Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://westernstainless.sharepoint.com

Overview

General Information

Sample URL:http://westernstainless.sharepoint.com
Analysis ID:1432134
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

HTML body contains low number of good links
HTML title does not match URL

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 7032 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • chrome.exe (PID: 5660 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2672 --field-trial-handle=2556,i,9315892413422290450,9261175574339091419,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • chrome.exe (PID: 3516 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://westernstainless.sharepoint.com" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://login.microsoftonline.com/c425d1e4-c9b2-44c1-8db7-9dd5cea7fd64/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=1AA30BABFCA067AF1F9C6966AB0CCA9204D99F6077591B4A%2D60119CA9A59B87E4256DCB01A83B3B921622630BF63D27194294B9F877F25538&redirect%5Furi=https%3A%2F%2Fwesternstainless%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=7acb22a1%2D10bb%2D3000%2D3900%2Da08d07dd4246HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/c425d1e4-c9b2-44c1-8db7-9dd5cea7fd64/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=1AA30BABFCA067AF1F9C6966AB0CCA9204D99F6077591B4A%2D60119CA9A59B87E4256DCB01A83B3B921622630BF63D27194294B9F877F25538&redirect%5Furi=https%3A%2F%2Fwesternstainless%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=7acb22a1%2D10bb%2D3000%2D3900%2Da08d07dd4246&sso_reload=trueHTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/c425d1e4-c9b2-44c1-8db7-9dd5cea7fd64/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=1AA30BABFCA067AF1F9C6966AB0CCA9204D99F6077591B4A%2D60119CA9A59B87E4256DCB01A83B3B921622630BF63D27194294B9F877F25538&redirect%5Furi=https%3A%2F%2Fwesternstainless%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=7acb22a1%2D10bb%2D3000%2D3900%2Da08d07dd4246HTTP Parser: Title: Redirecting does not match URL
Source: https://login.microsoftonline.com/c425d1e4-c9b2-44c1-8db7-9dd5cea7fd64/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=1AA30BABFCA067AF1F9C6966AB0CCA9204D99F6077591B4A%2D60119CA9A59B87E4256DCB01A83B3B921622630BF63D27194294B9F877F25538&redirect%5Furi=https%3A%2F%2Fwesternstainless%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=7acb22a1%2D10bb%2D3000%2D3900%2Da08d07dd4246&sso_reload=trueHTTP Parser: Title: Sign in to your account does not match URL
Source: https://login.microsoftonline.com/c425d1e4-c9b2-44c1-8db7-9dd5cea7fd64/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=1AA30BABFCA067AF1F9C6966AB0CCA9204D99F6077591B4A%2D60119CA9A59B87E4256DCB01A83B3B921622630BF63D27194294B9F877F25538&redirect%5Furi=https%3A%2F%2Fwesternstainless%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=7acb22a1%2D10bb%2D3000%2D3900%2Da08d07dd4246&sso_reload=trueHTTP Parser: <input type="password" .../> found
Source: https://login.microsoftonline.com/c425d1e4-c9b2-44c1-8db7-9dd5cea7fd64/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=1AA30BABFCA067AF1F9C6966AB0CCA9204D99F6077591B4A%2D60119CA9A59B87E4256DCB01A83B3B921622630BF63D27194294B9F877F25538&redirect%5Furi=https%3A%2F%2Fwesternstainless%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=7acb22a1%2D10bb%2D3000%2D3900%2Da08d07dd4246HTTP Parser: No favicon
Source: https://login.microsoftonline.com/c425d1e4-c9b2-44c1-8db7-9dd5cea7fd64/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=1AA30BABFCA067AF1F9C6966AB0CCA9204D99F6077591B4A%2D60119CA9A59B87E4256DCB01A83B3B921622630BF63D27194294B9F877F25538&redirect%5Furi=https%3A%2F%2Fwesternstainless%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=7acb22a1%2D10bb%2D3000%2D3900%2Da08d07dd4246HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/c425d1e4-c9b2-44c1-8db7-9dd5cea7fd64/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=1AA30BABFCA067AF1F9C6966AB0CCA9204D99F6077591B4A%2D60119CA9A59B87E4256DCB01A83B3B921622630BF63D27194294B9F877F25538&redirect%5Furi=https%3A%2F%2Fwesternstainless%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=7acb22a1%2D10bb%2D3000%2D3900%2Da08d07dd4246&sso_reload=trueHTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/c425d1e4-c9b2-44c1-8db7-9dd5cea7fd64/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=1AA30BABFCA067AF1F9C6966AB0CCA9204D99F6077591B4A%2D60119CA9A59B87E4256DCB01A83B3B921622630BF63D27194294B9F877F25538&redirect%5Furi=https%3A%2F%2Fwesternstainless%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=7acb22a1%2D10bb%2D3000%2D3900%2Da08d07dd4246&sso_reload=trueHTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/c425d1e4-c9b2-44c1-8db7-9dd5cea7fd64/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=1AA30BABFCA067AF1F9C6966AB0CCA9204D99F6077591B4A%2D60119CA9A59B87E4256DCB01A83B3B921622630BF63D27194294B9F877F25538&redirect%5Furi=https%3A%2F%2Fwesternstainless%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=7acb22a1%2D10bb%2D3000%2D3900%2Da08d07dd4246&sso_reload=trueHTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/c425d1e4-c9b2-44c1-8db7-9dd5cea7fd64/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=1AA30BABFCA067AF1F9C6966AB0CCA9204D99F6077591B4A%2D60119CA9A59B87E4256DCB01A83B3B921622630BF63D27194294B9F877F25538&redirect%5Furi=https%3A%2F%2Fwesternstainless%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=7acb22a1%2D10bb%2D3000%2D3900%2Da08d07dd4246&sso_reload=trueHTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/c425d1e4-c9b2-44c1-8db7-9dd5cea7fd64/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=1AA30BABFCA067AF1F9C6966AB0CCA9204D99F6077591B4A%2D60119CA9A59B87E4256DCB01A83B3B921622630BF63D27194294B9F877F25538&redirect%5Furi=https%3A%2F%2Fwesternstainless%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=7acb22a1%2D10bb%2D3000%2D3900%2Da08d07dd4246HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/c425d1e4-c9b2-44c1-8db7-9dd5cea7fd64/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=1AA30BABFCA067AF1F9C6966AB0CCA9204D99F6077591B4A%2D60119CA9A59B87E4256DCB01A83B3B921622630BF63D27194294B9F877F25538&redirect%5Furi=https%3A%2F%2Fwesternstainless%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=7acb22a1%2D10bb%2D3000%2D3900%2Da08d07dd4246&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/c425d1e4-c9b2-44c1-8db7-9dd5cea7fd64/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=1AA30BABFCA067AF1F9C6966AB0CCA9204D99F6077591B4A%2D60119CA9A59B87E4256DCB01A83B3B921622630BF63D27194294B9F877F25538&redirect%5Furi=https%3A%2F%2Fwesternstainless%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=7acb22a1%2D10bb%2D3000%2D3900%2Da08d07dd4246&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/c425d1e4-c9b2-44c1-8db7-9dd5cea7fd64/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=1AA30BABFCA067AF1F9C6966AB0CCA9204D99F6077591B4A%2D60119CA9A59B87E4256DCB01A83B3B921622630BF63D27194294B9F877F25538&redirect%5Furi=https%3A%2F%2Fwesternstainless%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=7acb22a1%2D10bb%2D3000%2D3900%2Da08d07dd4246&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/c425d1e4-c9b2-44c1-8db7-9dd5cea7fd64/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=1AA30BABFCA067AF1F9C6966AB0CCA9204D99F6077591B4A%2D60119CA9A59B87E4256DCB01A83B3B921622630BF63D27194294B9F877F25538&redirect%5Furi=https%3A%2F%2Fwesternstainless%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=7acb22a1%2D10bb%2D3000%2D3900%2Da08d07dd4246&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49759 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49769 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49771 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: westernstainless.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_layouts/15/Authenticate.aspx?Source=%2F HTTP/1.1Host: westernstainless.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /_forms/default.aspx?ReturnUrl=%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252F&Source=cookie HTTP/1.1Host: westernstainless.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: RpsContextCookie=U291cmNlPSUyRg==
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_Ggyc2EJnCaHFrI6xkBPLcg2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_4aBF4cdky--I3Cpch7JoPw2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_0lriinjhzchre9aqecvmpg2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_8e14dcf0e3ff5580d170.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_ea3e62a2bdfb2b2ee8c8.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /81d6b03a-z0nbtq15mcg161iiquc-xdevks-ccp6dc3auhx2ppqs/logintenantbranding/0/bannerlogo?ts=638227457986153960 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /81d6b03a-z0nbtq15mcg161iiquc-xdevks-ccp6dc3auhx2ppqs/logintenantbranding/0/bannerlogo?ts=638227457986153960 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_presetpasswordsplitter_f7fbb7540d7be2ae771b.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/picker_account_aad_a8332c62695d74843a11daf39a74e552.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/picker_account_msa_3b879963b4f70829fd7a25cbc9519792.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/picker_account_aad_a8332c62695d74843a11daf39a74e552.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/picker_account_msa_3b879963b4f70829fd7a25cbc9519792.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: westernstainless.sharepoint.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: westernstainless.sharepoint.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: login.microsoftonline.com
Source: global trafficDNS traffic detected: DNS query: identity.nel.measure.office.net
Source: global trafficDNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global trafficDNS traffic detected: DNS query: aadcdn.msauthimages.net
Source: chromecache_52.2.drString found in binary or memory: https://login.microsoftonline.com
Source: chromecache_52.2.drString found in binary or memory: https://login.windows-ppe.net
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownHTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49759 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49769 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49771 version: TLS 1.2
Source: classification engineClassification label: clean1.win@17/42@16/6
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2672 --field-trial-handle=2556,i,9315892413422290450,9261175574339091419,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://westernstainless.sharepoint.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2672 --field-trial-handle=2556,i,9315892413422290450,9261175574339091419,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Process Injection		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://westernstainless.sharepoint.com0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://westernstainless.sharepoint.com/0%Avira URL Cloudsafe
https://aadcdn.msauthimages.net/81d6b03a-z0nbtq15mcg161iiquc-xdevks-ccp6dc3auhx2ppqs/logintenantbranding/0/bannerlogo?ts=6382274579861539600%Avira URL Cloudsafe
https://westernstainless.sharepoint.com/_forms/default.aspx?ReturnUrl=%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252F&Source=cookie0%Avira URL Cloudsafe
https://westernstainless.sharepoint.com/0%Avira URL Cloudsafe
https://westernstainless.sharepoint.com/_layouts/15/Authenticate.aspx?Source=%2F0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.214.172
truefalse
    		unknown
    dual-spo-0005.spo-msedge.net
    		13.107.136.10
    		truefalse
      		unknown
      part-0013.t-0009.t-msedge.net
      		13.107.213.41
      		truefalse
        		unknown
        cs1100.wpc.omegacdn.net
        		152.199.4.44
        		truefalse
          		unknown
          sni1gl.wpc.upsiloncdn.net
          		152.195.19.97
          		truefalse
            		unknown
            www.google.com
            		192.178.50.68
            		truefalse
              		high
              fp2e7a.wpc.phicdn.net
              		192.229.211.108
              		truefalse
                		unknown
                aadcdn.msauthimages.net
                		unknown
                		unknownfalse
                  		unknown
                  identity.nel.measure.office.net
                  		unknown
                  		unknownfalse
                    		high
                    westernstainless.sharepoint.com
                    		unknown
                    		unknownfalse
                      		unknown
                      aadcdn.msftauth.net
                      		unknown
                      		unknownfalse
                        		unknown
                        login.microsoftonline.com
                        		unknown
                        		unknownfalse
                          		high

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          https://westernstainless.sharepoint.com/false
                          • Avira URL Cloud: safe
                          		unknown
                          https://westernstainless.sharepoint.com/_forms/default.aspx?ReturnUrl=%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252F&Source=cookiefalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://login.microsoftonline.com/c425d1e4-c9b2-44c1-8db7-9dd5cea7fd64/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=1AA30BABFCA067AF1F9C6966AB0CCA9204D99F6077591B4A%2D60119CA9A59B87E4256DCB01A83B3B921622630BF63D27194294B9F877F25538&redirect%5Furi=https%3A%2F%2Fwesternstainless%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=7acb22a1%2D10bb%2D3000%2D3900%2Da08d07dd4246false
                            		high
                            https://aadcdn.msauthimages.net/81d6b03a-z0nbtq15mcg161iiquc-xdevks-ccp6dc3auhx2ppqs/logintenantbranding/0/bannerlogo?ts=638227457986153960false
                            • Avira URL Cloud: safe
                            		unknown
                            https://westernstainless.sharepoint.com/_layouts/15/Authenticate.aspx?Source=%2Ffalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://login.microsoftonline.com/c425d1e4-c9b2-44c1-8db7-9dd5cea7fd64/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=1AA30BABFCA067AF1F9C6966AB0CCA9204D99F6077591B4A%2D60119CA9A59B87E4256DCB01A83B3B921622630BF63D27194294B9F877F25538&redirect%5Furi=https%3A%2F%2Fwesternstainless%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=7acb22a1%2D10bb%2D3000%2D3900%2Da08d07dd4246&sso_reload=truefalse
                              		high
                              http://westernstainless.sharepoint.com/false
                              • Avira URL Cloud: safe
                              		unknown

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              https://login.microsoftonline.comchromecache_52.2.drfalse
                                		high
                                https://login.windows-ppe.netchromecache_52.2.drfalse
                                  		high

                                  World Map of Contacted IPs

                                  • No. of IPs < 25%
                                  • 25% < No. of IPs < 50%
                                  • 50% < No. of IPs < 75%
                                  • 75% < No. of IPs

                                  Public IPs

                                  IPDomainCountryFlagASNASN NameMalicious
                                  13.107.136.10
                                  		dual-spo-0005.spo-msedge.netUnited States
                                  		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                  192.178.50.68
                                  		www.google.comUnited States
                                  		15169GOOGLEUSfalse
                                  152.195.19.97
                                  		sni1gl.wpc.upsiloncdn.netUnited States
                                  		15133EDGECASTUSfalse
                                  239.255.255.250
                                  		unknownReserved
                                  		unknownunknownfalse
                                  13.107.213.41
                                  		part-0013.t-0009.t-msedge.netUnited States
                                  		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

                                  Private

                                  IP
                                  192.168.2.6

                                  General Information

                                  Joe Sandbox version:40.0.0 Tourmaline
                                  Analysis ID:1432134
                                  Start date and time:2024-04-26 15:13:09 +02:00
                                  Joe Sandbox product:CloudBasic
                                  Overall analysis duration:0h 3m 27s
                                  Hypervisor based Inspection enabled:false
                                  Report type:full
                                  Cookbook file name:browseurl.jbs
                                  Sample URL:http://westernstainless.sharepoint.com
                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                  Number of analysed new started processes analysed:8
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:0
                                  Technologies:
                                  • HCA enabled
                                  • EGA enabled
                                  • AMSI enabled
                                  Analysis Mode:default
                                  Analysis stop reason:Timeout
                                  Detection:CLEAN
                                  Classification:clean1.win@17/42@16/6
                                  EGA Information:Failed
                                  HCA Information:
                                  • Successful, ratio: 100%
                                  • Number of executed functions: 0
                                  • Number of non-executed functions: 0

                                  Warnings

                                  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                  • Excluded IPs from analysis (whitelisted): 142.250.189.131, 142.251.35.238, 142.251.162.84, 34.104.35.123, 20.12.23.50, 40.126.29.5, 20.190.157.11, 40.126.29.12, 40.126.29.15, 40.126.29.8, 40.126.29.10, 40.126.29.13, 40.126.29.6, 192.229.211.108, 20.166.126.56, 199.232.214.172, 23.214.95.211, 23.214.95.204, 20.3.187.198, 40.126.28.13, 40.126.28.18, 40.126.28.19, 40.126.28.11, 40.126.28.21, 40.126.28.12, 40.126.7.32, 40.126.28.20, 142.250.217.170, 172.217.15.202, 192.178.50.74, 142.250.64.138, 142.250.64.234, 142.251.35.234, 142.250.64.170, 172.217.2.202, 142.250.189.138, 172.217.165.202, 142.250.217.202, 192.178.50.42, 172.217.3.74, 142.250.217.234, 172.217.3.67, 23.45.182.93, 23.45.182.83, 23.45.182.104, 23.45.182.85, 23.45.182.68, 23.45.182.77, 23.45.182.97
                                  • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, clientservices.googleapis.com, a767.dspw65.akamai.net, ak.privatelink.msidentity.com, a1894.dscb.akamai.net, clients2.google.com, ocsp.digicert.com, login.live.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, aadcdn.azureedge.net, aadcdn.ec.azureedge.net, sls.update.microsoft.com, update.googleapis.com, login.mso.msidentity.com, glb.sls.prod.dcat.dsp.trafficmanager.net, www.tm.ak.prd.aadg.trafficmanager.net, client.wns.windows.com, prdv4a.aadg.msidentity.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, aadcdnoriginwus2.azureedge.net, www.tm.v4.a.prd.aadg.akadns.net, ctldl.windowsupdate.com, aadcdn.msauth.net, wu-bg-shim.trafficmanager.net, firstparty-azurefd-prod.trafficmanager.net, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, nel.measure.office.net.edgesuite.net, 195568-ipv4v6w.far
                                  • Not all processes where analyzed, report is missing behavior information
                                  • Report size getting too big, too many NtSetInformationFile calls found.

                                  Simulations

                                  Behavior and APIs

                                  No simulations

                                  Joe Sandbox View / Context

                                  IPs

                                  No context

                                  Domains

                                  No context

                                  ASNs

                                  No context

                                  JA3 Fingerprints

                                  No context

                                  Dropped Files

                                  No context

                                  Created / dropped Files

                                  Chrome Cache Entry: 51

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:PNG image data, 280 x 60, 8-bit/color RGBA, non-interlaced
                                  Category:downloaded
                                  Size (bytes):9880
                                  Entropy (8bit):7.9703418750675645
                                  Encrypted:false
                                  SSDEEP:192:f5bn/i4oMAo8g2AXZMk38c7qdes92y1z7O9oA11K2E7CjryRnpvxZ1:f5bn/DovgXXZl38c7cec2y8mA11dSC/+
                                  MD5:44B6E06CF4FEBFF52FA548B1DCC9AE71
                                  SHA1:DB69A19721EBB92E7EBE6C84570ECB8E5BFA9360
                                  SHA-256:173815291B16A684FF0EE1997283BB4F45CD2561DA609CF0E828E5D3DE759E20
                                  SHA-512:8946ED4E707C11F73DF1C4CC44001A7DE061D7709F3DB99A750857C8E3F5340A1997079AAC42CF7B37DEBEFB867ECAF36B375F219A34D947BE7FB3D0485579C1
                                  Malicious:false
                                  Reputation:low
                                  URL:https://aadcdn.msauthimages.net/81d6b03a-z0nbtq15mcg161iiquc-xdevks-ccp6dc3auhx2ppqs/logintenantbranding/0/bannerlogo?ts=638227457986153960
                                  Preview:.PNG........IHDR.......<...........niCCPicc..(.u..KBQ...~.QFC.......Q..a..5.AV.^....JHk.. 4D-}.......AP..m.}-!..h`.........{...M...Ke#..y...^.+....?...|l.N..u.M.....^.....z..4.(..4D6....!-.L......P.Z.&.(.5.C....]....p..ky.(<&.+.*..<.K..bL.l.&Q.........$....o.u.h..b.#G^..Q+.5#5+zF..U...<...D..;.].......k..}lY..p<.e.._...?E..4.!.l..UKK...6.?.I#.....,..A...o.w....9...._t...0*..V....h...p.....pHYs...#...#.x.?v.. .IDATx...|\...i.i.U,Y..........!.C.....fS.o!.M.P.,..,.n...I...I.0....i.SLlc.7.V..:.....}.{.hl.Y.X.l..w.~...>o=.q.0..3..1non.S.8..b..fL....u..-8]...~.{|..f...)C%..DEZ..R..-....n..^.Go.n...,...L...0...AE.h$...!...#..!.L......n.<6T../.^.|^......?'Gns....`x...3&{.......7.#.L.....l....}...D.b... /7.....m.......[...f<%.G.{.X<.P...@~~......}k|..0G7X...6n.._|.]==........F..Y.Dxd.......D(.B4.Us.%..y.<....v.TLkh@m]....T......v...P_W.3.8.S.L1.......c....}`.K..e....X....(-/.T.DEE......ttt.....`..H..x..x.q.RB..cq.bQ..8.o...N.1...q.b,2..ikmE.......-

                                  Chrome Cache Entry: 52

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:HTML document, ASCII text, with very long lines (2345), with CRLF line terminators
                                  Category:downloaded
                                  Size (bytes):2347
                                  Entropy (8bit):5.290031538794594
                                  Encrypted:false
                                  SSDEEP:48:gCgF0+kNL5iQ6+GhB+SYWzGuesAFcsGJOzgO6FIEv+sj+M++sx+suse+swsosmC0:gC3Na5+GX+Ti2XsYE2sqAsosushswsoB
                                  MD5:E86EF8B6111E5FB1D1665BCDC90888C9
                                  SHA1:994BF7651CB967CD9053056AF2D69ACB74DB7F29
                                  SHA-256:3410242720DE50B090D07A23AEE2DAD879B31D36F2615732962EC4CFA8A9D458
                                  SHA-512:2486B491681EE91A9CD1ECC9AA011A3FB34B48358C5D7A4D503A5357BC5CE4CA22999F918D40AC60A3063940D5F326FC7E4E5713D89D5C102DE68824E371B3AB
                                  Malicious:false
                                  Reputation:low
                                  URL:https://login.live.com/Me.htm?v=3
                                  Preview:<script type="text/javascript">!function(n,t){for(var e in t)n[e]=t[e]}(this,function(n){function t(i){if(e[i])return e[i].exports;var s=e[i]={exports:{},id:i,loaded:!1};return n[i].call(s.exports,s,s.exports,t),s.loaded=!0,s.exports}var e={};return t.m=n,t.c=e,t.p="",t(0)}([function(n,t){function e(n){for(var t=g[c],e=0,i=t.length;e<i;++e)if(t[e]===n)return!0;return!1}function i(n){if(!n)return null;for(var t=n+"=",e=document.cookie.split(";"),i=0,s=e.length;i<s;i++){var o=e[i].replace(/^\s*(\w+)\s*=\s*/,"$1=").replace(/(\s+$)/,"");if(0===o.indexOf(t))return o.substring(t.length)}return null}function s(n,t,e){if(n)for(var i=n.split(":"),s=null,o=0,a=i.length;o<a;++o){var l=null,c=i[o].split("$");if(0===o&&(s=parseInt(c.shift()),!s))return;var p=c.length;if(p>=1){var f=r(s,c[0]);if(!f||e[f])continue;l={signInName:f,idp:"msa",isSignedIn:!0}}if(p>=3&&(l.firstName=r(s,c[1]),l.lastName=r(s,c[2])),p>=4){var g=c[3],m=g.split("|");l.otherHashedAliases=m}if(p>=5){var h=parseInt(c[4],16);h&&(l.

                                  Chrome Cache Entry: 53

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 379
                                  Category:dropped
                                  Size (bytes):254
                                  Entropy (8bit):7.066074991728423
                                  Encrypted:false
                                  SSDEEP:6:XtS8G99k8e6my4IIFqXUJ59lDFCnhUGlZX8My/dOtrE:XAH99kRX1YQBDFCnDXdWYtrE
                                  MD5:847A4212B99B9076EE39328B24CD30AF
                                  SHA1:73F15078CF1D396485F644A79B6E25EF0637685D
                                  SHA-256:29DC0C26C372805325EB7EB926769E832A60B47BEF96A66436EC3EC05CD6128E
                                  SHA-512:9AF77E9ED8BD9A39A47F36AAC2D01B5AF5D56C04CD933427DF95CC80904D7EE7AC3F7F9443D8AEF236CC84FB4DC4CC335AF0BF8F9BC0C13D720187096D149220
                                  Malicious:false
                                  Reputation:low
                                  Preview:..........mP.n. ...D.xY0.\..{. 7...y.F!.....T..Y.Y..n...q^.[O}..w.SJ.j..3.....%)....x.f.K}..}\.=E.D....!.n.......Ma..G.=+.%.w..WX...9.A...........X...V...bOB&2.H....15{.fT...V-.#..m..f...V2<...~....l%4.....Ie.TL69.....vW.....v.3.v.O..}..{...

                                  Chrome Cache Entry: 54

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 141305
                                  Category:downloaded
                                  Size (bytes):49609
                                  Entropy (8bit):7.995218009591201
                                  Encrypted:true
                                  SSDEEP:1536:XOwJxyZ3lVRv3jp+x5kTIGAdiGVSC7BAXjTzBTpb4J:ZJxyZ3l/3jTAdiCSGITzB1b4
                                  MD5:39D9433B35E581765AD76E19ECED2394
                                  SHA1:9A7D10B60067EF8B4F91519428B2D0A934A45966
                                  SHA-256:9834FA7CFC5ABB48CE82A9A57027CDD5F9958B21B3048D6E497D87B414E0A55C
                                  SHA-512:E2E6EA6F2D24BAE2193D3F011C67534EE0EB1F3BE57540E1F69EEAD4CEFD2968F3B3294F789A222299F6882B3A37939966946344D9463DB5CCB5C7FD09EC9FC5
                                  Malicious:false
                                  Reputation:low
                                  URL:https://aadcdn.msauth.net/shared/1.0/content/js/BssoInterrupt_Core_Ggyc2EJnCaHFrI6xkBPLcg2.js
                                  Preview:............[.8.8...+.w..OL..hpp..... .......pw....e .o?u.l.q.}.s....[*.R..TU*I.?..O.....S.....+.....g..Sx..r.??.;..z......W..DT....W..J.U.`.F.0r..W..7..Ie.....NT.Q.U...2......$|.T.....Q.\9<5.P....[?..p...wI%...$*n.Qm.x.bQ....*.w..r.0..I%.#.?.G....?aU.HTb.T.a..q;..B.Zc...1&ph...A.c.(.B....8.A..L.L..Z#....6T.....d....m..v..w0=.....FI=..XD......xT!d....x..@<y..Fn.(W...so#!.E.X.<AE....~....Y..'.t*&8.T.....".J.k.....Rm5.[k..F..$..........Qx....C.G.s../.......1....l.-......o...?.a.Ta...W...7.?.N.....2..#lXU./..T.x.....".w.......;.k.\^w.].>..mr.k53r.......k.0.I.<OE......d*...#..jhE..jx.].....Y|W....i...`.. .k.P...@.Uq.\;...T.huu....TK.Y=...I..s.A.en..K.n.;).|.?.F.....d...|.......*.`....5.W..._..,$..51Qe...}.^&.J#K......<......8.(r....Y.ZR..G.zc.wc.A.pL.e&w...@<V.!. ..w.:+k..n..4..I.. .*....S.....p"....8....v.l.[M.0..q..c;.....0*..*.8.......t.\...n "..km..S...W..]......paJV.(J...g....!.|........;.zN...5}.....DZ....=q.E.@ .Dv.z...@.d.#tE....

                                  Chrome Cache Entry: 55

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592
                                  Category:downloaded
                                  Size (bytes):621
                                  Entropy (8bit):7.673946009263606
                                  Encrypted:false
                                  SSDEEP:12:Xp7fmqfW/e4YC2L0E5DZLB62y/+6lbPa1Gotq8mdd2Xmy2QLBwxD+QkCfBJ:Xp6qf2SCk3LBpy/rtPa1GKq8mOX5jLcD
                                  MD5:4761405717E938D7E7400BB15715DB1E
                                  SHA1:76FED7C229D353A27DB3257F5927C1EAF0AB8DE9
                                  SHA-256:F7ED91A1DAB5BB2802A7A3B3890DF4777588CCBE04903260FBA83E6E64C90DDF
                                  SHA-512:E8DAC6F81EB4EBA2722E9F34DAF9B99548E5C40CCA93791FBEDA3DEBD8D6E401975FC1A75986C0E7262AFA1B9D1475E1008A89B92C8A7BEC84D8A917F221B4A2
                                  Malicious:false
                                  Reputation:low
                                  URL:https://aadcdn.msauth.net/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg
                                  Preview:..........}UMo"1..+.....G; .8l...M..$.U.AW......UaX..`'.=......|..z3...Ms>..Y...QB..W..y..6.......?..........L.W=m....=..w.)...nw...a.z......#.y.j...m...P...#...6....6.u.u...OF.V..07b..\...s.f..U..N..B...>.d.-z..x.2..Lr.Rr)....JF.z.;Lh.....q.2.A....[.&".S..:......]........#k.U#57V..k5.tdM.j.9.FMQ2..H:.~op..H.......hQ.#...r[.T.$.@........j.xc.x0..I.B:#{iP1.e'..S4.:...mN.4)<W.A.).g.+..PZ&.$.#.6v.+.!...x*...}.._...d...#.Cb..(..^k..h!..7.dx.WHB......(.6g.7.Wwt.I<.......o.;.....Oi$}f.6.....:P..!<5.(.p.e.%et.)w8LA.l9r..n.....?.F.DrK...H....0F...{.,.......{E.."....*...x.@..?u......../....8...

                                  Chrome Cache Entry: 56

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1378
                                  Category:downloaded
                                  Size (bytes):628
                                  Entropy (8bit):7.6610853322771
                                  Encrypted:false
                                  SSDEEP:12:X6/EjXb5e1vpPDySPLiDB/3YLZzrlDuLRndk6l3WZi1epo7IyhadSH8Ib1yfuI:X6cP5e3dgYLMk69Ii1epryt/Md
                                  MD5:6F68E9881DF18F8E251AB57D5786239B
                                  SHA1:C0F7A01A288752833390FC330995F25488BCE8EC
                                  SHA-256:B33E30351B2F4EF67D53D2C6DBE189A4D572425037E4F1264A0190DC4A820845
                                  SHA-512:B33DFF67480DF940FA0565B231E02F26840DCB5135A4A2FF3C310AA062D3D4B456FA9C8C6E2BC59EC76B515EA1B36D574A5701771BCEE7CEE97B99EF60A803C6
                                  Malicious:false
                                  Reputation:low
                                  URL:https://aadcdn.msauth.net/shared/1.0/content/images/picker_account_aad_a8332c62695d74843a11daf39a74e552.svg
                                  Preview:..........m.Mo.0.....]%F..6...rX.;..&i..].&HZ...#%...B..4.W$.....>....v8...f....g.O/.3k....ms.o....m...a8.......u..4>.]....r~8...%.....x.m.y].....u.>..7....l.]....i..fC.[O..z.)..r..........g!(.+....4.P9.0@.......R.......^q.I[..7.....Q;...6.N....a.d.%....:...6FE.}.......}s.`LV..Q.U. 8..}..y.&..I..a.\.8%..kgoo.Q6...>.5.8..!.....".t9].v.B) `.G6.V.E\..AJQU.7...J.oS.*........*.*@......l.....{.r..KP@......9YD..U......&..:..d......+/...(..:.S_...S......n..z.a...,.,&VB......eJR)...R.H3])>....9O.........KDi.O..#...-?D.1*..N.p....h.#.Z.[/..!.h..$..S..Phdqd....}.....E>g..q5..J.T......u.....i.b...

                                  Chrome Cache Entry: 57

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1378
                                  Category:dropped
                                  Size (bytes):628
                                  Entropy (8bit):7.6610853322771
                                  Encrypted:false
                                  SSDEEP:12:X6/EjXb5e1vpPDySPLiDB/3YLZzrlDuLRndk6l3WZi1epo7IyhadSH8Ib1yfuI:X6cP5e3dgYLMk69Ii1epryt/Md
                                  MD5:6F68E9881DF18F8E251AB57D5786239B
                                  SHA1:C0F7A01A288752833390FC330995F25488BCE8EC
                                  SHA-256:B33E30351B2F4EF67D53D2C6DBE189A4D572425037E4F1264A0190DC4A820845
                                  SHA-512:B33DFF67480DF940FA0565B231E02F26840DCB5135A4A2FF3C310AA062D3D4B456FA9C8C6E2BC59EC76B515EA1B36D574A5701771BCEE7CEE97B99EF60A803C6
                                  Malicious:false
                                  Reputation:low
                                  Preview:..........m.Mo.0.....]%F..6...rX.;..&i..].&HZ...#%...B..4.W$.....>....v8...f....g.O/.3k....ms.o....m...a8.......u..4>.]....r~8...%.....x.m.y].....u.>..7....l.]....i..fC.[O..z.)..r..........g!(.+....4.P9.0@.......R.......^q.I[..7.....Q;...6.N....a.d.%....:...6FE.}.......}s.`LV..Q.U. 8..}..y.&..I..a.\.8%..kgoo.Q6...>.5.8..!.....".t9].v.B) `.G6.V.E\..AJQU.7...J.oS.*........*.*@......l.....{.r..KP@......9YD..U......&..:..d......+/...(..:.S_...S......n..z.a...,.,&VB......eJR)...R.H3])>....9O.........KDi.O..#...-?D.1*..N.p....h.#.Z.[/..!.h..$..S..Phdqd....}.....E>g..q5..J.T......u.....i.b...

                                  Chrome Cache Entry: 58

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 55037
                                  Category:downloaded
                                  Size (bytes):15776
                                  Entropy (8bit):7.985965830535592
                                  Encrypted:false
                                  SSDEEP:384:UwXl87i4naaFtPESJ2DWOq1IcQS0SL7EOONbPHG:UwXW7i4naTSOAszOGb/G
                                  MD5:098D00E9154C1A4848DA016205C19CE9
                                  SHA1:E25940FD37302594D14B1884D70F75261059F26D
                                  SHA-256:2BF70F1B03D3739907578441359DD07F2BE363C0AA052895C6C163D176F41393
                                  SHA-512:43536DD060C282950C183F582D2D734088B7D551B4B3E6BF1DE4A826D3EA442CAB271FC2041520397E01FCCC45FBDFA09259CE075AC7BFB09764823F23EB0D2A
                                  Malicious:false
                                  Reputation:low
                                  URL:https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_0lriinjhzchre9aqecvmpg2.js
                                  Preview:...........}Ms#G.....uh.O=.>...4..p.O$...P.IF4.".K....1..5.......7.|.....S6..w8?......9...B.AwUeeeeeefee..f.Oc/._..G.............{..._..%.q..q........j<.w..O.7..."pgbV.C..k.T`..X....'v....<p....I.'..k<j@Ai..NP.6<..j..N.....0.......=..ox/+...9.sB..p.q.ai...?.....qw.D.X..b..?.bOD.x.B1..X..`.N..b..E...%JWg..x8.ys..:...I.....b1...q.......[..a..7q..N........._..4....&.. ........m&6.F.\.@.e.B..`.'.....0............]/.........`..iZ6......./f8..BCz_...i....MQ>..E,/x>v......{.........._.........Z.rP+......*e..R.\.Z.u..3@./.oJ7.'.......%.;.WP.9.b..z._..b....0......X...Ro^k*.lI..t..K7~.ep.`.)......'."".."....../..S....M..B5nEc2..g..m..|f.{...pbi(.0.@[_Lc.Z.....U`./!..@.....p.-..kQ@T..8...-...0.....AX.D.?...".....5.NE..\...VQa.....,......?..M.0......_<......C..fOq..bz'..z/BF.;&.K......%.....g........f!..^.:Z...g...j...7.._........S.2/.2.n.....>.<P!!.Bv..J........e!d....B.Ra$.......N........> f.C.....^.D.-.e.c+...............!....$.9x...{.....p~._.0.

