CEST	443	49747	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:45.198487043 CEST	49747	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:45.229191065 CEST	49748	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:45.229233980 CEST	443	49748	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:45.238986015 CEST	49747	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:45.238996029 CEST	443	49747	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:45.282768965 CEST	49747	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:45.358046055 CEST	443	49746	104.91.61.188	192.168.2.4
Apr 26, 2024 04:37:45.358134031 CEST	443	49746	104.91.61.188	192.168.2.4
Apr 26, 2024 04:37:45.358541012 CEST	49746	443	192.168.2.4	104.91.61.188
Apr 26, 2024 04:37:45.383336067 CEST	49746	443	192.168.2.4	104.91.61.188
Apr 26, 2024 04:37:45.383337021 CEST	49746	443	192.168.2.4	104.91.61.188
Apr 26, 2024 04:37:45.383382082 CEST	443	49746	104.91.61.188	192.168.2.4
Apr 26, 2024 04:37:45.383421898 CEST	443	49746	104.91.61.188	192.168.2.4
Apr 26, 2024 04:37:45.878887892 CEST	443	49747	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:45.878971100 CEST	443	49747	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:45.878992081 CEST	443	49747	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:45.879012108 CEST	443	49747	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:45.879043102 CEST	49747	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:45.879051924 CEST	443	49747	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:45.879070997 CEST	443	49747	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:45.879081011 CEST	49747	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:45.879098892 CEST	49747	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:45.879101038 CEST	443	49747	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:45.879132986 CEST	49747	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:45.879182100 CEST	49747	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:45.879242897 CEST	443	49747	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:45.879307032 CEST	49747	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:45.879312992 CEST	443	49747	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:45.879462957 CEST	443	49747	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:45.879584074 CEST	49747	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:45.888209105 CEST	443	49748	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:45.888242006 CEST	443	49748	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:45.888251066 CEST	443	49748	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:45.888305902 CEST	443	49748	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:45.888326883 CEST	49748	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:45.888348103 CEST	443	49748	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:45.888364077 CEST	443	49748	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:45.888372898 CEST	49748	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:45.888401031 CEST	49748	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:45.888418913 CEST	49748	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:45.888437986 CEST	443	49748	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:45.888488054 CEST	49748	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:45.939479113 CEST	49747	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:45.939498901 CEST	443	49747	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:45.948066950 CEST	49748	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:45.948129892 CEST	443	49748	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:45.954797029 CEST	49749	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:45.954864979 CEST	443	49749	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:45.954973936 CEST	49749	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:45.955403090 CEST	49749	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:45.955436945 CEST	443	49749	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:46.187489033 CEST	49750	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:46.187535048 CEST	443	49750	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:46.187658072 CEST	49750	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:46.188312054 CEST	49751	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:46.188349009 CEST	443	49751	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:46.188430071 CEST	49751	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:46.189870119 CEST	49751	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:46.189886093 CEST	443	49751	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:46.190562963 CEST	49750	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:46.190587044 CEST	443	49750	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:46.346271992 CEST	443	49749	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:46.353077888 CEST	49749	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:46.353148937 CEST	443	49749	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:46.353657007 CEST	443	49749	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:46.354475021 CEST	49749	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:46.354574919 CEST	443	49749	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:46.354774952 CEST	49749	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:46.396156073 CEST	443	49749	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:46.571022987 CEST	443	49751	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:46.571280956 CEST	49751	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:46.571294069 CEST	443	49751	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:46.572299004 CEST	443	49751	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:46.572365046 CEST	49751	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:46.572711945 CEST	49751	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:46.572768927 CEST	443	49751	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:46.572839975 CEST	49751	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:46.572846889 CEST	443	49751	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:46.574074030 CEST	443	49750	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:46.574261904 CEST	49750	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:46.574275970 CEST	443	49750	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:46.575685024 CEST	443	49750	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:46.575743914 CEST	49750	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:46.575999022 CEST	49750	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:46.576072931 CEST	443	49750	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:46.576085091 CEST	49750	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:46.616126060 CEST	443	49750	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:46.626990080 CEST	49750	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:46.626990080 CEST	49751	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:46.627000093 CEST	443	49750	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:46.673921108 CEST	49750	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:46.865678072 CEST	443	49749	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:46.865751982 CEST	443	49749	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:46.865834951 CEST	49749	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:46.865900040 CEST	443	49749	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:46.865937948 CEST	443	49749	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:46.865967035 CEST	49749	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:46.865995884 CEST	49749	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:46.868283033 CEST	49749	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:46.868314981 CEST	443	49749	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:46.948909998 CEST	443	49751	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:46.948934078 CEST	443	49751	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:46.948940039 CEST	443	49751	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:46.948956013 CEST	443	49751	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:46.948962927 CEST	443	49751	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:46.948981047 CEST	443	49751	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:46.948991060 CEST	49751	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:46.949016094 CEST	443	49751	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:46.949031115 CEST	49751	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:46.949032068 CEST	443	49751	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:46.949073076 CEST	49751	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:46.949079037 CEST	443	49751	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:46.949122906 CEST	49751	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:46.949122906 CEST	443	49751	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:46.949203014 CEST	49751	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:46.951709986 CEST	443	49750	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:46.951739073 CEST	443	49750	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:46.951756001 CEST	443	49750	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:46.951767921 CEST	443	49750	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:46.951785088 CEST	443	49750	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:46.951796055 CEST	443	49750	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:46.951807976 CEST	49750	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:46.951843023 CEST	49750	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:46.951857090 CEST	443	49750	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:46.951900005 CEST	443	49750	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:46.951911926 CEST	49750	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:46.951916933 CEST	443	49750	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:46.951970100 CEST	443	49750	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:46.952011108 CEST	49750	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:46.958149910 CEST	49752	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:46.958175898 CEST	443	49752	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:46.958342075 CEST	49752	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:47.048043013 CEST	49753	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:47.048063993 CEST	443	49753	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:47.048156977 CEST	49753	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:47.051135063 CEST	49752	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:47.051155090 CEST	443	49752	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:47.051358938 CEST	49753	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:47.051373005 CEST	443	49753	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:47.065185070 CEST	49751	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:47.065196991 CEST	443	49751	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:47.065606117 CEST	49750	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:47.065629959 CEST	443	49750	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:47.431931973 CEST	443	49753	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:47.432190895 CEST	49753	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:47.432202101 CEST	443	49753	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:47.432667017 CEST	443	49753	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:47.433329105 CEST	49753	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:47.433418036 CEST	443	49753	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:47.433582067 CEST	49753	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:47.438843012 CEST	443	49752	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:47.439073086 CEST	49752	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:47.439083099 CEST	443	49752	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:47.440222025 CEST	443	49752	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:47.440552950 CEST	49752	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:47.440701962 CEST	49752	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:47.440706968 CEST	443	49752	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:47.440721035 CEST	443	49752	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:47.480113983 CEST	443	49753	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:47.485908985 CEST	49752	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:47.950010061 CEST	443	49753	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:47.950032949 CEST	443	49753	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:47.950107098 CEST	443	49753	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:47.950175047 CEST	49753	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:47.953105927 CEST	49753	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:47.974128962 CEST	443	49752	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:47.974184990 CEST	443	49752	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:47.974240065 CEST	49752	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:47.974250078 CEST	443	49752	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:47.974396944 CEST	443	49752	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:47.977487087 CEST	49752	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:47.995850086 CEST	49752	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:47.995862961 CEST	443	49752	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:47.996615887 CEST	49753	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:47.996627092 CEST	443	49753	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:48.100231886 CEST	49755	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:48.100311995 CEST	443	49755	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:48.100388050 CEST	49755	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:48.100752115 CEST	49756	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:48.100780010 CEST	443	49756	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:48.100867033 CEST	49756	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:48.101149082 CEST	49755	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:48.101183891 CEST	443	49755	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:48.101388931 CEST	49756	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:48.101402044 CEST	443	49756	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:48.489583969 CEST	443	49755	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:48.490475893 CEST	49755	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:48.490509033 CEST	443	49755	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:48.491018057 CEST	443	49755	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:48.494136095 CEST	49755	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:48.494225025 CEST	443	49755	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:48.494749069 CEST	49755	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:48.497189045 CEST	443	49756	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:48.497574091 CEST	49756	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:48.497591019 CEST	443	49756	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:48.498044014 CEST	443	49756	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:48.498585939 CEST	49756	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:48.498661995 CEST	443	49756	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:48.498999119 CEST	49756	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:48.536155939 CEST	443	49755	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:48.540122986 CEST	443	49756	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:48.742291927 CEST	443	49755	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:48.742340088 CEST	443	49755	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:48.742520094 CEST	443	49755	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:48.742585897 CEST	49755	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:48.743531942 CEST	49755	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:48.743566990 CEST	443	49755	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:48.810630083 CEST	443	49756	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:48.810651064 CEST	443	49756	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:48.810710907 CEST	49756	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:48.810725927 CEST	443	49756	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:48.810785055 CEST	443	49756	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:48.810837030 CEST	49756	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:48.811527014 CEST	49756	443	192.168.2.4	13.107.246.41