                                  Chrome Cache Entry: 59

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 379
                                  Category:downloaded
                                  Size (bytes):254
                                  Entropy (8bit):7.066074991728423
                                  Encrypted:false
                                  SSDEEP:6:XtS8G99k8e6my4IIFqXUJ59lDFCnhUGlZX8My/dOtrE:XAH99kRX1YQBDFCnDXdWYtrE
                                  MD5:847A4212B99B9076EE39328B24CD30AF
                                  SHA1:73F15078CF1D396485F644A79B6E25EF0637685D
                                  SHA-256:29DC0C26C372805325EB7EB926769E832A60B47BEF96A66436EC3EC05CD6128E
                                  SHA-512:9AF77E9ED8BD9A39A47F36AAC2D01B5AF5D56C04CD933427DF95CC80904D7EE7AC3F7F9443D8AEF236CC84FB4DC4CC335AF0BF8F9BC0C13D720187096D149220
                                  Malicious:false
                                  Reputation:low
                                  URL:https://aadcdn.msauth.net/shared/1.0/content/images/picker_account_msa_3b879963b4f70829fd7a25cbc9519792.svg
                                  Preview:..........mP.n. ...D.xY0.\..{. 7...y.F!.....T..Y.Y..n...q^.[O}..w.SJ.j..3.....%)....x.f.K}..}\.=E.D....!.n.......Ma..G.=+.%.w..WX...9.A...........X...V...bOB&2.H....15{.fT...V-.#..m..f...V2<...~....l%4.....Ie.TL69.....vW.....v.3.v.O..}..{...

                                  Chrome Cache Entry: 60

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592
                                  Category:dropped
                                  Size (bytes):621
                                  Entropy (8bit):7.673946009263606
                                  Encrypted:false
                                  SSDEEP:12:Xp7fmqfW/e4YC2L0E5DZLB62y/+6lbPa1Gotq8mdd2Xmy2QLBwxD+QkCfBJ:Xp6qf2SCk3LBpy/rtPa1GKq8mOX5jLcD
                                  MD5:4761405717E938D7E7400BB15715DB1E
                                  SHA1:76FED7C229D353A27DB3257F5927C1EAF0AB8DE9
                                  SHA-256:F7ED91A1DAB5BB2802A7A3B3890DF4777588CCBE04903260FBA83E6E64C90DDF
                                  SHA-512:E8DAC6F81EB4EBA2722E9F34DAF9B99548E5C40CCA93791FBEDA3DEBD8D6E401975FC1A75986C0E7262AFA1B9D1475E1008A89B92C8A7BEC84D8A917F221B4A2
                                  Malicious:false
                                  Reputation:low
                                  Preview:..........}UMo"1..+.....G; .8l...M..$.U.AW......UaX..`'.=......|..z3...Ms>..Y...QB..W..y..6.......?..........L.W=m....=..w.)...nw...a.z......#.y.j...m...P...#...6....6.u.u...OF.V..07b..\...s.f..U..N..B...>.d.-z..x.2..Lr.Rr)....JF.z.;Lh.....q.2.A....[.&".S..:......]........#k.U#57V..k5.tdM.j.9.FMQ2..H:.~op..H.......hQ.#...r[.T.$.@........j.xc.x0..I.B:#{iP1.e'..S4.:...mN.4)<W.A.).g.+..PZ&.$.#.6v.+.!...x*...}.._...d...#.Cb..(..^k..h!..7.dx.WHB......(.6g.7.Wwt.I<.......o.;.....Oi$}f.6.....:P..!<5.(.p.e.%et.)w8LA.l9r..n.....?.F.DrK...H....0F...{.,.......{E.."....*...x.@..?u......../....8...

                                  Chrome Cache Entry: 61

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:PNG image data, 280 x 60, 8-bit/color RGBA, non-interlaced
                                  Category:dropped
                                  Size (bytes):9880
                                  Entropy (8bit):7.9703418750675645
                                  Encrypted:false
                                  SSDEEP:192:f5bn/i4oMAo8g2AXZMk38c7qdes92y1z7O9oA11K2E7CjryRnpvxZ1:f5bn/DovgXXZl38c7cec2y8mA11dSC/+
                                  MD5:44B6E06CF4FEBFF52FA548B1DCC9AE71
                                  SHA1:DB69A19721EBB92E7EBE6C84570ECB8E5BFA9360
                                  SHA-256:173815291B16A684FF0EE1997283BB4F45CD2561DA609CF0E828E5D3DE759E20
                                  SHA-512:8946ED4E707C11F73DF1C4CC44001A7DE061D7709F3DB99A750857C8E3F5340A1997079AAC42CF7B37DEBEFB867ECAF36B375F219A34D947BE7FB3D0485579C1
                                  Malicious:false
                                  Reputation:low
                                  Preview:.PNG........IHDR.......<...........niCCPicc..(.u..KBQ...~.QFC.......Q..a..5.AV.^....JHk.. 4D-}.......AP..m.}-!..h`.........{...M...Ke#..y...^.+....?...|l.N..u.M.....^.....z..4.(..4D6....!-.L......P.Z.&.(.5.C....]....p..ky.(<&.+.*..<.K..bL.l.&Q.........$....o.u.h..b.#G^..Q+.5#5+zF..U...<...D..;.].......k..}lY..p<.e.._...?E..4.!.l..UKK...6.?.I#.....,..A...o.w....9...._t...0*..V....h...p.....pHYs...#...#.x.?v.. .IDATx...|\...i.i.U,Y..........!.C.....fS.o!.M.P.,..,.n...I...I.0....i.SLlc.7.V..:.....}.{.hl.Y.X.l..w.~...>o=.q.0..3..1non.S.8..b..fL....u..-8]...~.{|..f...)C%..DEZ..R..-....n..^.Go.n...,...L...0...AE.h$...!...#..!.L......n.<6T../.^.|^......?'Gns....`x...3&{.......7.#.L.....l....}...D.b... /7.....m.......[...f<%.G.{.X<.P...@~~......}k|..0G7X...6n.._|.]==........F..Y.Dxd.......D(.B4.Us.%..y.<....v.TLkh@m]....T......v...P_W.3.8.S.L1.......c....}`.K..e....X....(-/.T.DEE......ttt.....`..H..x..x.q.RB..cq.bQ..8.o...N.1...q.b,2..ikmE.......-

                                  Chrome Cache Entry: 62

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:GIF image data, version 89a, 352 x 3
                                  Category:dropped
                                  Size (bytes):3620
                                  Entropy (8bit):6.867828878374734
                                  Encrypted:false
                                  SSDEEP:48:ZumKaT5ezv47j2/ZiRDlq16x8XvEUcg777shHdpHVGJqFd:Eal647jPDlL8XvEUcg77kVGyd
                                  MD5:B540A8E518037192E32C4FE58BF2DBAB
                                  SHA1:3047C1DB97B86F6981E0AD2F96AF40CDF43511AF
                                  SHA-256:8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
                                  SHA-512:E3612D9E6809EC192F6E2D035290B730871C269A267115E4A5515CADB7E6E14E3DD4290A35ABAA8D14CF1FA3924DC76E11926AC341E0F6F372E9FC5434B546E5
                                  Malicious:false
                                  Reputation:low
                                  Preview:GIF89a`.........iii!.......!.&Edited with ezgif.com online GIF maker.!..NETSCAPE2.0.....,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....`.....9..i....Q4......H..j.=.k9-5_..........j7..({.........!.......,....`.....9.......trV.......H....`.[.q6......>.. .CZ.&!.....M...!.......,....`.....8..........:......H..jJ..U..6_....../.el...q.)...*..!.......,....`.....9.....i..l.go.....H..*".U...f......._......5......n..!.......,....`.....:..i......./.....H...5%.kE/5.........In.a..@&3.....J...!.......,....`.....9.......kr.j.....H..*.-.{Im5c..............@&.........!.......,....`.....9.........j..q....H...].&..\.5.........8..S..........!.......,....`.....9.......3q.g..5....H...:u..............Al..x.q.........!.......,....`.....9......\.F....z....H...zX...ov.........h3N.x4......j..!.......,....`.....9........Q.:......H....y..^...1.........n.!.F......E...!.......,....`.....8.........i,......H....*_.21.I.........%...

                                  Chrome Cache Entry: 63

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113657
                                  Category:downloaded
                                  Size (bytes):35807
                                  Entropy (8bit):7.994448207898337
                                  Encrypted:true
                                  SSDEEP:768:GeGIpaEdiOh6SlRpX1j6M+m6TRvY9YIiLcIA4WHioUx5vib:hGIp0ARDj686lg9OkHcxs
                                  MD5:FCF71472EFC9E614B10DFD499805F729
                                  SHA1:CF1FA991F9F08068F8F5F4D188D741BF5C2B7722
                                  SHA-256:23FF9B1A108B620EB12123003F37200042B120F3A554D3772B55F6366BDD4652
                                  SHA-512:B01F793C888C512F4BD1252EBA17A30C16BE3EC5E5A48BBBDD8F724EDCAEB2FD810439050A3097C27DAFDD1DE9235B39B7CF45D5341CC43A942F3F529891F379
                                  Malicious:false
                                  Reputation:low
                                  URL:https://aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_ea3e62a2bdfb2b2ee8c8.js
                                  Preview:...........{..8.(.........,.-.......gglu.. .m..I....~..oRv......i.(....P(......k............o.6>.|..d..........O...V..}.G..4......9.l..F.mDI.f.4...o,..EA.1...F1g..,...E..Gy...,No6.@..l....n..;....P.fQ...ty...b#I.(d.A2!j1$..m....6n.Q8.x..Y...b#c!....|.p..w#..F..i..s.Gc..b..9U.k......&@pJ..'40J......e.$.k.L(b...F.n.+..nO..6@n...A.&.,LVa......Y......V..o..% ....,......:..e.-XR. <FE.w..b..P......r.b.["~..!.....y.......V...4.;M..Y.X.{.......0].N..,.r`=...Mv....;...k....w.1p.q...(.u.3....;).. }...s....'....c...o.d....Ax.W..._...?.9..*.........3..MWI..3.p3..u.m$~Vo:n.'.8..!5h....y...6=7...hz.......f.-.).......Nc..:..u.g...~.8..4.....0P......$.=.a....#._..3.t..7Q...-....6..j.|...*.5-...B...}.VQ.&/.*..e.XeI.C../.y...{...1...Y..g..`'..F..h.o.]SHW...,..Ac_%y...M..u.O..U..`.&...Y.}....Tu..z..iv.....5..M.q.. .Bz.,..oSS.%..y.....gS1s.(.........%,fE.m.@~.4.........7.x.$0mQ..o....J.J^....~.....*.u!.~Z.iw.b...Q~).=..Tq.:.7HH.E.&6.D`.(..Cxmf.(o...^y_.v.{..K<Y.5.

                                  Chrome Cache Entry: 64

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
                                  Category:downloaded
                                  Size (bytes):17174
                                  Entropy (8bit):2.9129715116732746
                                  Encrypted:false
                                  SSDEEP:24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
                                  MD5:12E3DAC858061D088023B2BD48E2FA96
                                  SHA1:E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
                                  SHA-256:90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
                                  SHA-512:C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
                                  Malicious:false
                                  Reputation:low
                                  URL:https://aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
                                  Preview:..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

                                  Chrome Cache Entry: 65

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 223759
                                  Category:downloaded
                                  Size (bytes):54318
                                  Entropy (8bit):7.995006031600911
                                  Encrypted:true
                                  SSDEEP:1536:GPYhFQ0hY97NgEQMoCG/D6oAPSZGh7Xifaz8TAiQzsr:Gn37ih787GA8Ei+sr
                                  MD5:3F98A175D5232F665BEFFC23352D7176
                                  SHA1:8413FCCF22CEBAAED144736F5415F09EFD45CE48
                                  SHA-256:C6D80B97A3828280862163C72A94F5902F10D927FA1F6BDEAB5479B94F04F5AC
                                  SHA-512:93D0C9BBB7B204AE18A2392F137DC02B71A9E5352EC24267C2CEBAE5C286EEB68BCABF73F3F4B6DA1DF1D49E3998F6190D843144CD1ACDD5B4AA707CDF7CC24D
                                  Malicious:false
                                  Reputation:low
                                  URL:https://aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_8e14dcf0e3ff5580d170.js
                                  Preview:...........k{.F.0.}...gF.L."..eR..v.y.O....g...............~...@....f<...F./...u...;............x.y.C...y...sx.....^=}.....N.W.I.Y$.....".w....$..|..a...+.7O.eg.gW..2...8*..2)J..<^f.:.4..;....<}.....ZK.......5..,;iV&Q...9......;U:....$....DyVd....Q...N......N..".;.,//.8...X..ZP7......&shpA...a.I.C\U0i.&K..}m..1..9.N.u....^.'I/:......r...a^Ee.f..oq..e'..y..U..;...T(...<L..;X.."..8-}.^L.._w.....f.w..V.x.kK..K../.A..[....oE....G..ao0...\........Qv.7..eX..70.....|.s.}.#...:..t...$.}=....s..g.}Q..........SO.....p.%..v..|.Fo.. ..,e.......=;;..7....E.F8+7.K?.n.y'.rw.........x~...=?.?...z~.?....<...(H./.....V.*....yx.?.O.>l...E..c]..n.?..>......%<.....?....w........../.2.^...d........1b...4~.)\W....k-.n.0..._..8....qZ..^...D=...~..w...^g.........*.r.......d.O............a....R.)O.[v...C......2.....s..y...o6...6...z}8d....e<+..y.cs....X...v.O...p.....3.v.~D..IAo.<.....,H..9.xx....h.....B\.f.a.&..V...no"MJ.R...6...Y.....F<...9....s`..Q...X

                                  Chrome Cache Entry: 66

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
                                  Category:downloaded
                                  Size (bytes):673
                                  Entropy (8bit):7.6596900876595075
                                  Encrypted:false
                                  SSDEEP:12:Xl0t8TUViiYi5m6FhSBXWPsigK99WCqKMvBBFThSqfLd81CK6bC+k7LqZLsFlD:XFUVpkNK0Rwid81p6btk7LqZ6D
                                  MD5:0E176276362B94279A4492511BFCBD98
                                  SHA1:389FE6B51F62254BB98939896B8C89EBEFFE2A02
                                  SHA-256:9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
                                  SHA-512:8D61C9E464C8F3C77BF1729E32F92BBB1B426A19907E418862EFE117DBD1F0A26FCC3A6FE1D1B22B836853D43C964F6B6D25E414649767FBEA7FE10D2048D7A1
                                  Malicious:false
                                  Reputation:low
                                  URL:https://aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg
                                  Preview:...........U.n.0....}i..P..C..7l/..d........n...G....yl. .E.......Tu.F.........?$.i.s..s...C..wi$.....r....CT.U.FuS..r.e.~...G.q...*..~M..mu}.0.=..&.~.e.WLX.....X..%p..i......7+.........?......WN..%>...$..c..}N....Y4?..x.1.....*.#v...Gal9.!.9.A.u..b..>..".#A2"+...<qc.v....)3...x.p&..K.&..T.r.'....J.T....Q..=..H).X...<.r...KkX........)5i4.+.h.....5.<..5.^O.eC%V^....Nx.E..;..52..h....C"I./.`..O...f..r..n.h.r]}.G^..D.7..i.].}.G.].....{....oW............h.4...}~=6u..k...=.X..+z}.4.].....YS5..J......)......m....w.......~}.C.b_..[.u..9_7.u.u.....y.ss....:_yQ<{..K.V_Z....c.G.N.a...?/..%. .-..K.td....4...5.(.e.`G7..]t?.3..\..... ....G.H...

                                  Chrome Cache Entry: 67

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:GIF image data, version 89a, 352 x 3
                                  Category:dropped
                                  Size (bytes):2672
                                  Entropy (8bit):6.640973516071413
                                  Encrypted:false
                                  SSDEEP:48:ZaOdwduTYPpS9pZy9vDNi1miicsvrJkafMiS+MGQ09DU/X9/4Xp6m5Z9SQcq:4CIuTYPpSTc9vcPZX9/2gzQ/
                                  MD5:166DE53471265253AB3A456DEFE6DA23
                                  SHA1:17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D
                                  SHA-256:A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
                                  SHA-512:80978C1D262BC225A8BA1758DF546E27B5BE8D84CBCF7E6044910E5E05E04AFFEFEC3C0DA0818145EB8A917E1A8D90F4BAC833B64A1F6DE97AD3D5FC80A02308
                                  Malicious:false
                                  Reputation:low
                                  Preview:GIF89a`............!..NETSCAPE2.0.....!.......,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....0.............<....[.\K8j.tr.g..!.......,....3............^;.*..\UK.]\.%.V.c...!.......,....7........`....lo...[.a..*Rw~i...!.......,....;........h.....l.G-.[K.,_XA]..'g..!.......,....?........i.....g....Z.}..)..u...F..!.......,....C...............P.,nt^.i....Xq...i..!.......,....F...........{^b....n.y..i...\C.-...!.......,....H..............R...o....h.xV!.z#...!.......,"...L.............r.jY..w~aP(.......[i...!.......,(...N.............r....w.aP.j.'.)Y..S..!.......,....H.........`......hew..9`.%z.xVeS..!.......,5...A.........`...\m.Vmtzw.}.d.%...Q..!.......,9...=.........h......3S..s.-W8m...Q..!.......,A...5.........h.....N...:..!..U..!.......,H.............h....M.x...f.i.4..!.......,O...'.........i...tp......(..!.......,X.............j...@.x....!.......,].............j..L..3em..!.......,e.............`......!.......,n..............{i..!..

                                  Chrome Cache Entry: 68

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:ASCII text, with no line terminators
                                  Category:downloaded
                                  Size (bytes):36
                                  Entropy (8bit):4.503258334775644
                                  Encrypted:false
                                  SSDEEP:3:Eq62iczBr9ks:EqdiczBys
                                  MD5:06B313E93DD76909460FBFC0CD98CB6B
                                  SHA1:C4F9B2BBD840A4328F85F54873C434336A193888
                                  SHA-256:B4532478707B495D0BB1C21C314AEF959DD1A5E0F66E52DAD5FC332C8B697CBA
                                  SHA-512:EFD7E8195D9C126883C71FED3EFEDE55916848B784F8434ED2677DF5004436F7EDE9F80277CB4675C4DEB8F243B2705A3806B412FAA8842E039E9DC467C11645
                                  Malicious:false
                                  Reputation:low
                                  URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzQSFwmCAmly1gHbXRIFDdFbUVISBQ1Xevf9?alt=proto
                                  Preview:ChgKDQ3RW1FSGgQIVhgCIAEKBw1Xevf9GgA=

                                  Chrome Cache Entry: 69

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 444357
                                  Category:downloaded
                                  Size (bytes):121259
                                  Entropy (8bit):7.997406222796355
                                  Encrypted:true
                                  SSDEEP:1536:YfwluSACBAwNjnVCN2xrnCBjWmIYnJFFiNnybf8DkmN2jTl2Lx2OBQmBcy5wIorC:w/S7ht4ONJJ2jZqxdmy/GzYr
                                  MD5:5B2E3B2B1A706C0101B503B72F0A9B6F
                                  SHA1:4611FB4775572B46A5A14A6B12A52B558831A18D
                                  SHA-256:D40DCDEAA08322A4EB75A7C4B2CD80675D5A75D4542A98B4C3E4992A810E9778
                                  SHA-512:73A01455BC664165BEF6B89916FD9EA013C276DB8A5F0309D07E6BC8C4AAFCFB5F17177BA846676D04AACB18060FE9375C4C2FA13F9B0A704A2458E5C5ED74C5
                                  Malicious:false
                                  Reputation:low
                                  URL:https://aadcdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_4aBF4cdky--I3Cpch7JoPw2.js
                                  Preview:............{.8.......f.cw...Wl..Y.U..$..Iw.2.d.v.%.$.1..o?.$%J.SU.{w.}.S.H... .......O.....2..\.T..../g..+.............F..7.^\.x>....3....0.x..F.0...Wf.o..~e...J..*.(..9I\.8.Bc./.*T...+;J.*gW.:..6o..P...o..1..a.9.b.....G..."pYTyy.....Da.N.J...=C#....M..;b..%.I.%......!E.15.[...:..P.........8_...L..ou..ie..|.*IXy.....x.`Z...bj......I.a.,z...~%..B.....:.....L#;@...`..i......cTt.V.fs...L..8..s...R./^...*.?.0h...+.f...6:......d...>M..q1.;.......C.'.....G...?c^....\-...q8..@.u.b.,..+..!`_.....qry.?]..<>mM.......R........l..uO...q.G...c..;...~.sX.Y0M....g.w.>....'a.6g.G;.....9.b.;0.U[.j....w..........JM..Vc.;...V..wU...TYew...?5....va8...i...$.......\.l...j?EC.h.&U....E,YDA...Na!..T..$k..[..2..j./.1,D}LdY=..a.>|k....NE/.A...}..&. ..7%#..o(a.S....e!P8..UK.#.n.{..@.I....uVva.....$z#...[..CX......l.}...Q.......\.n...........Z...LK.~.|."...D;u{>......T$.C..^|%..'U....k2=...)Y! )..+.Y.#%........C..?2.r_....%'>.....^.3V..H..zSF..%C..G..`

                                  Chrome Cache Entry: 70

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 4730
                                  Category:downloaded
                                  Size (bytes):1663
                                  Entropy (8bit):7.885618370455321
                                  Encrypted:false
                                  SSDEEP:24:XndDDa31rxQxPmrqVVDZ6Ug5CEO25X6kRcalJYCIE88hUauWrfUBdw4Bmgx0HliC:XdDAre3Vd6UgBHJtRvYihUtBd1hUV
                                  MD5:921569786EBE648793E6BC01848CBF9A
                                  SHA1:4CE5A811E7BA990F34E607669919E5634E996BB1
                                  SHA-256:BD7A3F40B3821D20AEC3566B4EA6CD3DD82687456CC445B5423F4671CEC273BD
                                  SHA-512:97EC2AFA0B65DB3B397FB6FB74E900D763ECAB6FBE658510AA09F3AC08821C24E51CEF77BCDF417E440F67954C88E37679F851D25E4DCD1C67C7BE998584CE08
                                  Malicious:false
                                  Reputation:low
                                  URL:https://aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_presetpasswordsplitter_f7fbb7540d7be2ae771b.js
                                  Preview:...........W[o.6.~.`...$....I..kZ#.:.I`P..D"......;.%.r..m1`....s...;.jOw....{...._....dx...........7..c....)2f1.|.TAD.'B..C!S!..E.....d,EB..H*.%.Z..).J..bN*hNF.O.^.w...........t...p.Y....Z...W@2..$.)...R(1.DB.l.NT..e......M.B....O.F2.....Ge....Ehpl..O....1.0h.#x...@....e.D...Y.....'..(...C.Q.j....93......&K....S.P.L$.&.;,..H...v1y`U..aI.@ld...E.Bljk....h.B...M.R.J...........Z..[.M..f......l.S...+.....|..]...e..........2^..g.]).."..0...7p......e..G.Ie.x..4. ...{.P......E.O35.........Aw...U....z3.....4...G..R|....G...iW....1X.....-.U....L.]....yD5u....D.Sl&.J.:.Y/-.._....p....G.P.:.T].s..C...3.L.C...[.X.....h.ws]..u/..|$.!v...n._E.}.3&2U5z..C.[.)..+.JS.=J.m.r...H'..'f....,.gH..4...a....Bt...8............9../x8..c........z.......+GJ.L.2.+ _.(.........?..[.9.R^.V.XNN...\k3..GT...}.58KU/.u;..F..`~....N#.k,..P....rD.Pd\.0...a..[......~.hv......z}...S>q.......[.f...;.D.....m4":n...6t:M_./,.W|9..p.G..LmU.]..............c.8....8DM).

                                  Chrome Cache Entry: 71

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:GIF image data, version 89a, 352 x 3
                                  Category:downloaded
                                  Size (bytes):2672
                                  Entropy (8bit):6.640973516071413
                                  Encrypted:false
                                  SSDEEP:48:ZaOdwduTYPpS9pZy9vDNi1miicsvrJkafMiS+MGQ09DU/X9/4Xp6m5Z9SQcq:4CIuTYPpSTc9vcPZX9/2gzQ/
                                  MD5:166DE53471265253AB3A456DEFE6DA23
                                  SHA1:17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D
                                  SHA-256:A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
                                  SHA-512:80978C1D262BC225A8BA1758DF546E27B5BE8D84CBCF7E6044910E5E05E04AFFEFEC3C0DA0818145EB8A917E1A8D90F4BAC833B64A1F6DE97AD3D5FC80A02308
                                  Malicious:false
                                  Reputation:low
                                  URL:https://aadcdn.msauth.net/shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif
                                  Preview:GIF89a`............!..NETSCAPE2.0.....!.......,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....0.............<....[.\K8j.tr.g..!.......,....3............^;.*..\UK.]\.%.V.c...!.......,....7........`....lo...[.a..*Rw~i...!.......,....;........h.....l.G-.[K.,_XA]..'g..!.......,....?........i.....g....Z.}..)..u...F..!.......,....C...............P.,nt^.i....Xq...i..!.......,....F...........{^b....n.y..i...\C.-...!.......,....H..............R...o....h.xV!.z#...!.......,"...L.............r.jY..w~aP(.......[i...!.......,(...N.............r....w.aP.j.'.)Y..S..!.......,....H.........`......hew..9`.%z.xVeS..!.......,5...A.........`...\m.Vmtzw.}.d.%...Q..!.......,9...=.........h......3S..s.-W8m...Q..!.......,A...5.........h.....N...:..!..U..!.......,H.............h....M.x...f.i.4..!.......,O...'.........i...tp......(..!.......,X.............j...@.x....!.......,].............j..L..3em..!.......,e.............`......!.......,n..............{i..!..

                                  Chrome Cache Entry: 72

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
                                  Category:dropped
                                  Size (bytes):673
                                  Entropy (8bit):7.6596900876595075
                                  Encrypted:false
                                  SSDEEP:12:Xl0t8TUViiYi5m6FhSBXWPsigK99WCqKMvBBFThSqfLd81CK6bC+k7LqZLsFlD:XFUVpkNK0Rwid81p6btk7LqZ6D
                                  MD5:0E176276362B94279A4492511BFCBD98
                                  SHA1:389FE6B51F62254BB98939896B8C89EBEFFE2A02
                                  SHA-256:9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
                                  SHA-512:8D61C9E464C8F3C77BF1729E32F92BBB1B426A19907E418862EFE117DBD1F0A26FCC3A6FE1D1B22B836853D43C964F6B6D25E414649767FBEA7FE10D2048D7A1
                                  Malicious:false
                                  Reputation:low
                                  Preview:...........U.n.0....}i..P..C..7l/..d........n...G....yl. .E.......Tu.F.........?$.i.s..s...C..wi$.....r....CT.U.FuS..r.e.~...G.q...*..~M..mu}.0.=..&.~.e.WLX.....X..%p..i......7+.........?......WN..%>...$..c..}N....Y4?..x.1.....*.#v...Gal9.!.9.A.u..b..>..".#A2"+...<qc.v....)3...x.p&..K.&..T.r.'....J.T....Q..=..H).X...<.r...KkX........)5i4.+.h.....5.<..5.^O.eC%V^....Nx.E..;..52..h....C"I./.`..O...f..r..n.h.r]}.G^..D.7..i.].}.G.].....{....oW............h.4...}~=6u..k...=.X..+z}.4.].....YS5..J......)......m....w.......~}.C.b_..[.u..9_7.u.u.....y.ss....:_yQ<{..K.V_Z....c.G.N.a...?/..%. .-..K.td....4...5.(.e.`G7..]t?.3..\..... ....G.H...

                                  Chrome Cache Entry: 73

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:GIF image data, version 89a, 352 x 3
                                  Category:downloaded
                                  Size (bytes):3620
                                  Entropy (8bit):6.867828878374734
                                  Encrypted:false
                                  SSDEEP:48:ZumKaT5ezv47j2/ZiRDlq16x8XvEUcg777shHdpHVGJqFd:Eal647jPDlL8XvEUcg77kVGyd
                                  MD5:B540A8E518037192E32C4FE58BF2DBAB
                                  SHA1:3047C1DB97B86F6981E0AD2F96AF40CDF43511AF
                                  SHA-256:8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
                                  SHA-512:E3612D9E6809EC192F6E2D035290B730871C269A267115E4A5515CADB7E6E14E3DD4290A35ABAA8D14CF1FA3924DC76E11926AC341E0F6F372E9FC5434B546E5
                                  Malicious:false
                                  Reputation:low
                                  URL:https://aadcdn.msauth.net/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif
                                  Preview:GIF89a`.........iii!.......!.&Edited with ezgif.com online GIF maker.!..NETSCAPE2.0.....,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....`.....9..i....Q4......H..j.=.k9-5_..........j7..({.........!.......,....`.....9.......trV.......H....`.[.q6......>.. .CZ.&!.....M...!.......,....`.....8..........:......H..jJ..U..6_....../.el...q.)...*..!.......,....`.....9.....i..l.go.....H..*".U...f......._......5......n..!.......,....`.....:..i......./.....H...5%.kE/5.........In.a..@&3.....J...!.......,....`.....9.......kr.j.....H..*.-.{Im5c..............@&.........!.......,....`.....9.........j..q....H...].&..\.5.........8..S..........!.......,....`.....9.......3q.g..5....H...:u..............Al..x.q.........!.......,....`.....9......\.F....z....H...zX...ov.........h3N.x4......j..!.......,....`.....9........Q.:......H....y..^...1.........n.!.F......E...!.......,....`.....8.........i,......H....*_.21.I.........%...