Apr 26, 2024 04:37:48.811537027 CEST	443	49756	13.107.246.41	192.168.2.4
Apr 26, 2024 04:37:53.385493994 CEST	49757	443	192.168.2.4	104.47.110.28
Apr 26, 2024 04:37:53.385586977 CEST	443	49757	104.47.110.28	192.168.2.4
Apr 26, 2024 04:37:53.385662079 CEST	49757	443	192.168.2.4	104.47.110.28
Apr 26, 2024 04:37:53.386955976 CEST	49758	443	192.168.2.4	104.47.110.28
Apr 26, 2024 04:37:53.386992931 CEST	443	49758	104.47.110.28	192.168.2.4
Apr 26, 2024 04:37:53.387041092 CEST	49758	443	192.168.2.4	104.47.110.28
Apr 26, 2024 04:37:53.387645006 CEST	49757	443	192.168.2.4	104.47.110.28
Apr 26, 2024 04:37:53.387681961 CEST	443	49757	104.47.110.28	192.168.2.4
Apr 26, 2024 04:37:53.388000965 CEST	49758	443	192.168.2.4	104.47.110.28
Apr 26, 2024 04:37:53.388016939 CEST	443	49758	104.47.110.28	192.168.2.4
Apr 26, 2024 04:37:54.097795010 CEST	443	49745	172.217.15.196	192.168.2.4
Apr 26, 2024 04:37:54.097877026 CEST	443	49745	172.217.15.196	192.168.2.4
Apr 26, 2024 04:37:54.097924948 CEST	49745	443	192.168.2.4	172.217.15.196
Apr 26, 2024 04:37:54.259005070 CEST	443	49758	104.47.110.28	192.168.2.4
Apr 26, 2024 04:37:54.266217947 CEST	443	49757	104.47.110.28	192.168.2.4
Apr 26, 2024 04:37:54.286580086 CEST	49757	443	192.168.2.4	104.47.110.28
Apr 26, 2024 04:37:54.286621094 CEST	443	49757	104.47.110.28	192.168.2.4
Apr 26, 2024 04:37:54.286705971 CEST	49758	443	192.168.2.4	104.47.110.28
Apr 26, 2024 04:37:54.286748886 CEST	443	49758	104.47.110.28	192.168.2.4
Apr 26, 2024 04:37:54.287765026 CEST	443	49758	104.47.110.28	192.168.2.4
Apr 26, 2024 04:37:54.287825108 CEST	49758	443	192.168.2.4	104.47.110.28
Apr 26, 2024 04:37:54.290056944 CEST	49758	443	192.168.2.4	104.47.110.28
Apr 26, 2024 04:37:54.290118933 CEST	443	49758	104.47.110.28	192.168.2.4
Apr 26, 2024 04:37:54.290410042 CEST	443	49757	104.47.110.28	192.168.2.4
Apr 26, 2024 04:37:54.290484905 CEST	49757	443	192.168.2.4	104.47.110.28
Apr 26, 2024 04:37:54.291198015 CEST	49757	443	192.168.2.4	104.47.110.28
Apr 26, 2024 04:37:54.291393042 CEST	443	49757	104.47.110.28	192.168.2.4
Apr 26, 2024 04:37:54.291923046 CEST	49758	443	192.168.2.4	104.47.110.28
Apr 26, 2024 04:37:54.291930914 CEST	443	49758	104.47.110.28	192.168.2.4
Apr 26, 2024 04:37:54.417152882 CEST	49757	443	192.168.2.4	104.47.110.28
Apr 26, 2024 04:37:54.417201042 CEST	443	49757	104.47.110.28	192.168.2.4
Apr 26, 2024 04:37:54.417206049 CEST	49758	443	192.168.2.4	104.47.110.28
Apr 26, 2024 04:37:54.536452055 CEST	49757	443	192.168.2.4	104.47.110.28
Apr 26, 2024 04:37:55.344096899 CEST	49745	443	192.168.2.4	172.217.15.196
Apr 26, 2024 04:37:55.344125032 CEST	443	49745	172.217.15.196	192.168.2.4
Apr 26, 2024 04:37:55.373776913 CEST	443	49758	104.47.110.28	192.168.2.4
Apr 26, 2024 04:37:55.373856068 CEST	443	49758	104.47.110.28	192.168.2.4
Apr 26, 2024 04:37:55.373980999 CEST	49758	443	192.168.2.4	104.47.110.28
Apr 26, 2024 04:37:55.374468088 CEST	49758	443	192.168.2.4	104.47.110.28
Apr 26, 2024 04:37:55.374485970 CEST	443	49758	104.47.110.28	192.168.2.4
Apr 26, 2024 04:37:55.522309065 CEST	49760	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:37:55.522340059 CEST	443	49760	52.230.18.38	192.168.2.4
Apr 26, 2024 04:37:55.522423983 CEST	49760	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:37:55.522926092 CEST	49760	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:37:55.522943020 CEST	443	49760	52.230.18.38	192.168.2.4
Apr 26, 2024 04:37:56.614196062 CEST	443	49760	52.230.18.38	192.168.2.4
Apr 26, 2024 04:37:56.614717960 CEST	49760	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:37:56.614744902 CEST	443	49760	52.230.18.38	192.168.2.4
Apr 26, 2024 04:37:56.616178989 CEST	443	49760	52.230.18.38	192.168.2.4
Apr 26, 2024 04:37:56.616254091 CEST	49760	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:37:56.617963076 CEST	49760	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:37:56.618043900 CEST	443	49760	52.230.18.38	192.168.2.4
Apr 26, 2024 04:37:56.618477106 CEST	49760	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:37:56.618485928 CEST	443	49760	52.230.18.38	192.168.2.4
Apr 26, 2024 04:37:56.660645962 CEST	49760	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:37:56.979371071 CEST	443	49760	52.230.18.38	192.168.2.4
Apr 26, 2024 04:37:56.979450941 CEST	443	49760	52.230.18.38	192.168.2.4
Apr 26, 2024 04:37:56.979492903 CEST	49760	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:37:56.979861021 CEST	49760	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:37:56.979882002 CEST	443	49760	52.230.18.38	192.168.2.4
Apr 26, 2024 04:37:58.108438969 CEST	49766	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:37:58.108496904 CEST	443	49766	52.230.18.38	192.168.2.4
Apr 26, 2024 04:37:58.108570099 CEST	49766	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:37:58.108807087 CEST	49767	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:37:58.108887911 CEST	443	49767	52.230.18.38	192.168.2.4
Apr 26, 2024 04:37:58.108947992 CEST	49767	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:37:58.110089064 CEST	49767	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:37:58.110125065 CEST	443	49767	52.230.18.38	192.168.2.4
Apr 26, 2024 04:37:58.110414028 CEST	49766	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:37:58.110447884 CEST	443	49766	52.230.18.38	192.168.2.4
Apr 26, 2024 04:37:58.832598925 CEST	443	49767	52.230.18.38	192.168.2.4
Apr 26, 2024 04:37:58.849577904 CEST	443	49766	52.230.18.38	192.168.2.4
Apr 26, 2024 04:37:58.873656988 CEST	49766	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:37:58.873697042 CEST	443	49766	52.230.18.38	192.168.2.4
Apr 26, 2024 04:37:58.873964071 CEST	49767	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:37:58.874020100 CEST	443	49767	52.230.18.38	192.168.2.4
Apr 26, 2024 04:37:58.874219894 CEST	443	49766	52.230.18.38	192.168.2.4
Apr 26, 2024 04:37:58.874969959 CEST	49766	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:37:58.875062943 CEST	443	49766	52.230.18.38	192.168.2.4
Apr 26, 2024 04:37:58.875330925 CEST	443	49767	52.230.18.38	192.168.2.4
Apr 26, 2024 04:37:58.875485897 CEST	49766	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:37:58.876065969 CEST	49767	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:37:58.876277924 CEST	443	49767	52.230.18.38	192.168.2.4
Apr 26, 2024 04:37:58.916146994 CEST	443	49766	52.230.18.38	192.168.2.4
Apr 26, 2024 04:37:58.940495968 CEST	49767	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:37:59.583692074 CEST	443	49766	52.230.18.38	192.168.2.4
Apr 26, 2024 04:37:59.583782911 CEST	443	49766	52.230.18.38	192.168.2.4
Apr 26, 2024 04:37:59.583868027 CEST	49766	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:37:59.584194899 CEST	49766	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:37:59.584233046 CEST	443	49766	52.230.18.38	192.168.2.4
Apr 26, 2024 04:38:04.608571053 CEST	49768	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:38:04.608664036 CEST	443	49768	52.230.18.38	192.168.2.4
Apr 26, 2024 04:38:04.608746052 CEST	49768	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:38:04.609395027 CEST	49768	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:38:04.609450102 CEST	443	49768	52.230.18.38	192.168.2.4
Apr 26, 2024 04:38:04.617223024 CEST	49767	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:38:04.660145998 CEST	443	49767	52.230.18.38	192.168.2.4
Apr 26, 2024 04:38:04.976190090 CEST	443	49767	52.230.18.38	192.168.2.4
Apr 26, 2024 04:38:04.976353884 CEST	443	49767	52.230.18.38	192.168.2.4
Apr 26, 2024 04:38:04.976484060 CEST	49767	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:38:04.976551056 CEST	443	49767	52.230.18.38	192.168.2.4
Apr 26, 2024 04:38:04.976584911 CEST	49767	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:38:05.328859091 CEST	443	49768	52.230.18.38	192.168.2.4
Apr 26, 2024 04:38:05.329170942 CEST	49768	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:38:05.329219103 CEST	443	49768	52.230.18.38	192.168.2.4
Apr 26, 2024 04:38:05.329715014 CEST	443	49768	52.230.18.38	192.168.2.4
Apr 26, 2024 04:38:05.330037117 CEST	49768	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:38:05.330132008 CEST	443	49768	52.230.18.38	192.168.2.4
Apr 26, 2024 04:38:05.330198050 CEST	49768	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:38:05.372128010 CEST	443	49768	52.230.18.38	192.168.2.4
Apr 26, 2024 04:38:05.377031088 CEST	49768	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:38:06.043344021 CEST	443	49768	52.230.18.38	192.168.2.4
Apr 26, 2024 04:38:06.043442965 CEST	443	49768	52.230.18.38	192.168.2.4
Apr 26, 2024 04:38:06.043575048 CEST	49768	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:38:06.048382044 CEST	49768	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:38:06.048428059 CEST	443	49768	52.230.18.38	192.168.2.4
Apr 26, 2024 04:38:36.058317900 CEST	49770	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:38:36.058341980 CEST	443	49770	52.230.18.38	192.168.2.4
Apr 26, 2024 04:38:36.058365107 CEST	49771	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:38:36.058387995 CEST	443	49771	52.230.18.38	192.168.2.4
Apr 26, 2024 04:38:36.058453083 CEST	49770	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:38:36.058455944 CEST	49771	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:38:36.066148043 CEST	49771	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:38:36.066169024 CEST	443	49771	52.230.18.38	192.168.2.4
Apr 26, 2024 04:38:36.066752911 CEST	49770	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:38:36.066771984 CEST	443	49770	52.230.18.38	192.168.2.4
Apr 26, 2024 04:38:36.785015106 CEST	443	49771	52.230.18.38	192.168.2.4
Apr 26, 2024 04:38:36.791332960 CEST	49771	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:38:36.791347980 CEST	443	49771	52.230.18.38	192.168.2.4
Apr 26, 2024 04:38:36.792538881 CEST	443	49771	52.230.18.38	192.168.2.4
Apr 26, 2024 04:38:36.795908928 CEST	49771	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:38:36.796071053 CEST	443	49771	52.230.18.38	192.168.2.4
Apr 26, 2024 04:38:36.796883106 CEST	49771	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:38:36.807162046 CEST	443	49770	52.230.18.38	192.168.2.4
Apr 26, 2024 04:38:36.807579994 CEST	49770	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:38:36.807596922 CEST	443	49770	52.230.18.38	192.168.2.4
Apr 26, 2024 04:38:36.808763981 CEST	443	49770	52.230.18.38	192.168.2.4
Apr 26, 2024 04:38:36.809664011 CEST	49770	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:38:36.809855938 CEST	443	49770	52.230.18.38	192.168.2.4
Apr 26, 2024 04:38:36.840152979 CEST	443	49771	52.230.18.38	192.168.2.4
Apr 26, 2024 04:38:36.860317945 CEST	49770	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:38:37.496932030 CEST	443	49771	52.230.18.38	192.168.2.4
Apr 26, 2024 04:38:37.497086048 CEST	443	49771	52.230.18.38	192.168.2.4
Apr 26, 2024 04:38:37.497181892 CEST	49771	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:38:37.497762918 CEST	49771	443	192.168.2.4	52.230.18.38
Apr 26, 2024 04:38:37.497786999 CEST	443	49771	52.230.18.38	192.168.2.4
Apr 26, 2024 04:38:39.423620939 CEST	49757	443	192.168.2.4	104.47.110.28
Apr 26, 2024 04:38:39.423660040 CEST	443	49757	104.47.110.28	192.168.2.4
Apr 26, 2024 04:38:43.630309105 CEST	49773	443	192.168.2.4	172.217.15.196
Apr 26, 2024 04:38:43.630343914 CEST	443	49773	172.217.15.196	192.168.2.4
Apr 26, 2024 04:38:43.630417109 CEST	49773	443	192.168.2.4	172.217.15.196
Apr 26, 2024 04:38:43.630948067 CEST	49773	443	192.168.2.4	172.217.15.196
Apr 26, 2024 04:38:43.630964994 CEST	443	49773	172.217.15.196	192.168.2.4
Apr 26, 2024 04:38:43.965356112 CEST	443	49773	172.217.15.196	192.168.2.4
Apr 26, 2024 04:38:43.965682983 CEST	49773	443	192.168.2.4	172.217.15.196
Apr 26, 2024 04:38:43.965702057 CEST	443	49773	172.217.15.196	192.168.2.4
Apr 26, 2024 04:38:43.966159105 CEST	443	49773	172.217.15.196	192.168.2.4
Apr 26, 2024 04:38:43.967247009 CEST	49773	443	192.168.2.4	172.217.15.196
Apr 26, 2024 04:38:43.967329979 CEST	443	49773	172.217.15.196	192.168.2.4
Apr 26, 2024 04:38:44.018023014 CEST	49773	443	192.168.2.4	172.217.15.196
Apr 26, 2024 04:38:53.949038982 CEST	443	49773	172.217.15.196	192.168.2.4
Apr 26, 2024 04:38:53.949196100 CEST	443	49773	172.217.15.196	192.168.2.4
Apr 26, 2024 04:38:53.949254036 CEST	49773	443	192.168.2.4	172.217.15.196
Apr 26, 2024 04:38:55.317732096 CEST	49773	443	192.168.2.4	172.217.15.196
Apr 26, 2024 04:38:55.317749977 CEST	49757	443	192.168.2.4	104.47.110.28
Apr 26, 2024 04:38:55.317760944 CEST	443	49773	172.217.15.196	192.168.2.4
Apr 26, 2024 04:38:55.317965984 CEST	443	49757	104.47.110.28	192.168.2.4
Apr 26, 2024 04:38:55.318350077 CEST	49757	443	192.168.2.4	104.47.110.28

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 26, 2024 04:37:39.118607998 CEST	53	51617	1.1.1.1	192.168.2.4
Apr 26, 2024 04:37:39.122448921 CEST	53	53597	1.1.1.1	192.168.2.4
Apr 26, 2024 04:37:39.957098007 CEST	53	52078	1.1.1.1	192.168.2.4
Apr 26, 2024 04:37:39.998179913 CEST	52781	53	192.168.2.4	1.1.1.1
Apr 26, 2024 04:37:39.998338938 CEST	57272	53	192.168.2.4	1.1.1.1
Apr 26, 2024 04:37:40.200794935 CEST	53	57272	1.1.1.1	192.168.2.4
Apr 26, 2024 04:37:41.065272093 CEST	50220	53	192.168.2.4	1.1.1.1
Apr 26, 2024 04:37:41.065481901 CEST	64341	53	192.168.2.4	1.1.1.1
Apr 26, 2024 04:37:43.651041031 CEST	50958	53	192.168.2.4	1.1.1.1
Apr 26, 2024 04:37:43.651546955 CEST	65043	53	192.168.2.4	1.1.1.1
Apr 26, 2024 04:37:43.776232004 CEST	53	50958	1.1.1.1	192.168.2.4
Apr 26, 2024 04:37:43.777065039 CEST	53	65043	1.1.1.1	192.168.2.4
Apr 26, 2024 04:37:45.977689981 CEST	50587	53	192.168.2.4	1.1.1.1
Apr 26, 2024 04:37:45.978038073 CEST	55765	53	192.168.2.4	1.1.1.1
Apr 26, 2024 04:37:47.062033892 CEST	63980	53	192.168.2.4	1.1.1.1
Apr 26, 2024 04:37:47.062510967 CEST	60850	53	192.168.2.4	1.1.1.1
Apr 26, 2024 04:37:53.157841921 CEST	63302	53	192.168.2.4	1.1.1.1
Apr 26, 2024 04:37:53.158104897 CEST	65035	53	192.168.2.4	1.1.1.1
Apr 26, 2024 04:37:53.365431070 CEST	53	65035	1.1.1.1	192.168.2.4
Apr 26, 2024 04:37:53.383786917 CEST	53	63302	1.1.1.1	192.168.2.4
Apr 26, 2024 04:37:55.377616882 CEST	63111	53	192.168.2.4	1.1.1.1
Apr 26, 2024 04:37:55.377892971 CEST	52613	53	192.168.2.4	1.1.1.1
Apr 26, 2024 04:37:55.517203093 CEST	53	63111	1.1.1.1	192.168.2.4
Apr 26, 2024 04:37:55.520593882 CEST	53	52613	1.1.1.1	192.168.2.4
Apr 26, 2024 04:37:57.069336891 CEST	53	50405	1.1.1.1	192.168.2.4
Apr 26, 2024 04:38:02.853889942 CEST	138	138	192.168.2.4	192.168.2.255
Apr 26, 2024 04:38:15.848925114 CEST	53	61835	1.1.1.1	192.168.2.4
Apr 26, 2024 04:38:38.270330906 CEST	53	61885	1.1.1.1	192.168.2.4
Apr 26, 2024 04:38:38.861277103 CEST	53	51869	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Apr 26, 2024 04:37:46.240264893 CEST	192.168.2.4	1.1.1.1	c2f2	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 26, 2024 04:37:39.998179913 CEST	192.168.2.4	1.1.1.1	0xeebb	Standard query (0)	mcas-proxyweb.mcas.ms	A (IP address)	IN (0x0001)	false
Apr 26, 2024 04:37:39.998338938 CEST	192.168.2.4	1.1.1.1	0xf64c	Standard query (0)	mcas-proxyweb.mcas.ms	65	IN (0x0001)	false
Apr 26, 2024 04:37:41.065272093 CEST	192.168.2.4	1.1.1.1	0x64b	Standard query (0)	mcasproxy.cdn.mcas.ms	A (IP address)	IN (0x0001)	false
Apr 26, 2024 04:37:41.065481901 CEST	192.168.2.4	1.1.1.1	0xb54a	Standard query (0)	mcasproxy.cdn.mcas.ms	65	IN (0x0001)	false
Apr 26, 2024 04:37:43.651041031 CEST	192.168.2.4	1.1.1.1	0x53e	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 04:37:43.651546955 CEST	192.168.2.4	1.1.1.1	0x63a0	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 26, 2024 04:37:45.977689981 CEST	192.168.2.4	1.1.1.1	0x1826	Standard query (0)	mcasproxy.cdn.mcas.ms	A (IP address)	IN (0x0001)	false
Apr 26, 2024 04:37:45.978038073 CEST	192.168.2.4	1.1.1.1	0xc41a	Standard query (0)	mcasproxy.cdn.mcas.ms	65	IN (0x0001)	false
Apr 26, 2024 04:37:47.062033892 CEST	192.168.2.4	1.1.1.1	0x8ec7	Standard query (0)	c.s-microsoft.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 04:37:47.062510967 CEST	192.168.2.4	1.1.1.1	0x1b72	Standard query (0)	c.s-microsoft.com	65	IN (0x0001)	false
Apr 26, 2024 04:37:53.157841921 CEST	192.168.2.4	1.1.1.1	0xafeb	Standard query (0)	apc01.safelinks.protection.outlook.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 04:37:53.158104897 CEST	192.168.2.4	1.1.1.1	0xc505	Standard query (0)	apc01.safelinks.protection.outlook.com	65	IN (0x0001)	false
Apr 26, 2024 04:37:55.377616882 CEST	192.168.2.4	1.1.1.1	0x9545	Standard query (0)	wittywebevents.wipro.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 04:37:55.377892971 CEST	192.168.2.4	1.1.1.1	0x236b	Standard query (0)	wittywebevents.wipro.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 26, 2024 04:37:40.185817957 CEST	1.1.1.1	192.168.2.4	0xeebb	No error (0)	mcas-proxyweb.mcas.ms	mps-mda-ic-openresty-prd-weu.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 04:37:40.200794935 CEST	1.1.1.1	192.168.2.4	0xf64c	No error (0)	mcas-proxyweb.mcas.ms	mps-mda-ic-openresty-prd-weu.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 04:37:41.230127096 CEST	1.1.1.1	192.168.2.4	0xb54a	No error (0)	mcasproxy.cdn.mcas.ms	mps-mda-ic-mcasproxy-prd-weu.azureedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 04:37:41.231667995 CEST	1.1.1.1	192.168.2.4	0x64b	No error (0)	mcasproxy.cdn.mcas.ms	mps-mda-ic-mcasproxy-prd-weu.azureedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 04:37:41.231667995 CEST	1.1.1.1	192.168.2.4	0x64b	No error (0)	shed.dual-low.part-0013.t-0009.t-msedge.net	part-0013.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 04:37:41.231667995 CEST	1.1.1.1	192.168.2.4	0x64b	No error (0)	part-0013.t-0009.t-msedge.net		13.107.246.41	A (IP address)	IN (0x0001)	false
Apr 26, 2024 04:37:41.231667995 CEST	1.1.1.1	192.168.2.4	0x64b	No error (0)	part-0013.t-0009.t-msedge.net		13.107.213.41	A (IP address)	IN (0x0001)	false
Apr 26, 2024 04:37:43.776232004 CEST	1.1.1.1	192.168.2.4	0x53e	No error (0)	www.google.com		172.217.15.196	A (IP address)	IN (0x0001)	false
Apr 26, 2024 04:37:43.777065039 CEST	1.1.1.1	192.168.2.4	0x63a0	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 26, 2024 04:37:46.148401976 CEST	1.1.1.1	192.168.2.4	0x1826	No error (0)	mcasproxy.cdn.mcas.ms	mps-mda-ic-mcasproxy-prd-weu.azureedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 04:37:46.148401976 CEST	1.1.1.1	192.168.2.4	0x1826	No error (0)	shed.dual-low.part-0013.t-0009.t-msedge.net	part-0013.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 04:37:46.148401976 CEST	1.1.1.1	192.168.2.4	0x1826	No error (0)	part-0013.t-0009.t-msedge.net		13.107.246.41	A (IP address)	IN (0x0001)	false
Apr 26, 2024 04:37:46.148401976 CEST	1.1.1.1	192.168.2.4	0x1826	No error (0)	part-0013.t-0009.t-msedge.net		13.107.213.41	A (IP address)	IN (0x0001)	false
Apr 26, 2024 04:37:46.240148067 CEST	1.1.1.1	192.168.2.4	0xc41a	No error (0)	mcasproxy.cdn.mcas.ms	mps-mda-ic-mcasproxy-prd-weu.azureedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 04:37:47.188479900 CEST	1.1.1.1	192.168.2.4	0x8ec7	No error (0)	c.s-microsoft.com	c-s.cms.ms.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 04:37:47.188808918 CEST	1.1.1.1	192.168.2.4	0x1b72	No error (0)	c.s-microsoft.com	c-s.cms.ms.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 04:37:53.383786917 CEST	1.1.1.1	192.168.2.4	0xafeb	No error (0)	apc01.safelinks.protection.outlook.com		104.47.110.28	A (IP address)	IN (0x0001)	false
Apr 26, 2024 04:37:55.517203093 CEST	1.1.1.1	192.168.2.4	0x9545	No error (0)	wittywebevents.wipro.com		52.230.18.38	A (IP address)	IN (0x0001)	false
Apr 26, 2024 04:37:56.373147964 CEST	1.1.1.1	192.168.2.4	0x16f0	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 04:37:56.373147964 CEST	1.1.1.1	192.168.2.4	0x16f0	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 26, 2024 04:38:09.675323009 CEST	1.1.1.1	192.168.2.4	0xe2d0	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 04:38:09.675323009 CEST	1.1.1.1	192.168.2.4	0xe2d0	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 26, 2024 04:38:30.945195913 CEST	1.1.1.1	192.168.2.4	0x105	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 04:38:30.945195913 CEST	1.1.1.1	192.168.2.4	0x105	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