                                  Chrome Cache Entry: 74

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
                                  Category:dropped
                                  Size (bytes):17174
                                  Entropy (8bit):2.9129715116732746
                                  Encrypted:false
                                  SSDEEP:24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
                                  MD5:12E3DAC858061D088023B2BD48E2FA96
                                  SHA1:E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
                                  SHA-256:90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
                                  SHA-512:C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
                                  Malicious:false
                                  Reputation:low
                                  Preview:..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

                                  Chrome Cache Entry: 75

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113084
                                  Category:downloaded
                                  Size (bytes):20314
                                  Entropy (8bit):7.979540464295058
                                  Encrypted:false
                                  SSDEEP:384:ekqQ8rNFEhCgMyL2iww6oIR8mWG+Pu9Z5IM6mxqrghTvUty7T9Q:9CGEiL/w7R8DW9Z5B6AasTv37T9Q
                                  MD5:92A840DC3D177339DAE03FEDF22A22B5
                                  SHA1:C1C9A6E6442388D07A9D9D72C12DA25094D6920F
                                  SHA-256:4A986BA8875F22A0EABC356112A6790F90E114ADB72EAEC4632E03812EC1EDE4
                                  SHA-512:98C705395DD249501D8069A03E0068BC9CCF4F2D139BEC63A00564C69CD21C05CB25CF56BA7B40822963737989D5048AD310E20D6022E84346C982CFCEF79E11
                                  Malicious:false
                                  Reputation:low
                                  URL:https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css
                                  Preview:...........}ks.6.....\.R;.J.H=-WR;..&>g^53.G.R[.DY<C..$e.WG..... )...{+'g...l............bw_f7.:x..<x.-.*V5)/wE..Y...gy.0.*(.*-o.e.|..._..I.....?<{.!x...W..._..^..p..E..'..Y...<.....*]..6(. ..D..*...Y.......:.ve.?..!..|t...].+.......a.......|.P...u.H.d.d.r.c[..~.L..n.-.}e.H3...r..^..iP.u.*.z.....)..Z.jx..C'......u..{.C...N.o.m~..F(b..f.....h..O.....6....kr.......n2m M$.R..R..i{.~...*..n.dKY..#.Kn.4..G...O..l.#.a=..iU..].S.2.wY..O.|...Z.A....].uU.._%U.<...pp..u=.....C.R..S.....0...A<......&...W..'o.T.."..jO..^+.....DiW.b..7i..7..........lKe.0.~B0.....zQu#...YB.,.{*.&.6..G.6..._...J.i.?.LS$( .^.{..u.-.0....K....M&j..s.yB..+....^.)...7e.....]..eFI_.kRX.B......D[.4......+.u=>....R.`QEK...R..d...*S.. ,c5RKBK(......][..eF{T.....6...".....Uk:..S.0Ro.}B.dwJZ}U..S.F.....&.&.~|......{..Ep.>x..._....}p..=.}...v...7?}...g..1&.......}...^...o.x.>x...../.^....._.........w.v./.........BA...{J..w..$?.}w....?zO.r..5...7.gl..z...g.?.{....R.......yGj

                                  Static File Info

                                  No static file info

                                  Network Behavior

                                  Network Port Distribution

                                  TCP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  Apr 26, 2024 15:13:56.603782892 CEST49674443192.168.2.6173.222.162.64
                                  Apr 26, 2024 15:13:56.603795052 CEST49673443192.168.2.6173.222.162.64
                                  Apr 26, 2024 15:13:56.932024002 CEST49672443192.168.2.6173.222.162.64
                                  Apr 26, 2024 15:14:04.951965094 CEST49710443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:14:04.952022076 CEST4434971020.25.241.18192.168.2.6
                                  Apr 26, 2024 15:14:04.952079058 CEST49710443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:14:04.952853918 CEST49710443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:14:04.952879906 CEST4434971020.25.241.18192.168.2.6
                                  Apr 26, 2024 15:14:05.440917015 CEST4434971020.25.241.18192.168.2.6
                                  Apr 26, 2024 15:14:05.440996885 CEST49710443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:14:05.447334051 CEST49710443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:14:05.447357893 CEST4434971020.25.241.18192.168.2.6
                                  Apr 26, 2024 15:14:05.447784901 CEST4434971020.25.241.18192.168.2.6
                                  Apr 26, 2024 15:14:05.449707985 CEST49710443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:14:05.449768066 CEST49710443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:14:05.449776888 CEST4434971020.25.241.18192.168.2.6
                                  Apr 26, 2024 15:14:05.449922085 CEST49710443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:14:05.496139050 CEST4434971020.25.241.18192.168.2.6
                                  Apr 26, 2024 15:14:05.619829893 CEST4434971020.25.241.18192.168.2.6
                                  Apr 26, 2024 15:14:05.620057106 CEST4434971020.25.241.18192.168.2.6
                                  Apr 26, 2024 15:14:05.620151997 CEST49710443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:14:05.634689093 CEST49710443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:14:05.634732008 CEST4434971020.25.241.18192.168.2.6
                                  Apr 26, 2024 15:14:06.336227894 CEST49674443192.168.2.6173.222.162.64
                                  Apr 26, 2024 15:14:06.367470026 CEST49673443192.168.2.6173.222.162.64
                                  Apr 26, 2024 15:14:06.633078098 CEST49672443192.168.2.6173.222.162.64
                                  Apr 26, 2024 15:14:07.668545961 CEST4971880192.168.2.613.107.136.10
                                  Apr 26, 2024 15:14:07.669050932 CEST4971980192.168.2.613.107.136.10
                                  Apr 26, 2024 15:14:07.745357037 CEST4972080192.168.2.613.107.136.10
                                  Apr 26, 2024 15:14:07.806739092 CEST804971813.107.136.10192.168.2.6
                                  Apr 26, 2024 15:14:07.806824923 CEST4971880192.168.2.613.107.136.10
                                  Apr 26, 2024 15:14:07.807477951 CEST4971880192.168.2.613.107.136.10
                                  Apr 26, 2024 15:14:07.808046103 CEST804971913.107.136.10192.168.2.6
                                  Apr 26, 2024 15:14:07.808119059 CEST4971980192.168.2.613.107.136.10
                                  Apr 26, 2024 15:14:07.887940884 CEST804972013.107.136.10192.168.2.6
                                  Apr 26, 2024 15:14:07.888040066 CEST4972080192.168.2.613.107.136.10
                                  Apr 26, 2024 15:14:07.931912899 CEST804971813.107.136.10192.168.2.6
                                  Apr 26, 2024 15:14:08.061897039 CEST44349706173.222.162.64192.168.2.6
                                  Apr 26, 2024 15:14:08.062031984 CEST49706443192.168.2.6173.222.162.64
                                  Apr 26, 2024 15:14:08.426891088 CEST804971813.107.136.10192.168.2.6
                                  Apr 26, 2024 15:14:08.426917076 CEST804971813.107.136.10192.168.2.6
                                  Apr 26, 2024 15:14:08.427014112 CEST4971880192.168.2.613.107.136.10
                                  Apr 26, 2024 15:14:08.771476030 CEST49721443192.168.2.613.107.136.10
                                  Apr 26, 2024 15:14:08.771514893 CEST4434972113.107.136.10192.168.2.6
                                  Apr 26, 2024 15:14:08.771595001 CEST49721443192.168.2.613.107.136.10
                                  Apr 26, 2024 15:14:08.775475979 CEST49721443192.168.2.613.107.136.10
                                  Apr 26, 2024 15:14:08.775501013 CEST4434972113.107.136.10192.168.2.6
                                  Apr 26, 2024 15:14:09.004420996 CEST49722443192.168.2.6192.178.50.68
                                  Apr 26, 2024 15:14:09.004484892 CEST44349722192.178.50.68192.168.2.6
                                  Apr 26, 2024 15:14:09.004641056 CEST49722443192.168.2.6192.178.50.68
                                  Apr 26, 2024 15:14:09.005565882 CEST49722443192.168.2.6192.178.50.68
                                  Apr 26, 2024 15:14:09.005589962 CEST44349722192.178.50.68192.168.2.6
                                  Apr 26, 2024 15:14:09.174966097 CEST4434972113.107.136.10192.168.2.6
                                  Apr 26, 2024 15:14:09.183588028 CEST49721443192.168.2.613.107.136.10
                                  Apr 26, 2024 15:14:09.183656931 CEST4434972113.107.136.10192.168.2.6
                                  Apr 26, 2024 15:14:09.185379028 CEST4434972113.107.136.10192.168.2.6
                                  Apr 26, 2024 15:14:09.185467958 CEST49721443192.168.2.613.107.136.10
                                  Apr 26, 2024 15:14:09.242988110 CEST49721443192.168.2.613.107.136.10
                                  Apr 26, 2024 15:14:09.243299007 CEST4434972113.107.136.10192.168.2.6
                                  Apr 26, 2024 15:14:09.243331909 CEST49721443192.168.2.613.107.136.10
                                  Apr 26, 2024 15:14:09.288113117 CEST4434972113.107.136.10192.168.2.6
                                  Apr 26, 2024 15:14:09.379662991 CEST49721443192.168.2.613.107.136.10
                                  Apr 26, 2024 15:14:09.379713058 CEST4434972113.107.136.10192.168.2.6
                                  Apr 26, 2024 15:14:09.396538973 CEST44349722192.178.50.68192.168.2.6
                                  Apr 26, 2024 15:14:09.396807909 CEST49722443192.168.2.6192.178.50.68
                                  Apr 26, 2024 15:14:09.396838903 CEST44349722192.178.50.68192.168.2.6
                                  Apr 26, 2024 15:14:09.397874117 CEST44349722192.178.50.68192.168.2.6
                                  Apr 26, 2024 15:14:09.397954941 CEST49722443192.168.2.6192.178.50.68
                                  Apr 26, 2024 15:14:09.568685055 CEST49721443192.168.2.613.107.136.10
                                  Apr 26, 2024 15:14:10.285095930 CEST4434972113.107.136.10192.168.2.6
                                  Apr 26, 2024 15:14:10.285355091 CEST4434972113.107.136.10192.168.2.6
                                  Apr 26, 2024 15:14:10.285571098 CEST49721443192.168.2.613.107.136.10
                                  Apr 26, 2024 15:14:13.981219053 CEST49722443192.168.2.6192.178.50.68
                                  Apr 26, 2024 15:14:13.981427908 CEST44349722192.178.50.68192.168.2.6
                                  Apr 26, 2024 15:14:14.048454046 CEST49722443192.168.2.6192.178.50.68
                                  Apr 26, 2024 15:14:14.048484087 CEST44349722192.178.50.68192.168.2.6
                                  Apr 26, 2024 15:14:14.168167114 CEST49722443192.168.2.6192.178.50.68
                                  Apr 26, 2024 15:14:14.188745022 CEST49721443192.168.2.613.107.136.10
                                  Apr 26, 2024 15:14:14.188777924 CEST4434972113.107.136.10192.168.2.6
                                  Apr 26, 2024 15:14:14.225609064 CEST49723443192.168.2.613.107.136.10
                                  Apr 26, 2024 15:14:14.225703001 CEST4434972313.107.136.10192.168.2.6
                                  Apr 26, 2024 15:14:14.225790024 CEST49723443192.168.2.613.107.136.10
                                  Apr 26, 2024 15:14:14.226667881 CEST49723443192.168.2.613.107.136.10
                                  Apr 26, 2024 15:14:14.226697922 CEST4434972313.107.136.10192.168.2.6
                                  Apr 26, 2024 15:14:14.371463060 CEST49724443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:14:14.371509075 CEST4434972420.25.241.18192.168.2.6
                                  Apr 26, 2024 15:14:14.371570110 CEST49724443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:14:14.373389959 CEST49724443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:14:14.373418093 CEST4434972420.25.241.18192.168.2.6
                                  Apr 26, 2024 15:14:14.617662907 CEST4434972313.107.136.10192.168.2.6
                                  Apr 26, 2024 15:14:14.630817890 CEST49723443192.168.2.613.107.136.10
                                  Apr 26, 2024 15:14:14.630857944 CEST4434972313.107.136.10192.168.2.6
                                  Apr 26, 2024 15:14:14.632122993 CEST4434972313.107.136.10192.168.2.6
                                  Apr 26, 2024 15:14:14.639106989 CEST49723443192.168.2.613.107.136.10
                                  Apr 26, 2024 15:14:14.639300108 CEST4434972313.107.136.10192.168.2.6
                                  Apr 26, 2024 15:14:14.639522076 CEST49723443192.168.2.613.107.136.10
                                  Apr 26, 2024 15:14:14.680145025 CEST4434972313.107.136.10192.168.2.6
                                  Apr 26, 2024 15:14:14.815738916 CEST49725443192.168.2.623.204.76.112
                                  Apr 26, 2024 15:14:14.815836906 CEST4434972523.204.76.112192.168.2.6
                                  Apr 26, 2024 15:14:14.815941095 CEST49725443192.168.2.623.204.76.112
                                  Apr 26, 2024 15:14:14.817898989 CEST49725443192.168.2.623.204.76.112
                                  Apr 26, 2024 15:14:14.817931890 CEST4434972523.204.76.112192.168.2.6
                                  Apr 26, 2024 15:14:14.849930048 CEST4434972420.25.241.18192.168.2.6
                                  Apr 26, 2024 15:14:14.850013971 CEST49724443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:14:14.853169918 CEST49724443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:14:14.853179932 CEST4434972420.25.241.18192.168.2.6
                                  Apr 26, 2024 15:14:14.853410959 CEST4434972420.25.241.18192.168.2.6
                                  Apr 26, 2024 15:14:14.859937906 CEST49724443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:14:14.860090971 CEST49724443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:14:14.860102892 CEST4434972420.25.241.18192.168.2.6
                                  Apr 26, 2024 15:14:14.860332966 CEST49724443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:14:14.904124022 CEST4434972420.25.241.18192.168.2.6
                                  Apr 26, 2024 15:14:15.023855925 CEST4434972420.25.241.18192.168.2.6
                                  Apr 26, 2024 15:14:15.023947954 CEST4434972420.25.241.18192.168.2.6
                                  Apr 26, 2024 15:14:15.024193048 CEST49724443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:14:15.024193048 CEST49724443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:14:15.104486942 CEST4434972523.204.76.112192.168.2.6
                                  Apr 26, 2024 15:14:15.104847908 CEST49725443192.168.2.623.204.76.112
                                  Apr 26, 2024 15:14:15.107422113 CEST49725443192.168.2.623.204.76.112
                                  Apr 26, 2024 15:14:15.107434034 CEST4434972523.204.76.112192.168.2.6
                                  Apr 26, 2024 15:14:15.107937098 CEST4434972523.204.76.112192.168.2.6
                                  Apr 26, 2024 15:14:15.172487974 CEST49725443192.168.2.623.204.76.112
                                  Apr 26, 2024 15:14:15.223825932 CEST49725443192.168.2.623.204.76.112
                                  Apr 26, 2024 15:14:15.268126011 CEST4434972523.204.76.112192.168.2.6
                                  Apr 26, 2024 15:14:15.336133003 CEST49724443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:14:15.336163998 CEST4434972420.25.241.18192.168.2.6
                                  Apr 26, 2024 15:14:15.375319958 CEST4434972523.204.76.112192.168.2.6
                                  Apr 26, 2024 15:14:15.375387907 CEST4434972523.204.76.112192.168.2.6
                                  Apr 26, 2024 15:14:15.375551939 CEST49725443192.168.2.623.204.76.112
                                  Apr 26, 2024 15:14:15.375639915 CEST49725443192.168.2.623.204.76.112
                                  Apr 26, 2024 15:14:15.375639915 CEST49725443192.168.2.623.204.76.112
                                  Apr 26, 2024 15:14:15.375658989 CEST4434972523.204.76.112192.168.2.6
                                  Apr 26, 2024 15:14:15.375669003 CEST4434972523.204.76.112192.168.2.6
                                  Apr 26, 2024 15:14:15.439429998 CEST49726443192.168.2.623.204.76.112
                                  Apr 26, 2024 15:14:15.439471006 CEST4434972623.204.76.112192.168.2.6
                                  Apr 26, 2024 15:14:15.439594030 CEST49726443192.168.2.623.204.76.112
                                  Apr 26, 2024 15:14:15.440215111 CEST49726443192.168.2.623.204.76.112
                                  Apr 26, 2024 15:14:15.440228939 CEST4434972623.204.76.112192.168.2.6
                                  Apr 26, 2024 15:14:15.665728092 CEST4434972313.107.136.10192.168.2.6
                                  Apr 26, 2024 15:14:15.665827990 CEST4434972313.107.136.10192.168.2.6
                                  Apr 26, 2024 15:14:15.665920019 CEST49723443192.168.2.613.107.136.10
                                  Apr 26, 2024 15:14:15.668977976 CEST49723443192.168.2.613.107.136.10
                                  Apr 26, 2024 15:14:15.668992996 CEST4434972313.107.136.10192.168.2.6
                                  Apr 26, 2024 15:14:15.671782970 CEST49727443192.168.2.613.107.136.10
                                  Apr 26, 2024 15:14:15.671818018 CEST4434972713.107.136.10192.168.2.6
                                  Apr 26, 2024 15:14:15.671984911 CEST49727443192.168.2.613.107.136.10
                                  Apr 26, 2024 15:14:15.672574043 CEST49727443192.168.2.613.107.136.10
                                  Apr 26, 2024 15:14:15.672589064 CEST4434972713.107.136.10192.168.2.6
                                  Apr 26, 2024 15:14:15.694786072 CEST4434972623.204.76.112192.168.2.6
                                  Apr 26, 2024 15:14:15.694958925 CEST49726443192.168.2.623.204.76.112
                                  Apr 26, 2024 15:14:15.722028017 CEST49726443192.168.2.623.204.76.112
                                  Apr 26, 2024 15:14:15.722057104 CEST4434972623.204.76.112192.168.2.6
                                  Apr 26, 2024 15:14:15.722342014 CEST4434972623.204.76.112192.168.2.6
                                  Apr 26, 2024 15:14:15.726206064 CEST49726443192.168.2.623.204.76.112
                                  Apr 26, 2024 15:14:15.772120953 CEST4434972623.204.76.112192.168.2.6
                                  Apr 26, 2024 15:14:15.949409962 CEST4434972623.204.76.112192.168.2.6
                                  Apr 26, 2024 15:14:15.949484110 CEST4434972623.204.76.112192.168.2.6
                                  Apr 26, 2024 15:14:15.950053930 CEST49726443192.168.2.623.204.76.112
                                  Apr 26, 2024 15:14:15.952296019 CEST49726443192.168.2.623.204.76.112
                                  Apr 26, 2024 15:14:15.952327967 CEST4434972623.204.76.112192.168.2.6
                                  Apr 26, 2024 15:14:15.952363968 CEST49726443192.168.2.623.204.76.112
                                  Apr 26, 2024 15:14:15.952377081 CEST4434972623.204.76.112192.168.2.6
                                  Apr 26, 2024 15:14:16.057054996 CEST4434972713.107.136.10192.168.2.6
                                  Apr 26, 2024 15:14:16.060621977 CEST49727443192.168.2.613.107.136.10
                                  Apr 26, 2024 15:14:16.060640097 CEST4434972713.107.136.10192.168.2.6
                                  Apr 26, 2024 15:14:16.060992002 CEST4434972713.107.136.10192.168.2.6
                                  Apr 26, 2024 15:14:16.062695980 CEST49727443192.168.2.613.107.136.10
                                  Apr 26, 2024 15:14:16.062752008 CEST4434972713.107.136.10192.168.2.6
                                  Apr 26, 2024 15:14:16.063518047 CEST49727443192.168.2.613.107.136.10
                                  Apr 26, 2024 15:14:16.104116917 CEST4434972713.107.136.10192.168.2.6
                                  Apr 26, 2024 15:14:17.128732920 CEST4434972713.107.136.10192.168.2.6
                                  Apr 26, 2024 15:14:17.128760099 CEST4434972713.107.136.10192.168.2.6
                                  Apr 26, 2024 15:14:17.128777981 CEST4434972713.107.136.10192.168.2.6
                                  Apr 26, 2024 15:14:17.128818989 CEST49727443192.168.2.613.107.136.10
                                  Apr 26, 2024 15:14:17.128849983 CEST4434972713.107.136.10192.168.2.6
                                  Apr 26, 2024 15:14:17.128885984 CEST49727443192.168.2.613.107.136.10
                                  Apr 26, 2024 15:14:17.128894091 CEST4434972713.107.136.10192.168.2.6
                                  Apr 26, 2024 15:14:17.128931999 CEST4434972713.107.136.10192.168.2.6
                                  Apr 26, 2024 15:14:17.129007101 CEST49727443192.168.2.613.107.136.10
                                  Apr 26, 2024 15:14:17.131748915 CEST49727443192.168.2.613.107.136.10
                                  Apr 26, 2024 15:14:17.131791115 CEST4434972713.107.136.10192.168.2.6
                                  Apr 26, 2024 15:14:19.121107101 CEST49733443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:19.121221066 CEST4434973313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:19.121295929 CEST49733443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:19.121850014 CEST49733443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:19.121896029 CEST4434973313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:19.383903027 CEST44349722192.178.50.68192.168.2.6
                                  Apr 26, 2024 15:14:19.384058952 CEST44349722192.178.50.68192.168.2.6
                                  Apr 26, 2024 15:14:19.384119987 CEST49722443192.168.2.6192.178.50.68
                                  Apr 26, 2024 15:14:19.533056021 CEST4434973313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:19.533344030 CEST49733443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:19.533376932 CEST4434973313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:19.534499884 CEST4434973313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:19.534570932 CEST49733443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:19.535844088 CEST49733443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:19.535917044 CEST4434973313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:19.536206961 CEST49733443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:19.536221027 CEST4434973313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:19.589459896 CEST49733443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:19.903750896 CEST4434973313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:19.903779984 CEST4434973313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:19.903786898 CEST4434973313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:19.903801918 CEST4434973313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:19.903810024 CEST4434973313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:19.903811932 CEST4434973313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:19.903836966 CEST49733443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:19.903867960 CEST4434973313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:19.903884888 CEST49733443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:19.903913021 CEST49733443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:19.906166077 CEST4434973313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:19.906193018 CEST4434973313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:19.906229973 CEST49733443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:19.906254053 CEST4434973313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:19.906271935 CEST49733443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:19.906292915 CEST49733443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:20.032354116 CEST4434973313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:20.032398939 CEST4434973313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:20.032442093 CEST4434973313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:20.032496929 CEST49733443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:20.032526970 CEST4434973313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:20.032550097 CEST4434973313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:20.032555103 CEST49733443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:20.032589912 CEST49733443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:21.431919098 CEST49733443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:21.431955099 CEST4434973313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:21.769460917 CEST49722443192.168.2.6192.178.50.68
                                  Apr 26, 2024 15:14:21.769494057 CEST44349722192.178.50.68192.168.2.6
                                  Apr 26, 2024 15:14:23.629300117 CEST49737443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:23.629344940 CEST4434973713.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:23.629422903 CEST49737443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:23.630033970 CEST49737443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:23.630050898 CEST4434973713.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:23.635024071 CEST49738443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:23.635030985 CEST49739443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:23.635046959 CEST4434973813.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:23.635066032 CEST4434973913.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:23.635140896 CEST49739443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:23.635173082 CEST49738443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:23.637985945 CEST49739443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:23.638001919 CEST4434973913.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:23.639254093 CEST49738443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:23.639270067 CEST4434973813.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:24.014903069 CEST4434973713.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:24.025218964 CEST4434973913.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:24.067451954 CEST49737443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:24.067584991 CEST49739443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:24.238282919 CEST4434973813.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:24.363414049 CEST49738443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:25.582875013 CEST49738443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:25.582904100 CEST4434973813.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:25.586759090 CEST4434973813.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:25.586795092 CEST4434973813.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:25.586848974 CEST49738443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:25.667124987 CEST49738443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:25.834003925 CEST49739443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:25.834098101 CEST4434973913.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:25.834618092 CEST4434973913.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:25.834880114 CEST49737443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:25.834903955 CEST4434973713.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:25.835376024 CEST4434973713.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:25.836349010 CEST49738443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:25.836683035 CEST4434973813.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:25.838457108 CEST49739443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:25.838565111 CEST4434973913.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:25.839118958 CEST49737443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:25.839180946 CEST4434973713.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:25.840090990 CEST49738443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:25.840111971 CEST4434973813.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:25.841110945 CEST49739443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:25.841152906 CEST49737443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:25.888124943 CEST4434973713.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:25.888139963 CEST4434973913.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.031251907 CEST49738443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.094975948 CEST4434973813.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.095000982 CEST4434973813.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.095012903 CEST4434973813.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.095031977 CEST4434973813.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.095041990 CEST4434973813.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.095050097 CEST4434973813.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.095069885 CEST49738443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.095084906 CEST4434973813.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.095096111 CEST49738443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.095109940 CEST4434973813.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.095119953 CEST4434973813.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.095125914 CEST49738443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.095133066 CEST4434973813.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.095154047 CEST49738443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.095175028 CEST49738443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.095179081 CEST4434973813.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.095201015 CEST4434973813.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.095237970 CEST49738443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.097610950 CEST4434973713.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.097632885 CEST4434973713.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.097640991 CEST4434973713.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.097671986 CEST4434973713.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.097692013 CEST49737443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.097703934 CEST4434973713.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.097711086 CEST4434973713.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.097723961 CEST49737443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.097749949 CEST49737443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.097767115 CEST4434973713.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.097835064 CEST4434973713.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.097950935 CEST49737443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.101502895 CEST4434973913.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.101535082 CEST4434973913.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.101572037 CEST4434973913.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.101581097 CEST4434973913.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.101608992 CEST49739443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.101653099 CEST4434973913.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.101686001 CEST49739443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.101730108 CEST49739443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.101932049 CEST4434973913.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.101948977 CEST4434973913.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.102005005 CEST49739443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.102025032 CEST4434973913.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.102047920 CEST49739443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.102113008 CEST49739443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.180202961 CEST49737443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.180227995 CEST4434973713.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.185358047 CEST49738443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.185389042 CEST4434973813.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.236937046 CEST4434973913.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.236965895 CEST4434973913.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.237051010 CEST49739443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.237107992 CEST4434973913.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.237149000 CEST49739443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.237236977 CEST49739443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.237293005 CEST4434973913.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.237306118 CEST4434973913.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.237344027 CEST49739443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.237356901 CEST4434973913.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.237382889 CEST49739443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.237544060 CEST49739443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.237701893 CEST4434973913.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.237716913 CEST4434973913.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.237780094 CEST49739443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.237792969 CEST4434973913.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.237881899 CEST49739443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.362749100 CEST4434973913.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.362775087 CEST4434973913.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.362826109 CEST49739443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.362874031 CEST4434973913.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.362906933 CEST49739443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.363034010 CEST49739443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.365403891 CEST4434973913.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.365421057 CEST4434973913.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.365487099 CEST49739443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.365500927 CEST4434973913.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.365638971 CEST49739443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.365716934 CEST4434973913.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.365775108 CEST49739443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.365784883 CEST4434973913.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.365808964 CEST4434973913.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.365865946 CEST49739443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.373024940 CEST49739443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.373054981 CEST4434973913.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.533046007 CEST49742443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.533118010 CEST4434974213.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.533217907 CEST49742443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.533444881 CEST49742443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.533477068 CEST4434974213.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.534225941 CEST49743443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.534275055 CEST4434974313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.534337997 CEST49743443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.536345005 CEST49743443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.536361933 CEST4434974313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.921087027 CEST4434974313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.921341896 CEST4434974213.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.923584938 CEST49742443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.923646927 CEST4434974213.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.923685074 CEST49743443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.923707008 CEST4434974313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.924838066 CEST4434974213.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.924863100 CEST4434974313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.924926996 CEST49742443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.924957037 CEST49743443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.925380945 CEST49742443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.925472975 CEST4434974213.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.925771952 CEST49743443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.925839901 CEST4434974313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.925980091 CEST49742443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.925996065 CEST4434974213.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:26.926048994 CEST49743443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:26.926055908 CEST4434974313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:27.056467056 CEST49743443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:27.071741104 CEST49742443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:27.315669060 CEST4434974213.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:27.315690994 CEST4434974213.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:27.315696955 CEST4434974213.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:27.315725088 CEST4434974213.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:27.315742970 CEST4434974213.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:27.315751076 CEST4434974213.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:27.315793037 CEST49742443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:27.315855980 CEST4434974213.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:27.315881968 CEST4434974213.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:27.315886021 CEST4434974313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:27.315910101 CEST49742443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:27.315911055 CEST49742443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:27.315946102 CEST49742443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:27.315946102 CEST4434974313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:27.315989971 CEST4434974313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:27.315998077 CEST49743443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:27.316009045 CEST4434974313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:27.316025019 CEST49743443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:27.316050053 CEST4434974313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:27.316067934 CEST49743443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:27.316088915 CEST4434974313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:27.316132069 CEST4434974313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:27.316133022 CEST49743443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:27.316148996 CEST4434974313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:27.316173077 CEST49743443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:27.316180944 CEST4434974313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:27.316191912 CEST49743443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:27.316953897 CEST4434974313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:27.316973925 CEST4434974313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:27.316991091 CEST4434974313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:27.317007065 CEST49743443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:27.317013979 CEST4434974313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:27.317039013 CEST49743443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:27.317045927 CEST4434974313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:27.317065001 CEST4434974313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:27.317092896 CEST49743443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:27.317097902 CEST4434974313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:27.317117929 CEST49743443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:27.321021080 CEST49742443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:27.321055889 CEST4434974213.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:27.463504076 CEST49743443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:27.480576038 CEST49744443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:27.480614901 CEST4434974413.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:27.480690956 CEST49744443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:27.481671095 CEST49744443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:27.481689930 CEST4434974413.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:27.862052917 CEST4434974413.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:27.871298075 CEST49744443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:27.871315002 CEST4434974413.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:27.872505903 CEST4434974413.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:27.872565985 CEST49744443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:27.873193979 CEST49744443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:27.873260021 CEST4434974413.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:27.873591900 CEST49744443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:27.873598099 CEST4434974413.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:28.070894003 CEST49744443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:28.130875111 CEST4434974313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:28.130887985 CEST4434974313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:28.130918980 CEST4434974313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:28.130935907 CEST4434974313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:28.130949974 CEST4434974313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:28.130963087 CEST49743443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:28.130985022 CEST4434974313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:28.131005049 CEST49743443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:28.131040096 CEST49743443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:28.277318954 CEST4434974413.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:28.277347088 CEST4434974413.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:28.277354002 CEST4434974413.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:28.277369976 CEST4434974413.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:28.277376890 CEST4434974413.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:28.277383089 CEST4434974413.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:28.277441978 CEST49744443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:28.277467966 CEST4434974413.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:28.277477980 CEST4434974413.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:28.277489901 CEST49744443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:28.277513027 CEST49744443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:28.277518988 CEST4434974413.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:28.278038025 CEST49744443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:28.279388905 CEST4434974313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:28.279398918 CEST4434974313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:28.279432058 CEST49743443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:28.279433012 CEST4434974313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:28.279457092 CEST49743443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:28.279464960 CEST4434974313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:28.282423973 CEST49743443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:30.531951904 CEST49743443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:30.531994104 CEST4434974313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:30.538209915 CEST49744443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:30.538218975 CEST4434974413.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:30.549799919 CEST49745443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:14:30.549843073 CEST4434974520.25.241.18192.168.2.6
                                  Apr 26, 2024 15:14:30.549904108 CEST49745443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:14:30.550745964 CEST49745443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:14:30.550761938 CEST4434974520.25.241.18192.168.2.6
                                  Apr 26, 2024 15:14:31.029414892 CEST4434974520.25.241.18192.168.2.6
                                  Apr 26, 2024 15:14:31.029520988 CEST49745443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:14:31.036572933 CEST49745443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:14:31.036587954 CEST4434974520.25.241.18192.168.2.6
                                  Apr 26, 2024 15:14:31.036925077 CEST4434974520.25.241.18192.168.2.6
                                  Apr 26, 2024 15:14:31.044898987 CEST49746443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:31.044933081 CEST4434974613.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:31.045001030 CEST49746443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:31.047666073 CEST49746443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:31.047678947 CEST4434974613.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:31.050801039 CEST49747443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:31.050832987 CEST4434974713.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:31.050910950 CEST49747443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:31.051615000 CEST49747443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:31.051626921 CEST4434974713.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:31.077338934 CEST49745443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:14:31.182524920 CEST49748443192.168.2.6152.195.19.97
                                  Apr 26, 2024 15:14:31.182571888 CEST44349748152.195.19.97192.168.2.6
                                  Apr 26, 2024 15:14:31.182666063 CEST49748443192.168.2.6152.195.19.97
                                  Apr 26, 2024 15:14:31.183000088 CEST49748443192.168.2.6152.195.19.97
                                  Apr 26, 2024 15:14:31.183012962 CEST44349748152.195.19.97192.168.2.6
                                  Apr 26, 2024 15:14:31.231527090 CEST49745443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:14:31.231828928 CEST49745443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:14:31.231842995 CEST4434974520.25.241.18192.168.2.6
                                  Apr 26, 2024 15:14:31.232089043 CEST49745443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:14:31.276113987 CEST4434974520.25.241.18192.168.2.6
                                  Apr 26, 2024 15:14:31.388240099 CEST4434974520.25.241.18192.168.2.6
                                  Apr 26, 2024 15:14:31.388346910 CEST4434974520.25.241.18192.168.2.6
                                  Apr 26, 2024 15:14:31.388412952 CEST49745443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:14:31.427506924 CEST4434974613.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:31.434150934 CEST4434974713.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:31.437315941 CEST49745443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:14:31.437338114 CEST4434974520.25.241.18192.168.2.6
                                  Apr 26, 2024 15:14:31.439769983 CEST49747443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:31.439794064 CEST4434974713.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:31.439994097 CEST49746443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:31.440021038 CEST4434974613.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:31.440274000 CEST4434974713.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:31.440458059 CEST4434974613.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:31.440789938 CEST49746443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:31.440865040 CEST4434974613.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:31.441201925 CEST49747443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:31.441283941 CEST4434974713.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:31.441669941 CEST49746443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:31.441777945 CEST49747443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:31.488116980 CEST4434974613.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:31.488126040 CEST4434974713.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:31.575700998 CEST44349748152.195.19.97192.168.2.6
                                  Apr 26, 2024 15:14:31.580746889 CEST49748443192.168.2.6152.195.19.97
                                  Apr 26, 2024 15:14:31.580774069 CEST44349748152.195.19.97192.168.2.6
                                  Apr 26, 2024 15:14:31.582374096 CEST44349748152.195.19.97192.168.2.6
                                  Apr 26, 2024 15:14:31.582463980 CEST49748443192.168.2.6152.195.19.97
                                  Apr 26, 2024 15:14:31.586129904 CEST49748443192.168.2.6152.195.19.97
                                  Apr 26, 2024 15:14:31.586213112 CEST44349748152.195.19.97192.168.2.6
                                  Apr 26, 2024 15:14:31.586664915 CEST49750443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:31.586698055 CEST4434975013.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:31.586785078 CEST49750443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:31.595269918 CEST49750443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:31.595288992 CEST4434975013.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:31.595659971 CEST49748443192.168.2.6152.195.19.97
                                  Apr 26, 2024 15:14:31.595669031 CEST44349748152.195.19.97192.168.2.6
                                  Apr 26, 2024 15:14:31.682245016 CEST49748443192.168.2.6152.195.19.97
                                  Apr 26, 2024 15:14:31.699951887 CEST4434974613.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:31.700043917 CEST4434974613.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:31.704082012 CEST49746443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:31.740242958 CEST49746443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:31.740258932 CEST4434974613.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:31.904068947 CEST49751443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:31.904117107 CEST4434975113.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:31.904179096 CEST49751443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:31.904544115 CEST49751443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:31.904560089 CEST4434975113.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:31.970498085 CEST4434974713.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:31.970531940 CEST4434974713.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:31.970546961 CEST4434974713.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:31.970659018 CEST49747443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:31.970691919 CEST4434974713.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:31.970745087 CEST49747443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:31.970868111 CEST4434974713.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:31.970885038 CEST4434974713.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:31.970936060 CEST4434974713.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:31.970943928 CEST49747443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:31.970951080 CEST4434974713.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:31.970987082 CEST49747443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:31.971024990 CEST4434974713.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:31.971071005 CEST49747443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:31.999331951 CEST4434975013.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:32.014691114 CEST49750443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:32.014724016 CEST4434975013.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:32.016074896 CEST4434975013.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:32.017112017 CEST49750443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:32.017288923 CEST4434975013.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:32.017291069 CEST49750443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:32.025768042 CEST49747443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:32.025796890 CEST4434974713.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:32.064120054 CEST4434975013.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:32.078331947 CEST49750443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:32.250305891 CEST4434975013.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:32.250483990 CEST4434975013.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:32.250576019 CEST49750443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:32.285588980 CEST49750443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:32.285629988 CEST4434975013.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:32.286401987 CEST4434975113.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:32.286979914 CEST49751443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:32.286990881 CEST4434975113.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:32.287489891 CEST4434975113.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:32.291498899 CEST49751443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:32.291749001 CEST4434975113.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:32.291887045 CEST49751443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:32.295866013 CEST49752443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:32.295906067 CEST4434975213.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:32.295967102 CEST49752443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:32.296186924 CEST49752443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:32.296200037 CEST4434975213.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:32.336116076 CEST4434975113.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:32.537523985 CEST4434975113.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:32.537758112 CEST4434975113.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:32.537941933 CEST49751443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:32.696734905 CEST4434975213.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:32.738900900 CEST44349748152.195.19.97192.168.2.6
                                  Apr 26, 2024 15:14:32.739104033 CEST44349748152.195.19.97192.168.2.6
                                  Apr 26, 2024 15:14:32.739116907 CEST44349748152.195.19.97192.168.2.6
                                  Apr 26, 2024 15:14:32.739141941 CEST44349748152.195.19.97192.168.2.6
                                  Apr 26, 2024 15:14:32.739154100 CEST44349748152.195.19.97192.168.2.6
                                  Apr 26, 2024 15:14:32.739202976 CEST49748443192.168.2.6152.195.19.97
                                  Apr 26, 2024 15:14:32.739234924 CEST44349748152.195.19.97192.168.2.6
                                  Apr 26, 2024 15:14:32.739253998 CEST49748443192.168.2.6152.195.19.97
                                  Apr 26, 2024 15:14:32.739258051 CEST44349748152.195.19.97192.168.2.6
                                  Apr 26, 2024 15:14:32.739274025 CEST49748443192.168.2.6152.195.19.97
                                  Apr 26, 2024 15:14:32.739306927 CEST49748443192.168.2.6152.195.19.97
                                  Apr 26, 2024 15:14:32.758436918 CEST49752443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:34.227206945 CEST49752443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:34.227240086 CEST4434975213.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:34.227965117 CEST4434975213.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:34.364463091 CEST49752443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:34.364581108 CEST4434975213.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:34.365030050 CEST49752443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:34.372159004 CEST49751443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:34.372189045 CEST4434975113.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:34.408123016 CEST4434975213.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:34.412417889 CEST49748443192.168.2.6152.195.19.97
                                  Apr 26, 2024 15:14:34.412451982 CEST44349748152.195.19.97192.168.2.6
                                  Apr 26, 2024 15:14:34.497591972 CEST4434975213.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:34.497689962 CEST4434975213.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:34.497750044 CEST49752443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:34.525985003 CEST49752443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:34.526005983 CEST4434975213.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:34.951369047 CEST49754443192.168.2.6152.195.19.97
                                  Apr 26, 2024 15:14:34.951410055 CEST44349754152.195.19.97192.168.2.6
                                  Apr 26, 2024 15:14:34.951469898 CEST49754443192.168.2.6152.195.19.97
                                  Apr 26, 2024 15:14:34.953721046 CEST49754443192.168.2.6152.195.19.97
                                  Apr 26, 2024 15:14:34.953742981 CEST44349754152.195.19.97192.168.2.6
                                  Apr 26, 2024 15:14:35.207113028 CEST44349754152.195.19.97192.168.2.6
                                  Apr 26, 2024 15:14:35.209388018 CEST49754443192.168.2.6152.195.19.97
                                  Apr 26, 2024 15:14:35.209412098 CEST44349754152.195.19.97192.168.2.6
                                  Apr 26, 2024 15:14:35.210288048 CEST44349754152.195.19.97192.168.2.6
                                  Apr 26, 2024 15:14:35.210383892 CEST49754443192.168.2.6152.195.19.97
                                  Apr 26, 2024 15:14:35.220841885 CEST49754443192.168.2.6152.195.19.97
                                  Apr 26, 2024 15:14:35.220915079 CEST44349754152.195.19.97192.168.2.6
                                  Apr 26, 2024 15:14:35.224834919 CEST49754443192.168.2.6152.195.19.97
                                  Apr 26, 2024 15:14:35.224853992 CEST44349754152.195.19.97192.168.2.6
                                  Apr 26, 2024 15:14:35.367574930 CEST49754443192.168.2.6152.195.19.97
                                  Apr 26, 2024 15:14:35.690315008 CEST44349754152.195.19.97192.168.2.6
                                  Apr 26, 2024 15:14:35.690421104 CEST44349754152.195.19.97192.168.2.6
                                  Apr 26, 2024 15:14:35.690428972 CEST44349754152.195.19.97192.168.2.6
                                  Apr 26, 2024 15:14:35.690623999 CEST44349754152.195.19.97192.168.2.6
                                  Apr 26, 2024 15:14:35.690640926 CEST44349754152.195.19.97192.168.2.6
                                  Apr 26, 2024 15:14:35.691482067 CEST44349754152.195.19.97192.168.2.6
                                  Apr 26, 2024 15:14:35.691534042 CEST49754443192.168.2.6152.195.19.97
                                  Apr 26, 2024 15:14:35.691534042 CEST49754443192.168.2.6152.195.19.97
                                  Apr 26, 2024 15:14:36.303775072 CEST49754443192.168.2.6152.195.19.97
                                  Apr 26, 2024 15:14:36.303800106 CEST44349754152.195.19.97192.168.2.6
                                  Apr 26, 2024 15:14:49.259668112 CEST49756443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:49.259701014 CEST4434975613.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:49.259772062 CEST49756443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:49.260332108 CEST49757443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:49.260368109 CEST4434975713.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:49.260416985 CEST49757443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:49.261020899 CEST49758443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:49.261054039 CEST4434975813.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:49.261149883 CEST49758443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:49.263668060 CEST49756443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:49.263679028 CEST4434975613.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:49.264193058 CEST49757443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:49.264206886 CEST4434975713.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:49.264739037 CEST49758443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:49.264760971 CEST4434975813.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:49.282653093 CEST49759443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:14:49.282699108 CEST4434975920.25.241.18192.168.2.6
                                  Apr 26, 2024 15:14:49.282762051 CEST49759443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:14:49.283626080 CEST49759443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:14:49.283638000 CEST4434975920.25.241.18192.168.2.6
                                  Apr 26, 2024 15:14:49.673428059 CEST4434975713.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:49.673754930 CEST49757443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:49.673770905 CEST4434975713.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:49.674094915 CEST4434975713.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:49.674477100 CEST49757443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:49.674544096 CEST4434975713.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:49.674632072 CEST49757443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:49.716121912 CEST4434975713.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:49.760426044 CEST4434975920.25.241.18192.168.2.6
                                  Apr 26, 2024 15:14:49.760515928 CEST49759443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:14:49.768985033 CEST49759443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:14:49.769009113 CEST4434975920.25.241.18192.168.2.6
                                  Apr 26, 2024 15:14:49.769244909 CEST4434975920.25.241.18192.168.2.6
                                  Apr 26, 2024 15:14:49.771461964 CEST49759443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:14:49.771517038 CEST49759443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:14:49.771522045 CEST4434975920.25.241.18192.168.2.6
                                  Apr 26, 2024 15:14:49.771631002 CEST49759443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:14:49.816128016 CEST4434975920.25.241.18192.168.2.6
                                  Apr 26, 2024 15:14:49.927525043 CEST4434975920.25.241.18192.168.2.6
                                  Apr 26, 2024 15:14:49.927634954 CEST4434975920.25.241.18192.168.2.6
                                  Apr 26, 2024 15:14:49.927691936 CEST49759443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:14:49.927845955 CEST49759443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:14:49.927861929 CEST4434975920.25.241.18192.168.2.6
                                  Apr 26, 2024 15:14:50.233536959 CEST4434975813.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:50.233812094 CEST49758443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:50.233834028 CEST4434975813.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:50.237812996 CEST4434975813.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:50.237885952 CEST49758443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:50.238298893 CEST49758443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:50.238465071 CEST49758443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:50.238466978 CEST4434975813.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:50.272125959 CEST4434975613.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:50.272427082 CEST49756443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:50.272447109 CEST4434975613.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:50.272829056 CEST4434975613.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:50.273274899 CEST49756443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:50.273332119 CEST4434975613.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:50.273425102 CEST49756443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:50.282289028 CEST4434975713.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:50.282308102 CEST4434975713.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:50.282357931 CEST49757443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:50.282367945 CEST4434975713.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:50.282387018 CEST4434975713.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:50.282438040 CEST49757443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:50.283293009 CEST49757443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:50.283308983 CEST4434975713.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:50.284126997 CEST4434975813.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:50.320115089 CEST4434975613.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:50.322460890 CEST49758443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:50.322474003 CEST4434975813.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:50.370022058 CEST49758443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:50.484602928 CEST4434975813.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:50.484666109 CEST4434975813.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:50.484818935 CEST4434975813.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:50.484838963 CEST49758443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:50.485053062 CEST49758443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:50.485548973 CEST49758443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:50.485573053 CEST4434975813.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:50.489399910 CEST49760443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:50.489434004 CEST4434976013.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:50.489526987 CEST49760443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:50.489732981 CEST49760443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:50.489748955 CEST4434976013.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:50.525186062 CEST4434975613.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:50.525207996 CEST4434975613.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:50.525278091 CEST4434975613.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:50.525322914 CEST49756443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:50.525322914 CEST49756443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:50.527702093 CEST49756443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:50.527717113 CEST4434975613.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:50.531043053 CEST49761443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:50.531083107 CEST4434976113.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:50.531174898 CEST49761443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:50.531502008 CEST49761443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:50.531519890 CEST4434976113.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:50.584734917 CEST49762443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:50.584779024 CEST4434976213.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:50.584853888 CEST49762443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:50.585056067 CEST49762443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:50.585072041 CEST4434976213.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:50.585732937 CEST49763443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:50.585771084 CEST4434976313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:50.585839033 CEST49763443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:50.586117983 CEST49763443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:50.586133957 CEST4434976313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:50.926548004 CEST4434976113.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:50.927110910 CEST49761443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:50.927130938 CEST4434976113.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:50.927664995 CEST4434976113.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:50.928076982 CEST49761443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:50.928175926 CEST49761443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:50.928222895 CEST4434976113.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:50.973084927 CEST4434976313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:50.973402977 CEST49763443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:50.973413944 CEST4434976313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:50.973762989 CEST4434976313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:50.974112034 CEST49763443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:50.974169970 CEST4434976313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:50.974261999 CEST49763443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:50.976736069 CEST49761443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:50.977008104 CEST4434976213.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:50.977264881 CEST49762443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:50.977293015 CEST4434976213.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:50.978507996 CEST4434976213.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:50.978857040 CEST49762443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:50.978948116 CEST49762443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:50.978960991 CEST4434976213.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:50.979294062 CEST4434976213.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:51.020122051 CEST4434976313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:51.023641109 CEST49762443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:51.180398941 CEST4434976113.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:51.180419922 CEST4434976113.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:51.180480957 CEST49761443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:51.180495977 CEST4434976113.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:51.180529118 CEST4434976113.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:51.180886030 CEST49761443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:51.181586981 CEST49761443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:51.181605101 CEST4434976113.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:51.225719929 CEST4434976313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:51.229361057 CEST4434976313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:51.229460955 CEST49763443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:51.229727030 CEST49763443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:51.229752064 CEST4434976313.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:51.235125065 CEST49764443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:51.235209942 CEST4434976413.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:51.235295057 CEST49764443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:51.235531092 CEST49764443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:51.235564947 CEST4434976413.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:51.450752974 CEST4434976213.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:51.450990915 CEST4434976213.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:51.451072931 CEST49762443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:51.467624903 CEST49762443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:51.467657089 CEST4434976213.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:51.494060040 CEST49765443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:51.494111061 CEST4434976513.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:51.494220018 CEST49765443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:51.563986063 CEST49765443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:51.564028025 CEST4434976513.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:51.615360975 CEST4434976413.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:51.637986898 CEST49764443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:51.638015032 CEST4434976413.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:51.638425112 CEST4434976413.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:51.688574076 CEST49764443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:51.881974936 CEST4434976013.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:51.923748970 CEST49760443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:51.947402954 CEST4434976513.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:52.001080036 CEST49765443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:52.813575983 CEST4971980192.168.2.613.107.136.10
                                  Apr 26, 2024 15:14:52.892179012 CEST4972080192.168.2.613.107.136.10
                                  Apr 26, 2024 15:14:52.940552950 CEST804971913.107.136.10192.168.2.6
                                  Apr 26, 2024 15:14:52.976073027 CEST49764443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:52.976274967 CEST4434976413.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:52.976423025 CEST49760443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:52.976442099 CEST4434976013.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:52.976582050 CEST49765443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:52.976628065 CEST4434976513.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:52.976958990 CEST4434976013.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:52.977778912 CEST4434976513.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:52.977787018 CEST49760443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:52.977793932 CEST4434976513.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:52.977843046 CEST49765443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:52.977854967 CEST4434976013.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:52.977938890 CEST49764443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:52.978373051 CEST49765443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:52.978458881 CEST4434976513.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:52.978758097 CEST49760443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:52.978838921 CEST49765443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:52.978852987 CEST4434976513.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:53.020155907 CEST4434976413.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:53.024126053 CEST4434976013.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:53.026887894 CEST804972013.107.136.10192.168.2.6
                                  Apr 26, 2024 15:14:53.032339096 CEST49765443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:53.104000092 CEST4434976413.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:53.104028940 CEST4434976413.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:53.104094028 CEST49764443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:53.104096889 CEST4434976413.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:53.104137897 CEST49764443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:53.108181953 CEST49764443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:53.108201027 CEST4434976413.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:53.118541002 CEST4434976013.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:53.118633986 CEST4434976013.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:53.118715048 CEST49760443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:53.139285088 CEST49760443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:53.139302015 CEST4434976013.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:53.352521896 CEST4434976513.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:53.400125980 CEST49765443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:53.400168896 CEST4434976513.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:53.431488037 CEST4971880192.168.2.613.107.136.10
                                  Apr 26, 2024 15:14:53.447099924 CEST49765443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:53.555932045 CEST804971813.107.136.10192.168.2.6
                                  Apr 26, 2024 15:14:53.746951103 CEST49765443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:14:53.747062922 CEST4434976513.107.213.41192.168.2.6
                                  Apr 26, 2024 15:14:53.747116089 CEST49765443192.168.2.613.107.213.41
                                  Apr 26, 2024 15:15:08.904489994 CEST4971980192.168.2.613.107.136.10
                                  Apr 26, 2024 15:15:08.904591084 CEST4972080192.168.2.613.107.136.10
                                  Apr 26, 2024 15:15:08.905148983 CEST49768443192.168.2.6192.178.50.68
                                  Apr 26, 2024 15:15:08.905181885 CEST44349768192.178.50.68192.168.2.6
                                  Apr 26, 2024 15:15:08.905246019 CEST49768443192.168.2.6192.178.50.68
                                  Apr 26, 2024 15:15:08.905613899 CEST49768443192.168.2.6192.178.50.68
                                  Apr 26, 2024 15:15:08.905625105 CEST44349768192.178.50.68192.168.2.6
                                  Apr 26, 2024 15:15:08.955466032 CEST49769443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:15:08.955555916 CEST4434976920.25.241.18192.168.2.6
                                  Apr 26, 2024 15:15:08.955630064 CEST49769443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:15:08.958065033 CEST49769443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:15:08.958115101 CEST4434976920.25.241.18192.168.2.6
                                  Apr 26, 2024 15:15:09.030003071 CEST804971913.107.136.10192.168.2.6
                                  Apr 26, 2024 15:15:09.030035019 CEST804971913.107.136.10192.168.2.6
                                  Apr 26, 2024 15:15:09.030052900 CEST804972013.107.136.10192.168.2.6
                                  Apr 26, 2024 15:15:09.036564112 CEST804972013.107.136.10192.168.2.6
                                  Apr 26, 2024 15:15:09.300496101 CEST44349768192.178.50.68192.168.2.6
                                  Apr 26, 2024 15:15:09.301420927 CEST49768443192.168.2.6192.178.50.68
                                  Apr 26, 2024 15:15:09.301443100 CEST44349768192.178.50.68192.168.2.6
                                  Apr 26, 2024 15:15:09.302319050 CEST44349768192.178.50.68192.168.2.6
                                  Apr 26, 2024 15:15:09.303014040 CEST49768443192.168.2.6192.178.50.68
                                  Apr 26, 2024 15:15:09.303153038 CEST44349768192.178.50.68192.168.2.6
                                  Apr 26, 2024 15:15:09.353141069 CEST49768443192.168.2.6192.178.50.68
                                  Apr 26, 2024 15:15:09.437521935 CEST4434976920.25.241.18192.168.2.6
                                  Apr 26, 2024 15:15:09.437611103 CEST49769443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:15:09.441752911 CEST49769443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:15:09.441785097 CEST4434976920.25.241.18192.168.2.6
                                  Apr 26, 2024 15:15:09.442147017 CEST4434976920.25.241.18192.168.2.6
                                  Apr 26, 2024 15:15:09.445245028 CEST49769443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:15:09.445452929 CEST49769443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:15:09.445466042 CEST4434976920.25.241.18192.168.2.6
                                  Apr 26, 2024 15:15:09.445883989 CEST49769443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:15:09.492125034 CEST4434976920.25.241.18192.168.2.6
                                  Apr 26, 2024 15:15:09.603863955 CEST4434976920.25.241.18192.168.2.6
                                  Apr 26, 2024 15:15:09.604083061 CEST4434976920.25.241.18192.168.2.6
                                  Apr 26, 2024 15:15:09.604161978 CEST49769443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:15:09.604279995 CEST49769443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:15:09.604312897 CEST4434976920.25.241.18192.168.2.6
                                  Apr 26, 2024 15:15:18.466419935 CEST804971813.107.136.10192.168.2.6
                                  Apr 26, 2024 15:15:19.290218115 CEST44349768192.178.50.68192.168.2.6
                                  Apr 26, 2024 15:15:19.290343046 CEST44349768192.178.50.68192.168.2.6
                                  Apr 26, 2024 15:15:19.290422916 CEST49768443192.168.2.6192.178.50.68
                                  Apr 26, 2024 15:15:20.097203970 CEST49768443192.168.2.6192.178.50.68
                                  Apr 26, 2024 15:15:20.097235918 CEST44349768192.178.50.68192.168.2.6
                                  Apr 26, 2024 15:15:27.922861099 CEST49771443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:15:27.922904968 CEST4434977120.25.241.18192.168.2.6
                                  Apr 26, 2024 15:15:27.923055887 CEST49771443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:15:27.923661947 CEST49771443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:15:27.923676968 CEST4434977120.25.241.18192.168.2.6
                                  Apr 26, 2024 15:15:28.401335001 CEST4434977120.25.241.18192.168.2.6
                                  Apr 26, 2024 15:15:28.401447058 CEST49771443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:15:28.406179905 CEST49771443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:15:28.406193018 CEST4434977120.25.241.18192.168.2.6
                                  Apr 26, 2024 15:15:28.406438112 CEST4434977120.25.241.18192.168.2.6
                                  Apr 26, 2024 15:15:28.408451080 CEST49771443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:15:28.408524990 CEST49771443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:15:28.408531904 CEST4434977120.25.241.18192.168.2.6
                                  Apr 26, 2024 15:15:28.408710957 CEST49771443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:15:28.456113100 CEST4434977120.25.241.18192.168.2.6
                                  Apr 26, 2024 15:15:28.564918995 CEST4434977120.25.241.18192.168.2.6
                                  Apr 26, 2024 15:15:28.565021038 CEST4434977120.25.241.18192.168.2.6
                                  Apr 26, 2024 15:15:28.565088034 CEST49771443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:15:28.565491915 CEST49771443192.168.2.620.25.241.18
                                  Apr 26, 2024 15:15:28.565511942 CEST4434977120.25.241.18192.168.2.6