https:

mcasproxy.cdn.mcas.ms

fs.microsoft.com

apc01.safelinks.protection.outlook.com

wittywebevents.wipro.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49738	13.107.246.41	443	1272	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 02:37:41 UTC	599	OUT	GET /proxyweb/1.54.36-1-hf/css/proxyweb-all.min.css?cb=1.54.146-6 HTTP/1.1 Host: mcasproxy.cdn.mcas.ms Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://mcas-proxyweb.mcas.ms/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 02:37:43 UTC	827	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:37:43 GMT Content-Type: text/css Content-Length: 27214 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=31536000 Last-Modified: Mon, 25 Mar 2024 12:17:45 GMT ETag: 0x8DC4CC59431E3E0 x-ms-request-id: 2a674103-301e-003d-1582-97ad36000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240426T023741Z-17644f8887f6krrkwksfy2se5w00000006u000000000cwbx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-26 02:37:43 UTC	15557	IN	Data Raw: 40 66 6f 6e 74 2d 66 61 63 65 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 53 65 67 6f 65 20 55 49 3b 73 72 63 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 63 2e 73 2d 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 73 74 61 74 69 63 2f 66 6f 6e 74 73 2f 73 65 67 6f 65 2d 75 69 2f 77 65 73 74 2d 65 75 72 6f 70 65 61 6e 2f 6e 6f 72 6d 61 6c 2f 6c 61 74 65 73 74 2e 65 6f 74 29 3b 73 72 63 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 63 2e 73 2d 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 73 74 61 74 69 63 2f 66 6f 6e 74 73 2f 73 65 67 6f 65 2d 75 69 2f 77 65 73 74 2d 65 75 72 6f 70 65 61 6e 2f 6e 6f 72 6d 61 6c 2f 6c 61 74 65 73 74 2e 65 6f 74 3f 23 69 65 66 69 78 29 20 66 6f 72 6d 61 74 28 27 65 6d 62 65 64 64 65 64 2d 6f 70 65 6e 74 79 70 65 27 29 2c 75 72 6c 28 68 74 74 70 73 3a Data Ascii: @font-face{font-family:Segoe UI;src:url(https://c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/latest.eot);src:url(https://c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/latest.eot?#iefix) format('embedded-opentype'),url(https:
2024-04-26 02:37:43 UTC	11657	IN	Data Raw: 2d 70 61 6e 65 6c 20 23 70 72 6f 78 79 77 65 62 2d 75 6e 6d 61 70 70 65 64 2d 64 6f 6d 61 69 6e 73 2d 70 61 6e 65 6c 2d 63 6c 6f 73 65 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 74 6f 70 3a 32 38 70 78 3b 72 69 67 68 74 3a 32 37 70 78 3b 66 6c 6f 61 74 3a 72 69 67 68 74 7d 2e 70 72 6f 78 79 77 65 62 2d 75 6e 6d 61 70 70 65 64 2d 64 6f 6d 61 69 6e 73 2d 70 61 6e 65 6c 20 23 70 72 6f 78 79 77 65 62 2d 70 61 6e 65 6c 2d 63 6c 6f 73 65 2d 62 74 6e 7b 77 69 64 74 68 3a 31 32 70 78 3b 68 65 69 67 68 74 3a 31 36 70 78 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 7d 2e 70 72 6f 78 79 77 65 62 2d 75 6e 6d 61 70 70 65 64 2d 64 6f 6d 61 69 6e 73 2d 70 61 6e 65 6c 20 23 70 72 6f 78 79 77 65 62 2d 75 6e 6d 61 70 70 65 64 2d 64 6f 6d 61 69 6e 73 2d 6c 69 Data Ascii: -panel #proxyweb-unmapped-domains-panel-close{position:relative;top:28px;right:27px;float:right}.proxyweb-unmapped-domains-panel #proxyweb-panel-close-btn{width:12px;height:16px;cursor:pointer}.proxyweb-unmapped-domains-panel #proxyweb-unmapped-domains-li

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49737	13.107.246.41	443	1272	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 02:37:41 UTC	567	OUT	GET /proxyweb/1.54.36-1-hf/js/handlebars.min.js HTTP/1.1 Host: mcasproxy.cdn.mcas.ms Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://mcas-proxyweb.mcas.ms/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 02:37:42 UTC	841	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:37:42 GMT Content-Type: application/javascript Content-Length: 88426 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=31536000 Last-Modified: Mon, 25 Mar 2024 12:17:28 GMT ETag: 0x8DC4CC58A214183 x-ms-request-id: 95cc327a-801e-003e-4d82-97d030000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240426T023741Z-1865489d5f4gxx8nx10tqpg6dw0000000ay0000000003dtp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-26 02:37:42 UTC	15543	IN	Data Raw: 2f 2a 2a 21 0a 0a 20 40 6c 69 63 65 6e 73 65 0a 20 68 61 6e 64 6c 65 62 61 72 73 20 76 34 2e 37 2e 38 0a 0a 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 32 30 31 31 2d 32 30 31 39 20 62 79 20 59 65 68 75 64 61 20 4b 61 74 7a 0a 0a 50 65 72 6d 69 73 73 69 6f 6e 20 69 73 20 68 65 72 65 62 79 20 67 72 61 6e 74 65 64 2c 20 66 72 65 65 20 6f 66 20 63 68 61 72 67 65 2c 20 74 6f 20 61 6e 79 20 70 65 72 73 6f 6e 20 6f 62 74 61 69 6e 69 6e 67 20 61 20 63 6f 70 79 0a 6f 66 20 74 68 69 73 20 73 6f 66 74 77 61 72 65 20 61 6e 64 20 61 73 73 6f 63 69 61 74 65 64 20 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 20 66 69 6c 65 73 20 28 74 68 65 20 22 53 6f 66 74 77 61 72 65 22 29 2c 20 74 6f 20 64 65 61 6c 0a 69 6e 20 74 68 65 20 53 6f 66 74 77 61 72 65 20 77 69 74 68 6f 75 74 20 Data Ascii: /**! @license handlebars v4.7.8Copyright (C) 2011-2019 by Yehuda KatzPermission is hereby granted, free of charge, to any person obtaining a copyof this software and associated documentation files (the "Software"), to dealin the Software without
2024-04-26 02:37:42 UTC	16384	IN	Data Raw: 21 31 7d 29 7d 29 7d 2c 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 76 61 72 20 64 3d 63 28 34 37 29 2c 65 3d 63 28 33 35 29 3b 61 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 76 61 72 20 66 2c 67 2c 68 3d 53 74 72 69 6e 67 28 65 28 62 29 29 2c 69 3d 64 28 63 29 2c 6a 3d 68 2e 6c 65 6e 67 74 68 3b 72 65 74 75 72 6e 20 69 3c 30 7c 7c 69 3e 3d 6a 3f 61 3f 22 22 3a 76 6f 69 64 20 30 3a 28 66 3d 68 2e 63 68 61 72 43 6f 64 65 41 74 28 69 29 2c 66 3c 35 35 32 39 36 7c 7c 66 3e 35 36 33 31 39 7c 7c 69 2b 31 3d 3d 3d 6a 7c 7c 28 67 3d 68 2e 63 68 61 72 43 6f 64 65 41 74 28 69 2b 31 29 29 3c 35 36 33 32 30 7c 7c 67 3e 35 37 33 34 33 3f 61 3f 68 2e 63 68 61 72 41 74 28 69 29 3a 66 Data Ascii: !1})})},function(a,b,c){var d=c(47),e=c(35);a.exports=function(a){return function(b,c){var f,g,h=String(e(b)),i=d(c),j=h.length;return i<0\|\|i>=j?a?"":void 0:(f=h.charCodeAt(i),f<55296\|\|f>56319\|\|i+1===j\|\|(g=h.charCodeAt(i+1))<56320\|\|g>57343?a?h.charAt(i):f
2024-04-26 02:37:42 UTC	16384	IN	Data Raw: 45 4e 44 5f 52 41 57 5f 42 4c 4f 43 4b 22 2c 31 39 3a 22 4f 50 45 4e 5f 52 41 57 5f 42 4c 4f 43 4b 22 2c 32 33 3a 22 43 4c 4f 53 45 5f 52 41 57 5f 42 4c 4f 43 4b 22 2c 32 39 3a 22 4f 50 45 4e 5f 42 4c 4f 43 4b 22 2c 33 33 3a 22 43 4c 4f 53 45 22 2c 33 34 3a 22 4f 50 45 4e 5f 49 4e 56 45 52 53 45 22 2c 33 39 3a 22 4f 50 45 4e 5f 49 4e 56 45 52 53 45 5f 43 48 41 49 4e 22 2c 34 34 3a 22 49 4e 56 45 52 53 45 22 2c 34 37 3a 22 4f 50 45 4e 5f 45 4e 44 42 4c 4f 43 4b 22 2c 34 38 3a 22 4f 50 45 4e 22 2c 35 31 3a 22 4f 50 45 4e 5f 55 4e 45 53 43 41 50 45 44 22 2c 35 34 3a 22 43 4c 4f 53 45 5f 55 4e 45 53 43 41 50 45 44 22 2c 35 35 3a 22 4f 50 45 4e 5f 50 41 52 54 49 41 4c 22 2c 36 30 3a 22 4f 50 45 4e 5f 50 41 52 54 49 41 4c 5f 42 4c 4f 43 4b 22 2c 36 35 3a 22 4f Data Ascii: END_RAW_BLOCK",19:"OPEN_RAW_BLOCK",23:"CLOSE_RAW_BLOCK",29:"OPEN_BLOCK",33:"CLOSE",34:"OPEN_INVERSE",39:"OPEN_INVERSE_CHAIN",44:"INVERSE",47:"OPEN_ENDBLOCK",48:"OPEN",51:"OPEN_UNESCAPED",54:"CLOSE_UNESCAPED",55:"OPEN_PARTIAL",60:"OPEN_PARTIAL_BLOCK",65:"O
2024-04-26 02:37:42 UTC	16384	IN	Data Raw: 35 5d 2c 38 36 3a 5b 32 2c 31 38 5d 2c 39 30 3a 5b 32 2c 38 39 5d 2c 31 30 31 3a 5b 32 2c 35 33 5d 2c 31 30 34 3a 5b 32 2c 39 33 5d 2c 31 31 30 3a 5b 32 2c 31 39 5d 2c 31 31 31 3a 5b 32 2c 37 37 5d 2c 31 31 36 3a 5b 32 2c 39 37 5d 2c 31 31 39 3a 5b 32 2c 36 33 5d 2c 31 32 32 3a 5b 32 2c 36 39 5d 2c 31 33 35 3a 5b 32 2c 37 35 5d 2c 31 33 36 3a 5b 32 2c 33 32 5d 7d 2c 70 61 72 73 65 45 72 72 6f 72 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 61 29 7d 2c 70 61 72 73 65 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 66 75 6e 63 74 69 6f 6e 20 62 28 29 7b 76 61 72 20 61 3b 72 65 74 75 72 6e 20 61 3d 63 2e 6c 65 78 65 72 2e 6c 65 78 28 29 7c 7c 31 2c 22 6e 75 6d 62 65 72 22 21 3d 74 79 70 65 6f 66 20 61 26 26 28 61 3d 63 Data Ascii: 5],86:[2,18],90:[2,89],101:[2,53],104:[2,93],110:[2,19],111:[2,77],116:[2,97],119:[2,63],122:[2,69],135:[2,75],136:[2,32]},parseError:function(a,b){throw new Error(a)},parse:function(a){function b(){var a;return a=c.lexer.lex()\|\|1,"number"!=typeof a&&(a=c
2024-04-26 02:37:42 UTC	16384	IN	Data Raw: 5b 22 64 65 66 61 75 6c 74 22 5d 2c 6a 3d 63 28 31 29 5b 22 64 65 66 61 75 6c 74 22 5d 3b 62 2e 5f 5f 65 73 4d 6f 64 75 6c 65 3d 21 30 2c 62 2e 43 6f 6d 70 69 6c 65 72 3d 64 2c 62 2e 70 72 65 63 6f 6d 70 69 6c 65 3d 65 2c 62 2e 63 6f 6d 70 69 6c 65 3d 66 3b 76 61 72 20 6b 3d 63 28 36 29 2c 6c 3d 6a 28 6b 29 2c 6d 3d 63 28 35 29 2c 6e 3d 63 28 38 34 29 2c 6f 3d 6a 28 6e 29 2c 70 3d 5b 5d 2e 73 6c 69 63 65 3b 64 2e 70 72 6f 74 6f 74 79 70 65 3d 7b 63 6f 6d 70 69 6c 65 72 3a 64 2c 65 71 75 61 6c 73 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 74 68 69 73 2e 6f 70 63 6f 64 65 73 2e 6c 65 6e 67 74 68 3b 69 66 28 61 2e 6f 70 63 6f 64 65 73 2e 6c 65 6e 67 74 68 21 3d 3d 62 29 72 65 74 75 72 6e 21 31 3b 66 6f 72 28 76 61 72 20 63 3d 30 3b 63 3c 62 3b Data Ascii: ["default"],j=c(1)["default"];b.__esModule=!0,b.Compiler=d,b.precompile=e,b.compile=f;var k=c(6),l=j(k),m=c(5),n=c(84),o=j(n),p=[].slice;d.prototype={compiler:d,equals:function(a){var b=this.opcodes.length;if(a.opcodes.length!==b)return!1;for(var c=0;c<b;
2024-04-26 02:37:42 UTC	7347	IN	Data Raw: 64 73 5b 61 5d 3d 65 29 2c 66 2e 76 61 6c 75 65 73 5b 61 5d 3d 62 7d 2c 70 75 73 68 49 64 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 22 42 6c 6f 63 6b 50 61 72 61 6d 22 3d 3d 3d 61 3f 74 68 69 73 2e 70 75 73 68 53 74 61 63 6b 4c 69 74 65 72 61 6c 28 22 62 6c 6f 63 6b 50 61 72 61 6d 73 5b 22 2b 62 5b 30 5d 2b 22 5d 2e 70 61 74 68 5b 22 2b 62 5b 31 5d 2b 22 5d 22 2b 28 63 3f 22 20 2b 20 22 2b 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 22 2e 22 2b 63 29 3a 22 22 29 29 3a 22 50 61 74 68 45 78 70 72 65 73 73 69 6f 6e 22 3d 3d 3d 61 3f 74 68 69 73 2e 70 75 73 68 53 74 72 69 6e 67 28 62 29 3a 22 53 75 62 45 78 70 72 65 73 73 69 6f 6e 22 3d 3d 3d 61 3f 74 68 69 73 2e 70 75 73 68 53 74 61 63 6b 4c 69 74 65 72 61 6c 28 22 74 72 75 65 22 29 3a 74 68 69 73 Data Ascii: ds[a]=e),f.values[a]=b},pushId:function(a,b,c){"BlockParam"===a?this.pushStackLiteral("blockParams["+b[0]+"].path["+b[1]+"]"+(c?" + "+JSON.stringify("."+c):"")):"PathExpression"===a?this.pushString(b):"SubExpression"===a?this.pushStackLiteral("true"):this

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49740	13.107.246.41	443	1272	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 02:37:41 UTC	568	OUT	GET /proxyweb/1.54.36-1-hf/js/lodash-core.min.js HTTP/1.1 Host: mcasproxy.cdn.mcas.ms Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://mcas-proxyweb.mcas.ms/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 02:37:41 UTC	861	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:37:41 GMT Content-Type: application/javascript Content-Length: 12684 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=31536000 Last-Modified: Mon, 25 Mar 2024 12:17:29 GMT ETag: 0x8DC4CC58A6C4922 x-ms-request-id: 20af5281-401e-004a-6470-978e38000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240426T023741Z-1865489d5f4qw9rny7embdm5aw0000000akg00000000mnpk x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-26 02:37:41 UTC	12684	IN	Data Raw: 2f 2a 2a 0a 20 2a 20 40 6c 69 63 65 6e 73 65 0a 20 2a 20 4c 6f 64 61 73 68 20 28 43 75 73 74 6f 6d 20 42 75 69 6c 64 29 20 6c 6f 64 61 73 68 2e 63 6f 6d 2f 6c 69 63 65 6e 73 65 20 7c 20 55 6e 64 65 72 73 63 6f 72 65 2e 6a 73 20 31 2e 38 2e 33 20 75 6e 64 65 72 73 63 6f 72 65 6a 73 2e 6f 72 67 2f 4c 49 43 45 4e 53 45 0a 20 2a 20 42 75 69 6c 64 3a 20 60 6c 6f 64 61 73 68 20 63 6f 72 65 20 2d 6f 20 2e 2f 64 69 73 74 2f 6c 6f 64 61 73 68 2e 63 6f 72 65 2e 6a 73 60 0a 20 2a 2f 0a 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 6e 28 6e 29 7b 72 65 74 75 72 6e 20 48 28 6e 29 26 26 70 6e 2e 63 61 6c 6c 28 6e 2c 22 63 61 6c 6c 65 65 22 29 26 26 21 79 6e 2e 63 61 6c 6c 28 6e 2c 22 63 61 6c 6c 65 65 22 29 7d 66 75 6e 63 74 69 6f 6e 20 74 28 6e 2c Data Ascii: /** * @license * Lodash (Custom Build) lodash.com/license \| Underscore.js 1.8.3 underscorejs.org/LICENSE * Build: `lodash core -o ./dist/lodash.core.js` */;(function(){function n(n){return H(n)&&pn.call(n,"callee")&&!yn.call(n,"callee")}function t(n,