                                  UDP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  Apr 26, 2024 15:14:05.242069006 CEST53570971.1.1.1192.168.2.6
                                  Apr 26, 2024 15:14:05.246289968 CEST53492031.1.1.1192.168.2.6
                                  Apr 26, 2024 15:14:07.365410089 CEST6412653192.168.2.61.1.1.1
                                  Apr 26, 2024 15:14:07.371469021 CEST5191553192.168.2.61.1.1.1
                                  Apr 26, 2024 15:14:07.585818052 CEST53520411.1.1.1192.168.2.6
                                  Apr 26, 2024 15:14:08.445956945 CEST5773153192.168.2.61.1.1.1
                                  Apr 26, 2024 15:14:08.446470976 CEST4920153192.168.2.61.1.1.1
                                  Apr 26, 2024 15:14:08.853048086 CEST5075953192.168.2.61.1.1.1
                                  Apr 26, 2024 15:14:08.857374907 CEST5502653192.168.2.61.1.1.1
                                  Apr 26, 2024 15:14:08.978256941 CEST53507591.1.1.1192.168.2.6
                                  Apr 26, 2024 15:14:08.983031034 CEST53550261.1.1.1192.168.2.6
                                  Apr 26, 2024 15:14:17.134634018 CEST6204353192.168.2.61.1.1.1
                                  Apr 26, 2024 15:14:17.135091066 CEST5350053192.168.2.61.1.1.1
                                  Apr 26, 2024 15:14:22.677376032 CEST5459653192.168.2.61.1.1.1
                                  Apr 26, 2024 15:14:22.677987099 CEST5792153192.168.2.61.1.1.1
                                  Apr 26, 2024 15:14:23.617120981 CEST5483353192.168.2.61.1.1.1
                                  Apr 26, 2024 15:14:23.617352962 CEST5518853192.168.2.61.1.1.1
                                  Apr 26, 2024 15:14:23.742146969 CEST53551881.1.1.1192.168.2.6
                                  Apr 26, 2024 15:14:23.742259979 CEST53548331.1.1.1192.168.2.6
                                  Apr 26, 2024 15:14:28.535223961 CEST53580411.1.1.1192.168.2.6
                                  Apr 26, 2024 15:14:30.146073103 CEST53557961.1.1.1192.168.2.6
                                  Apr 26, 2024 15:14:31.049041986 CEST5577953192.168.2.61.1.1.1
                                  Apr 26, 2024 15:14:31.049349070 CEST5129453192.168.2.61.1.1.1
                                  Apr 26, 2024 15:14:31.359582901 CEST53495781.1.1.1192.168.2.6
                                  Apr 26, 2024 15:14:34.792143106 CEST6191953192.168.2.61.1.1.1
                                  Apr 26, 2024 15:14:34.792577028 CEST6002853192.168.2.61.1.1.1
                                  Apr 26, 2024 15:14:49.394248962 CEST53640351.1.1.1192.168.2.6
                                  Apr 26, 2024 15:15:04.526801109 CEST53590951.1.1.1192.168.2.6
                                  Apr 26, 2024 15:15:13.309653044 CEST53628801.1.1.1192.168.2.6

                                  ICMP Packets

                                  TimestampSource IPDest IPChecksumCodeType
                                  Apr 26, 2024 15:14:30.146159887 CEST192.168.2.61.1.1.1c223(Port unreachable)Destination Unreachable

                                  DNS Queries

                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                  Apr 26, 2024 15:14:07.365410089 CEST192.168.2.61.1.1.10x4c91Standard query (0)westernstainless.sharepoint.comA (IP address)IN (0x0001)false
                                  Apr 26, 2024 15:14:07.371469021 CEST192.168.2.61.1.1.10x5e5fStandard query (0)westernstainless.sharepoint.com65IN (0x0001)false
                                  Apr 26, 2024 15:14:08.445956945 CEST192.168.2.61.1.1.10x6e78Standard query (0)westernstainless.sharepoint.comA (IP address)IN (0x0001)false
                                  Apr 26, 2024 15:14:08.446470976 CEST192.168.2.61.1.1.10xd0c5Standard query (0)westernstainless.sharepoint.com65IN (0x0001)false
                                  Apr 26, 2024 15:14:08.853048086 CEST192.168.2.61.1.1.10x5933Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                  Apr 26, 2024 15:14:08.857374907 CEST192.168.2.61.1.1.10xfdbbStandard query (0)www.google.com65IN (0x0001)false
                                  Apr 26, 2024 15:14:17.134634018 CEST192.168.2.61.1.1.10x27b7Standard query (0)login.microsoftonline.comA (IP address)IN (0x0001)false
                                  Apr 26, 2024 15:14:17.135091066 CEST192.168.2.61.1.1.10x61dbStandard query (0)login.microsoftonline.com65IN (0x0001)false
                                  Apr 26, 2024 15:14:22.677376032 CEST192.168.2.61.1.1.10xbe36Standard query (0)identity.nel.measure.office.netA (IP address)IN (0x0001)false
                                  Apr 26, 2024 15:14:22.677987099 CEST192.168.2.61.1.1.10x80e0Standard query (0)identity.nel.measure.office.net65IN (0x0001)false
                                  Apr 26, 2024 15:14:23.617120981 CEST192.168.2.61.1.1.10x7924Standard query (0)aadcdn.msftauth.netA (IP address)IN (0x0001)false
                                  Apr 26, 2024 15:14:23.617352962 CEST192.168.2.61.1.1.10x5d70Standard query (0)aadcdn.msftauth.net65IN (0x0001)false
                                  Apr 26, 2024 15:14:31.049041986 CEST192.168.2.61.1.1.10x94cdStandard query (0)aadcdn.msauthimages.netA (IP address)IN (0x0001)false
                                  Apr 26, 2024 15:14:31.049349070 CEST192.168.2.61.1.1.10x1111Standard query (0)aadcdn.msauthimages.net65IN (0x0001)false
                                  Apr 26, 2024 15:14:34.792143106 CEST192.168.2.61.1.1.10x237bStandard query (0)aadcdn.msauthimages.netA (IP address)IN (0x0001)false
                                  Apr 26, 2024 15:14:34.792577028 CEST192.168.2.61.1.1.10x3cabStandard query (0)aadcdn.msauthimages.net65IN (0x0001)false

                                  DNS Answers

                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                  Apr 26, 2024 15:14:07.622673035 CEST1.1.1.1192.168.2.60x4c91No error (0)westernstainless.sharepoint.com2813-ipv4v6e.clump.dprodmgd106.aa-rt.sharepoint.comCNAME (Canonical name)IN (0x0001)false
                                  Apr 26, 2024 15:14:07.622673035 CEST1.1.1.1192.168.2.60x4c91No error (0)2813-ipv4v6e.clump.dprodmgd106.aa-rt.sharepoint.com195568-ipv4v6e.farm.dprodmgd106.aa-rt.sharepoint.comCNAME (Canonical name)IN (0x0001)false
                                  Apr 26, 2024 15:14:07.622673035 CEST1.1.1.1192.168.2.60x4c91No error (0)195568-ipv4v6e.farm.dprodmgd106.aa-rt.sharepoint.com195568-ipv4v6w.farm.dprodmgd106.sharepointonline.com.akadns.netCNAME (Canonical name)IN (0x0001)false
                                  Apr 26, 2024 15:14:07.622673035 CEST1.1.1.1192.168.2.60x4c91No error (0)195568-ipv4v6.farm.dprodmgd106.aa-rt.sharepoint.com.dual-spo-0005.spo-msedge.netdual-spo-0005.spo-msedge.netCNAME (Canonical name)IN (0x0001)false
                                  Apr 26, 2024 15:14:07.622673035 CEST1.1.1.1192.168.2.60x4c91No error (0)dual-spo-0005.spo-msedge.net13.107.136.10A (IP address)IN (0x0001)false
                                  Apr 26, 2024 15:14:07.622673035 CEST1.1.1.1192.168.2.60x4c91No error (0)dual-spo-0005.spo-msedge.net13.107.138.10A (IP address)IN (0x0001)false
                                  Apr 26, 2024 15:14:07.658513069 CEST1.1.1.1192.168.2.60x5e5fNo error (0)westernstainless.sharepoint.com2813-ipv4v6e.clump.dprodmgd106.aa-rt.sharepoint.comCNAME (Canonical name)IN (0x0001)false
                                  Apr 26, 2024 15:14:07.658513069 CEST1.1.1.1192.168.2.60x5e5fNo error (0)2813-ipv4v6e.clump.dprodmgd106.aa-rt.sharepoint.com195568-ipv4v6e.farm.dprodmgd106.aa-rt.sharepoint.comCNAME (Canonical name)IN (0x0001)false
                                  Apr 26, 2024 15:14:07.658513069 CEST1.1.1.1192.168.2.60x5e5fNo error (0)195568-ipv4v6e.farm.dprodmgd106.aa-rt.sharepoint.com195568-ipv4v6w.farm.dprodmgd106.sharepointonline.com.akadns.netCNAME (Canonical name)IN (0x0001)false
                                  Apr 26, 2024 15:14:08.710354090 CEST1.1.1.1192.168.2.60xd0c5No error (0)westernstainless.sharepoint.com2813-ipv4v6e.clump.dprodmgd106.aa-rt.sharepoint.comCNAME (Canonical name)IN (0x0001)false
                                  Apr 26, 2024 15:14:08.710354090 CEST1.1.1.1192.168.2.60xd0c5No error (0)2813-ipv4v6e.clump.dprodmgd106.aa-rt.sharepoint.com195568-ipv4v6e.farm.dprodmgd106.aa-rt.sharepoint.comCNAME (Canonical name)IN (0x0001)false
                                  Apr 26, 2024 15:14:08.710354090 CEST1.1.1.1192.168.2.60xd0c5No error (0)195568-ipv4v6e.farm.dprodmgd106.aa-rt.sharepoint.com195568-ipv4v6w.farm.dprodmgd106.sharepointonline.com.akadns.netCNAME (Canonical name)IN (0x0001)false
                                  Apr 26, 2024 15:14:08.768779993 CEST1.1.1.1192.168.2.60x6e78No error (0)westernstainless.sharepoint.com2813-ipv4v6e.clump.dprodmgd106.aa-rt.sharepoint.comCNAME (Canonical name)IN (0x0001)false
                                  Apr 26, 2024 15:14:08.768779993 CEST1.1.1.1192.168.2.60x6e78No error (0)2813-ipv4v6e.clump.dprodmgd106.aa-rt.sharepoint.com195568-ipv4v6e.farm.dprodmgd106.aa-rt.sharepoint.comCNAME (Canonical name)IN (0x0001)false
                                  Apr 26, 2024 15:14:08.768779993 CEST1.1.1.1192.168.2.60x6e78No error (0)195568-ipv4v6e.farm.dprodmgd106.aa-rt.sharepoint.com195568-ipv4v6w.farm.dprodmgd106.sharepointonline.com.akadns.netCNAME (Canonical name)IN (0x0001)false
                                  Apr 26, 2024 15:14:08.768779993 CEST1.1.1.1192.168.2.60x6e78No error (0)195568-ipv4v6.farm.dprodmgd106.aa-rt.sharepoint.com.dual-spo-0005.spo-msedge.netdual-spo-0005.spo-msedge.netCNAME (Canonical name)IN (0x0001)false
                                  Apr 26, 2024 15:14:08.768779993 CEST1.1.1.1192.168.2.60x6e78No error (0)dual-spo-0005.spo-msedge.net13.107.136.10A (IP address)IN (0x0001)false
                                  Apr 26, 2024 15:14:08.768779993 CEST1.1.1.1192.168.2.60x6e78No error (0)dual-spo-0005.spo-msedge.net13.107.138.10A (IP address)IN (0x0001)false
                                  Apr 26, 2024 15:14:08.978256941 CEST1.1.1.1192.168.2.60x5933No error (0)www.google.com192.178.50.68A (IP address)IN (0x0001)false
                                  Apr 26, 2024 15:14:08.983031034 CEST1.1.1.1192.168.2.60xfdbbNo error (0)www.google.com65IN (0x0001)false
                                  Apr 26, 2024 15:14:17.262278080 CEST1.1.1.1192.168.2.60x61dbNo error (0)login.microsoftonline.comlogin.mso.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                  Apr 26, 2024 15:14:17.262303114 CEST1.1.1.1192.168.2.60x27b7No error (0)login.microsoftonline.comlogin.mso.msidentity.comCNAME (Canonical name)IN (0x0001)false
                                  Apr 26, 2024 15:14:17.550060034 CEST1.1.1.1192.168.2.60x1487No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                  Apr 26, 2024 15:14:17.550060034 CEST1.1.1.1192.168.2.60x1487No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                                  Apr 26, 2024 15:14:18.261584997 CEST1.1.1.1192.168.2.60x8539No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                  Apr 26, 2024 15:14:18.261584997 CEST1.1.1.1192.168.2.60x8539No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                  Apr 26, 2024 15:14:19.119023085 CEST1.1.1.1192.168.2.60xc4bNo error (0)shed.dual-low.part-0013.t-0009.t-msedge.netpart-0013.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                  Apr 26, 2024 15:14:19.119023085 CEST1.1.1.1192.168.2.60xc4bNo error (0)part-0013.t-0009.t-msedge.net13.107.213.41A (IP address)IN (0x0001)false
                                  Apr 26, 2024 15:14:19.119023085 CEST1.1.1.1192.168.2.60xc4bNo error (0)part-0013.t-0009.t-msedge.net13.107.246.41A (IP address)IN (0x0001)false
                                  Apr 26, 2024 15:14:22.803479910 CEST1.1.1.1192.168.2.60xbe36No error (0)identity.nel.measure.office.netnel.measure.office.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                  Apr 26, 2024 15:14:22.803502083 CEST1.1.1.1192.168.2.60x80e0No error (0)identity.nel.measure.office.netnel.measure.office.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                  Apr 26, 2024 15:14:23.742146969 CEST1.1.1.1192.168.2.60x5d70No error (0)aadcdn.msftauth.netcs1100.wpc.omegacdn.netCNAME (Canonical name)IN (0x0001)false
                                  Apr 26, 2024 15:14:23.742259979 CEST1.1.1.1192.168.2.60x7924No error (0)aadcdn.msftauth.netcs1100.wpc.omegacdn.netCNAME (Canonical name)IN (0x0001)false
                                  Apr 26, 2024 15:14:23.742259979 CEST1.1.1.1192.168.2.60x7924No error (0)cs1100.wpc.omegacdn.net152.199.4.44A (IP address)IN (0x0001)false
                                  Apr 26, 2024 15:14:27.478702068 CEST1.1.1.1192.168.2.60xc05eNo error (0)shed.dual-low.part-0013.t-0009.t-msedge.netpart-0013.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                  Apr 26, 2024 15:14:27.478702068 CEST1.1.1.1192.168.2.60xc05eNo error (0)part-0013.t-0009.t-msedge.net13.107.213.41A (IP address)IN (0x0001)false
                                  Apr 26, 2024 15:14:27.478702068 CEST1.1.1.1192.168.2.60xc05eNo error (0)part-0013.t-0009.t-msedge.net13.107.246.41A (IP address)IN (0x0001)false
                                  Apr 26, 2024 15:14:31.174173117 CEST1.1.1.1192.168.2.60x94cdNo error (0)aadcdn.msauthimages.netaadcdn.azureedge.netCNAME (Canonical name)IN (0x0001)false
                                  Apr 26, 2024 15:14:31.174173117 CEST1.1.1.1192.168.2.60x94cdNo error (0)scdn3514c.wpc.9e730.upsiloncdn.netsni1gl.wpc.upsiloncdn.netCNAME (Canonical name)IN (0x0001)false
                                  Apr 26, 2024 15:14:31.174173117 CEST1.1.1.1192.168.2.60x94cdNo error (0)sni1gl.wpc.upsiloncdn.net152.195.19.97A (IP address)IN (0x0001)false
                                  Apr 26, 2024 15:14:31.174570084 CEST1.1.1.1192.168.2.60x1111No error (0)aadcdn.msauthimages.netaadcdn.azureedge.netCNAME (Canonical name)IN (0x0001)false
                                  Apr 26, 2024 15:14:31.174570084 CEST1.1.1.1192.168.2.60x1111No error (0)scdn3514c.wpc.9e730.upsiloncdn.netsni1gl.wpc.upsiloncdn.netCNAME (Canonical name)IN (0x0001)false
                                  Apr 26, 2024 15:14:34.917519093 CEST1.1.1.1192.168.2.60x3cabNo error (0)aadcdn.msauthimages.netaadcdn.azureedge.netCNAME (Canonical name)IN (0x0001)false
                                  Apr 26, 2024 15:14:34.917519093 CEST1.1.1.1192.168.2.60x3cabNo error (0)scdn3514c.wpc.9e730.upsiloncdn.netsni1gl.wpc.upsiloncdn.netCNAME (Canonical name)IN (0x0001)false
                                  Apr 26, 2024 15:14:34.918119907 CEST1.1.1.1192.168.2.60x237bNo error (0)aadcdn.msauthimages.netaadcdn.azureedge.netCNAME (Canonical name)IN (0x0001)false
                                  Apr 26, 2024 15:14:34.918119907 CEST1.1.1.1192.168.2.60x237bNo error (0)scdn3514c.wpc.9e730.upsiloncdn.netsni1gl.wpc.upsiloncdn.netCNAME (Canonical name)IN (0x0001)false
                                  Apr 26, 2024 15:14:34.918119907 CEST1.1.1.1192.168.2.60x237bNo error (0)sni1gl.wpc.upsiloncdn.net152.195.19.97A (IP address)IN (0x0001)false
                                  Apr 26, 2024 15:14:45.529345989 CEST1.1.1.1192.168.2.60x3147No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                  Apr 26, 2024 15:14:45.529345989 CEST1.1.1.1192.168.2.60x3147No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false

                                  HTTP Request Dependency Graph

                                  • westernstainless.sharepoint.com
                                  • fs.microsoft.com
                                  • https:
                                    • aadcdn.msauth.net
                                    • aadcdn.msauthimages.net

                                  HTTP Packets

                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  0192.168.2.64971813.107.136.10805660C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  Apr 26, 2024 15:14:07.807477951 CEST446OUTGET / HTTP/1.1
                                  Host: westernstainless.sharepoint.com
                                  Connection: keep-alive
                                  Upgrade-Insecure-Requests: 1
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                  Accept-Encoding: gzip, deflate
                                  Accept-Language: en-US,en;q=0.9
                                  Apr 26, 2024 15:14:08.426891088 CEST1289INHTTP/1.1 301 Moved Permanently
                                  Location: https://westernstainless.sharepoint.com/
                                  P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                  X-NetworkStatistics: 0,23040,0,0,3,0,14400
                                  X-DataBoundary: NONE
                                  X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/
                                  X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/
                                  SPRequestGuid: 78cb22a1-509e-3000-3169-8bc0fc891520
                                  request-id: 78cb22a1-509e-3000-3169-8bc0fc891520
                                  MS-CV: oSLLeJ5QADAxaYvA/IkVIA.0
                                  Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=00000000-0000-0000-0000-000000000000&destinationEndpoint=Edge-Prod-MIA30r5a&frontEnd=AFD&RemoteIP=102.129.152.0"}]}
                                  NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0}
                                  X-FRAME-OPTIONS: SAMEORIGIN
                                  Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.skype.com *.teams.microsoft.us local.teams.office.com *.office365.com *.powerapps.com *.yammer.com engage.cloud.microsoft *.officeapps.live.com *.office.com *.microsoft365.com *.stream.azure-test.net *.microsoftstream.com *.dynamics.com *.microsoft.com onedrive.li
                                  Data Raw:
                                  Data Ascii:
                                  Apr 26, 2024 15:14:08.426917076 CEST430INData Raw: 65 2e 63 6f 6d 20 2a 2e 6f 6e 65 64 72 69 76 65 2e 6c 69 76 65 2e 63 6f 6d 20 73 65 63 75 72 65 62 72 6f 6b 65 72 2e 73 68 61 72 65 70 6f 69 6e 74 6f 6e 6c 69 6e 65 2e 63 6f 6d 3b 0d 0a 53 50 52 65 71 75 65 73 74 44 75 72 61 74 69 6f 6e 3a 20 32
                                  Data Ascii: e.com *.onedrive.live.com securebroker.sharepointonline.com;SPRequestDuration: 23SPIisLatency: 0X-Powered-By: ASP.NETMicrosoftSharePointTeamServices: 16.0.0.24810X-Content-Type-Options: nosniffX-MS-InvokeApp: 1; RequireReadOnlyX-
                                  Apr 26, 2024 15:14:53.431488037 CEST6OUTData Raw: 00
                                  Data Ascii:


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  1192.168.2.64971913.107.136.10805660C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  Apr 26, 2024 15:14:52.813575983 CEST6OUTData Raw: 00
                                  Data Ascii:


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  2192.168.2.64972013.107.136.10805660C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  Apr 26, 2024 15:14:52.892179012 CEST6OUTData Raw: 00
                                  Data Ascii:


                                  HTTPS Proxied Packets

                                  Session IDSource IPSource PortDestination IPDestination Port
                                  0192.168.2.64971020.25.241.18443
                                  TimestampBytes transferredDirectionData
                                  2024-04-26 13:14:05 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 77 69 64 62 6b 34 61 76 70 6b 57 49 43 53 48 71 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 35 63 30 31 62 63 34 38 30 62 65 32 30 31 35 0d 0a 0d 0a
                                  Data Ascii: CNT 1 CON 305MS-CV: widbk4avpkWICSHq.1Context: 55c01bc480be2015
                                  2024-04-26 13:14:05 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                  Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                  2024-04-26 13:14:05 UTC1076OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 33 0d 0a 4d 53 2d 43 56 3a 20 77 69 64 62 6b 34 61 76 70 6b 57 49 43 53 48 71 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 35 63 30 31 62 63 34 38 30 62 65 32 30 31 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 54 6f 32 30 78 4e 62 4c 4e 34 4a 2b 65 74 51 42 52 35 78 49 37 64 7a 31 6a 57 74 6b 43 30 56 77 4b 55 58 77 68 44 58 41 4b 4f 42 51 36 35 30 70 53 38 6a 58 35 73 75 63 6e 74 71 6c 4e 2b 6d 74 35 50 7a 77 39 56 38 55 61 42 52 74 2b 4f 47 32 2b 4a 31 56 65 6b 34 42 50 46 33 66 67 56 4c 68 78 71 56 44 78 68 35 6f 74 4f 35 4f 33
                                  Data Ascii: ATH 2 CON\DEVICE 1053MS-CV: widbk4avpkWICSHq.2Context: 55c01bc480be2015<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAATo20xNbLN4J+etQBR5xI7dz1jWtkC0VwKUXwhDXAKOBQ650pS8jX5sucntqlN+mt5Pzw9V8UaBRt+OG2+J1Vek4BPF3fgVLhxqVDxh5otO5O3
                                  2024-04-26 13:14:05 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 77 69 64 62 6b 34 61 76 70 6b 57 49 43 53 48 71 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 35 63 30 31 62 63 34 38 30 62 65 32 30 31 35 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                  Data Ascii: BND 3 CON\WNS 0 197MS-CV: widbk4avpkWICSHq.3Context: 55c01bc480be2015<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                  2024-04-26 13:14:05 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                  Data Ascii: 202 1 CON 58
                                  2024-04-26 13:14:05 UTC58INData Raw: 4d 53 2d 43 56 3a 20 66 4d 6d 4e 5a 7a 47 4f 4c 30 32 63 73 4d 55 46 57 39 62 49 73 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                  Data Ascii: MS-CV: fMmNZzGOL02csMUFW9bIsg.0Payload parsing failed.