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49739	13.107.246.41	443	1272	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 02:37:41 UTC	562	OUT	GET /proxyweb/1.54.36-1-hf/js/translate.js HTTP/1.1 Host: mcasproxy.cdn.mcas.ms Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://mcas-proxyweb.mcas.ms/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 02:37:41 UTC	860	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:37:41 GMT Content-Type: application/javascript Content-Length: 7673 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=31536000 Last-Modified: Mon, 25 Mar 2024 12:17:29 GMT ETag: 0x8DC4CC58A434368 x-ms-request-id: 0f36b8f4-101e-003f-0378-97fb32000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240426T023741Z-17644f8887fmhhpjnhx5wkacd8000000072g000000009vws x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-26 02:37:41 UTC	7673	IN	Data Raw: 28 28 72 6f 6f 74 2c 20 66 61 63 74 6f 72 79 29 20 3d 3e 20 7b 0a 20 20 20 20 27 75 73 65 20 73 74 72 69 63 74 27 3b 0a 20 20 20 20 2f 2f 49 66 20 74 72 61 6e 73 6c 61 74 65 20 69 73 20 6c 6f 61 64 65 64 20 69 6e 73 69 64 65 20 61 6e 20 61 6d 64 20 65 6e 76 69 72 6f 6e 6d 65 6e 74 20 69 74 20 77 69 6c 6c 20 64 65 66 69 6e 65 20 61 20 6d 6f 64 75 6c 65 2e 20 4f 74 68 65 72 77 69 73 65 20 69 74 20 77 69 6c 6c 20 63 72 65 61 74 65 20 74 68 65 20 6d 6f 64 75 6c 65 20 66 72 6f 6d 20 76 61 6e 69 6c 6c 61 20 6a 61 76 61 73 63 72 69 70 74 20 28 65 78 70 6f 73 69 6e 67 20 74 6f 20 77 69 6e 64 6f 77 29 2e 0a 20 20 20 20 69 66 20 28 74 79 70 65 6f 66 20 64 65 66 69 6e 65 20 3d 3d 3d 20 27 66 75 6e 63 74 69 6f 6e 27 20 26 26 20 64 65 66 69 6e 65 2e 61 6d 64 29 20 7b Data Ascii: ((root, factory) => { 'use strict'; //If translate is loaded inside an amd environment it will define a module. Otherwise it will create the module from vanilla javascript (exposing to window). if (typeof define === 'function' && define.amd) {

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49743	13.107.246.41	443	1272	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 02:37:44 UTC	583	OUT	GET /proxyweb/1.54.36-1-hf/js/Handlebars/handlebars-intl.min.js HTTP/1.1 Host: mcasproxy.cdn.mcas.ms Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://mcas-proxyweb.mcas.ms/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 02:37:44 UTC	841	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:37:44 GMT Content-Type: application/javascript Content-Length: 27266 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=31536000 Last-Modified: Mon, 25 Mar 2024 12:17:30 GMT ETag: 0x8DC4CC58AE9F203 x-ms-request-id: 135e95ed-201e-0070-1982-97a13c000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240426T023744Z-1865489d5f4qw9rny7embdm5aw0000000arg000000002n2x x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-26 02:37:44 UTC	15543	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 61 28 61 29 7b 76 61 72 20 62 2c 63 2c 64 2c 65 2c 66 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 61 72 67 75 6d 65 6e 74 73 2c 31 29 3b 66 6f 72 28 62 3d 30 2c 63 3d 66 2e 6c 65 6e 67 74 68 3b 63 3e 62 3b 62 2b 3d 31 29 69 66 28 64 3d 66 5b 62 5d 29 66 6f 72 28 65 20 69 6e 20 64 29 70 2e 63 61 6c 6c 28 64 2c 65 29 26 26 28 61 5b 65 5d 3d 64 5b 65 5d 29 3b 72 65 74 75 72 6e 20 61 7d 66 75 6e 63 74 69 6f 6e 20 62 28 61 2c 62 2c 63 29 7b 74 68 69 73 2e 6c 6f 63 61 6c 65 73 3d 61 2c 74 68 69 73 2e 66 6f 72 6d 61 74 73 3d 62 2c 74 68 69 73 2e 70 6c 75 72 61 6c 46 6e 3d 63 7d 66 75 6e 63 74 69 6f 6e 20 63 28 61 29 7b 74 Data Ascii: (function(){"use strict";function a(a){var b,c,d,e,f=Array.prototype.slice.call(arguments,1);for(b=0,c=f.length;c>b;b+=1)if(d=f[b])for(e in d)p.call(d,e)&&(a[e]=d[e]);return a}function b(a,b,c){this.locales=a,this.formats=b,this.pluralFn=c}function c(a){t
2024-04-26 02:37:44 UTC	11723	IN	Data Raw: 2c 6c 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 7b 74 79 70 65 3a 22 6f 70 74 69 6f 6e 61 6c 46 6f 72 6d 61 74 50 61 74 74 65 72 6e 22 2c 73 65 6c 65 63 74 6f 72 3a 61 2c 76 61 6c 75 65 3a 62 7d 7d 2c 6d 61 3d 22 6f 66 66 73 65 74 3a 22 2c 6e 61 3d 7b 74 79 70 65 3a 22 6c 69 74 65 72 61 6c 22 2c 76 61 6c 75 65 3a 22 6f 66 66 73 65 74 3a 22 2c 64 65 73 63 72 69 70 74 69 6f 6e 3a 27 22 6f 66 66 73 65 74 3a 22 27 7d 2c 6f 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 7d 2c 70 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 7b 74 79 70 65 3a 22 70 6c 75 72 61 6c 46 6f 72 6d 61 74 22 2c 6f 66 66 73 65 74 3a 61 2c 6f 70 74 69 6f 6e 73 3a 62 7d 7d 2c 71 61 3d 7b 74 79 70 65 3a 22 6f 74 68 65 72 22 2c Data Ascii: ,la=function(a,b){return{type:"optionalFormatPattern",selector:a,value:b}},ma="offset:",na={type:"literal",value:"offset:",description:'"offset:"'},oa=function(a){return a},pa=function(a,b){return{type:"pluralFormat",offset:a,options:b}},qa={type:"other",

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49744	104.91.61.188	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 02:37:44 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-26 02:37:44 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=48705 Date: Fri, 26 Apr 2024 02:37:44 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49746	104.91.61.188	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 02:37:44 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-26 02:37:45 UTC	530	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0rcGnYgAAAAANOnx9vccHTr21ROgX9ESTU0pDRURHRTAzMDkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=48737 Date: Fri, 26 Apr 2024 02:37:45 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-26 02:37:45 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49748	13.107.246.41	443	1272	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 02:37:45 UTC	639	OUT	GET /proxyweb/1.54.36-1-hf/images/favicon.ico?cb=1.54.146-6 HTTP/1.1 Host: mcasproxy.cdn.mcas.ms Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://mcas-proxyweb.mcas.ms/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 02:37:45 UTC	751	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:37:45 GMT Content-Type: image/vnd.microsoft.icon Content-Length: 17174 Connection: close Cache-Control: public, max-age=31536000 Last-Modified: Mon, 25 Mar 2024 12:17:25 GMT ETag: 0x8DC4CC5883153C5 x-ms-request-id: f377e177-c01e-007e-0f82-970321000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240426T023745Z-1865489d5f4r69rrg7uwqa73hg0000000ax0000000008h1f x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-26 02:37:45 UTC	15633	IN	Data Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
2024-04-26 02:37:45 UTC	1541	IN	Data Raw: 80 00 00 00 00 00 00 01 80 00 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 bc 7b 00 1f 4c f9 00 22 50 f2 00 f7 a6 00 00 00 ba 7f 00 f3 a6 00 00 1e 4e f6 00 23 4e f4 00 f3 a4 00 00 00 bc 7d 00 00 ba 7d 00 00 00 00 00 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 Data Ascii: ( @{L"PN#N}}"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49747	13.107.246.41	443	1272	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 02:37:45 UTC	592	OUT	GET /i18n/0.274.5/proxyweb/en_us.json HTTP/1.1 Host: mcasproxy.cdn.mcas.ms Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://mcas-proxyweb.mcas.ms Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://mcas-proxyweb.mcas.ms/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 02:37:45 UTC	780	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:37:45 GMT Content-Type: application/json Content-Length: 20577 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Last-Modified: Tue, 30 Jan 2024 12:36:33 GMT ETag: 0x8DC2190178C353C x-ms-request-id: 507b43fa-d01e-0033-7582-970f2b000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240426T023745Z-17644f8887f688k5b7cq9q4yd800000006xg0000000071gy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-26 02:37:45 UTC	15604	IN	Data Raw: 7b 0a 20 20 22 50 52 4f 58 59 57 45 42 5f 41 43 54 49 4f 4e 5f 42 4c 4f 43 4b 45 44 5f 44 45 53 43 52 49 50 54 49 4f 4e 22 3a 20 22 54 68 69 73 20 61 63 74 69 6f 6e 20 69 73 20 62 6c 6f 63 6b 65 64 20 62 79 20 79 6f 75 72 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 27 73 20 73 65 63 75 72 69 74 79 20 70 6f 6c 69 63 79 2e 22 2c 0a 20 20 22 50 52 4f 58 59 57 45 42 5f 41 43 54 49 4f 4e 5f 42 4c 4f 43 4b 45 44 5f 50 41 47 45 54 49 54 4c 45 22 3a 20 22 41 63 74 69 6f 6e 20 62 6c 6f 63 6b 65 64 22 2c 0a 20 20 22 50 52 4f 58 59 57 45 42 5f 41 43 54 49 4f 4e 5f 42 4c 4f 43 4b 45 44 5f 52 45 54 55 52 4e 5f 54 4f 5f 53 45 53 53 49 4f 4e 22 3a 20 22 47 6f 20 62 61 63 6b 22 2c 0a 20 20 22 50 52 4f 58 59 57 45 42 5f 41 44 4d 49 4e 5f 56 49 45 57 5f 42 59 50 41 53 53 5f 45 Data Ascii: { "PROXYWEB_ACTION_BLOCKED_DESCRIPTION": "This action is blocked by your organization's security policy.", "PROXYWEB_ACTION_BLOCKED_PAGETITLE": "Action blocked", "PROXYWEB_ACTION_BLOCKED_RETURN_TO_SESSION": "Go back", "PROXYWEB_ADMIN_VIEW_BYPASS_E
2024-04-26 02:37:45 UTC	4973	IN	Data Raw: 53 45 43 4f 4e 44 5f 53 49 47 4e 5f 49 4e 5f 49 4e 46 4f 52 4d 41 54 49 4f 4e 5f 50 41 47 45 5f 4c 49 4e 45 31 22 3a 20 22 57 65 20 73 65 65 20 74 68 61 74 20 74 68 65 20 73 69 67 6e 2d 69 6e 20 79 6f 75 20 66 6f 6c 6c 6f 77 65 64 20 73 74 61 72 74 65 64 20 66 72 6f 6d 20 6f 75 74 73 69 64 65 20 6f 66 20 6f 75 72 20 73 65 73 73 69 6f 6e 20 63 6f 6e 74 72 6f 6c 73 22 2c 0a 20 20 22 50 52 4f 58 59 57 45 42 5f 53 45 43 4f 4e 44 5f 53 49 47 4e 5f 49 4e 5f 49 4e 46 4f 52 4d 41 54 49 4f 4e 5f 50 41 47 45 5f 4c 49 4e 45 32 22 3a 20 22 41 20 73 65 63 6f 6e 64 20 73 69 67 6e 2d 69 6e 20 55 52 4c 20 28 7b 75 72 6c 7d 29 20 20 69 73 20 6e 65 65 64 65 64 20 74 6f 20 63 6f 6e 73 75 6d 65 20 74 68 65 20 73 69 67 6e 2d 69 6e 22 2c 0a 20 20 22 50 52 4f 58 59 57 45 42 5f Data Ascii: SECOND_SIGN_IN_INFORMATION_PAGE_LINE1": "We see that the sign-in you followed started from outside of our session controls", "PROXYWEB_SECOND_SIGN_IN_INFORMATION_PAGE_LINE2": "A second sign-in URL ({url}) is needed to consume the sign-in", "PROXYWEB_