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  1192.168.2.64972113.107.136.104435660C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  2024-04-26 13:14:09 UTC674OUTGET / HTTP/1.1
                                  Host: westernstainless.sharepoint.com
                                  Connection: keep-alive
                                  Upgrade-Insecure-Requests: 1
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                  Sec-Fetch-Site: none
                                  Sec-Fetch-Mode: navigate
                                  Sec-Fetch-User: ?1
                                  Sec-Fetch-Dest: document
                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                  sec-ch-ua-mobile: ?0
                                  sec-ch-ua-platform: "Windows"
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-US,en;q=0.9
                                  2024-04-26 13:14:10 UTC1884INHTTP/1.1 302 Found
                                  Content-Length: 197
                                  Content-Type: text/html; charset=utf-8
                                  Location: https://westernstainless.sharepoint.com/_layouts/15/Authenticate.aspx?Source=%2F
                                  P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                  X-NetworkStatistics: 0,525568,0,0,629,0,24211
                                  X-SharePointHealthScore: 3
                                  X-DataBoundary: NONE
                                  X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/
                                  X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/
                                  SPRequestGuid: 79cb22a1-f011-3000-3900-a0a2df58dd5b
                                  request-id: 79cb22a1-f011-3000-3900-a0a2df58dd5b
                                  MS-CV: oSLLeRHwADA5AKCi31jdWw.0
                                  Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=00000000-0000-0000-0000-000000000000&destinationEndpoint=Edge-Prod-MIA30r5b&frontEnd=AFD&RemoteIP=102.129.152.0"}]}
                                  NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0}
                                  Strict-Transport-Security: max-age=31536000
                                  X-FRAME-OPTIONS: SAMEORIGIN
                                  Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.skype.com *.teams.microsoft.us local.teams.office.com *.office365.com *.powerapps.com *.yammer.com engage.cloud.microsoft *.officeapps.live.com *.office.com *.microsoft365.com *.stream.azure-test.net *.microsoftstream.com *.dynamics.com *.microsoft.com onedrive.live.com *.onedrive.live.com securebroker.sharepointonline.com;
                                  SPRequestDuration: 27
                                  SPIisLatency: 0
                                  X-Powered-By: ASP.NET
                                  MicrosoftSharePointTeamServices: 16.0.0.24810
                                  X-Content-Type-Options: nosniff
                                  X-MS-InvokeApp: 1; RequireReadOnly
                                  X-Cache: CONFIG_NOCACHE
                                  X-MSEdge-Ref: Ref A: 68970B22AAD54898B581ABE8F041410A Ref B: MIA301000104051 Ref C: 2024-04-26T13:14:09Z
                                  Date: Fri, 26 Apr 2024 13:14:09 GMT
                                  Connection: close
                                  2024-04-26 13:14:10 UTC197INData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 65 73 74 65 72 6e 73 74 61 69 6e 6c 65 73 73 2e 73 68 61 72 65 70 6f 69 6e 74 2e 63 6f 6d 2f 5f 6c 61 79 6f 75 74 73 2f 31 35 2f 41 75 74 68 65 6e 74 69 63 61 74 65 2e 61 73 70 78 3f 53 6f 75 72 63 65 3d 25 32 46 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                  Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="https://westernstainless.sharepoint.com/_layouts/15/Authenticate.aspx?Source=%2F">here</a>.</h2></body></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  2192.168.2.64972313.107.136.104435660C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  2024-04-26 13:14:14 UTC714OUTGET /_layouts/15/Authenticate.aspx?Source=%2F HTTP/1.1
                                  Host: westernstainless.sharepoint.com
                                  Connection: keep-alive
                                  Upgrade-Insecure-Requests: 1
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                  Sec-Fetch-Site: none
                                  Sec-Fetch-Mode: navigate
                                  Sec-Fetch-User: ?1
                                  Sec-Fetch-Dest: document
                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                  sec-ch-ua-mobile: ?0
                                  sec-ch-ua-platform: "Windows"
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-US,en;q=0.9
                                  2024-04-26 13:14:15 UTC1647INHTTP/1.1 302 Found
                                  Cache-Control: private
                                  Content-Length: 219
                                  Content-Type: text/html; charset=utf-8
                                  Location: /_forms/default.aspx?ReturnUrl=%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252F&Source=cookie
                                  P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                  Set-Cookie: RpsContextCookie=U291cmNlPSUyRg==; expires=Fri, 26-Apr-2024 13:24:15 GMT; path=/; SameSite=None; Partitioned; secure; HttpOnly
                                  X-NetworkStatistics: 0,525568,0,0,628,0,24211
                                  X-SharePointHealthScore: 0
                                  X-AspNet-Version: 4.0.30319
                                  X-DataBoundary: NONE
                                  X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/
                                  X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/
                                  SPRequestGuid: 7acb22a1-1063-3000-3906-f6926cdbddfb
                                  request-id: 7acb22a1-1063-3000-3906-f6926cdbddfb
                                  MS-CV: oSLLemMQADA5BvaSbNvd+w.0
                                  Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=00000000-0000-0000-0000-000000000000&destinationEndpoint=Edge-Prod-MIA30r5d&frontEnd=AFD&RemoteIP=102.129.152.0"}]}
                                  NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0}
                                  Strict-Transport-Security: max-age=31536000
                                  SPRequestDuration: 14
                                  SPIisLatency: 0
                                  X-Powered-By: ASP.NET
                                  MicrosoftSharePointTeamServices: 16.0.0.24810
                                  X-Content-Type-Options: nosniff
                                  X-MS-InvokeApp: 1; RequireReadOnly
                                  X-Cache: CONFIG_NOCACHE
                                  X-MSEdge-Ref: Ref A: B234DA16AB3A4E7BB649EC2A0517E208 Ref B: MIA301000108029 Ref C: 2024-04-26T13:14:14Z
                                  Date: Fri, 26 Apr 2024 13:14:15 GMT
                                  Connection: close
                                  2024-04-26 13:14:15 UTC219INData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 2f 5f 66 6f 72 6d 73 2f 64 65 66 61 75 6c 74 2e 61 73 70 78 3f 52 65 74 75 72 6e 55 72 6c 3d 25 32 66 5f 6c 61 79 6f 75 74 73 25 32 66 31 35 25 32 66 41 75 74 68 65 6e 74 69 63 61 74 65 2e 61 73 70 78 25 33 66 53 6f 75 72 63 65 25 33 64 25 32 35 32 46 26 61 6d 70 3b 53 6f 75 72 63 65 3d 63 6f 6f 6b 69 65 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                  Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="/_forms/default.aspx?ReturnUrl=%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252F&amp;Source=cookie">here</a>.</h2></body></html>


                                  Session IDSource IPSource PortDestination IPDestination Port
                                  3192.168.2.64972420.25.241.18443
                                  TimestampBytes transferredDirectionData
                                  2024-04-26 13:14:14 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6c 73 35 42 73 31 75 37 58 55 65 6b 4a 59 36 4c 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 66 31 66 37 38 61 35 34 38 37 64 63 30 32 38 0d 0a 0d 0a
                                  Data Ascii: CNT 1 CON 305MS-CV: ls5Bs1u7XUekJY6L.1Context: 9f1f78a5487dc028
                                  2024-04-26 13:14:14 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                  Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                  2024-04-26 13:14:14 UTC1076OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 33 0d 0a 4d 53 2d 43 56 3a 20 6c 73 35 42 73 31 75 37 58 55 65 6b 4a 59 36 4c 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 66 31 66 37 38 61 35 34 38 37 64 63 30 32 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 54 6f 32 30 78 4e 62 4c 4e 34 4a 2b 65 74 51 42 52 35 78 49 37 64 7a 31 6a 57 74 6b 43 30 56 77 4b 55 58 77 68 44 58 41 4b 4f 42 51 36 35 30 70 53 38 6a 58 35 73 75 63 6e 74 71 6c 4e 2b 6d 74 35 50 7a 77 39 56 38 55 61 42 52 74 2b 4f 47 32 2b 4a 31 56 65 6b 34 42 50 46 33 66 67 56 4c 68 78 71 56 44 78 68 35 6f 74 4f 35 4f 33
                                  Data Ascii: ATH 2 CON\DEVICE 1053MS-CV: ls5Bs1u7XUekJY6L.2Context: 9f1f78a5487dc028<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAATo20xNbLN4J+etQBR5xI7dz1jWtkC0VwKUXwhDXAKOBQ650pS8jX5sucntqlN+mt5Pzw9V8UaBRt+OG2+J1Vek4BPF3fgVLhxqVDxh5otO5O3
                                  2024-04-26 13:14:14 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 6c 73 35 42 73 31 75 37 58 55 65 6b 4a 59 36 4c 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 66 31 66 37 38 61 35 34 38 37 64 63 30 32 38 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                  Data Ascii: BND 3 CON\WNS 0 197MS-CV: ls5Bs1u7XUekJY6L.3Context: 9f1f78a5487dc028<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                  2024-04-26 13:14:15 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                  Data Ascii: 202 1 CON 58
                                  2024-04-26 13:14:15 UTC58INData Raw: 4d 53 2d 43 56 3a 20 57 33 70 77 67 58 4a 64 48 30 71 2b 78 74 6f 4a 71 45 33 59 54 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                  Data Ascii: MS-CV: W3pwgXJdH0q+xtoJqE3YTA.0Payload parsing failed.


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  4192.168.2.64972523.204.76.112443
                                  TimestampBytes transferredDirectionData
                                  2024-04-26 13:14:15 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                  Connection: Keep-Alive
                                  Accept: */*
                                  Accept-Encoding: identity
                                  User-Agent: Microsoft BITS/7.8
                                  Host: fs.microsoft.com
                                  2024-04-26 13:14:15 UTC466INHTTP/1.1 200 OK
                                  Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                  Content-Type: application/octet-stream
                                  ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                  Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                  Server: ECAcc (chd/0758)
                                  X-CID: 11
                                  X-Ms-ApiVersion: Distribute 1.2
                                  X-Ms-Region: prod-eus-z1
                                  Cache-Control: public, max-age=64170
                                  Date: Fri, 26 Apr 2024 13:14:15 GMT
                                  Connection: close
                                  X-CID: 2


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  5192.168.2.64972623.204.76.112443
                                  TimestampBytes transferredDirectionData
                                  2024-04-26 13:14:15 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                  Connection: Keep-Alive
                                  Accept: */*
                                  Accept-Encoding: identity
                                  If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                  Range: bytes=0-2147483646
                                  User-Agent: Microsoft BITS/7.8
                                  Host: fs.microsoft.com
                                  2024-04-26 13:14:15 UTC530INHTTP/1.1 200 OK
                                  Content-Type: application/octet-stream
                                  Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                  ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                  ApiVersion: Distribute 1.1
                                  Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                  X-Azure-Ref: 0DZ+oYgAAAABSxwJpMgMuSLkfS640ajfFQVRBRURHRTEyMTkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm
                                  Cache-Control: public, max-age=64164
                                  Date: Fri, 26 Apr 2024 13:14:15 GMT
                                  Content-Length: 55
                                  Connection: close
                                  X-CID: 2
                                  2024-04-26 13:14:15 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                  Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  6192.168.2.64972713.107.136.104435660C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  2024-04-26 13:14:16 UTC814OUTGET /_forms/default.aspx?ReturnUrl=%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252F&Source=cookie HTTP/1.1
                                  Host: westernstainless.sharepoint.com
                                  Connection: keep-alive
                                  Upgrade-Insecure-Requests: 1
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                  Sec-Fetch-Site: none
                                  Sec-Fetch-Mode: navigate
                                  Sec-Fetch-User: ?1
                                  Sec-Fetch-Dest: document
                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                  sec-ch-ua-mobile: ?0
                                  sec-ch-ua-platform: "Windows"
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-US,en;q=0.9
                                  Cookie: RpsContextCookie=U291cmNlPSUyRg==
                                  2024-04-26 13:14:17 UTC3514INHTTP/1.1 302 Found
                                  Cache-Control: no-cache, no-store
                                  Pragma: no-cache
                                  Content-Length: 887
                                  Content-Type: text/html; charset=utf-8
                                  Expires: -1
                                  Location: https://login.microsoftonline.com:443/c425d1e4-c9b2-44c1-8db7-9dd5cea7fd64/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=1AA30BABFCA067AF1F9C6966AB0CCA9204D99F6077591B4A%2D60119CA9A59B87E4256DCB01A83B3B921622630BF63D27194294B9F877F25538&redirect%5Furi=https%3A%2F%2Fwesternstainless%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=7acb22a1%2D10bb%2D3000%2D3900%2Da08d07dd4246
                                  P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                  Set-Cookie: nSGt-1AA30BABFCA067AF1F9C6966AB0CCA9204D99F6077591B4A=gYEwRDdCNjU5QjE0ODk5MEEwMTI4MzFGQzk0NUU1MTU1MjRBOTEwNzkwOUVBOTJBRDU0MDFBQTMwQkFCRkNBMDY3QUYxRjlDNjk2NkFCMENDQTkyMDREOTlGNjA3NzU5MUI0QRIxMzM1ODYxMTA5NjkxMzE1MTgfd2VzdGVybnN0YWlubGVzcy5zaGFyZXBvaW50LmNvbTpy2IowhHRYBWeEDKCnt/6WWagHVQoeJffhi8m4rjdP7nj1SqRS9fuMe6+neCBWkySZsUGUmHeZWvVfh7Uxla70CB7zyvxIXjwSUpJ7RspdT45HjES7/6oX5JiTMonT++7qR6pRGU53fNuRbv1Z3b8UTN4sVe6KV7JrqTIOcjyEE82euu5q1r0GadfFpwkdRuGNXIdAO9TakC7Fq3TE1U71xuAldkWnma/m3N2kIxxOw38kz4ccMHyM//QSS7FvUqXuMbMpW0eJBsoCDNpUfvr3T2uswg74/Ko7/0ldQmirHYwvivE2UXwkhJtXkeSab9Pmo75Lj4e6Fv2E7FPb5SOXAAAA; expires=Fri, 26-Apr-2024 13:18:16 GMT; path=/; SameSite=None; Partitioned; secure; HttpOnly
                                  Set-Cookie: nSGt-1AA30BABFCA067AF1F9C6966AB0CCA9204D99F6077591B4A=; expires=Thu, 01-Jan-1970 08:00:00 GMT; path=/; SameSite=None; secure; HttpOnly
                                  Set-Cookie: RpsContextCookie=U291cmNlPSUyRiZQcmV2aW91c1JlcXVlc3RDb3JyZWxhdGlvbklkPTdhY2IyMmExJTJEMTBiYiUyRDMwMDAlMkQzOTAwJTJEYTA4ZDA3ZGQ0MjQ2JlJldHVyblVybD0lMkYlNUZsYXlvdXRzJTJGMTUlMkZBdXRoZW50aWNhdGUlMkVhc3B4JTNGU291cmNlJTNEJTI1MkY=; expires=Fri, 26-Apr-2024 13:24:16 GMT; path=/; SameSite=None; Partitioned; secure; HttpOnly
                                  Set-Cookie: RpsContextCookie=; expires=Thu, 01-Jan-1970 08:00:00 GMT; path=/; SameSite=None; secure; HttpOnly
                                  X-NetworkStatistics: 0,525568,0,0,627,0,24211
                                  X-SharePointHealthScore: 0
                                  X-AspNet-Version: 4.0.30319
                                  X-DataBoundary: NONE
                                  X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/
                                  X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/
                                  SPRequestGuid: 7acb22a1-10bb-3000-3900-a08d07dd4246
                                  request-id: 7acb22a1-10bb-3000-3900-a08d07dd4246
                                  MS-CV: oSLLersQADA5AKCNB91CRg.0
                                  Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=c425d1e4-c9b2-44c1-8db7-9dd5cea7fd64&destinationEndpoint=Edge-Prod-MIA30r5a&frontEnd=AFD&RemoteIP=102.129.152.0"}]}
                                  NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0}
                                  Strict-Transport-Security: max-age=31536000
                                  SPRequestDuration: 49
                                  SPIisLatency: 1
                                  Include-Referred-Token-Binding-ID: true
                                  X-Powered-By: ASP.NET
                                  MicrosoftSharePointTeamServices: 16.0.0.24810
                                  X-Content-Type-Options: nosniff
                                  X-MS-InvokeApp: 1; RequireReadOnly
                                  X-Cache: CONFIG_NOCACHE
                                  X-MSEdge-Ref: Ref A: F554E90EB5FA435090F22D00BF4BFB2E Ref B: MIA301000102017 Ref C: 2024-04-26T13:14:16Z
                                  Date: Fri, 26 Apr 2024 13:14:16 GMT
                                  Connection: close
                                  2024-04-26 13:14:17 UTC656INData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 6d 69 63 72 6f 73 6f 66 74 6f 6e 6c 69 6e 65 2e 63 6f 6d 3a 34 34 33 2f 63 34 32 35 64 31 65 34 2d 63 39 62 32 2d 34 34 63 31 2d 38 64 62 37 2d 39 64 64 35 63 65 61 37 66 64 36 34 2f 6f 61 75 74 68 32 2f 61 75 74 68 6f 72 69 7a 65 3f 63 6c 69 65 6e 74 25 35 46 69 64 3d 30 30 30 30 30 30 30 33 25 32 44 30 30 30 30 25 32 44 30 66 66 31 25 32 44 63 65 30 30 25 32 44 30 30 30 30 30 30 30 30 30 30 30 30 26 61 6d 70 3b 72 65 73 70 6f 6e 73 65 25 35 46 6d 6f 64 65 3d 66 6f 72
                                  Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="https://login.microsoftonline.com:443/c425d1e4-c9b2-44c1-8db7-9dd5cea7fd64/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&amp;response%5Fmode=for
                                  2024-04-26 13:14:17 UTC231INData Raw: 73 25 35 46 63 63 25 32 32 25 33 41 25 37 42 25 32 32 76 61 6c 75 65 73 25 32 32 25 33 41 25 35 42 25 32 32 43 50 31 25 32 32 25 35 44 25 37 44 25 37 44 25 37 44 26 61 6d 70 3b 77 73 75 63 78 74 3d 31 26 61 6d 70 3b 63 6f 62 72 61 6e 64 69 64 3d 31 31 62 64 38 30 38 33 25 32 44 38 37 65 30 25 32 44 34 31 62 35 25 32 44 62 62 37 38 25 32 44 30 62 63 34 33 63 38 61 38 65 38 61 26 61 6d 70 3b 63 6c 69 65 6e 74 25 32 44 72 65 71 75 65 73 74 25 32 44 69 64 3d 37 61 63 62 32 32 61 31 25 32 44 31 30 62 62 25 32 44 33 30 30 30 25 32 44 33 39 30 30 25 32 44 61 30 38 64 30 37 64 64 34 32 34 36 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                  Data Ascii: s%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&amp;wsucxt=1&amp;cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&amp;client%2Drequest%2Did=7acb22a1%2D10bb%2D3000%2D3900%2Da08d07dd4246">here</a>.</h2></body></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  7192.168.2.64973313.107.213.414435660C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  2024-04-26 13:14:19 UTC633OUTGET /shared/1.0/content/js/BssoInterrupt_Core_Ggyc2EJnCaHFrI6xkBPLcg2.js HTTP/1.1
                                  Host: aadcdn.msauth.net
                                  Connection: keep-alive
                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                  Origin: https://login.microsoftonline.com
                                  sec-ch-ua-mobile: ?0
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  sec-ch-ua-platform: "Windows"
                                  Accept: */*
                                  Sec-Fetch-Site: cross-site
                                  Sec-Fetch-Mode: cors
                                  Sec-Fetch-Dest: script
                                  Referer: https://login.microsoftonline.com/
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-US,en;q=0.9
                                  2024-04-26 13:14:19 UTC797INHTTP/1.1 200 OK
                                  Date: Fri, 26 Apr 2024 13:14:19 GMT
                                  Content-Type: application/x-javascript
                                  Content-Length: 49609
                                  Connection: close
                                  Cache-Control: public, max-age=31536000
                                  Content-Encoding: gzip
                                  Last-Modified: Mon, 01 Apr 2024 18:07:19 GMT
                                  ETag: 0x8DC527692402A16
                                  x-ms-request-id: a0729d24-b01e-0049-7ad8-97459c000000
                                  x-ms-version: 2009-09-19
                                  x-ms-lease-status: unlocked
                                  x-ms-blob-type: BlockBlob
                                  Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                  Access-Control-Allow-Origin: *
                                  x-azure-ref: 20240426T131419Z-1865489d5f47spgmg1tk1770cg0000000b8000000000mskb
                                  x-fd-int-roxy-purgeid: 4554691
                                  X-Cache: TCP_HIT
                                  Accept-Ranges: bytes
                                  2024-04-26 13:14:19 UTC15587INData Raw: 1f 8b 08 00 00 00 00 00 04 00 e4 bd eb 5b e3 38 d2 38 fa fd fd 2b 82 77 0f 13 4f 4c c8 05 68 70 70 e7 97 06 ba 9b 19 20 0c 81 e9 99 05 96 c7 89 15 70 77 b0 b3 b6 c3 65 20 e7 6f 3f 75 91 6c d9 71 e8 9e 7d cf 73 be 9c b9 04 5b 2a c9 52 a9 aa 54 55 2a 49 eb 3f af fc 4f e5 e7 ca da 8f ff 53 19 9c f7 ce ce 2b fd 8f 95 f3 cf 87 67 fb 95 53 78 fb b3 72 d2 3f 3f dc 3b f8 f1 7a f0 a3 f8 ff f9 9d 1f 57 c6 fe 44 54 e0 ef d0 8d 85 57 09 83 4a 18 55 fc 60 14 46 d3 30 72 13 11 57 ee e1 37 f2 dd 49 65 1c 85 f7 95 e4 4e 54 a6 51 f8 55 8c 92 b8 32 f1 e3 04 0a 0d c5 24 7c ac 54 a1 ba c8 ab 9c ba 51 f2 5c 39 3c 35 eb 50 bf 80 da fc 5b 3f 80 d2 a3 70 fa 0c cf 77 49 25 08 13 7f 24 2a 6e e0 51 6d 13 78 09 62 51 99 05 9e 88 2a 8f 77 fe e8 ae 72 ec 8f a2 30 0e c7 49 25 12 23 e1
                                  Data Ascii: [88+wOLhpp pwe o?ulq}s[*RTU*I?OS+gSxr??;zWDTWJU`F0rW7IeNTQU2$|TQ\9<5P[?pwI%$*nQmxbQ*wr0I%#
                                  2024-04-26 13:14:19 UTC16384INData Raw: e8 c1 13 9e 56 01 b0 7d 30 34 bf 32 a5 e6 0e cc 14 97 06 1d d7 63 5c 57 4b 0e 5c 14 1d bc 10 11 10 01 36 45 38 e6 b3 c8 e8 a4 7a ed 64 b2 f4 5b 15 79 40 6b 25 52 5f b2 2b 46 0d 4f 35 8c 85 d2 3f b4 8f 98 2f f2 1c a8 b9 69 35 e8 ea 01 40 4b e9 7d 72 0b 87 bb 69 d7 85 45 5a 8d a1 e5 e3 cd 07 e9 2d 71 55 d3 ac a3 60 a4 8c 65 8d 08 f1 74 7e 13 2f eb 31 cd 37 70 bb 69 5a 74 b2 49 03 0f 0d c7 b3 be 2c 97 31 9e 9d 14 99 a2 0d cf 0d c7 63 4f 66 8e 8f a7 b0 90 fe 4e c7 1b f3 71 fa 7c e4 bb 35 a2 6b e6 eb 63 26 7d 36 b9 51 fd b8 47 a7 24 e6 f8 9c 06 d2 82 8e 90 b1 f8 04 a8 ec 83 9e 76 d8 66 fe ee ba 89 3a ab 6b 72 29 ae e5 21 8a 13 cb 8d 6e e9 f4 ab 18 fa a9 6e 31 3c 0a 5d b9 30 0c 82 7c 84 f7 0a 32 f6 9d c5 63 a1 10 db 6e 35 77 f0 cb 68 75 75 65 d2 4d ea 82 ce 3e
                                  Data Ascii: V}042c\WK\6E8zd[y@k%R_+FO5?/i5@K}riEZ-qU`et~/17piZtI,1cOfNq|5kc&}6QG$vf:kr)!nn1<]0|2cn5whuueM>
                                  2024-04-26 13:14:20 UTC16384INData Raw: 3b 5a 35 d2 2d 24 be c1 ba 94 ea 78 c0 e0 b6 8a 79 cb 8c a3 13 bf 75 18 d5 0f fa 52 85 d6 65 ac 67 bd 66 c1 72 ac 33 6d ea 5c 99 d3 86 6e a9 fd 34 e0 24 b4 0d 56 b1 61 56 94 05 d2 f1 9b 06 fa d6 bf d6 69 91 4c 39 d2 41 ff 70 ed 5f 9e 7b 62 8a b5 a6 25 e9 d1 0b 70 ce e7 df 62 38 15 3b ca e4 ee 9c 4a 8c 8d 75 83 64 61 21 ff 41 e2 3a ef 4a a2 2b ea 0b fe 60 b6 06 9f 3f 78 f2 e2 a9 22 5c c8 13 05 82 07 0a 0f d2 58 35 2d 9b 5d 33 49 a6 75 88 1d 4a a8 5d d0 91 c9 92 d8 75 bd 2d 40 98 0c 2c 7d 37 df ea 30 eb 07 fc 9e f3 d1 b4 2e 22 b1 05 92 34 42 d5 f3 b9 c0 0e 0f b3 4e 52 83 ba 21 dc 0e 74 4c a7 cf d4 5f 67 54 b5 88 13 b0 09 91 a9 66 7d fa b8 2f 22 96 91 2f 2c e0 87 f1 3a eb e9 9d a1 6b f8 9c 22 33 ae 7e e3 d9 9c 29 b5 9c be 2d b1 31 ab fb 27 31 02 2a a1 52 e3
                                  Data Ascii: ;Z5-$xyuRegfr3m\n4$VaViL9Ap_{b%pb8;Juda!A:J+`?x"\X5-]3IuJ]u-@,}70."4BNR!tL_gTf}/"/,:k"3~)-1'1*R
                                  2024-04-26 13:14:20 UTC1254INData Raw: 44 5c 72 89 1b 13 34 2d b6 c9 f8 ec c4 eb 35 dd 6e df d6 74 e5 f0 f6 d6 8d 7a 8e f2 ee 3d 00 ef 71 5f 1c 1c a0 cd c1 e1 45 84 d1 51 5e eb 62 40 3f 44 c2 52 95 a3 0e ce a3 87 e1 6b 77 23 43 14 f4 ae 3b 33 61 81 49 89 a4 07 65 bb 55 23 f7 84 ce 9d c3 ba 2b 4f 5c c9 30 a1 9c dc 39 31 69 78 33 5e a4 45 59 71 6c d7 24 9b 78 e0 3d 63 51 c7 83 a8 dc bf ef ac 56 d9 2c 5b 25 f9 f2 fc 32 9d 9f 27 e7 97 b3 cb d9 87 ab 8b 25 b5 25 5f a5 1f 52 87 9d ed f1 12 dc 80 e8 02 f9 6d c4 71 4d 22 f6 32 af fd 1d f6 dd 51 e0 fb f6 ac 38 2f 73 e3 98 d3 70 d2 51 ee 8e ec b9 0d 57 c3 b1 a3 34 bb c6 99 c5 f6 35 72 1d b3 60 c7 70 a6 4b da 73 f0 ae ac 27 60 60 ca 72 5e b5 41 8a 45 9a 34 a2 88 cf ac 95 f7 6f 3a 8a 53 f1 e5 d4 6d b6 e2 af c6 cb 49 ef 0e f4 71 01 b0 30 7f b0 50 c9 6b 21
                                  Data Ascii: D\r4-5ntz=q_EQ^b@?DRkw#C;3aIeU#+O\091ix3^EYql$x=cQV,[%2'%%_RmqM"2Q8/spQW45r`pKs'``r^AE4o:SmIq0Pk!


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  8192.168.2.64973813.107.213.414435660C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  2024-04-26 13:14:25 UTC658OUTGET /ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css HTTP/1.1
                                  Host: aadcdn.msauth.net
                                  Connection: keep-alive
                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                  Origin: https://login.microsoftonline.com
                                  sec-ch-ua-mobile: ?0
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  sec-ch-ua-platform: "Windows"
                                  Accept: text/css,*/*;q=0.1
                                  Sec-Fetch-Site: cross-site
                                  Sec-Fetch-Mode: cors
                                  Sec-Fetch-Dest: style
                                  Referer: https://login.microsoftonline.com/
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-US,en;q=0.9
                                  2024-04-26 13:14:26 UTC775INHTTP/1.1 200 OK
                                  Date: Fri, 26 Apr 2024 13:14:25 GMT
                                  Content-Type: text/css
                                  Content-Length: 20314
                                  Connection: close
                                  Cache-Control: public, max-age=31536000
                                  Content-Encoding: gzip
                                  Last-Modified: Wed, 27 Dec 2023 18:18:12 GMT
                                  ETag: 0x8DC07082FBB8D2B
                                  x-ms-request-id: d2ede606-801e-0006-2061-971f92000000
                                  x-ms-version: 2009-09-19
                                  x-ms-lease-status: unlocked
                                  x-ms-blob-type: BlockBlob
                                  Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                  Access-Control-Allow-Origin: *
                                  x-azure-ref: 20240426T131425Z-1865489d5f47qbmbt8czrx60cn0000000bgg00000000g6gm
                                  x-fd-int-roxy-purgeid: 0
                                  X-Cache: TCP_HIT
                                  Accept-Ranges: bytes
                                  2024-04-26 13:14:26 UTC15609INData Raw: 1f 8b 08 00 00 00 00 00 04 00 ed 7d 6b 73 e3 36 b2 e8 f7 f9 15 5c a7 52 3b ce 4a 8c 48 3d 2d 57 52 3b 99 cc 26 3e 67 5e 35 33 d9 47 a5 52 5b b4 44 59 3c 43 89 ba 24 65 8f 57 47 ff fd e2 8d 06 d0 20 29 8f b3 d9 7b 2b 27 67 13 0b dd 6c 00 dd 8d 06 1a e8 06 be fe ea 0f c1 f3 62 77 5f 66 37 eb 3a 78 fa fc 3c 78 95 2d ca a2 2a 56 35 29 2f 77 45 99 d4 59 b1 0d 83 67 79 1e 30 a4 2a 28 d3 2a 2d 6f d3 65 18 7c f5 f5 d7 5f fd e1 49 bf fb ff 05 ef 3f 3c 7b f7 21 78 f3 97 e0 c3 8f 57 ef be 0f de 92 5f ff 08 5e bf f9 70 f5 fc 45 d0 99 ca 93 27 1f d6 59 15 ac b2 3c 0d c8 7f af 93 2a 5d 06 c5 36 28 ca 20 db 2e 44 ab d3 2a d8 90 7f 97 59 92 07 ab b2 d8 04 f5 3a 0d 76 65 f1 3f e9 82 f4 21 cf aa 9a 7c 74 9d e6 c5 5d f0 94 90 2b 97 c1 db a4 ac ef 83 ab b7 e7 61 f0 81 e0 16
                                  Data Ascii: }ks6\R;JH=-WR;&>g^53GR[DY<C$eWG ){+'glbw_f7:x<x-*V5)/wEYgy0*(*-oe|_I?<{!xW_^pE'Y<*]6( .D*Y:ve?!|t]+a
                                  2024-04-26 13:14:26 UTC4705INData Raw: 7d df b0 68 ac ab 2c aa b1 88 da cb c6 22 89 f4 a2 b1 42 53 1e da 58 e7 55 1e b5 fb a5 96 31 c6 85 9c 5c 95 58 0f 77 34 04 a7 bc ef e9 bc 62 55 e4 cb 9d 46 11 60 f2 34 8a 20 ba 0a e1 1d 2d b3 ba 41 d4 6a 33 50 25 58 6c a8 15 02 68 eb 56 83 ba b5 a0 21 5d f4 aa e1 60 30 5e 26 13 b7 4f 5a e3 0c 32 50 fb 10 40 6b 9f fc 5a d9 82 86 f5 c9 a7 ad bc 4f 0f 53 c6 3e 8f 75 ef 81 fb bb e5 60 13 bf d0 d1 86 c0 d4 70 43 60 72 bc 81 ca 0c ee 7b ca cd 06 61 90 56 01 34 34 b4 0d 0f 13 81 b8 e1 dc 70 52 d0 d3 64 f3 b6 df 8a 2c 1c d2 a7 e1 c5 ec 1c b9 2b 18 00 b1 42 22 26 de 7d 9d 59 8d 1f 8e 83 89 00 6e 65 8f 64 aa a2 fc c3 d8 65 70 5f b6 f7 9c 65 7e ea 83 9d 2c f7 31 10 e4 08 df ce 47 c4 df 33 f4 3c 40 c9 2e 2b 17 af 8a ce 37 c9 36 db ed 73 c6 5e f7 a6 5d 71 27 8b f1 12
                                  Data Ascii: }h,"BSXU1\Xw4bUF`4 -Aj3P%XlhV!]`0^&OZ2P@kZOS>u`pC`r{aV44pRd,+B"&}Ynedep_e~,1G3<@.+76s^]q'


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  9192.168.2.64973913.107.213.414435660C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  2024-04-26 13:14:25 UTC635OUTGET /shared/1.0/content/js/ConvergedLogin_PCore_4aBF4cdky--I3Cpch7JoPw2.js HTTP/1.1
                                  Host: aadcdn.msauth.net
                                  Connection: keep-alive
                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                  Origin: https://login.microsoftonline.com
                                  sec-ch-ua-mobile: ?0
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  sec-ch-ua-platform: "Windows"
                                  Accept: */*
                                  Sec-Fetch-Site: cross-site
                                  Sec-Fetch-Mode: cors
                                  Sec-Fetch-Dest: script
                                  Referer: https://login.microsoftonline.com/
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-US,en;q=0.9
                                  2024-04-26 13:14:26 UTC813INHTTP/1.1 200 OK
                                  Date: Fri, 26 Apr 2024 13:14:25 GMT
                                  Content-Type: application/x-javascript
                                  Content-Length: 121259
                                  Connection: close
                                  Cache-Control: public, max-age=31536000
                                  Content-Encoding: gzip
                                  Last-Modified: Fri, 05 Apr 2024 02:22:39 GMT
                                  ETag: 0x8DC55174443A770
                                  x-ms-request-id: be0f51ae-a01e-0028-1477-972cbc000000
                                  x-ms-version: 2009-09-19
                                  x-ms-lease-status: unlocked
                                  x-ms-blob-type: BlockBlob
                                  Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                  Access-Control-Allow-Origin: *
                                  x-azure-ref: 20240426T131425Z-1865489d5f46s4qnhr87brpyc40000000a3g00000000mu37
                                  x-fd-int-roxy-purgeid: 0
                                  X-Cache-Info: L1_T2
                                  X-Cache: TCP_HIT
                                  Accept-Ranges: bytes
                                  2024-04-26 13:14:26 UTC15571INData Raw: 1f 8b 08 00 00 00 00 00 04 00 e4 bd fb 7b e3 38 8e 00 f8 fb fd 15 8e 66 2e 63 77 14 97 e5 57 6c a5 d5 59 e7 55 95 ed 24 ce c4 49 77 ef a6 32 f9 64 89 76 d4 91 25 af 24 e7 31 8e f7 6f 3f 00 24 25 4a 96 53 55 b3 7b 77 df 7d d7 bb 53 b1 48 f0 05 82 20 00 82 e0 a7 9f b6 fe 8f ca 4f 95 dd ef ff af 32 ba 19 5c df 54 86 a7 95 9b 2f 67 d7 c7 95 2b f8 fa 8f ca e5 f0 e6 ec e8 e4 fb eb c1 46 f1 7f 37 8f 5e 5c 99 78 3e ab c0 df b1 1d 33 b7 12 06 95 30 aa 78 81 13 46 f3 30 b2 13 16 57 66 f0 6f e4 d9 7e 65 12 85 b3 4a f2 c8 2a f3 28 fc 93 39 49 5c f1 bd 38 81 42 63 e6 87 2f 95 2a 54 17 b9 95 2b 3b 4a de 2a 67 57 b5 3a d4 cf a0 36 6f ea 05 50 da 09 e7 6f f0 fb 31 a9 04 61 e2 39 ac 62 07 2e d5 e6 c3 47 10 b3 ca 22 70 59 54 79 79 f4 9c c7 ca 85 e7 44 61 1c 4e 92 4a c4 1c
                                  Data Ascii: {8f.cwWlYU$Iw2dv%$1o?$%JSU{w}SH O2\T/g+F7^\x>30xF0Wfo~eJ*(9I\8Bc/*T+;J*gW:6oPo1a9b.G"pYTyyDaNJ
                                  2024-04-26 13:14:26 UTC16384INData Raw: 04 02 06 06 dc f5 70 00 bb 0e 56 15 fa 9a be 7c f6 d8 0b da 06 7d 73 c9 57 d2 6f 69 42 d9 ea f6 d6 79 26 ea 79 22 68 03 22 26 2e bd 7c c0 55 93 00 f2 d1 e9 78 95 dd 31 40 46 83 33 9d 90 a3 26 5a 0e 81 d6 64 7d 66 52 6d b5 fb 35 1d 3d d3 1f a3 30 c0 17 71 b7 42 55 f9 f0 2e ec 57 ba d7 02 1b c3 af 01 7f 7c 9e 1c d9 53 8a 8f df df 25 6d d5 cb ef cd 54 7f b4 46 58 77 8a 0d 30 ce 53 3a ac cd 3a 45 ef 88 f9 c3 17 24 9b 69 7f f9 ef bf 5c 30 94 99 50 96 7a 38 1f c1 37 8f 16 c6 5c 6b 29 c2 54 f1 37 82 21 67 ce 9f 21 e5 07 19 08 89 11 a4 84 fe 80 f9 69 f8 81 ec 59 03 51 a5 7c c1 34 0f 26 12 0b 4d 53 40 0b ce 8c b0 0b 97 61 82 41 f2 48 d7 a2 10 52 f4 f3 ea f7 63 d3 c0 bb ec 8f 18 69 03 1f d5 e5 f1 c8 a4 4d 41 86 0d c1 98 1b 59 e0 10 92 1a 2f 60 cf 1d f8 9e 1d 53 c8
                                  Data Ascii: pV|}sWoiBy&y"h"&.|Ux1@F3&Zd}fRm5=0qBU.W|S%mTFXw0S::E$i\0Pz87\k)T7!g!iYQ|4&MS@aAHRciMAY/`S
                                  2024-04-26 13:14:26 UTC16384INData Raw: 5e 7b b9 59 8a 01 9c fd ed 38 c0 b7 b6 f8 3c 0e 30 9d 95 1c aa 27 81 0a fa 22 a9 ef 10 39 b6 ea f7 ba 78 e9 27 a5 a8 2f e1 ca 4b 2c 52 1f ec 29 3c 5b de f0 97 57 5e 6e 9c 43 11 12 71 84 0f 64 ba 9d 44 a3 b6 a3 7e ed 32 57 8e bc 86 72 78 6c 78 7c 00 ae 7d 19 0b 14 ec 2a 1e 43 db 79 ae 84 f3 04 f1 be 52 15 0a 11 6a 93 49 57 e7 e8 f9 7c 6d 6d 0d 7d 9f 4b 24 07 55 43 90 ed 87 13 05 f4 a3 1a aa 7a 5c 41 66 88 cd 1d 95 51 93 d4 46 72 fa 21 7b 05 85 12 92 ec 52 5e 5e 07 8c 98 7c 46 c1 19 fc 93 5f 01 9a 43 41 8a a4 57 58 1d 95 fc 03 0b ee 00 e9 49 c9 13 b1 bc 27 14 76 02 f1 f0 0c 65 57 da fd 0e 20 3c 90 84 0a 0f 31 3b 7e ed 71 ab 80 e0 c0 5f ed 75 bd 98 d8 15 5d 12 e4 b6 a1 40 14 05 9d 49 fd 88 dd 85 79 19 0a 04 c8 91 c9 5c 93 6d 7d 51 d3 c9 40 cd 82 06 e5 f6 82
                                  Data Ascii: ^{Y8<0'"9x'/K,R)<[W^nCqdD~2Wrxlx|}*CyRjIW|mm}K$UCz\AfQFr!{R^^|F_CAWXI'veW <1;~q_u]@Iy\m}Q@
                                  2024-04-26 13:14:26 UTC16384INData Raw: 8f 01 05 23 f7 77 93 0c 1e 65 80 76 93 fc 1e 00 92 42 5e b0 27 00 c0 a8 8f 33 f3 b9 46 e5 48 8a df a7 d1 28 ce ef b7 59 7b 15 f6 31 1a dd 45 f7 99 83 c6 9a 78 28 01 07 61 0e f9 76 f8 a0 55 a6 da 2d bf 97 a6 48 8d c2 2f 3e 32 f0 83 d1 c1 76 8b ec 1a 29 c0 3c 2d 3c dd ac 13 ba 59 71 bf 62 8e 48 f2 df 41 14 4a 43 cc 51 5f b9 c3 b9 e9 87 39 ff da a3 23 46 3f 87 3d b6 f1 fc b1 c7 40 eb 38 d8 67 85 52 47 7a c7 75 b8 5c e6 55 b3 f0 0c e2 cb bb 97 b1 2c 63 20 cb 8e 88 18 88 fb 26 ef df 04 ad 72 0c ca 90 74 d8 63 44 08 79 1b ae 1c 8c 1a 9c 57 0c b8 a9 66 a1 bc f7 c0 1c d5 0c f5 fc e4 54 d4 d4 24 68 2b 0d 66 64 b1 b9 55 1d 61 2a 58 5a 6b 93 b1 f5 3a fe f6 a8 b5 13 73 36 c4 93 e4 81 fb 77 9e 7f 17 fc ce 1f 52 0e 72 17 3e fc 6e 03 71 11 9c 86 0f d2 fe ed ec 1c c3 8b
                                  Data Ascii: #wevB^'3FH(Y{1Ex(avU-H/>2v)<-<YqbHAJCQ_9#F?=@8gRGzu\U,c &rtcDyWfT$h+fdUa*XZk:s6wRr>nq
                                  2024-04-26 13:14:26 UTC16384INData Raw: c9 28 ab a1 80 7d e5 be 1d 49 5a b6 b5 ef 36 48 bb 63 29 bd 5d 43 e8 c0 d7 f7 e7 c2 2e 82 24 5f f7 61 8d 51 98 1c 2a fb f1 37 aa 98 c3 d6 42 a7 e7 44 01 55 1e a3 96 a6 d9 72 39 54 0d 67 cc 16 11 72 61 47 6e a9 f7 2f 34 8e 75 83 41 62 fe 4c a1 1b b5 f1 de 35 ac 51 06 49 01 d4 ac 22 f3 46 4a 85 08 9c 04 61 b0 3e 60 c4 e9 e4 65 29 69 78 e3 d3 f0 cc 1d ac ad 85 92 c8 0f a6 81 82 84 d8 ec 8c ee 65 80 59 cc 95 d1 35 20 91 46 f4 f6 f7 79 1f 87 12 64 1c 3e 5c 89 c3 96 eb 5c 5d a7 0a b0 82 16 ca 06 16 0d 2a 65 5e 7e 91 ac 21 69 91 b8 6a 8c 1e b7 61 98 1d 2b e2 0f 03 41 b1 47 fd 35 11 ca b9 fa 19 7e 21 5e 82 f6 c4 c4 44 fb d0 79 ac fb ec 5d 07 17 cf 27 0f 0f 1b 1e 7d 6a ed 62 6d 63 a0 7b 98 bd 0c 26 6c f6 c0 8d 28 28 bc 99 08 b5 00 12 06 38 c7 d4 21 91 7a ed 1a 7c
                                  Data Ascii: (}IZ6Hc)]C.$_aQ*7BDUr9TgraGn/4uAbL5QI"FJa>`e)ixeY5 Fyd>\\]*e^~!ija+AG5~!^Dy]'}jbmc{&l((8!z|
                                  2024-04-26 13:14:26 UTC16384INData Raw: d2 89 ec 14 c6 71 90 c5 2c 10 b6 c5 64 0c a1 b5 17 51 e8 d8 49 1a c5 7e e0 d9 16 67 96 07 dd 24 06 a6 67 2e 3a 13 22 4e b9 73 cb 7d 82 d5 6e 0c ea d9 91 1f 4a 28 29 42 84 10 bd 29 34 59 91 49 cb 71 33 c8 8f cc 8f f8 7e 3a 4b 3c 1b aa 5e ec 0a 88 73 a8 c7 2e 70 1b 4c 50 30 61 b9 01 0b 63 77 3f eb 64 34 23 cb 0f 33 61 45 71 04 25 c5 b1 53 c9 5c 11 3b 99 6b 5b 8e c3 3d 58 06 fb e9 2c b1 21 16 dc 14 aa 44 c8 05 38 b8 25 18 83 25 e0 07 a4 b2 40 4f be dd 36 cb 6a 37 46 33 8a 63 d8 a3 2e 4c 98 48 78 31 73 1d c1 63 c9 a5 6b 65 41 40 42 72 3f f4 e4 25 16 68 34 62 69 e6 63 4d 2c 1f 82 c9 e1 2c f6 3c d2 9e 03 08 f6 fd 4c 9d d1 8c 52 1f e4 93 49 2f b2 c0 c6 dd d0 b2 bd c8 66 98 4d b0 58 61 59 ce 5e 38 b9 e3 27 8e 23 20 f3 32 32 0b 6d 2b 86 24 77 98 b0 3d 3b 82 7c 8f
                                  Data Ascii: q,dQI~g$g.:"Ns}nJ()B)4YIq3~:K<^s.pLP0acw?d4#3aEq%S\;k[=X,!D8%%@O6j7F3c.LHx1sckeA@Br?%h4bicM,,<LRI/fMXaY^8'# 22m+$w=;|
                                  2024-04-26 13:14:26 UTC16384INData Raw: 18 6c 2c f6 9b ef 1f 7c 0d 88 f3 e2 8c 6e 09 ca 4b 76 9e e6 a7 97 6d 74 b9 be 6d 45 8d 1c 88 56 2b 7f 92 3d 82 69 c1 d7 75 71 f3 72 a3 b1 f4 1b c5 24 ff 7b ee 78 7d f7 9e 81 d1 d1 65 7b 5f d0 49 30 7d cf 88 93 51 2f 5f 18 93 bf 90 56 f9 bb 05 b3 dc 6e 51 41 0e bb 72 21 68 39 5f 3f 0f da 21 38 9a 99 f6 2b 2b a7 19 15 8d 6f cb 09 dc 66 f7 dc 46 1f dd 1f 3f bb b6 8e fa f9 fa 2f 54 6a e6 35 cb a8 b3 c4 17 df 7f 11 b2 7c bb 28 2e 4e ca e2 e9 af 92 5f 2e 56 bc 42 eb 9f 3f df 8e ce d8 bc a9 19 fd f5 0b f1 ff 2f 42 dd a6 f1 db d1 b5 01 fb 4b 53 f4 57 85 9f cd b2 d5 9d 27 1b db aa be ff 11 31 e2 e4 42 4a 91 5e 9e 5f ec 5d 9c b7 30 a7 34 dd 7c 85 f2 fc 0f 8f 77 7b 94 90 ff f1 5a ed 70 c8 e6 0f 60 c3 fe 06 91 3f 5f 85 99 f2 2a 9f ca f2 26 d2 6e 41 15 be 32 37 f9 6f
                                  Data Ascii: l,|nKvmtmEV+=iuqr${x}e{_I0}Q/_VnQAr!h9_?!8++ofF?/Tj5|(.N_.VB?/BKSW'1BJ^_]04|w{Zp`?_*&nA27o
                                  2024-04-26 13:14:26 UTC7384INData Raw: fc 2d 85 d6 bf 02 d1 ef ff 5d a3 67 31 c7 c1 fe e1 e0 88 7d 4b 51 0e 9b 95 b7 d0 3b 2d 42 59 54 73 07 dc 89 88 c3 c1 d3 14 f5 f1 f0 18 06 b4 7f bf c1 2d ae 97 78 e0 be 4f b4 b0 34 28 ed ba c4 41 83 fd 4b a2 cd fd 28 d8 9f 11 2d a5 ec 6b ff 86 68 3e e7 51 fb 1f a1 7e 95 71 ed bf 03 f4 57 b9 d6 fe 29 d4 bf a6 2b f1 d0 9d cf d1 74 b5 1f 6b 21 13 9e f2 27 d9 dd 53 84 fd b2 17 f5 07 18 c7 98 0f b9 c7 06 1b f7 fb 03 d8 00 e3 5e 16 6b 6e dc bf cb 67 3c 93 07 8f e3 04 ea d9 f9 0d 66 87 a0 f0 0c eb 60 81 4c 01 67 00 26 8c 4c 6b 4f 31 d3 d5 57 0e dd fe 8e ae a1 44 40 b3 2c 90 c1 7b fe 15 36 6a e4 3d fc e9 8b fc c7 ed 2d 19 70 64 bd 82 cd fa 7a f1 77 72 73 57 40 e6 c6 dc 83 82 43 45 81 42 b8 68 f0 db 7e fa 39 ca fc cb 1e ff 39 c0 1b 7c fd af be 9b 92 ce c7 c1 01 4c
                                  Data Ascii: -]g1}KQ;-BYTs-xO4(AK(-kh>Q~qW)+tk!'S^kng<f`Lg&LkO1WD@,{6j=-pdzwrsW@CEBh~99|L


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  10192.168.2.64973713.107.213.414435660C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  2024-04-26 13:14:25 UTC654OUTGET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_0lriinjhzchre9aqecvmpg2.js HTTP/1.1
                                  Host: aadcdn.msauth.net
                                  Connection: keep-alive
                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                  Origin: https://login.microsoftonline.com
                                  sec-ch-ua-mobile: ?0
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  sec-ch-ua-platform: "Windows"
                                  Accept: */*
                                  Sec-Fetch-Site: cross-site
                                  Sec-Fetch-Mode: cors
                                  Sec-Fetch-Dest: script
                                  Referer: https://login.microsoftonline.com/
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-US,en;q=0.9
                                  2024-04-26 13:14:26 UTC797INHTTP/1.1 200 OK
                                  Date: Fri, 26 Apr 2024 13:14:25 GMT
                                  Content-Type: application/x-javascript
                                  Content-Length: 15776
                                  Connection: close
                                  Cache-Control: public, max-age=31536000
                                  Content-Encoding: gzip
                                  Last-Modified: Tue, 02 Apr 2024 21:29:16 GMT
                                  ETag: 0x8DC535BF32A6F5D
                                  x-ms-request-id: 4409eab4-901e-005b-58bf-97a3ba000000
                                  x-ms-version: 2009-09-19
                                  x-ms-lease-status: unlocked
                                  x-ms-blob-type: BlockBlob
                                  Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                  Access-Control-Allow-Origin: *
                                  x-azure-ref: 20240426T131425Z-1865489d5f49lr4x8x178u34an0000000940000000001mpp
                                  x-fd-int-roxy-purgeid: 4554691
                                  X-Cache: TCP_HIT
                                  Accept-Ranges: bytes
                                  2024-04-26 13:14:26 UTC15587INData Raw: 1f 8b 08 00 00 00 00 00 04 00 dd 7d 4d 73 23 47 b2 d8 dd bf 02 8b 75 68 86 4f 3d 10 3e f8 89 11 34 06 01 70 06 4f 24 00 01 e0 50 0a 49 46 34 81 22 d8 4b a0 1b af bb 31 1c 2e 35 8e bd f9 f0 0e be da 37 1f 7c f2 d1 17 df fd 53 36 e2 f9 77 38 3f aa aa ab ba 1b 00 39 d2 d3 ee b3 42 c1 41 77 55 65 65 65 65 65 65 66 65 65 ff e1 66 ed 4f 63 2f f0 5f 8a bd 47 f5 bb 10 bc f4 f7 1e bd 9b 97 de 8f fe cf 7b a1 88 d7 a1 5f c0 df 25 f1 71 15 84 71 f4 fa 83 1b 16 e2 06 be 6a 3c ca 77 f5 c7 4f 8e 37 ab fb ce 22 70 67 62 56 ff 43 e5 d3 6b d9 54 60 d3 a9 bb 58 bc 8c 15 04 27 76 92 df c1 1e 3c 70 b3 c6 1f ca 49 c1 27 ec c6 6b 3c 6a 40 41 69 d9 10 4e 50 9a 36 3c f8 bb 6a 14 8b 4e f0 b2 bc f7 e9 e5 8f c9 30 9c c0 f1 00 f9 97 d5 3d c2 d2 6f 78 2f 2b 00 1f fe 39 d8 73 42 f8 e7
                                  Data Ascii: }Ms#GuhO=>4pO$PIF4"K1.57|S6w8?9BAwUeeeeeefeefOc/_G{_%qqj<wO7"pgbVCkT`X'v<pI'k<j@AiNP6<jN0=ox/+9sB
                                  2024-04-26 13:14:26 UTC189INData Raw: 68 eb c1 2f c7 3d 42 39 4a 78 bc 4f 4b 2b 91 9c 07 b0 2f 4c 81 26 9d 0f 74 e6 0c f3 4f bf 26 4a f4 f1 15 55 c5 13 28 b5 26 81 7f 1e b8 78 67 08 34 d4 bc ca ca 3e b2 2b a3 83 8b 34 3c 10 46 7e fc 84 4e 30 23 1e 2b 07 60 c6 88 fd 67 b5 d5 d6 01 65 7b c3 db cf 3b 7b 4f 61 6d dd 36 45 00 78 99 5d 5d 1f 7a 0f 82 51 64 da cf b9 f7 6e 44 41 58 da 92 af ec a3 26 bf a5 a5 85 7b 72 df 77 7f 67 97 56 43 9e 4d 69 cb 63 db ca 0e 74 8d e1 26 e3 dc 2f 57 77 8e d3 68 98 ea b4 fa 9c 4e bf bd 18 75 b9 51 f5 d3 a7 9f f7 1c ce 0c 5a 9a 4c 1a 7f 28 bf fe 7f 60 2d 23 9e fd d6 00 00
                                  Data Ascii: h/=B9JxOK+/L&tO&JU(&xg4>+4<F~N0#+`ge{;{Oam6Ex]]zQdnDAX&{rwgVCMict&/WwhNuQZL(`-#


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  11192.168.2.64974213.107.213.414435660C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  2024-04-26 13:14:26 UTC649OUTGET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1
                                  Host: aadcdn.msauth.net
                                  Connection: keep-alive
                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                  sec-ch-ua-mobile: ?0
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  sec-ch-ua-platform: "Windows"
                                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                  Sec-Fetch-Site: cross-site
                                  Sec-Fetch-Mode: no-cors
                                  Sec-Fetch-Dest: image
                                  Referer: https://login.microsoftonline.com/
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-US,en;q=0.9
                                  2024-04-26 13:14:27 UTC744INHTTP/1.1 200 OK
                                  Date: Fri, 26 Apr 2024 13:14:27 GMT
                                  Content-Type: image/x-icon
                                  Content-Length: 17174
                                  Connection: close
                                  Cache-Control: public, max-age=31536000
                                  Last-Modified: Sun, 18 Oct 2020 03:02:03 GMT
                                  ETag: 0x8D8731230C851A6
                                  x-ms-request-id: 4c1d850d-d01e-000b-3007-94c089000000
                                  x-ms-version: 2009-09-19
                                  x-ms-lease-status: unlocked
                                  x-ms-blob-type: BlockBlob
                                  Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                  Access-Control-Allow-Origin: *
                                  x-azure-ref: 20240426T131427Z-17644f8887ffzxh64y0yfwy56c00000007x0000000001ptc
                                  x-fd-int-roxy-purgeid: 4554691
                                  X-Cache: TCP_HIT
                                  Accept-Ranges: bytes
                                  2024-04-26 13:14:27 UTC15640INData Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33
                                  Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
                                  2024-04-26 13:14:27 UTC1534INData Raw: 01 80 00 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 bc 7b 00 1f 4c f9 00 22 50 f2 00 f7 a6 00 00 00 ba 7f 00 f3 a6 00 00 1e 4e f6 00 23 4e f4 00 f3 a4 00 00 00 bc 7d 00 00 ba 7d 00 00 00 00 00 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22
                                  Data Ascii: ( @{L"PN#N}}"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  12192.168.2.64974313.107.213.414435660C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  2024-04-26 13:14:26 UTC618OUTGET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_8e14dcf0e3ff5580d170.js HTTP/1.1
                                  Host: aadcdn.msauth.net
                                  Connection: keep-alive
                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                  sec-ch-ua-mobile: ?0
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  sec-ch-ua-platform: "Windows"
                                  Accept: */*
                                  Sec-Fetch-Site: cross-site
                                  Sec-Fetch-Mode: no-cors
                                  Sec-Fetch-Dest: script
                                  Referer: https://login.microsoftonline.com/
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-US,en;q=0.9
                                  2024-04-26 13:14:27 UTC791INHTTP/1.1 200 OK
                                  Date: Fri, 26 Apr 2024 13:14:27 GMT
                                  Content-Type: application/x-javascript
                                  Content-Length: 54318
                                  Connection: close
                                  Cache-Control: public, max-age=31536000
                                  Content-Encoding: gzip
                                  Last-Modified: Thu, 28 Mar 2024 21:22:21 GMT
                                  ETag: 0x8DC4F6D2782F92A
                                  x-ms-request-id: dea12456-001e-0022-5f8a-9722a9000000
                                  x-ms-version: 2009-09-19
                                  x-ms-lease-status: unlocked
                                  x-ms-blob-type: BlockBlob
                                  Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                  Access-Control-Allow-Origin: *
                                  x-azure-ref: 20240426T131427Z-1865489d5f49lr4x8x178u34an00000008wg00000000quxu
                                  x-fd-int-roxy-purgeid: 0
                                  X-Cache: TCP_HIT
                                  Accept-Ranges: bytes
                                  2024-04-26 13:14:27 UTC15593INData Raw: 1f 8b 08 00 00 00 00 00 04 00 ec bd 6b 7b db 46 92 30 fa 7d 7f 05 85 67 46 06 4c 90 22 a9 8b 65 52 10 c7 76 92 79 bd 4f 12 fb d8 ce bc 67 8f cc c9 03 81 a0 84 98 02 b8 b8 d8 d6 88 dc df 7e aa aa ef 40 83 92 af c9 66 3c bb b1 88 46 a3 2f d5 dd d5 75 af bd fb 3b ff d1 b9 df e9 dd fd 7f 9d 97 af 1e bd 78 d5 79 f6 43 e7 d5 ff 79 fa e2 bb ce 73 78 fa af ce cf cf 5e 3d 7d f2 fd dd db c1 4e f1 bf 57 97 49 d1 59 24 cb b8 03 7f cf c3 22 9e 77 b2 b4 93 e5 9d 24 8d b2 7c 95 e5 61 19 17 9d 2b f8 37 4f c2 65 67 91 67 57 9d f2 32 ee ac f2 ec b7 38 2a 8b ce 32 29 4a f8 e8 3c 5e 66 ef 3a 2e 34 97 cf 3b cf c3 bc bc ee 3c 7d ee f5 a1 fd 18 5a 4b 2e 92 14 be 8e b2 d5 35 fc be 2c 3b 69 56 26 51 dc 09 d3 39 b5 b6 84 87 b4 88 3b 55 3a 8f f3 ce bb cb 24 ba ec fc 94 44 79 56 64
                                  Data Ascii: k{F0}gFL"eRvyOg~@f<F/u;xyCysx^=}NWIY$"w$|a+7OeggW28*2)J<^f:.4;<}ZK.5,;iV&Q9;U:$DyVd
                                  2024-04-26 13:14:27 UTC16384INData Raw: 21 1e 6b 84 f3 ea a9 30 85 40 d4 f4 35 13 66 96 42 33 ac 63 90 d2 34 a8 34 5c 17 c8 31 ad 89 10 98 41 cf 1d ac 27 d3 16 eb 49 66 37 39 36 6a e6 1e 9a 39 8b 9a ac 07 55 9d 9e 95 6c 10 cf 4d f8 ce 9a 65 85 4c 97 13 1d d1 d7 ac 98 f1 db 2c 33 f6 66 8b a1 ac dd 18 96 b0 03 f7 a4 33 16 ef 33 ba d0 e1 7e 36 8c c6 5b 84 cd f4 a5 66 55 60 f1 38 11 17 bf cd 37 83 48 03 66 fb 1c 93 12 8c 3b 60 a0 2e 6c 0a d4 f8 10 d5 61 43 6f 9c 6b 0e 18 cc 3d ca 17 ea c4 8d 3e d6 c7 d7 4d 8a 7f bb 0f cc 76 33 7d ab 07 4c 5e 9f b5 dd 19 21 6f 75 02 c8 95 94 19 30 30 89 65 0d ea b3 da 42 ba ef 6f 27 dd ef 4a d5 a2 3f 0c 31 19 44 cc 6e 67 32 b8 e5 b4 b9 d7 1b c4 5b dd 06 d2 9c 52 b2 65 4a 07 8d 29 19 87 5a 12 2b 79 43 d0 ea 6b b1 be 87 93 14 83 77 a7 bd 9e ee d7 3e 71 fa b8 9f 32 38
                                  Data Ascii: !k0@5fB3c44\1A'If796j9UlMeL,3f33~6[fU`87Hf;`.laCok=>Mv3}L^!ou00eBo'J?1Dng2[ReJ)Z+yCkw>q28
                                  2024-04-26 13:14:28 UTC16384INData Raw: c5 ab 6d 58 97 46 d1 83 47 47 b4 f2 e8 b8 8e 72 f4 df 6f 92 0c db 87 b9 bc 0c 54 6e 6b 6c 47 1c 71 b0 25 2e 6c 37 a9 4a 69 c3 5e 6d cb fc a6 7c 51 dc bf ac 75 a5 00 11 76 ef 72 90 d7 94 63 f9 fa 1d 1f e5 ee aa bc ba 30 92 8c 6b 0b 5a a4 a5 25 83 97 92 df fb 94 d4 99 2b d8 52 77 37 16 f3 a9 42 71 73 fe d6 ab e8 e7 1b 86 ee 6f 31 5e d2 a5 67 85 28 07 32 44 cc 29 4d cc 57 d9 17 e5 eb f0 92 ca a5 a7 ed 84 34 ba 8e df 7b 05 9d bb c0 85 9c bf 63 f1 b9 a3 6f 7e 8d 16 9e 06 64 e9 95 78 65 83 2c bd 12 4f 75 69 d3 7a ef 95 2f 4e 9a d3 11 94 69 7f 3d 28 93 6b 24 67 fc c6 fe 7d 90 fd 7f 17 db eb ba 99 80 e2 76 7b 6b ad 6d 93 2f b7 b6 fd 02 3b 5b 6a 4b 83 a9 ad 6a 8d 63 71 4b 99 7f b9 d1 ad db d3 e5 9f 36 ea bf b2 8d 3a ba ae fc 9a 36 ea d1 7a 1b f5 a2 d1 46 3d fa 32
                                  Data Ascii: mXFGGroTnklGq%.l7Ji^m|Quvrc0kZ%+Rw7Bqso1^g(2D)MW4{co~dxe,Ouiz/Ni=(k$g}v{km/;[jKjcqK6:6zF=2
                                  2024-04-26 13:14:28 UTC5957INData Raw: 70 a9 01 29 54 61 64 80 49 1d 85 a8 6b 7a be 30 70 47 23 6c 9e 34 af 86 b3 e9 c1 69 f1 e0 2f 1b 1a 76 0b 7d 16 b1 94 b7 fd c0 87 37 f0 7a 67 87 2d d1 c8 d2 0a bf e0 2e a0 06 b1 fb 67 56 7f 71 45 67 3b 0e 93 65 cc 23 17 d8 a0 b4 94 ec b9 5a 3a 66 45 f2 2a ab 76 1a cd ce 97 26 fc f3 4b 5e db 0d d6 56 21 2f 68 68 18 50 5a 54 7a e7 a7 02 d7 79 4f db 0b e8 bd 80 a7 a5 92 2c 73 bd 3f bc 7f f9 2c bb 9a 65 29 d9 fa ab 49 d1 a0 4d d2 1a be fa 85 53 fa 44 0f f9 b3 22 2e c3 79 39 e9 f4 8f 7a e7 51 11 1f 1e 08 7d 53 2c 16 2b 4b 56 b3 6a cc df 50 b7 e1 7d 7c f1 e2 d3 8c 44 03 af 71 2e 54 93 44 da 4f 69 27 a2 25 1b d7 d3 f2 2d 12 36 b8 4e d2 71 76 bd 0d 47 ec b9 b2 bd cd cc 84 ae 68 90 37 f8 a7 18 b6 7d 41 2b a5 06 60 e8 44 f4 94 21 1d e0 c0 d8 a0 20 e0 f0 55 0a ee a9
                                  Data Ascii: p)TadIkz0pG#l4i/v}7zg-.gVqEg;e#Z:fE*v&K^V!/hhPZTzyO,s?,e)IMSD".y9zQ}S,+KVjP}|Dq.TDOi'%-6NqvGh7}A+`D! U


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  13192.168.2.64974413.107.213.414435660C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  2024-04-26 13:14:27 UTC404OUTGET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1
                                  Host: aadcdn.msauth.net
                                  Connection: keep-alive
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  Accept: */*
                                  Sec-Fetch-Site: none
                                  Sec-Fetch-Mode: cors
                                  Sec-Fetch-Dest: empty
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-US,en;q=0.9
                                  2024-04-26 13:14:28 UTC744INHTTP/1.1 200 OK
                                  Date: Fri, 26 Apr 2024 13:14:28 GMT
                                  Content-Type: image/x-icon
                                  Content-Length: 17174
                                  Connection: close
                                  Cache-Control: public, max-age=31536000
                                  Last-Modified: Sun, 18 Oct 2020 03:02:03 GMT
                                  ETag: 0x8D8731230C851A6
                                  x-ms-request-id: 4c1d850d-d01e-000b-3007-94c089000000
                                  x-ms-version: 2009-09-19
                                  x-ms-lease-status: unlocked
                                  x-ms-blob-type: BlockBlob
                                  Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                  Access-Control-Allow-Origin: *
                                  x-azure-ref: 20240426T131428Z-17644f8887ffzxh64y0yfwy56c00000007y0000000000kg5
                                  x-fd-int-roxy-purgeid: 4554691
                                  X-Cache: TCP_HIT
                                  Accept-Ranges: bytes
                                  2024-04-26 13:14:28 UTC15640INData Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33
                                  Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
                                  2024-04-26 13:14:28 UTC1534INData Raw: 01 80 00 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 bc 7b 00 1f 4c f9 00 22 50 f2 00 f7 a6 00 00 00 ba 7f 00 f3 a6 00 00 1e 4e f6 00 23 4e f4 00 f3 a4 00 00 00 bc 7d 00 00 ba 7d 00 00 00 00 00 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22
                                  Data Ascii: ( @{L"PN#N}}"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"


                                  Session IDSource IPSource PortDestination IPDestination Port
                                  14192.168.2.64974520.25.241.18443
                                  TimestampBytes transferredDirectionData
                                  2024-04-26 13:14:31 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 38 38 56 47 55 70 4c 4f 5a 30 32 47 51 42 4d 78 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 31 37 61 61 31 39 34 31 65 64 64 30 66 33 63 0d 0a 0d 0a
                                  Data Ascii: CNT 1 CON 305MS-CV: 88VGUpLOZ02GQBMx.1Context: 417aa1941edd0f3c
                                  2024-04-26 13:14:31 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                  Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                  2024-04-26 13:14:31 UTC1076OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 33 0d 0a 4d 53 2d 43 56 3a 20 38 38 56 47 55 70 4c 4f 5a 30 32 47 51 42 4d 78 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 31 37 61 61 31 39 34 31 65 64 64 30 66 33 63 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 54 6f 32 30 78 4e 62 4c 4e 34 4a 2b 65 74 51 42 52 35 78 49 37 64 7a 31 6a 57 74 6b 43 30 56 77 4b 55 58 77 68 44 58 41 4b 4f 42 51 36 35 30 70 53 38 6a 58 35 73 75 63 6e 74 71 6c 4e 2b 6d 74 35 50 7a 77 39 56 38 55 61 42 52 74 2b 4f 47 32 2b 4a 31 56 65 6b 34 42 50 46 33 66 67 56 4c 68 78 71 56 44 78 68 35 6f 74 4f 35 4f 33
                                  Data Ascii: ATH 2 CON\DEVICE 1053MS-CV: 88VGUpLOZ02GQBMx.2Context: 417aa1941edd0f3c<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAATo20xNbLN4J+etQBR5xI7dz1jWtkC0VwKUXwhDXAKOBQ650pS8jX5sucntqlN+mt5Pzw9V8UaBRt+OG2+J1Vek4BPF3fgVLhxqVDxh5otO5O3
                                  2024-04-26 13:14:31 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 38 38 56 47 55 70 4c 4f 5a 30 32 47 51 42 4d 78 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 31 37 61 61 31 39 34 31 65 64 64 30 66 33 63 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                  Data Ascii: BND 3 CON\WNS 0 197MS-CV: 88VGUpLOZ02GQBMx.3Context: 417aa1941edd0f3c<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                  2024-04-26 13:14:31 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                  Data Ascii: 202 1 CON 58
                                  2024-04-26 13:14:31 UTC58INData Raw: 4d 53 2d 43 56 3a 20 5a 2f 58 66 62 38 4d 33 77 55 69 35 54 61 79 76 32 54 36 64 7a 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                  Data Ascii: MS-CV: Z/Xfb8M3wUi5Tayv2T6dzg.0Payload parsing failed.


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  15192.168.2.64974613.107.213.414435660C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  2024-04-26 13:14:31 UTC662OUTGET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1
                                  Host: aadcdn.msauth.net
                                  Connection: keep-alive
                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                  sec-ch-ua-mobile: ?0
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  sec-ch-ua-platform: "Windows"
                                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                  Sec-Fetch-Site: cross-site
                                  Sec-Fetch-Mode: no-cors
                                  Sec-Fetch-Dest: image
                                  Referer: https://login.microsoftonline.com/
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-US,en;q=0.9
                                  2024-04-26 13:14:31 UTC778INHTTP/1.1 200 OK
                                  Date: Fri, 26 Apr 2024 13:14:31 GMT
                                  Content-Type: image/svg+xml
                                  Content-Length: 673
                                  Connection: close
                                  Cache-Control: public, max-age=31536000
                                  Content-Encoding: gzip
                                  Last-Modified: Wed, 24 May 2023 10:11:46 GMT
                                  ETag: 0x8DB5C3F47E260FD
                                  x-ms-request-id: d76fd52f-c01e-0012-0946-9703b8000000
                                  x-ms-version: 2009-09-19
                                  x-ms-lease-status: unlocked
                                  x-ms-blob-type: BlockBlob
                                  Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                  Access-Control-Allow-Origin: *
                                  x-azure-ref: 20240426T131431Z-1865489d5f47spgmg1tk1770cg0000000bbg000000009rfx
                                  x-fd-int-roxy-purgeid: 0
                                  X-Cache: TCP_HIT
                                  Accept-Ranges: bytes
                                  2024-04-26 13:14:31 UTC673INData Raw: 1f 8b 08 00 00 00 00 00 04 00 b5 55 db 6e db 30 0c fd 15 c1 7d 69 1e ac 50 b2 ae 43 1c a0 37 6c 2f c3 0a 64 fd 80 d4 b1 13 03 ae 1d d8 6e d3 f6 eb 47 ca f6 96 0c 79 6c 10 20 e6 91 45 f2 f0 98 94 16 dd db 96 bd bf 54 75 97 46 bb be df 7f 9b cf 0f 87 03 3f 24 bc 69 b7 73 09 00 73 dc 11 b1 43 b9 e9 77 69 24 bc 84 88 ed f2 72 bb eb 11 81 43 54 94 55 95 46 75 53 e7 d1 72 b1 65 cd 7e 9d 95 fd 47 1a 71 19 b1 ac 2a f7 f1 7e 4d ae af 6d 75 7d f5 30 c3 3d 84 d9 26 8d 7e 0a 65 0c 57 4c 58 af b9 cc bc 06 9e 58 06 88 25 70 17 1b 69 b9 96 13 12 0a 04 37 2b a9 84 e1 d6 c6 02 c0 b1 c1 3f d8 b1 d4 0a cd c4 01 57 4e 0e 88 25 3e e1 a6 b3 16 d7 24 ed a6 08 63 bc 11 7d 4e f4 03 bb 9b 59 34 3f a2 97 78 c5 31 bf 13 9a 9b cc 2a c3 b5 23 76 89 16 c8 47 61 6c 39 01 21 02 39 81 41
                                  Data Ascii: Un0}iPC7l/dnGyl ETuF?$issCwi$rCTUFuSre~Gq*~Mmu}0=&~eWLXX%pi7+?WN%>$c}NY4?x1*#vGal9!9A


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  16192.168.2.64974713.107.213.414435660C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  2024-04-26 13:14:31 UTC624OUTGET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_ea3e62a2bdfb2b2ee8c8.js HTTP/1.1
                                  Host: aadcdn.msauth.net
                                  Connection: keep-alive
                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                  sec-ch-ua-mobile: ?0
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  sec-ch-ua-platform: "Windows"
                                  Accept: */*
                                  Sec-Fetch-Site: cross-site
                                  Sec-Fetch-Mode: no-cors
                                  Sec-Fetch-Dest: script
                                  Referer: https://login.microsoftonline.com/
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-US,en;q=0.9
                                  2024-04-26 13:14:31 UTC798INHTTP/1.1 200 OK
                                  Date: Fri, 26 Apr 2024 13:14:31 GMT
                                  Content-Type: application/x-javascript
                                  Content-Length: 35807
                                  Connection: close
                                  Cache-Control: public, max-age=31536000
                                  Content-Encoding: gzip
                                  Last-Modified: Thu, 28 Mar 2024 21:22:22 GMT
                                  ETag: 0x8DC4F6D2855897D
                                  x-ms-request-id: 7db62c22-501e-0003-0ddb-979898000000
                                  x-ms-version: 2009-09-19
                                  x-ms-lease-status: unlocked
                                  x-ms-blob-type: BlockBlob
                                  Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                  Access-Control-Allow-Origin: *
                                  x-azure-ref: 20240426T131431Z-1865489d5f4vxtqf9836nc5azn00000004d0000000005cdz
                                  x-fd-int-roxy-purgeid: 4554691
                                  X-Cache: TCP_MISS
                                  Accept-Ranges: bytes
                                  2024-04-26 13:14:31 UTC15586INData Raw: 1f 8b 08 00 00 00 00 00 04 00 e4 bd 7b 7f db 38 92 28 fa ff f9 14 b6 a6 c7 11 db b4 2c ea 2d db 8c c7 f1 a3 93 99 a4 93 cd a3 67 67 6c 75 86 a2 20 89 6d 8a 94 49 ca 8f c4 de cf 7e ab 0a 6f 52 76 92 d9 b3 e7 dc df bd 99 69 9a 28 14 0a 85 02 50 28 14 0a d4 ee cf 9b ff 6b e3 e7 8d 9d ef ff b7 f1 e1 e3 d1 fb 8f 1b 6f cf 36 3e be 7c f5 fe 64 e3 1d a4 fe b1 f1 eb db 8f af 8e 4f bf 9f 0e 56 8a ff 7d 9c 47 f9 c6 34 8a d9 06 fc 1d 07 39 9b 6c a4 c9 46 9a 6d 44 49 98 66 cb 34 0b 0a 96 6f 2c e0 99 45 41 bc 31 cd d2 c5 46 31 67 1b cb 2c fd 83 85 45 be 11 47 79 01 85 c6 2c 4e 6f 36 ea 40 2e 9b 6c bc 0b b2 e2 6e e3 d5 3b a7 01 f4 19 50 8b 66 51 02 a5 c3 74 79 07 ef f3 62 23 49 8b 28 64 1b 41 32 21 6a 31 24 92 9c 6d ac 92 09 cb 36 6e e6 51 38 df 78 13 85 59 9a a7 d3 62
                                  Data Ascii: {8(,-gglu mI~oRvi(P(ko6>|dOV}G49lFmDIf4o,EA1F1g,EGy,No6@.ln;PfQtyb#I(dA2!j1$m6nQ8xYb
                                  2024-04-26 13:14:31 UTC16384INData Raw: 66 c9 c2 fe 50 de 71 12 52 09 48 4e bd bc f2 11 45 bc 58 21 ba a2 47 46 d5 87 97 e6 af 5f 11 4f 73 f3 f7 af 86 84 a3 31 06 1c 43 e5 d3 a0 c4 43 e7 b5 9f 64 a7 9c b5 d7 b5 cb a7 d7 6d 09 5b e7 3c 25 32 eb 0d 1f ca b2 bf ed 4e 37 11 f3 b9 f8 9d 1f 1c 80 1f a2 99 fa e2 23 d9 37 b9 01 08 15 60 2a 21 2d 09 b9 b6 21 fa f4 8d 27 8d 80 ec 80 43 d4 91 7a 5b a4 af 4a 00 f5 19 6a 26 d2 72 22 d0 8e d0 fc ce dc 44 a4 d5 05 cb 29 07 a8 50 6b 3a fe 00 80 b9 24 74 38 c8 fc 22 1c b1 5e fe fc 03 7d 77 95 ff 1c 97 1c 6a d4 b3 08 5e 3b 28 17 41 3e 97 73 98 36 b7 f9 c2 fe 92 32 d5 5c ee d0 45 24 e9 b7 05 40 7d c4 21 e0 49 e5 02 0b 45 5a 05 72 85 ea e6 ce 87 b7 67 1f f5 08 24 c4 74 5a e8 31 c8 21 b1 e1 ed 9f 0a 88 d4 db 1d 9e 86 e4 2e d2 ab 1c 24 11 33 95 15 98 4a 2d 03 e5 57
                                  Data Ascii: fPqRHNEX!GF_Os1CCdm[<%2N7#7`*!-!'Cz[Jj&r"D)Pk:$t8"^}wj^;(A>s62\E$@}!IEZrg$tZ1!.$3J-W
                                  2024-04-26 13:14:31 UTC3837INData Raw: 17 cd cb 3d 86 54 93 33 e4 69 3e 41 20 99 a1 3a 91 6e 8f 2f 05 1f ca 6d 37 d1 44 fb 64 33 57 21 db 53 92 9a 56 e6 56 5f cc cc b0 a0 c3 cd 13 45 b4 ef b2 20 ad 33 4a 9a e0 a2 2a 96 2b 7c 66 c5 f8 96 33 d4 94 d1 79 70 64 d4 79 07 c6 18 d6 fa a7 34 05 2e ec 8d 85 fb 57 b8 78 f8 bc b5 8f 3e c7 44 4f 8e 32 38 7d ac fd a3 da 1b 27 70 de d4 3a 47 6f 9c 2d e2 f2 64 32 63 b8 0c 88 8b c7 0b 7d 7f c7 af ac 18 ae a0 6a 96 40 68 9b 6a 39 b9 e7 01 e4 ce 8f 49 b7 8d d1 2d 45 d7 f0 8b 8b b0 a1 a7 3d b3 fd d6 3b 82 8e 00 63 57 ee f4 ac 4f 7c 9f 4f a5 bc af 6c 75 25 4b 30 78 2a ce 00 48 95 68 dd 1e 24 c6 5b 2c 9f 3d 95 dc d9 59 48 71 3b da c7 0a 1b 2f 05 07 45 9d b7 42 fd 4c 3b 54 15 e9 66 50 a0 96 7a 7f dc db 24 9c 5b d8 45 29 df c7 82 f2 c5 d3 3e 74 b4 e7 81 ec b1 ca 6a
                                  Data Ascii: =T3i>A :n/m7Dd3W!SVV_E 3J*+|f3ypdy4.Wx>DO28}'p:Go-d2c}j@hj9I-E=;cWO|Olu%K0x*Hh$[,=YHq;/EBL;TfPz$[E)>tj


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  17192.168.2.649748152.195.19.974435660C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  2024-04-26 13:14:31 UTC699OUTGET /81d6b03a-z0nbtq15mcg161iiquc-xdevks-ccp6dc3auhx2ppqs/logintenantbranding/0/bannerlogo?ts=638227457986153960 HTTP/1.1
                                  Host: aadcdn.msauthimages.net
                                  Connection: keep-alive
                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                  sec-ch-ua-mobile: ?0
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  sec-ch-ua-platform: "Windows"
                                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                  Sec-Fetch-Site: cross-site
                                  Sec-Fetch-Mode: no-cors
                                  Sec-Fetch-Dest: image
                                  Referer: https://login.microsoftonline.com/
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-US,en;q=0.9
                                  2024-04-26 13:14:32 UTC688INHTTP/1.1 200 OK
                                  Access-Control-Allow-Origin: *
                                  Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                  Cache-Control: public, max-age=86400
                                  Content-MD5: RLbgbPT+v/UvpUix3MmucQ==
                                  Content-Type: image/*
                                  Date: Fri, 26 Apr 2024 13:14:32 GMT
                                  Etag: 0x8DB707DD75D8329
                                  Last-Modified: Mon, 19 Jun 2023 04:29:58 GMT
                                  Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
                                  x-ms-blob-type: BlockBlob
                                  x-ms-lease-status: unlocked
                                  x-ms-request-id: cdcf4ca8-e01e-0063-1fdb-9777df000000
                                  x-ms-version: 2009-09-19
                                  Content-Length: 9880
                                  Connection: close
                                  2024-04-26 13:14:32 UTC9880INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 18 00 00 00 3c 08 06 00 00 00 bd c4 a5 18 00 00 01 6e 69 43 43 50 69 63 63 00 00 28 91 75 91 bd 4b 42 51 18 c6 7f 7e 94 51 46 43 0d 11 0e 0e 1a 0d 0a 51 10 8d 61 90 8b 35 a8 41 56 8b 5e bf 02 b5 cb bd 4a 48 6b d0 d2 20 34 44 2d 7d 0d fd 07 b5 06 ad 05 41 50 04 11 6d ed 7d 2d 21 b7 f7 68 60 84 9e cb b9 ef 8f e7 9c e7 e5 bd cf 05 7b a4 a0 15 4d e7 0c 14 4b 65 23 1a 0e 79 97 12 cb 5e d7 2b dd 0c e2 c4 83 3f a9 99 fa 7c 6c 2e 4e c7 f5 75 8f 4d d5 bb a0 ea d5 f9 5e db d5 97 ce 98 1a d8 7a 84 a7 34 dd 28 0b cb 34 44 36 ca ba e2 1d e1 21 2d 9f 4c 0b 1f 09 07 0c 19 50 f8 5a e9 a9 26 bf 28 ce 35 f9 43 b1 11 8f ce 82 5d f5 f4 e6 fe 70 ea 0f 6b 79 a3 28 3c 26 ec 2b 16 2a da ef 3c ea 4b dc 99 d2 62 4c ea 88 6c
                                  Data Ascii: PNGIHDR<niCCPicc(uKBQ~QFCQa5AV^JHk 4D-}APm}-!h`{MKe#y^+?|l.NuM^z4(4D6!-LPZ&(5C]pky(<&+*<KbLl


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  18192.168.2.64975013.107.213.414435660C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  2024-04-26 13:14:32 UTC663OUTGET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1
                                  Host: aadcdn.msauth.net
                                  Connection: keep-alive
                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                  sec-ch-ua-mobile: ?0
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  sec-ch-ua-platform: "Windows"
                                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                  Sec-Fetch-Site: cross-site
                                  Sec-Fetch-Mode: no-cors
                                  Sec-Fetch-Dest: image
                                  Referer: https://login.microsoftonline.com/
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-US,en;q=0.9
                                  2024-04-26 13:14:32 UTC784INHTTP/1.1 200 OK
                                  Date: Fri, 26 Apr 2024 13:14:32 GMT
                                  Content-Type: image/svg+xml
                                  Content-Length: 621
                                  Connection: close
                                  Cache-Control: public, max-age=31536000
                                  Content-Encoding: gzip
                                  Last-Modified: Wed, 24 May 2023 10:11:49 GMT
                                  ETag: 0x8DB5C3F49ED96E0
                                  x-ms-request-id: 6d23ac16-e01e-0054-03c3-962aa5000000
                                  x-ms-version: 2009-09-19
                                  x-ms-lease-status: unlocked
                                  x-ms-blob-type: BlockBlob
                                  Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                  Access-Control-Allow-Origin: *
                                  x-azure-ref: 20240426T131432Z-1865489d5f4gxx8nx10tqpg6dw0000000beg00000000k74u
                                  x-fd-int-roxy-purgeid: 4554691
                                  X-Cache: TCP_HIT
                                  Accept-Ranges: bytes
                                  2024-04-26 13:14:32 UTC621INData Raw: 1f 8b 08 00 00 00 00 00 04 00 7d 55 4d 6f 22 31 0c fd 2b a3 d9 ab 93 c9 f7 47 3b 20 cd 9e 38 6c af 1c b8 4d 0b 05 24 0a 55 19 41 57 ab fe f7 b5 93 a0 55 61 58 0d d8 60 27 ef 3d db 09 b4 c7 d3 ba fa 7c db ed 8f 93 7a 33 0c ef 0f 4d 73 3e 9f f9 59 f3 c3 c7 ba 51 42 88 06 57 d4 d5 79 bb 1c 36 93 da 84 ba da ac b6 eb cd 90 3f 9f b6 ab f3 cf c3 e7 a4 16 95 a8 4c c0 57 3d 6d 97 ab d7 e3 b4 3d 0e bf 77 ab 29 ef ff bc 6e 77 bb 87 fd 61 bf 7a fc e2 cf f9 db 0f 23 e8 79 fc 6a 9b bc ac 6d f2 a6 8f d5 cb 50 bd ec fa 23 ca e9 ef b1 36 d3 f6 bd 1f 36 97 75 cf 75 b5 9c d4 4f 46 80 56 dc fa 30 37 62 a6 d5 5c bb 99 0a 73 ad 66 ca cc 55 e0 de b9 4e 0a ee 42 84 e2 04 3e 12 64 04 2d 7a 0c a5 78 89 32 cb ad f1 4c 72 0b 52 72 29 dc c5 e5 ac e2 4a 46 cc 7a 19 3b 4c 68 af a1 b8
                                  Data Ascii: }UMo"1+G; 8lM$UAWUaX`'=|z3Ms>YQBWy6?LW=m=w)nwaz#yjmP#66uuOFV07b\sfUNB>d-zx2LrRr)JFz;Lh


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  19192.168.2.64975113.107.213.414435660C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  2024-04-26 13:14:32 UTC417OUTGET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1
                                  Host: aadcdn.msauth.net
                                  Connection: keep-alive
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  Accept: */*
                                  Sec-Fetch-Site: none
                                  Sec-Fetch-Mode: cors
                                  Sec-Fetch-Dest: empty
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-US,en;q=0.9
                                  2024-04-26 13:14:32 UTC778INHTTP/1.1 200 OK
                                  Date: Fri, 26 Apr 2024 13:14:32 GMT
                                  Content-Type: image/svg+xml
                                  Content-Length: 673
                                  Connection: close
                                  Cache-Control: public, max-age=31536000
                                  Content-Encoding: gzip
                                  Last-Modified: Wed, 24 May 2023 10:11:46 GMT
                                  ETag: 0x8DB5C3F47E260FD
                                  x-ms-request-id: d76fd52f-c01e-0012-0946-9703b8000000
                                  x-ms-version: 2009-09-19
                                  x-ms-lease-status: unlocked
                                  x-ms-blob-type: BlockBlob
                                  Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                  Access-Control-Allow-Origin: *
                                  x-azure-ref: 20240426T131432Z-1865489d5f4qw9rny7embdm5aw0000000bag000000005h2s
                                  x-fd-int-roxy-purgeid: 0
                                  X-Cache: TCP_HIT
                                  Accept-Ranges: bytes
                                  2024-04-26 13:14:32 UTC673INData Raw: 1f 8b 08 00 00 00 00 00 04 00 b5 55 db 6e db 30 0c fd 15 c1 7d 69 1e ac 50 b2 ae 43 1c a0 37 6c 2f c3 0a 64 fd 80 d4 b1 13 03 ae 1d d8 6e d3 f6 eb 47 ca f6 96 0c 79 6c 10 20 e6 91 45 f2 f0 98 94 16 dd db 96 bd bf 54 75 97 46 bb be df 7f 9b cf 0f 87 03 3f 24 bc 69 b7 73 09 00 73 dc 11 b1 43 b9 e9 77 69 24 bc 84 88 ed f2 72 bb eb 11 81 43 54 94 55 95 46 75 53 e7 d1 72 b1 65 cd 7e 9d 95 fd 47 1a 71 19 b1 ac 2a f7 f1 7e 4d ae af 6d 75 7d f5 30 c3 3d 84 d9 26 8d 7e 0a 65 0c 57 4c 58 af b9 cc bc 06 9e 58 06 88 25 70 17 1b 69 b9 96 13 12 0a 04 37 2b a9 84 e1 d6 c6 02 c0 b1 c1 3f d8 b1 d4 0a cd c4 01 57 4e 0e 88 25 3e e1 a6 b3 16 d7 24 ed a6 08 63 bc 11 7d 4e f4 03 bb 9b 59 34 3f a2 97 78 c5 31 bf 13 9a 9b cc 2a c3 b5 23 76 89 16 c8 47 61 6c 39 01 21 02 39 81 41
                                  Data Ascii: Un0}iPC7l/dnGyl ETuF?$issCwi$rCTUFuSre~Gq*~Mmu}0=&~eWLXX%pi7+?WN%>$c}NY4?x1*#vGal9!9A


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  20192.168.2.64975213.107.213.414435660C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  2024-04-26 13:14:34 UTC418OUTGET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1
                                  Host: aadcdn.msauth.net
                                  Connection: keep-alive
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  Accept: */*
                                  Sec-Fetch-Site: none
                                  Sec-Fetch-Mode: cors
                                  Sec-Fetch-Dest: empty
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-US,en;q=0.9
                                  2024-04-26 13:14:34 UTC784INHTTP/1.1 200 OK
                                  Date: Fri, 26 Apr 2024 13:14:34 GMT
                                  Content-Type: image/svg+xml
                                  Content-Length: 621
                                  Connection: close
                                  Cache-Control: public, max-age=31536000
                                  Content-Encoding: gzip
                                  Last-Modified: Wed, 24 May 2023 10:11:49 GMT
                                  ETag: 0x8DB5C3F49ED96E0
                                  x-ms-request-id: 4d9eb897-101e-0017-1ec8-9784b2000000
                                  x-ms-version: 2009-09-19
                                  x-ms-lease-status: unlocked
                                  x-ms-blob-type: BlockBlob
                                  Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                  Access-Control-Allow-Origin: *
                                  x-azure-ref: 20240426T131434Z-1865489d5f4r69rrg7uwqa73hg0000000bc000000000p3gp
                                  x-fd-int-roxy-purgeid: 4554691
                                  X-Cache: TCP_HIT
                                  Accept-Ranges: bytes
                                  2024-04-26 13:14:34 UTC621INData Raw: 1f 8b 08 00 00 00 00 00 04 00 7d 55 4d 6f 22 31 0c fd 2b a3 d9 ab 93 c9 f7 47 3b 20 cd 9e 38 6c af 1c b8 4d 0b 05 24 0a 55 19 41 57 ab fe f7 b5 93 a0 55 61 58 0d d8 60 27 ef 3d db 09 b4 c7 d3 ba fa 7c db ed 8f 93 7a 33 0c ef 0f 4d 73 3e 9f f9 59 f3 c3 c7 ba 51 42 88 06 57 d4 d5 79 bb 1c 36 93 da 84 ba da ac b6 eb cd 90 3f 9f b6 ab f3 cf c3 e7 a4 16 95 a8 4c c0 57 3d 6d 97 ab d7 e3 b4 3d 0e bf 77 ab 29 ef ff bc 6e 77 bb 87 fd 61 bf 7a fc e2 cf f9 db 0f 23 e8 79 fc 6a 9b bc ac 6d f2 a6 8f d5 cb 50 bd ec fa 23 ca e9 ef b1 36 d3 f6 bd 1f 36 97 75 cf 75 b5 9c d4 4f 46 80 56 dc fa 30 37 62 a6 d5 5c bb 99 0a 73 ad 66 ca cc 55 e0 de b9 4e 0a ee 42 84 e2 04 3e 12 64 04 2d 7a 0c a5 78 89 32 cb ad f1 4c 72 0b 52 72 29 dc c5 e5 ac e2 4a 46 cc 7a 19 3b 4c 68 af a1 b8
                                  Data Ascii: }UMo"1+G; 8lM$UAWUaX`'=|z3Ms>YQBWy6?LW=m=w)nwaz#yjmP#66uuOFV07b\sfUNB>d-zx2LrRr)JFz;Lh


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  21192.168.2.649754152.195.19.974435660C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  2024-04-26 13:14:35 UTC454OUTGET /81d6b03a-z0nbtq15mcg161iiquc-xdevks-ccp6dc3auhx2ppqs/logintenantbranding/0/bannerlogo?ts=638227457986153960 HTTP/1.1
                                  Host: aadcdn.msauthimages.net
                                  Connection: keep-alive
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  Accept: */*
                                  Sec-Fetch-Site: none
                                  Sec-Fetch-Mode: cors
                                  Sec-Fetch-Dest: empty
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-US,en;q=0.9
                                  2024-04-26 13:14:35 UTC688INHTTP/1.1 200 OK
                                  Access-Control-Allow-Origin: *
                                  Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                  Cache-Control: public, max-age=86400
                                  Content-MD5: RLbgbPT+v/UvpUix3MmucQ==
                                  Content-Type: image/*
                                  Date: Fri, 26 Apr 2024 13:14:35 GMT
                                  Etag: 0x8DB707DD75D8329
                                  Last-Modified: Mon, 19 Jun 2023 04:29:58 GMT
                                  Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
                                  x-ms-blob-type: BlockBlob
                                  x-ms-lease-status: unlocked
                                  x-ms-request-id: cdcf5554-e01e-0063-18db-9777df000000
                                  x-ms-version: 2009-09-19
                                  Content-Length: 9880
                                  Connection: close
                                  2024-04-26 13:14:35 UTC9880INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 18 00 00 00 3c 08 06 00 00 00 bd c4 a5 18 00 00 01 6e 69 43 43 50 69 63 63 00 00 28 91 75 91 bd 4b 42 51 18 c6 7f 7e 94 51 46 43 0d 11 0e 0e 1a 0d 0a 51 10 8d 61 90 8b 35 a8 41 56 8b 5e bf 02 b5 cb bd 4a 48 6b d0 d2 20 34 44 2d 7d 0d fd 07 b5 06 ad 05 41 50 04 11 6d ed 7d 2d 21 b7 f7 68 60 84 9e cb b9 ef 8f e7 9c e7 e5 bd cf 05 7b a4 a0 15 4d e7 0c 14 4b 65 23 1a 0e 79 97 12 cb 5e d7 2b dd 0c e2 c4 83 3f a9 99 fa 7c 6c 2e 4e c7 f5 75 8f 4d d5 bb a0 ea d5 f9 5e db d5 97 ce 98 1a d8 7a 84 a7 34 dd 28 0b cb 34 44 36 ca ba e2 1d e1 21 2d 9f 4c 0b 1f 09 07 0c 19 50 f8 5a e9 a9 26 bf 28 ce 35 f9 43 b1 11 8f ce 82 5d f5 f4 e6 fe 70 ea 0f 6b 79 a3 28 3c 26 ec 2b 16 2a da ef 3c ea 4b dc 99 d2 62 4c ea 88 6c
                                  Data Ascii: PNGIHDR<niCCPicc(uKBQ~QFCQa5AV^JHk 4D-}APm}-!h`{MKe#y^+?|l.NuM^z4(4D6!-LPZ&(5C]pky(<&+*<KbLl


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  22192.168.2.64975713.107.213.414435660C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  2024-04-26 13:14:49 UTC620OUTGET /shared/1.0/content/js/asyncchunk/convergedlogin_presetpasswordsplitter_f7fbb7540d7be2ae771b.js HTTP/1.1
                                  Host: aadcdn.msauth.net
                                  Connection: keep-alive
                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                  sec-ch-ua-mobile: ?0
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  sec-ch-ua-platform: "Windows"
                                  Accept: */*
                                  Sec-Fetch-Site: cross-site
                                  Sec-Fetch-Mode: no-cors
                                  Sec-Fetch-Dest: script
                                  Referer: https://login.microsoftonline.com/
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-US,en;q=0.9
                                  2024-04-26 13:14:50 UTC797INHTTP/1.1 200 OK
                                  Date: Fri, 26 Apr 2024 13:14:50 GMT
                                  Content-Type: application/x-javascript
                                  Content-Length: 1663
                                  Connection: close
                                  Cache-Control: public, max-age=31536000
                                  Content-Encoding: gzip
                                  Last-Modified: Thu, 28 Mar 2024 21:22:22 GMT
                                  ETag: 0x8DC4F6D28394798
                                  x-ms-request-id: 5d686da9-001e-005a-79db-9788b8000000
                                  x-ms-version: 2009-09-19
                                  x-ms-lease-status: unlocked
                                  x-ms-blob-type: BlockBlob
                                  Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                  Access-Control-Allow-Origin: *
                                  x-azure-ref: 20240426T131449Z-17644f8887fxrxvpft9g6hhez0000000056g000000002s90
                                  x-fd-int-roxy-purgeid: 4554691
                                  X-Cache: TCP_MISS
                                  Accept-Ranges: bytes
                                  2024-04-26 13:14:50 UTC1663INData Raw: 1f 8b 08 00 00 00 00 00 04 00 e5 57 5b 6f db 36 14 7e ef af 60 b4 87 d8 ad 24 df 93 c6 ad 07 b4 49 bb b4 6b 5a 23 f6 3a 0c 49 60 50 d2 b1 cd 44 22 05 92 b2 e3 a5 f9 ef 3b a4 25 c7 72 9c 2e 6d 31 60 c3 02 c4 b2 c9 73 f9 ce e5 3b a4 6a 4f 77 9e 90 a7 c4 7b fc 1f 19 0c 5f 9d 0e c9 a7 b7 64 78 fc ee f4 88 f4 f1 d7 1f e4 e3 a7 e1 bb c3 37 8f b7 63 9c 9a ff e1 94 29 32 66 31 10 7c 06 54 41 44 04 27 42 12 c6 43 21 53 21 a9 06 45 12 fc 94 8c c6 64 2c 45 42 f4 14 48 2a c5 25 84 5a 91 98 29 8d 4a 01 c4 62 4e 2a 68 4e 46 a4 4f a5 5e 90 77 fd aa 8f f6 01 ad b1 09 e3 a8 1d 8a 74 81 df a7 9a 70 a1 59 08 84 f2 c8 5a 8b f1 07 57 40 32 1e 81 24 f3 29 0b a7 e4 84 85 52 28 31 d6 44 42 08 6c 86 4e 54 86 eb 65 17 2e a1 12 88 02 4d c6 42 ea e9 12 87 4f 06 46 32 b7 aa ac 9b a5
                                  Data Ascii: W[o6~`$IkZ#:I`PD";%r.m1`s;jOw{_dx7c)2f1|TAD'BC!S!Ed,EBH*%Z)JbN*hNFO^wtpYZW@2$)R(1DBlNTe.MBOF2


                                  Session IDSource IPSource PortDestination IPDestination Port
                                  23192.168.2.64975920.25.241.18443
                                  TimestampBytes transferredDirectionData
                                  2024-04-26 13:14:49 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 41 32 55 61 6f 32 4d 70 56 6b 75 4f 50 30 75 4a 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 62 38 62 39 31 30 32 30 61 34 66 37 38 33 30 0d 0a 0d 0a
                                  Data Ascii: CNT 1 CON 305MS-CV: A2Uao2MpVkuOP0uJ.1Context: 4b8b91020a4f7830
                                  2024-04-26 13:14:49 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                  Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                  2024-04-26 13:14:49 UTC1076OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 33 0d 0a 4d 53 2d 43 56 3a 20 41 32 55 61 6f 32 4d 70 56 6b 75 4f 50 30 75 4a 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 62 38 62 39 31 30 32 30 61 34 66 37 38 33 30 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 54 6f 32 30 78 4e 62 4c 4e 34 4a 2b 65 74 51 42 52 35 78 49 37 64 7a 31 6a 57 74 6b 43 30 56 77 4b 55 58 77 68 44 58 41 4b 4f 42 51 36 35 30 70 53 38 6a 58 35 73 75 63 6e 74 71 6c 4e 2b 6d 74 35 50 7a 77 39 56 38 55 61 42 52 74 2b 4f 47 32 2b 4a 31 56 65 6b 34 42 50 46 33 66 67 56 4c 68 78 71 56 44 78 68 35 6f 74 4f 35 4f 33
                                  Data Ascii: ATH 2 CON\DEVICE 1053MS-CV: A2Uao2MpVkuOP0uJ.2Context: 4b8b91020a4f7830<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAATo20xNbLN4J+etQBR5xI7dz1jWtkC0VwKUXwhDXAKOBQ650pS8jX5sucntqlN+mt5Pzw9V8UaBRt+OG2+J1Vek4BPF3fgVLhxqVDxh5otO5O3
                                  2024-04-26 13:14:49 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 41 32 55 61 6f 32 4d 70 56 6b 75 4f 50 30 75 4a 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 62 38 62 39 31 30 32 30 61 34 66 37 38 33 30 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                  Data Ascii: BND 3 CON\WNS 0 197MS-CV: A2Uao2MpVkuOP0uJ.3Context: 4b8b91020a4f7830<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                  2024-04-26 13:14:49 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                  Data Ascii: 202 1 CON 58
                                  2024-04-26 13:14:49 UTC58INData Raw: 4d 53 2d 43 56 3a 20 49 4d 55 49 69 58 36 6c 62 55 65 62 69 54 4b 39 66 5a 44 30 49 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                  Data Ascii: MS-CV: IMUIiX6lbUebiTK9fZD0IA.0Payload parsing failed.


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  24192.168.2.64975813.107.213.414435660C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  2024-04-26 13:14:50 UTC668OUTGET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1
                                  Host: aadcdn.msauth.net
                                  Connection: keep-alive
                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                  sec-ch-ua-mobile: ?0
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  sec-ch-ua-platform: "Windows"
                                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                  Sec-Fetch-Site: cross-site
                                  Sec-Fetch-Mode: no-cors
                                  Sec-Fetch-Dest: image
                                  Referer: https://login.microsoftonline.com/
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-US,en;q=0.9
                                  2024-04-26 13:14:50 UTC734INHTTP/1.1 200 OK
                                  Date: Fri, 26 Apr 2024 13:14:50 GMT
                                  Content-Type: image/gif
                                  Content-Length: 2672
                                  Connection: close
                                  Cache-Control: public, max-age=31536000
                                  Last-Modified: Wed, 24 May 2023 10:11:47 GMT
                                  ETag: 0x8DB5C3F48EC4154
                                  x-ms-request-id: 82246d8f-701e-0045-1f76-97b185000000
                                  x-ms-version: 2009-09-19
                                  x-ms-lease-status: unlocked
                                  x-ms-blob-type: BlockBlob
                                  Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                  Access-Control-Allow-Origin: *
                                  x-azure-ref: 20240426T131450Z-1865489d5f469db67514m1tnm40000000b3000000000kmgu
                                  x-fd-int-roxy-purgeid: 0
                                  X-Cache: TCP_HIT
                                  Accept-Ranges: bytes
                                  2024-04-26 13:14:50 UTC2672INData Raw: 47 49 46 38 39 61 60 01 03 00 f0 00 00 ff ff ff 96 96 96 21 ff 0b 4e 45 54 53 43 41 50 45 32 2e 30 03 01 00 00 00 21 f9 04 09 05 00 00 00 2c 00 00 00 00 60 01 03 00 00 02 36 84 1d a9 b7 07 ed 50 8a 6c d2 8b b3 de bc fb 0f 86 e2 48 96 e6 89 a2 0a 04 49 01 d6 3a 71 4a d7 f6 8d e7 fa ce 6b ab f5 00 ba 60 42 59 b1 87 4c 2a 97 cc 26 af 00 00 21 f9 04 09 05 00 00 00 2c 06 00 00 00 30 00 03 00 00 02 1a 8c 01 16 88 ca ec 1e 3c f2 a9 18 1b b5 5b e6 9a 5c 4b 38 6a e5 74 72 a9 67 14 00 21 f9 04 09 03 00 00 00 2c 07 00 00 00 33 00 03 00 00 02 1a 8c 81 16 c8 ca ef 5e 3b 12 2a 0a e2 5c 55 4b df 5d 5c 86 25 e5 56 99 63 aa 14 00 21 f9 04 09 05 00 00 00 2c 0a 00 00 00 37 00 03 00 00 02 1a 8c 81 60 91 b9 ed 0e 6c 6f c6 c5 ee ac 90 5b bf 61 19 02 2a 52 77 7e 69 18 14 00 21
                                  Data Ascii: GIF89a`!NETSCAPE2.0!,`6PlHI:qJk`BYL*&!,0<[\K8jtrg!,3^;*\UK]\%Vc!,7`lo[a*Rw~i!


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  25192.168.2.64975613.107.213.414435660C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  2024-04-26 13:14:50 UTC662OUTGET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1
                                  Host: aadcdn.msauth.net
                                  Connection: keep-alive
                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                  sec-ch-ua-mobile: ?0
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  sec-ch-ua-platform: "Windows"
                                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                  Sec-Fetch-Site: cross-site
                                  Sec-Fetch-Mode: no-cors
                                  Sec-Fetch-Dest: image
                                  Referer: https://login.microsoftonline.com/
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-US,en;q=0.9
                                  2024-04-26 13:14:50 UTC734INHTTP/1.1 200 OK
                                  Date: Fri, 26 Apr 2024 13:14:50 GMT
                                  Content-Type: image/gif
                                  Content-Length: 3620
                                  Connection: close
                                  Cache-Control: public, max-age=31536000
                                  Last-Modified: Wed, 24 May 2023 10:11:48 GMT
                                  ETag: 0x8DB5C3F4904824B
                                  x-ms-request-id: 8b54f661-901e-0033-1c57-97b989000000
                                  x-ms-version: 2009-09-19
                                  x-ms-lease-status: unlocked
                                  x-ms-blob-type: BlockBlob
                                  Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                  Access-Control-Allow-Origin: *
                                  x-azure-ref: 20240426T131450Z-1865489d5f4c7br6veundbra3w00000000z000000000dq6x
                                  x-fd-int-roxy-purgeid: 0
                                  X-Cache: TCP_HIT
                                  Accept-Ranges: bytes
                                  2024-04-26 13:14:50 UTC3620INData Raw: 47 49 46 38 39 61 60 01 03 00 f0 00 00 00 00 00 69 69 69 21 f9 04 09 05 00 00 00 21 fe 26 45 64 69 74 65 64 20 77 69 74 68 20 65 7a 67 69 66 2e 63 6f 6d 20 6f 6e 6c 69 6e 65 20 47 49 46 20 6d 61 6b 65 72 00 21 ff 0b 4e 45 54 53 43 41 50 45 32 2e 30 03 01 00 00 00 2c 00 00 00 00 60 01 03 00 00 02 36 84 1d a9 b7 07 ed 50 8a 6c d2 8b b3 de bc fb 0f 86 e2 48 96 e6 89 a2 0a 04 49 01 d6 3a 71 4a d7 f6 8d e7 fa ce 6b ab f5 00 ba 60 42 59 b1 87 4c 2a 97 cc 26 af 00 00 21 f9 04 09 05 00 00 00 2c 00 00 00 00 60 01 03 00 00 02 39 84 1f 69 19 07 ec 96 8a b2 51 34 af de bc fb 0f 86 e2 48 96 e6 89 a6 6a 0a 3d 99 6b 39 2d 35 5f f5 8a e7 fa ce f7 fe 0f 8c b4 6a 37 98 a6 28 7b 05 97 cc a6 f3 09 d5 15 00 00 21 f9 04 09 03 00 00 00 2c 00 00 00 00 60 01 03 00 00 02 39 84 0f
                                  Data Ascii: GIF89a`iii!!&Edited with ezgif.com online GIF maker!NETSCAPE2.0,`6PlHI:qJk`BYL*&!,`9iQ4Hj=k9-5_j7({!,`9


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  26192.168.2.64976113.107.213.414435660C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  2024-04-26 13:14:50 UTC423OUTGET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1
                                  Host: aadcdn.msauth.net
                                  Connection: keep-alive
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  Accept: */*
                                  Sec-Fetch-Site: none
                                  Sec-Fetch-Mode: cors
                                  Sec-Fetch-Dest: empty
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-US,en;q=0.9
                                  2024-04-26 13:14:51 UTC734INHTTP/1.1 200 OK
                                  Date: Fri, 26 Apr 2024 13:14:51 GMT
                                  Content-Type: image/gif
                                  Content-Length: 2672
                                  Connection: close
                                  Cache-Control: public, max-age=31536000
                                  Last-Modified: Wed, 24 May 2023 10:11:47 GMT
                                  ETag: 0x8DB5C3F48EC4154
                                  x-ms-request-id: 82246d8f-701e-0045-1f76-97b185000000
                                  x-ms-version: 2009-09-19
                                  x-ms-lease-status: unlocked
                                  x-ms-blob-type: BlockBlob
                                  Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                  Access-Control-Allow-Origin: *
                                  x-azure-ref: 20240426T131451Z-1865489d5f469db67514m1tnm40000000b3g00000000h0b2
                                  x-fd-int-roxy-purgeid: 0
                                  X-Cache: TCP_HIT
                                  Accept-Ranges: bytes
                                  2024-04-26 13:14:51 UTC2672INData Raw: 47 49 46 38 39 61 60 01 03 00 f0 00 00 ff ff ff 96 96 96 21 ff 0b 4e 45 54 53 43 41 50 45 32 2e 30 03 01 00 00 00 21 f9 04 09 05 00 00 00 2c 00 00 00 00 60 01 03 00 00 02 36 84 1d a9 b7 07 ed 50 8a 6c d2 8b b3 de bc fb 0f 86 e2 48 96 e6 89 a2 0a 04 49 01 d6 3a 71 4a d7 f6 8d e7 fa ce 6b ab f5 00 ba 60 42 59 b1 87 4c 2a 97 cc 26 af 00 00 21 f9 04 09 05 00 00 00 2c 06 00 00 00 30 00 03 00 00 02 1a 8c 01 16 88 ca ec 1e 3c f2 a9 18 1b b5 5b e6 9a 5c 4b 38 6a e5 74 72 a9 67 14 00 21 f9 04 09 03 00 00 00 2c 07 00 00 00 33 00 03 00 00 02 1a 8c 81 16 c8 ca ef 5e 3b 12 2a 0a e2 5c 55 4b df 5d 5c 86 25 e5 56 99 63 aa 14 00 21 f9 04 09 05 00 00 00 2c 0a 00 00 00 37 00 03 00 00 02 1a 8c 81 60 91 b9 ed 0e 6c 6f c6 c5 ee ac 90 5b bf 61 19 02 2a 52 77 7e 69 18 14 00 21
                                  Data Ascii: GIF89a`!NETSCAPE2.0!,`6PlHI:qJk`BYL*&!,0<[\K8jtrg!,3^;*\UK]\%Vc!,7`lo[a*Rw~i!


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  27192.168.2.64976313.107.213.414435660C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  2024-04-26 13:14:50 UTC667OUTGET /shared/1.0/content/images/picker_account_aad_a8332c62695d74843a11daf39a74e552.svg HTTP/1.1
                                  Host: aadcdn.msauth.net
                                  Connection: keep-alive
                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                  sec-ch-ua-mobile: ?0
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  sec-ch-ua-platform: "Windows"
                                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                  Sec-Fetch-Site: cross-site
                                  Sec-Fetch-Mode: no-cors
                                  Sec-Fetch-Dest: image
                                  Referer: https://login.microsoftonline.com/
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-US,en;q=0.9
                                  2024-04-26 13:14:51 UTC805INHTTP/1.1 200 OK
                                  Date: Fri, 26 Apr 2024 13:14:51 GMT
                                  Content-Type: image/svg+xml
                                  Content-Length: 628
                                  Connection: close
                                  Cache-Control: public, max-age=31536000
                                  Content-Encoding: gzip
                                  Last-Modified: Wed, 24 May 2023 10:11:48 GMT
                                  ETag: 0x8DB5C3F4963155C
                                  x-ms-request-id: 4b858eb7-d01e-0037-7ccc-971581000000
                                  x-ms-version: 2009-09-19
                                  x-ms-lease-status: unlocked
                                  x-ms-blob-type: BlockBlob
                                  Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                  Access-Control-Allow-Origin: *
                                  x-azure-ref: 20240426T131451Z-1865489d5f47qbmbt8czrx60cn0000000bhg000000005x0s
                                  x-fd-int-roxy-purgeid: 4554691
                                  X-Cache: TCP_HIT
                                  X-Cache-Info: L1_T2
                                  Accept-Ranges: bytes
                                  2024-04-26 13:14:51 UTC628INData Raw: 1f 8b 08 00 00 00 00 00 04 00 6d 94 4d 6f db 30 0c 86 ff 8a e1 5d 25 46 d4 97 a5 36 09 90 9d 72 58 af 3b f4 e6 26 69 1d c0 5d 8b 26 48 5a 0c fd ef 23 25 ba cb d6 42 f1 e3 98 34 c5 57 24 93 f9 e1 f4 d0 bc 3e 8e bf 0e 8b 76 38 1e 9f af 66 b3 f3 f9 0c 67 07 4f 2f 0f 33 6b 8c 99 d1 1b 6d 73 de 6f 8f c3 a2 f5 a9 6d 86 dd fe 61 38 d6 ef a7 fd ee fc fd e9 75 d1 9a c6 34 3e d1 a7 5d ce b7 bb fb c3 72 7e 38 be 8d bb 25 f4 bf ef f7 e3 78 f5 6d 17 79 5d bf c3 9d 18 bc e1 75 fd 3e 9f d5 37 e7 b3 1a b7 d9 bf 6c c6 5d b3 19 fb 03 69 ea db 66 43 db 5b 4f f7 b7 7a 7f 29 b7 d9 72 fe dc 1f 87 e9 bd bb b6 d9 2e da 1b 67 21 28 f4 2b 04 9f ad aa 34 b4 50 39 af 30 40 f8 e9 12 84 e2 f6 aa 52 dc 1c e8 cd a0 b1 fb c2 8b 5e 71 dc 49 5b f7 95 37 94 a4 83 87 d4 b9 51 3b 1d 07 0b 36
                                  Data Ascii: mMo0]%F6rX;&i]&HZ#%B4W$>v8fgO/3kmsoma8u4>]r~8%xmy]u>7l]ifC[Oz)r.g!(+4P90@R^qI[7Q;6


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  28192.168.2.64976213.107.213.414435660C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  2024-04-26 13:14:50 UTC667OUTGET /shared/1.0/content/images/picker_account_msa_3b879963b4f70829fd7a25cbc9519792.svg HTTP/1.1
                                  Host: aadcdn.msauth.net
                                  Connection: keep-alive
                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                  sec-ch-ua-mobile: ?0
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  sec-ch-ua-platform: "Windows"
                                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                  Sec-Fetch-Site: cross-site
                                  Sec-Fetch-Mode: no-cors
                                  Sec-Fetch-Dest: image
                                  Referer: https://login.microsoftonline.com/
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-US,en;q=0.9
                                  2024-04-26 13:14:51 UTC779INHTTP/1.1 200 OK
                                  Date: Fri, 26 Apr 2024 13:14:51 GMT
                                  Content-Type: image/svg+xml
                                  Content-Length: 254
                                  Connection: close
                                  Cache-Control: public, max-age=31536000
                                  Content-Encoding: gzip
                                  Last-Modified: Wed, 24 May 2023 10:11:48 GMT
                                  ETag: 0x8DB5C3F496CFFA1
                                  x-ms-request-id: f248937a-901e-004b-56db-971398000000
                                  x-ms-version: 2009-09-19
                                  x-ms-lease-status: unlocked
                                  x-ms-blob-type: BlockBlob
                                  Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                  Access-Control-Allow-Origin: *
                                  x-azure-ref: 20240426T131451Z-1865489d5f44crzvr9btg9hunn0000000bbg00000000k9fm
                                  x-fd-int-roxy-purgeid: 0
                                  X-Cache: TCP_MISS
                                  Accept-Ranges: bytes
                                  2024-04-26 13:14:51 UTC254INData Raw: 1f 8b 08 00 00 00 00 00 04 00 6d 50 cb 6e c3 20 10 fc 15 44 af 78 59 30 06 5c d9 96 d2 7b 7f 20 37 cb a1 06 c9 79 c8 46 21 fd fb 9a 90 f6 54 0d 9a 59 98 59 ad 96 6e bb cf e4 71 5e 2e 5b 4f 7d 8c b7 77 ce 53 4a 90 6a b8 ae 33 97 88 c8 f7 04 25 29 9c a2 ef a9 b2 94 78 17 66 1f 4b 7d 0f 2e 7d 5c 1f 3d 45 82 44 d9 fd d0 a1 8b 21 2e 6e 18 b7 cd c5 ad e3 e5 d6 4d 61 9d 16 47 a6 3d 2b 15 25 d3 77 d1 b5 c8 57 58 96 9e be 39 9d 41 f9 d0 dd c6 e8 c9 a9 a7 9f a2 06 a5 58 ad bd 80 56 8e 16 b4 62 4f 42 26 32 0c 48 cb b0 98 02 a1 31 35 7b 09 66 54 1a 1a dd 56 2d 18 23 98 01 6d 0b e5 66 ac 0c b4 56 32 3c fc d3 c7 7e c7 1e cf 0a 6c 25 34 d4 f2 d0 80 d1 ec 49 65 b8 54 4c 36 39 96 df f4 8b b1 98 16 76 57 b4 fb b0 e3 df 76 0a 33 f2 76 f9 4f 87 1f 7d d7 81 14 7b 01 00 00
                                  Data Ascii: mPn DxY0\{ 7yF!TYYnq^.[O}wSJj3%)xfK}.}\=ED!.nMaG=+%wWX9AXVbOB&2H15{fTV-#mfV2<~l%4IeTL69vWv3vO}{


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  29192.168.2.64976413.107.213.414435660C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  2024-04-26 13:14:52 UTC417OUTGET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1
                                  Host: aadcdn.msauth.net
                                  Connection: keep-alive
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  Accept: */*
                                  Sec-Fetch-Site: none
                                  Sec-Fetch-Mode: cors
                                  Sec-Fetch-Dest: empty
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-US,en;q=0.9
                                  2024-04-26 13:14:53 UTC734INHTTP/1.1 200 OK
                                  Date: Fri, 26 Apr 2024 13:14:53 GMT
                                  Content-Type: image/gif
                                  Content-Length: 3620
                                  Connection: close
                                  Cache-Control: public, max-age=31536000
                                  Last-Modified: Wed, 24 May 2023 10:11:48 GMT
                                  ETag: 0x8DB5C3F4904824B
                                  x-ms-request-id: 8b54f661-901e-0033-1c57-97b989000000
                                  x-ms-version: 2009-09-19
                                  x-ms-lease-status: unlocked
                                  x-ms-blob-type: BlockBlob
                                  Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                  Access-Control-Allow-Origin: *
                                  x-azure-ref: 20240426T131453Z-1865489d5f46s4qnhr87brpyc40000000a4000000000kdz0
                                  x-fd-int-roxy-purgeid: 0
                                  X-Cache: TCP_HIT
                                  Accept-Ranges: bytes
                                  2024-04-26 13:14:53 UTC3620INData Raw: 47 49 46 38 39 61 60 01 03 00 f0 00 00 00 00 00 69 69 69 21 f9 04 09 05 00 00 00 21 fe 26 45 64 69 74 65 64 20 77 69 74 68 20 65 7a 67 69 66 2e 63 6f 6d 20 6f 6e 6c 69 6e 65 20 47 49 46 20 6d 61 6b 65 72 00 21 ff 0b 4e 45 54 53 43 41 50 45 32 2e 30 03 01 00 00 00 2c 00 00 00 00 60 01 03 00 00 02 36 84 1d a9 b7 07 ed 50 8a 6c d2 8b b3 de bc fb 0f 86 e2 48 96 e6 89 a2 0a 04 49 01 d6 3a 71 4a d7 f6 8d e7 fa ce 6b ab f5 00 ba 60 42 59 b1 87 4c 2a 97 cc 26 af 00 00 21 f9 04 09 05 00 00 00 2c 00 00 00 00 60 01 03 00 00 02 39 84 1f 69 19 07 ec 96 8a b2 51 34 af de bc fb 0f 86 e2 48 96 e6 89 a6 6a 0a 3d 99 6b 39 2d 35 5f f5 8a e7 fa ce f7 fe 0f 8c b4 6a 37 98 a6 28 7b 05 97 cc a6 f3 09 d5 15 00 00 21 f9 04 09 03 00 00 00 2c 00 00 00 00 60 01 03 00 00 02 39 84 0f
                                  Data Ascii: GIF89a`iii!!&Edited with ezgif.com online GIF maker!NETSCAPE2.0,`6PlHI:qJk`BYL*&!,`9iQ4Hj=k9-5_j7({!,`9


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  30192.168.2.64976013.107.213.414435660C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  2024-04-26 13:14:52 UTC422OUTGET /shared/1.0/content/images/picker_account_aad_a8332c62695d74843a11daf39a74e552.svg HTTP/1.1
                                  Host: aadcdn.msauth.net
                                  Connection: keep-alive
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  Accept: */*
                                  Sec-Fetch-Site: none
                                  Sec-Fetch-Mode: cors
                                  Sec-Fetch-Dest: empty
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-US,en;q=0.9
                                  2024-04-26 13:14:53 UTC805INHTTP/1.1 200 OK
                                  Date: Fri, 26 Apr 2024 13:14:53 GMT
                                  Content-Type: image/svg+xml
                                  Content-Length: 628
                                  Connection: close
                                  Cache-Control: public, max-age=31536000
                                  Content-Encoding: gzip
                                  Last-Modified: Wed, 24 May 2023 10:11:48 GMT
                                  ETag: 0x8DB5C3F4963155C
                                  x-ms-request-id: 4b858eb7-d01e-0037-7ccc-971581000000
                                  x-ms-version: 2009-09-19
                                  x-ms-lease-status: unlocked
                                  x-ms-blob-type: BlockBlob
                                  Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                  Access-Control-Allow-Origin: *
                                  x-azure-ref: 20240426T131453Z-1865489d5f44crzvr9btg9hunn0000000bd000000000gh06
                                  x-fd-int-roxy-purgeid: 4554691
                                  X-Cache: TCP_HIT
                                  X-Cache-Info: L1_T2
                                  Accept-Ranges: bytes
                                  2024-04-26 13:14:53 UTC628INData Raw: 1f 8b 08 00 00 00 00 00 04 00 6d 94 4d 6f db 30 0c 86 ff 8a e1 5d 25 46 d4 97 a5 36 09 90 9d 72 58 af 3b f4 e6 26 69 1d c0 5d 8b 26 48 5a 0c fd ef 23 25 ba cb d6 42 f1 e3 98 34 c5 57 24 93 f9 e1 f4 d0 bc 3e 8e bf 0e 8b 76 38 1e 9f af 66 b3 f3 f9 0c 67 07 4f 2f 0f 33 6b 8c 99 d1 1b 6d 73 de 6f 8f c3 a2 f5 a9 6d 86 dd fe 61 38 d6 ef a7 fd ee fc fd e9 75 d1 9a c6 34 3e d1 a7 5d ce b7 bb fb c3 72 7e 38 be 8d bb 25 f4 bf ef f7 e3 78 f5 6d 17 79 5d bf c3 9d 18 bc e1 75 fd 3e 9f d5 37 e7 b3 1a b7 d9 bf 6c c6 5d b3 19 fb 03 69 ea db 66 43 db 5b 4f f7 b7 7a 7f 29 b7 d9 72 fe dc 1f 87 e9 bd bb b6 d9 2e da 1b 67 21 28 f4 2b 04 9f ad aa 34 b4 50 39 af 30 40 f8 e9 12 84 e2 f6 aa 52 dc 1c e8 cd a0 b1 fb c2 8b 5e 71 dc 49 5b f7 95 37 94 a4 83 87 d4 b9 51 3b 1d 07 0b 36
                                  Data Ascii: mMo0]%F6rX;&i]&HZ#%B4W$>v8fgO/3kmsoma8u4>]r~8%xmy]u>7l]ifC[Oz)r.g!(+4P90@R^qI[7Q;6


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  31192.168.2.64976513.107.213.414435660C:\Program Files\Google\Chrome\Application\chrome.exe
                                  TimestampBytes transferredDirectionData
                                  2024-04-26 13:14:52 UTC422OUTGET /shared/1.0/content/images/picker_account_msa_3b879963b4f70829fd7a25cbc9519792.svg HTTP/1.1
                                  Host: aadcdn.msauth.net
                                  Connection: keep-alive
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                  Accept: */*
                                  Sec-Fetch-Site: none
                                  Sec-Fetch-Mode: cors
                                  Sec-Fetch-Dest: empty
                                  Accept-Encoding: gzip, deflate, br
                                  Accept-Language: en-US,en;q=0.9
                                  2024-04-26 13:14:53 UTC785INHTTP/1.1 200 OK
                                  Date: Fri, 26 Apr 2024 13:14:53 GMT
                                  Content-Type: image/svg+xml
                                  Content-Length: 254
                                  Connection: close
                                  Cache-Control: public, max-age=31536000
                                  Content-Encoding: gzip
                                  Last-Modified: Wed, 24 May 2023 10:11:48 GMT
                                  ETag: 0x8DB5C3F496CFFA1
                                  x-ms-request-id: 4010cecf-801e-0016-7fdb-97afb0000000
                                  x-ms-version: 2009-09-19
                                  x-ms-lease-status: unlocked
                                  x-ms-blob-type: BlockBlob
                                  Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                  Access-Control-Allow-Origin: *
                                  x-azure-ref: 20240426T131453Z-17644f8887f4rd5w3b1uwdc9n400000000q0000000005fh7
                                  x-fd-int-roxy-purgeid: 4554691
                                  X-Cache: TCP_MISS
                                  Accept-Ranges: bytes
                                  2024-04-26 13:14:53 UTC254INData Raw: 1f 8b 08 00 00 00 00 00 04 00 6d 50 cb 6e c3 20 10 fc 15 44 af 78 59 30 06 5c d9 96 d2 7b 7f 20 37 cb a1 06 c9 79 c8 46 21 fd fb 9a 90 f6 54 0d 9a 59 98 59 ad 96 6e bb cf e4 71 5e 2e 5b 4f 7d 8c b7 77 ce 53 4a 90 6a b8 ae 33 97 88 c8 f7 04 25 29 9c a2 ef a9 b2 94 78 17 66 1f 4b 7d 0f 2e 7d 5c 1f 3d 45 82 44 d9 fd d0 a1 8b 21 2e 6e 18 b7 cd c5 ad e3 e5 d6 4d 61 9d 16 47 a6 3d 2b 15 25 d3 77 d1 b5 c8 57 58 96 9e be 39 9d 41 f9 d0 dd c6 e8 c9 a9 a7 9f a2 06 a5 58 ad bd 80 56 8e 16 b4 62 4f 42 26 32 0c 48 cb b0 98 02 a1 31 35 7b 09 66 54 1a 1a dd 56 2d 18 23 98 01 6d 0b e5 66 ac 0c b4 56 32 3c fc d3 c7 7e c7 1e cf 0a 6c 25 34 d4 f2 d0 80 d1 ec 49 65 b8 54 4c 36 39 96 df f4 8b b1 98 16 76 57 b4 fb b0 e3 df 76 0a 33 f2 76 f9 4f 87 1f 7d d7 81 14 7b 01 00 00
                                  Data Ascii: mPn DxY0\{ 7yF!TYYnq^.[O}wSJj3%)xfK}.}\=ED!.nMaG=+%wWX9AXVbOB&2H15{fTV-#mfV2<~l%4IeTL69vWv3vO}{


                                  Session IDSource IPSource PortDestination IPDestination Port
                                  32192.168.2.64976920.25.241.18443
                                  TimestampBytes transferredDirectionData
                                  2024-04-26 13:15:09 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 2f 63 45 52 5a 33 2b 68 43 55 4b 5a 31 4b 68 42 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 38 37 37 33 66 66 36 66 34 30 62 31 31 33 64 0d 0a 0d 0a
                                  Data Ascii: CNT 1 CON 305MS-CV: /cERZ3+hCUKZ1KhB.1Context: 88773ff6f40b113d
                                  2024-04-26 13:15:09 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                  Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                  2024-04-26 13:15:09 UTC1076OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 33 0d 0a 4d 53 2d 43 56 3a 20 2f 63 45 52 5a 33 2b 68 43 55 4b 5a 31 4b 68 42 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 38 37 37 33 66 66 36 66 34 30 62 31 31 33 64 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 54 6f 32 30 78 4e 62 4c 4e 34 4a 2b 65 74 51 42 52 35 78 49 37 64 7a 31 6a 57 74 6b 43 30 56 77 4b 55 58 77 68 44 58 41 4b 4f 42 51 36 35 30 70 53 38 6a 58 35 73 75 63 6e 74 71 6c 4e 2b 6d 74 35 50 7a 77 39 56 38 55 61 42 52 74 2b 4f 47 32 2b 4a 31 56 65 6b 34 42 50 46 33 66 67 56 4c 68 78 71 56 44 78 68 35 6f 74 4f 35 4f 33
                                  Data Ascii: ATH 2 CON\DEVICE 1053MS-CV: /cERZ3+hCUKZ1KhB.2Context: 88773ff6f40b113d<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAATo20xNbLN4J+etQBR5xI7dz1jWtkC0VwKUXwhDXAKOBQ650pS8jX5sucntqlN+mt5Pzw9V8UaBRt+OG2+J1Vek4BPF3fgVLhxqVDxh5otO5O3
                                  2024-04-26 13:15:09 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 2f 63 45 52 5a 33 2b 68 43 55 4b 5a 31 4b 68 42 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 38 37 37 33 66 66 36 66 34 30 62 31 31 33 64 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                  Data Ascii: BND 3 CON\WNS 0 197MS-CV: /cERZ3+hCUKZ1KhB.3Context: 88773ff6f40b113d<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                  2024-04-26 13:15:09 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                  Data Ascii: 202 1 CON 58
                                  2024-04-26 13:15:09 UTC58INData Raw: 4d 53 2d 43 56 3a 20 42 65 6a 4b 78 45 68 34 33 45 61 57 58 62 30 65 78 52 6d 5a 53 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                  Data Ascii: MS-CV: BejKxEh43EaWXb0exRmZSw.0Payload parsing failed.


                                  Session IDSource IPSource PortDestination IPDestination Port
                                  33192.168.2.64977120.25.241.18443
                                  TimestampBytes transferredDirectionData
                                  2024-04-26 13:15:28 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4a 30 41 6c 79 54 50 55 76 6b 61 62 6b 45 53 4c 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 32 34 37 64 62 61 39 30 33 37 61 63 32 61 32 0d 0a 0d 0a
                                  Data Ascii: CNT 1 CON 305MS-CV: J0AlyTPUvkabkESL.1Context: e247dba9037ac2a2
                                  2024-04-26 13:15:28 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                  Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                  2024-04-26 13:15:28 UTC1076OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 33 0d 0a 4d 53 2d 43 56 3a 20 4a 30 41 6c 79 54 50 55 76 6b 61 62 6b 45 53 4c 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 32 34 37 64 62 61 39 30 33 37 61 63 32 61 32 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 54 6f 32 30 78 4e 62 4c 4e 34 4a 2b 65 74 51 42 52 35 78 49 37 64 7a 31 6a 57 74 6b 43 30 56 77 4b 55 58 77 68 44 58 41 4b 4f 42 51 36 35 30 70 53 38 6a 58 35 73 75 63 6e 74 71 6c 4e 2b 6d 74 35 50 7a 77 39 56 38 55 61 42 52 74 2b 4f 47 32 2b 4a 31 56 65 6b 34 42 50 46 33 66 67 56 4c 68 78 71 56 44 78 68 35 6f 74 4f 35 4f 33
                                  Data Ascii: ATH 2 CON\DEVICE 1053MS-CV: J0AlyTPUvkabkESL.2Context: e247dba9037ac2a2<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAATo20xNbLN4J+etQBR5xI7dz1jWtkC0VwKUXwhDXAKOBQ650pS8jX5sucntqlN+mt5Pzw9V8UaBRt+OG2+J1Vek4BPF3fgVLhxqVDxh5otO5O3
                                  2024-04-26 13:15:28 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4a 30 41 6c 79 54 50 55 76 6b 61 62 6b 45 53 4c 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 32 34 37 64 62 61 39 30 33 37 61 63 32 61 32 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                  Data Ascii: BND 3 CON\WNS 0 197MS-CV: J0AlyTPUvkabkESL.3Context: e247dba9037ac2a2<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                  2024-04-26 13:15:28 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                  Data Ascii: 202 1 CON 58
                                  2024-04-26 13:15:28 UTC58INData Raw: 4d 53 2d 43 56 3a 20 73 62 74 39 35 61 59 43 2b 45 32 6d 76 64 4d 72 5a 63 49 2b 52 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                  Data Ascii: MS-CV: sbt95aYC+E2mvdMrZcI+RQ.0Payload parsing failed.


                                  Statistics

                                  CPU Usage

                                  Click to jump to process

                                  Memory Usage

                                  Click to jump to process

                                  Behavior

                                  Click to jump to process

                                  System Behavior

                                  General

                                  Target ID:0
                                  Start time:15:13:55
                                  Start date:26/04/2024
                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  Wow64 process (32bit):false
                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                                  Imagebase:0x7ff684c40000
                                  File size:3'242'272 bytes
                                  MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:low
                                  Has exited:false

                                  General

                                  Target ID:2
                                  Start time:15:14:03
                                  Start date:26/04/2024
                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  Wow64 process (32bit):false
                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2672 --field-trial-handle=2556,i,9315892413422290450,9261175574339091419,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                  Imagebase:0x7ff684c40000
                                  File size:3'242'272 bytes
                                  MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:low
                                  Has exited:false

                                  General

                                  Target ID:3
                                  Start time:15:14:05
                                  Start date:26/04/2024
                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  Wow64 process (32bit):false
                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://westernstainless.sharepoint.com"
                                  Imagebase:0x7ff684c40000
                                  File size:3'242'272 bytes
                                  MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:low
                                  Has exited:true

                                  Disassembly

                                  No disassembly