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49749	13.107.246.41	443	1272	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 02:37:46 UTC	578	OUT	GET /proxyweb/1.54.36-1-hf/js/Handlebars/locale-data/en.js HTTP/1.1 Host: mcasproxy.cdn.mcas.ms Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://mcas-proxyweb.mcas.ms/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 02:37:46 UTC	841	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:37:46 GMT Content-Type: application/javascript Content-Length: 10710 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=31536000 Last-Modified: Mon, 25 Mar 2024 12:17:36 GMT ETag: 0x8DC4CC58E59693C x-ms-request-id: acae92d8-f01e-0021-4c82-97e90d000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240426T023746Z-1865489d5f47spgmg1tk1770cg0000000ar000000000b8d7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-26 02:37:46 UTC	10710	IN	Data Raw: 48 61 6e 64 6c 65 62 61 72 73 49 6e 74 6c 2e 5f 5f 61 64 64 4c 6f 63 61 6c 65 44 61 74 61 28 7b 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 22 2c 22 70 6c 75 72 61 6c 52 75 6c 65 46 75 6e 63 74 69 6f 6e 22 3a 66 75 6e 63 74 69 6f 6e 20 28 6e 2c 6f 72 64 29 7b 76 61 72 20 73 3d 53 74 72 69 6e 67 28 6e 29 2e 73 70 6c 69 74 28 22 2e 22 29 2c 76 30 3d 21 73 5b 31 5d 2c 74 30 3d 4e 75 6d 62 65 72 28 73 5b 30 5d 29 3d 3d 6e 2c 6e 31 30 3d 74 30 26 26 73 5b 30 5d 2e 73 6c 69 63 65 28 2d 31 29 2c 6e 31 30 30 3d 74 30 26 26 73 5b 30 5d 2e 73 6c 69 63 65 28 2d 32 29 3b 69 66 28 6f 72 64 29 72 65 74 75 72 6e 20 6e 31 30 3d 3d 31 26 26 6e 31 30 30 21 3d 31 31 3f 22 6f 6e 65 22 3a 6e 31 30 3d 3d 32 26 26 6e 31 30 30 21 3d 31 32 3f 22 74 77 6f 22 3a 6e 31 30 3d 3d 33 26 26 6e Data Ascii: HandlebarsIntl.__addLocaleData({"locale":"en","pluralRuleFunction":function (n,ord){var s=String(n).split("."),v0=!s[1],t0=Number(s[0])==n,n10=t0&&s[0].slice(-1),n100=t0&&s[0].slice(-2);if(ord)return n10==1&&n100!=11?"one":n10==2&&n100!=12?"two":n10==3&&n

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49751	13.107.246.41	443	1272	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 02:37:46 UTC	377	OUT	GET /i18n/0.274.5/proxyweb/en_us.json HTTP/1.1 Host: mcasproxy.cdn.mcas.ms Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 02:37:46 UTC	800	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:37:46 GMT Content-Type: application/json Content-Length: 20577 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Last-Modified: Tue, 30 Jan 2024 12:36:33 GMT ETag: 0x8DC2190178C353C x-ms-request-id: 507b43fa-d01e-0033-7582-970f2b000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240426T023746Z-17644f8887fcmd2k27nm0cheh4000000077g000000003ns6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-26 02:37:46 UTC	15584	IN	Data Raw: 7b 0a 20 20 22 50 52 4f 58 59 57 45 42 5f 41 43 54 49 4f 4e 5f 42 4c 4f 43 4b 45 44 5f 44 45 53 43 52 49 50 54 49 4f 4e 22 3a 20 22 54 68 69 73 20 61 63 74 69 6f 6e 20 69 73 20 62 6c 6f 63 6b 65 64 20 62 79 20 79 6f 75 72 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 27 73 20 73 65 63 75 72 69 74 79 20 70 6f 6c 69 63 79 2e 22 2c 0a 20 20 22 50 52 4f 58 59 57 45 42 5f 41 43 54 49 4f 4e 5f 42 4c 4f 43 4b 45 44 5f 50 41 47 45 54 49 54 4c 45 22 3a 20 22 41 63 74 69 6f 6e 20 62 6c 6f 63 6b 65 64 22 2c 0a 20 20 22 50 52 4f 58 59 57 45 42 5f 41 43 54 49 4f 4e 5f 42 4c 4f 43 4b 45 44 5f 52 45 54 55 52 4e 5f 54 4f 5f 53 45 53 53 49 4f 4e 22 3a 20 22 47 6f 20 62 61 63 6b 22 2c 0a 20 20 22 50 52 4f 58 59 57 45 42 5f 41 44 4d 49 4e 5f 56 49 45 57 5f 42 59 50 41 53 53 5f 45 Data Ascii: { "PROXYWEB_ACTION_BLOCKED_DESCRIPTION": "This action is blocked by your organization's security policy.", "PROXYWEB_ACTION_BLOCKED_PAGETITLE": "Action blocked", "PROXYWEB_ACTION_BLOCKED_RETURN_TO_SESSION": "Go back", "PROXYWEB_ADMIN_VIEW_BYPASS_E
2024-04-26 02:37:46 UTC	4993	IN	Data Raw: 6f 6d 61 69 6e 22 2c 0a 20 20 22 50 52 4f 58 59 57 45 42 5f 53 45 43 4f 4e 44 5f 53 49 47 4e 5f 49 4e 5f 49 4e 46 4f 52 4d 41 54 49 4f 4e 5f 50 41 47 45 5f 4c 49 4e 45 31 22 3a 20 22 57 65 20 73 65 65 20 74 68 61 74 20 74 68 65 20 73 69 67 6e 2d 69 6e 20 79 6f 75 20 66 6f 6c 6c 6f 77 65 64 20 73 74 61 72 74 65 64 20 66 72 6f 6d 20 6f 75 74 73 69 64 65 20 6f 66 20 6f 75 72 20 73 65 73 73 69 6f 6e 20 63 6f 6e 74 72 6f 6c 73 22 2c 0a 20 20 22 50 52 4f 58 59 57 45 42 5f 53 45 43 4f 4e 44 5f 53 49 47 4e 5f 49 4e 5f 49 4e 46 4f 52 4d 41 54 49 4f 4e 5f 50 41 47 45 5f 4c 49 4e 45 32 22 3a 20 22 41 20 73 65 63 6f 6e 64 20 73 69 67 6e 2d 69 6e 20 55 52 4c 20 28 7b 75 72 6c 7d 29 20 20 69 73 20 6e 65 65 64 65 64 20 74 6f 20 63 6f 6e 73 75 6d 65 20 74 68 65 20 73 69 Data Ascii: omain", "PROXYWEB_SECOND_SIGN_IN_INFORMATION_PAGE_LINE1": "We see that the sign-in you followed started from outside of our session controls", "PROXYWEB_SECOND_SIGN_IN_INFORMATION_PAGE_LINE2": "A second sign-in URL ({url}) is needed to consume the si

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49750	13.107.246.41	443	1272	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 02:37:46 UTC	399	OUT	GET /proxyweb/1.54.36-1-hf/images/favicon.ico?cb=1.54.146-6 HTTP/1.1 Host: mcasproxy.cdn.mcas.ms Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 02:37:46 UTC	771	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:37:46 GMT Content-Type: image/vnd.microsoft.icon Content-Length: 17174 Connection: close Cache-Control: public, max-age=31536000 Last-Modified: Mon, 25 Mar 2024 12:17:25 GMT ETag: 0x8DC4CC5883153C5 x-ms-request-id: f377e177-c01e-007e-0f82-970321000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240426T023746Z-1865489d5f4pfk67n80fmg1bbw0000000ae0000000010c9u x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-26 02:37:46 UTC	15613	IN	Data Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
2024-04-26 02:37:46 UTC	1561	IN	Data Raw: 00 00 00 01 80 00 00 00 00 00 00 01 80 00 00 00 00 00 00 01 80 00 00 00 00 00 00 01 80 00 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 bc 7b 00 1f 4c f9 00 22 50 f2 00 f7 a6 00 00 00 ba 7f 00 f3 a6 00 00 1e 4e f6 00 23 4e f4 00 f3 a4 00 00 00 bc 7d 00 00 ba 7d 00 00 00 00 00 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 Data Ascii: ( @{L"PN#N}}"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333""""""

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49753	13.107.246.41	443	1272	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 02:37:47 UTC	625	OUT	GET /proxyweb/1.54.36-1-hf/images/warning.png HTTP/1.1 Host: mcasproxy.cdn.mcas.ms Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://mcas-proxyweb.mcas.ms/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 02:37:47 UTC	735	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:37:47 GMT Content-Type: image/png Content-Length: 2399 Connection: close Cache-Control: public, max-age=31536000 Last-Modified: Mon, 25 Mar 2024 12:17:25 GMT ETag: 0x8DC4CC5885B6AC7 x-ms-request-id: 65a61b07-401e-0066-0982-97eb12000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240426T023747Z-1865489d5f4r69rrg7uwqa73hg0000000az00000000021ep x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-26 02:37:47 UTC	2399	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 30 00 00 00 30 08 06 00 00 00 57 02 f9 87 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 23 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 36 2d 63 31 34 30 20 37 39 2e 31 36 30 34 35 31 2c 20 32 30 31 37 2f 30 35 2f 30 36 2d 30 31 3a 30 38 3a 32 31 20 20 Data Ascii: PNGIHDR00WtEXtSoftwareAdobe ImageReadyqe<#iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c140 79.160451, 2017/05/06-01:08:21

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49752	13.107.246.41	443	1272	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 02:37:47 UTC	686	OUT	GET /proxyweb/1.54.36-1-hf/images/continue.png HTTP/1.1 Host: mcasproxy.cdn.mcas.ms Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://mcasproxy.cdn.mcas.ms/proxyweb/1.54.36-1-hf/css/proxyweb-all.min.css?cb=1.54.146-6 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 02:37:47 UTC	735	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:37:47 GMT Content-Type: image/png Content-Length: 2769 Connection: close Cache-Control: public, max-age=31536000 Last-Modified: Mon, 25 Mar 2024 12:17:27 GMT ETag: 0x8DC4CC58920244A x-ms-request-id: 87c73ae8-201e-004c-7282-977434000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240426T023747Z-1865489d5f4vxtqf9836nc5azn00000003k000000000xa7r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-26 02:37:47 UTC	2769	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 3e 00 00 00 3e 08 06 00 00 00 73 c1 a8 44 00 00 00 04 73 42 49 54 08 08 08 08 7c 08 64 88 00 00 00 09 70 48 59 73 00 00 1e 83 00 00 1e 83 01 43 b6 d2 b3 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 77 77 77 2e 69 6e 6b 73 63 61 70 65 2e 6f 72 67 9b ee 3c 1a 00 00 0a 4e 49 44 41 54 68 81 cd 9b 7b 70 54 f5 15 c7 3f e7 b7 4b 5e 0c 0a 4a 76 43 b2 8b e0 0b 2b 22 be 10 ab f8 68 9d 6a 65 a6 6a 55 a2 a2 0e 63 c5 e6 e5 a3 be 46 69 3b 9d 75 3a e3 d8 56 45 41 48 62 c7 c1 96 41 25 2a 6a 9f 8e 76 b4 f5 01 a8 a0 54 05 ad 8a 20 d9 00 bb 49 00 41 43 42 72 ef e9 1f d9 c0 bd 37 bb c9 6e 72 57 f9 fe b5 7b ee f9 9d df f9 e6 77 73 7e e7 77 7e 67 85 3c a2 bc 71 eb d8 80 9a b3 14 99 2a 70 82 2a 51 60 3c 50 0c 1c 0a Data Ascii: PNGIHDR>>sDsBIT\|dpHYsCtEXtSoftwarewww.inkscape.org<NIDATh{pT?K^JvC+"hjejUcFi;u:VEAHbA%jvT IACBr7nrW{ws~w~g<qp*Q`<P

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49755	13.107.246.41	443	1272	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 02:37:48 UTC	386	OUT	GET /proxyweb/1.54.36-1-hf/images/continue.png HTTP/1.1 Host: mcasproxy.cdn.mcas.ms Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 02:37:48 UTC	755	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:37:48 GMT Content-Type: image/png Content-Length: 2769 Connection: close Cache-Control: public, max-age=31536000 Last-Modified: Mon, 25 Mar 2024 12:17:27 GMT ETag: 0x8DC4CC58920244A x-ms-request-id: 87c73ae8-201e-004c-7282-977434000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240426T023748Z-1865489d5f469db67514m1tnm40000000ad0000000011x0g x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-26 02:37:48 UTC	2769	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 3e 00 00 00 3e 08 06 00 00 00 73 c1 a8 44 00 00 00 04 73 42 49 54 08 08 08 08 7c 08 64 88 00 00 00 09 70 48 59 73 00 00 1e 83 00 00 1e 83 01 43 b6 d2 b3 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 77 77 77 2e 69 6e 6b 73 63 61 70 65 2e 6f 72 67 9b ee 3c 1a 00 00 0a 4e 49 44 41 54 68 81 cd 9b 7b 70 54 f5 15 c7 3f e7 b7 4b 5e 0c 0a 4a 76 43 b2 8b e0 0b 2b 22 be 10 ab f8 68 9d 6a 65 a6 6a 55 a2 a2 0e 63 c5 e6 e5 a3 be 46 69 3b 9d 75 3a e3 d8 56 45 41 48 62 c7 c1 96 41 25 2a 6a 9f 8e 76 b4 f5 01 a8 a0 54 05 ad 8a 20 d9 00 bb 49 00 41 43 42 72 ef e9 1f d9 c0 bd 37 bb c9 6e 72 57 f9 fe b5 7b ee f9 9d df f9 e6 77 73 7e e7 77 7e 67 85 3c a2 bc 71 eb d8 80 9a b3 14 99 2a 70 82 2a 51 60 3c 50 0c 1c 0a Data Ascii: PNGIHDR>>sDsBIT\|dpHYsCtEXtSoftwarewww.inkscape.org<NIDATh{pT?K^JvC+"hjejUcFi;u:VEAHbA%jvT IACBr7nrW{ws~w~g<qp*Q`<P

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49756	13.107.246.41	443	1272	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 02:37:48 UTC	385	OUT	GET /proxyweb/1.54.36-1-hf/images/warning.png HTTP/1.1 Host: mcasproxy.cdn.mcas.ms Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 02:37:48 UTC	755	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 02:37:48 GMT Content-Type: image/png Content-Length: 2399 Connection: close Cache-Control: public, max-age=31536000 Last-Modified: Mon, 25 Mar 2024 12:17:25 GMT ETag: 0x8DC4CC5885B6AC7 x-ms-request-id: 65a61b07-401e-0066-0982-97eb12000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240426T023748Z-17644f8887fckxfx1qh4sb6v6n000000077g000000003kam x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-26 02:37:48 UTC	2399	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 30 00 00 00 30 08 06 00 00 00 57 02 f9 87 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 23 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 36 2d 63 31 34 30 20 37 39 2e 31 36 30 34 35 31 2c 20 32 30 31 37 2f 30 35 2f 30 36 2d 30 31 3a 30 38 3a 32 31 20 20 Data Ascii: PNGIHDR00WtEXtSoftwareAdobe ImageReadyqe<#iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c140 79.160451, 2017/05/06-01:08:21

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49758	104.47.110.28	443	1272	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 02:37:54 UTC	1080	OUT	GET /?url=https%3A%2F%2Fwittywebevents.wipro.com%2Femail-analytics%2Fapi%2Ft%2Fl%3FobjId%3D637c92a3e4b00b92caee94cc&data=05%7C02%7Cgary.fabrizio1%40wipro.com%7Cb8fe953db5914d2bac8108dc65645f6b%7C258ac4e4146a411e9dc879a9e12fd6da%7C0%7C0%7C638496729264132835%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=X8fjcrb6FJIv3A6MeNVFttkEvMY37x2gBwDUYM2DULg%3D&reserved=0 HTTP/1.1 Host: apc01.safelinks.protection.outlook.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 02:37:55 UTC	640	IN	HTTP/1.1 302 Found Cache-Control: private Content-Type: text/html; charset=utf-8 Location: https://wittywebevents.wipro.com/email-analytics/api/t/l?objId=637c92a3e4b00b92caee94cc Server: Microsoft-IIS/10.0 X-AspNetMvc-Version: 4.0 X-SL-GetUrlReputation-Verdict: Good X-Robots-Tag: noindex, nofollow X-AspNet-Version: 4.0.30319 X-ServerName: TYZAPC01WS032 X-ServerVersion: 15.20.7519.021 X-ServerLat: 544 X-SafeLinks-Tracking-Id: 24043c2c-f542-4d86-6a10-08dc6599e044 X-Powered-By: ASP.NET X-Content-Type-Options: nosniff X-UA-Compatible: IE=Edge Date: Fri, 26 Apr 2024 02:37:54 GMT Connection: close Content-Length: 204
2024-04-26 02:37:55 UTC	204	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 69 74 74 79 77 65 62 65 76 65 6e 74 73 2e 77 69 70 72 6f 2e 63 6f 6d 2f 65 6d 61 69 6c 2d 61 6e 61 6c 79 74 69 63 73 2f 61 70 69 2f 74 2f 6c 3f 6f 62 6a 49 64 3d 36 33 37 63 39 32 61 33 65 34 62 30 30 62 39 32 63 61 65 65 39 34 63 63 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="https://wittywebevents.wipro.com/email-analytics/api/t/l?objId=637c92a3e4b00b92caee94cc">here</a>.</h2></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49760	52.230.18.38	443	1272	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 02:37:56 UTC	701	OUT	GET /email-analytics/api/t/l?objId=637c92a3e4b00b92caee94cc HTTP/1.1 Host: wittywebevents.wipro.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49766	52.230.18.38	443	1272	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 02:37:58 UTC	727	OUT	GET /email-analytics/api/t/l?objId=637c92a3e4b00b92caee94cc HTTP/1.1 Host: wittywebevents.wipro.com Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49767	52.230.18.38	443	1272	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 02:38:04 UTC	727	OUT	GET /email-analytics/api/t/l?objId=637c92a3e4b00b92caee94cc HTTP/1.1 Host: wittywebevents.wipro.com Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49768	52.230.18.38	443	1272	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 02:38:05 UTC	727	OUT	GET /email-analytics/api/t/l?objId=637c92a3e4b00b92caee94cc HTTP/1.1 Host: wittywebevents.wipro.com Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49771	52.230.18.38	443	1272	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 02:38:36 UTC	727	OUT	GET /email-analytics/api/t/l?objId=637c92a3e4b00b92caee94cc HTTP/1.1 Host: wittywebevents.wipro.com Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Target ID:	0
Start time:	04:37:35
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	04:37:37
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1984,i,4637780983047938641,9151698695631538514,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	04:37:38
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fwittywebevents.wipro.com%252Femail-analytics%252Fapi%252Ft%252Fl%253FobjId%253D637c92a3e4b00b92caee94cc%26data%3D05%257C02%257Cgary.fabrizio1%2540wipro.com%257Cb8fe953db5914d2bac8108dc65645f6b%257C258ac4e4146a411e9dc879a9e12fd6da%257C0%257C0%257C638496729264132835%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DX8fjcrb6FJIv3A6MeNVFttkEvMY37x2gBwDUYM2DULg%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=a0328b22f805eebb5f9c68ee3df482ea7a84065b3bbced70493927bf9ce1f085"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 55

Chrome Cache Entry: 56

Chrome Cache Entry: 57

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Chrome Cache Entry: 62

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior