Edit tour

Windows Analysis Report
https://mato-vldcmm.click/4

Overview

General Information

Sample URL:	https://mato-vldcmm.click/4
Analysis ID:	1637077
Infos:

Detection

Score:	56
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Creates files inside the system directory

Deletes files inside the Windows folder

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4600 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 3944 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1936,i,4356601583853059159,6849157878571113239,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2188 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6912 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mato-vldcmm.click/4" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://mato-vldcmm.click/4

Avira URL Cloud: detection malicious, Label: phishing

Antivirus detection for URL or domain

Source: https://mato-vldcmm.click/static/images/anh5.png	Avira URL Cloud: Label: phishing
Source: https://mato-vldcmm.click/static/images/anhfb.png	Avira URL Cloud: Label: phishing
Source: https://mato-vldcmm.click/static/js/4.js	Avira URL Cloud: Label: phishing
Source: https://mato-vldcmm.click/static/images/aanh77.jpg	Avira URL Cloud: Label: phishing
Source: https://mato-vldcmm.click/static/css/4.css	Avira URL Cloud: Label: phishing

Source: unknown	HTTPS traffic detected: 13.107.246.76:443 -> 192.168.2.12:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.76:443 -> 192.168.2.12:49746 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.5
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.5
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.5
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.5
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.5
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.5
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.5
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.76
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.76
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.76
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.76
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.76
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.76
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.76
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.76
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.76
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.76
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.76
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.76
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.76
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.76
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.76
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.76
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.76
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.76
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.76
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.76
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.76
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.76
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.76
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.76
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.76
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.76
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.76
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.76
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.76
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.76

Source: global traffic	HTTP traffic detected: GET /4 HTTP/1.1Host: mato-vldcmm.clickConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/css/4.css HTTP/1.1Host: mato-vldcmm.clickConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://mato-vldcmm.click/4Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: session=eyJsYW5ndWFnZSI6ImVuIn0.Z9Ko8w._6gqv9B4NZE0cKPG-3UQLWguNWA
Source: global traffic	HTTP traffic detected: GET /static/images/anh5.png HTTP/1.1Host: mato-vldcmm.clickConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mato-vldcmm.click/4Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: session=eyJsYW5ndWFnZSI6ImVuIn0.Z9Ko8w._6gqv9B4NZE0cKPG-3UQLWguNWA
Source: global traffic	HTTP traffic detected: GET /static/images/aanh77.jpg HTTP/1.1Host: mato-vldcmm.clickConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mato-vldcmm.click/4Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: session=eyJsYW5ndWFnZSI6ImVuIn0.Z9Ko8w._6gqv9B4NZE0cKPG-3UQLWguNWA
Source: global traffic	HTTP traffic detected: GET /static/js/4.js HTTP/1.1Host: mato-vldcmm.clickConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://mato-vldcmm.click/4Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: session=eyJsYW5ndWFnZSI6ImVuIn0.Z9Ko8w._6gqv9B4NZE0cKPG-3UQLWguNWA
Source: global traffic	HTTP traffic detected: GET /static/images/anhfb.png HTTP/1.1Host: mato-vldcmm.clickConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mato-vldcmm.click/4Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: session=eyJsYW5ndWFnZSI6ImVuIn0.Z9Ko8w._6gqv9B4NZE0cKPG-3UQLWguNWA
Source: global traffic	HTTP traffic detected: GET /static/images/anh5.png HTTP/1.1Host: mato-vldcmm.clickConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: session=eyJsYW5ndWFnZSI6ImVuIn0.Z9Ko8w._6gqv9B4NZE0cKPG-3UQLWguNWA
Source: global traffic	HTTP traffic detected: GET /static/images/aanh77.jpg HTTP/1.1Host: mato-vldcmm.clickConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: session=eyJsYW5ndWFnZSI6ImVuIn0.Z9Ko8w._6gqv9B4NZE0cKPG-3UQLWguNWA
Source: global traffic	HTTP traffic detected: GET /static/images/anhfb.png HTTP/1.1Host: mato-vldcmm.clickConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: session=eyJsYW5ndWFnZSI6ImVuIn0.Z9Ko8w._6gqv9B4NZE0cKPG-3UQLWguNWA
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global traffic	HTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global traffic	HTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global traffic	HTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global traffic	HTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global traffic	HTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global traffic	HTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global traffic	HTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global traffic	HTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global traffic	HTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global traffic	HTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global traffic	HTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global traffic	HTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global traffic	HTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global traffic	HTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global traffic	HTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global traffic	HTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global traffic	HTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global traffic	HTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global traffic	HTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global traffic	HTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global traffic	HTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global traffic	HTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global traffic	HTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global traffic	HTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global traffic	HTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global traffic	HTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global traffic	HTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global traffic	HTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global traffic	HTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global traffic	HTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global traffic	HTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global traffic	HTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: mato-vldcmm.click

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49683
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49683 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49679 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 13.107.246.76:443 -> 192.168.2.12:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.76:443 -> 192.168.2.12:49746 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir4600_765359885

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir4600_765359885

Jump to behavior

Source: classification engine

Classification label: mal56.win@23/17@6/3

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1936,i,4356601583853059159,6849157878571113239,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2188 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mato-vldcmm.click/4"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1936,i,4356601583853059159,6849157878571113239,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2188 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://mato-vldcmm.click/4	100%	Avira URL Cloud	phishing

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://mato-vldcmm.click/static/images/anh5.png	100%	Avira URL Cloud	phishing
https://mato-vldcmm.click/static/images/anhfb.png	100%	Avira URL Cloud	phishing
https://mato-vldcmm.click/static/js/4.js	100%	Avira URL Cloud	phishing
https://mato-vldcmm.click/static/images/aanh77.jpg	100%	Avira URL Cloud	phishing
https://mato-vldcmm.click/static/css/4.css	100%	Avira URL Cloud	phishing

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
mato-vldcmm.click	103.136.41.106	true	false		unknown
www.google.com	142.250.185.132	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://otelrules.svc.static.microsoft/rules/rule702701v1s19.xml	false		high
https://otelrules.svc.static.microsoft/rules/rule704001v0s19.xml	false		high
https://otelrules.svc.static.microsoft/rules/other-Win32-v19.bundle	false		high
https://mato-vldcmm.click/static/images/anh5.png	false	Avira URL Cloud: phishing	unknown
https://mato-vldcmm.click/static/images/aanh77.jpg	false	Avira URL Cloud: phishing	unknown
https://otelrules.svc.static.microsoft/rules/rule702001v1s19.xml	false		high
https://otelrules.svc.static.microsoft/rules/rule700300v1s19.xml	false		high
https://otelrules.svc.static.microsoft/rules/rule702401v1s19.xml	false		high
https://otelrules.svc.static.microsoft/rules/rule700451v1s19.xml	false		high
https://mato-vldcmm.click/static/css/4.css	false	Avira URL Cloud: phishing	unknown
https://otelrules.svc.static.microsoft/rules/rule703050v3s19.xml	false		high
https://otelrules.svc.static.microsoft/rules/rule702600v1s19.xml	false		high
https://otelrules.svc.static.microsoft/rules/rule704000v0s19.xml	false		high
https://otelrules.svc.static.microsoft/rules/rule702601v1s19.xml	false		high
https://mato-vldcmm.click/4	true		unknown
https://otelrules.svc.static.microsoft/rules/rule700950v1s19.xml	false		high
https://otelrules.svc.static.microsoft/rules/rule703251v1s19.xml	false		high
https://otelrules.svc.static.microsoft/rules/rule701900v1s19.xml	false		high
https://mato-vldcmm.click/static/images/anhfb.png	false	Avira URL Cloud: phishing	unknown
https://otelrules.svc.static.microsoft/rules/rule702100v1s19.xml	false		high
https://otelrules.svc.static.microsoft/rules/rule703550v0s19.xml	false		high
https://otelrules.svc.static.microsoft/rules/rule700301v1s19.xml	false		high
https://otelrules.svc.static.microsoft/rules/rule701550v1s19.xml	false		high
https://otelrules.svc.static.microsoft/rules/rule700100v1s19.xml	false		high
https://otelrules.svc.static.microsoft/rules/rule703201v1s19.xml	false		high
https://otelrules.svc.static.microsoft/rules/rule701901v1s19.xml	false		high
https://otelrules.svc.static.microsoft/rules/rule703250v1s19.xml	false		high
https://mato-vldcmm.click/static/js/4.js	false	Avira URL Cloud: phishing	unknown
https://otelrules.svc.static.microsoft/rules/rule702400v1s19.xml	false		high
https://otelrules.svc.static.microsoft/rules/rule702101v1s19.xml	false		high
https://otelrules.svc.static.microsoft/rules/rule702000v1s19.xml	false		high
https://otelrules.svc.static.microsoft/rules/rule703551v0s19.xml	false		high
https://otelrules.svc.static.microsoft/rules/rule700450v1s19.xml	false		high
https://otelrules.svc.static.microsoft/rules/rule700101v1s19.xml	false		high
https://otelrules.svc.static.microsoft/rules/rule702700v1s19.xml	false		high
https://otelrules.svc.static.microsoft/rules/rule701551v1s19.xml	false		high
https://otelrules.svc.static.microsoft/rules/rule700951v1s19.xml	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
103.136.41.106	mato-vldcmm.click	India		139884	AGPL-AS-APApeironGlobalPvtLtdIN	false
142.250.185.132	www.google.com	United States		15169	GOOGLEUS	false

Private

IP
192.168.2.12

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1637077
Start date and time:	2025-03-13 10:43:03 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 24s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://mato-vldcmm.click/4
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.win@23/17@6/3
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, RuntimeBroker.exe, ShellExperienceHost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe, TextInputHost.exe
Excluded IPs from analysis (whitelisted): 216.58.206.67, 142.250.184.206, 142.250.181.238, 74.125.206.84, 172.217.23.110, 142.250.186.142, 172.217.18.14, 142.250.185.106, 142.250.185.138, 216.58.206.42, 172.217.18.106, 142.250.184.202, 142.250.186.42, 142.250.185.74, 142.250.186.106, 216.58.206.74, 142.250.181.234, 216.58.212.138, 142.250.185.170, 142.250.186.138, 142.250.186.170, 142.250.186.74, 142.250.185.202, 199.232.214.172, 142.250.184.238, 142.250.185.142, 216.58.206.46, 216.58.212.174, 142.250.184.195, 142.250.185.67, 142.250.186.110, 23.60.203.209, 4.175.87.197
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, otelrules.svc.static.microsoft, update.googleapis.com, clients.l.google.com, c.pki.goog
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://mato-vldcmm.click/4

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	2756
Entropy (8bit):	4.619628806121979
Encrypted:	false
SSDEEP:	48:UjV/dLEOz/o67CsjWK4QOdTi3ed3FBF0xGWKWVWA+8zi2r:UnjkC9W2gV5FzYZkAvr
MD5:	EE654AB799F69891802CD9E293DE1ED8
SHA1:	A1B1D4F63E556091B607941F02708C49A6005AF5
SHA-256:	8294200D0D8E73F7EB64817443E6A4563AF2F604DE7E8E79B9C8881628E0BD9C
SHA-512:	98F292D0B9AC7E898854046005AF856D846CB89853F3B96CFDC5FD6E3EE770C4854B972192F851AF4EE754362E98642E151B2D35AC5290B26C032F5C0B4846A1
Malicious:	false
Reputation:	low
URL:	https://mato-vldcmm.click/static/css/4.css
Preview:	body {.. height: 100%; .. margin: 0;.. width: 100%;.. background-color: rgb(251, 243, 243);.. overflow-x: hidden;..}.....lop3 {.. background-color: rgb(221, 211, 211);.. height: 10%;.. max-width: 100%;.. margin: 0 auto;.. display: flex;.. justify-content: space-between;.. align-items: center;.. padding: auto;....}.....hinh1 {.. width: 6%;.. margin: 10px auto; .. display: block;.. margin-left: 1%;..}...h1{.. font-size: 2vw;..}...h2{.. font-size: 1.2vw;..}...h3{.. font-size: 0.8vw;..}...hh1{.. font-size: 0.8vw;.. color: #007bff;.. text-align: center;..}.....main{.. width: 40%;.. margin: 0 auto;..}...hinh2{.. width: 100%;..}...bang{.. max-width: 100%;..}..input[type="number"] {.. width: 100%;.. padding: 20px;.. box-sizing: border-box; .. text-align: center;..}....#submitButton {.. position: relative; .. width: 100%;.. padding: 2.5%;.. background-color: #007bff;.. color: white;..

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 800 x 162, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	20853
Entropy (8bit):	7.983063609715178
Encrypted:	false
SSDEEP:	384:QIgyhEB8XjcQzqc2PzYVlMaqMxkwuva9d4nUsDem+Z7JB:Q8GS4bcOmO3nwlaqJ7JB
MD5:	15DE4E2F02BB0541E47037D8238B261C
SHA1:	DA72297816F1EAA6AE4809A44EA3A36178A99ACC
SHA-256:	B310A4DE3273331BBD765E004C21B829ECD722512DFFAEF39D5F29E767144617
SHA-512:	AE97919DA9731E8BFECC05B2FC8DB2E7B05D14E761B935A85C120B1209ECF45120BDC4BF43951A7417576E00EDFBC125D7D4237B3DEF2D5405E3184132EA56FE
Malicious:	false
Reputation:	low
URL:	https://mato-vldcmm.click/static/images/anh5.png
Preview:	.PNG........IHDR... ...........&....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD..............tIME.....9-.=....PyIDATx..w\|...........P ...Hb.$.Vk.h.....U+......uOD.P.U..U;..-&A"...@. C.I....G.u0....y.^....9..<g\|....r..o. ...8.d$J1.;..QB(. ..c..X..Ft!.,DX.....L....#....86.......(..../......8.....E ."2.?1........0..0.#}.....{..i G.V.=.l...MD.@B..x.D.7..J.tT.\|..&...Ix.z.5.%...._7Ab..a..a.$..3o..G...C).....4.(.>MB../....m..x.h...c.(q%.s.M.0.".I...0..0....s..HL.v..wK.i>...!y....3w......E..t..J..(...O.Yb.b..a..a...L......!2 MM...A.a.g@47.G.0.+.}.Vq...^..:....0..0L.l.S.\.D....H...z5.J.../.....v`.4.... :..y564....+....I.kmx..k..bp..c...9.....GY...a$.pF.....%....S..~w.?1~..w%...g.z......(g.^...#Q...;.C#....."R!...".RQ..w3p.5Bz....`..8c/..a....6......^%$Od...,...../\|...g..R..q6..{..f.....H\|..c........Z\Vy..!}((.s `mb..a.$.......-..Y....;...T...s..0%.,w.}2.Mz.7#..QmCE..#..i.g.x.....`..a.$X.i............(S....N]<*c.br.......Y.6.....

Chrome Cache Entry: 61

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=10], baseline, precision 8, 565x320, components 3
Category:	downloaded
Size (bytes):	46927
Entropy (8bit):	6.268034470280978
Encrypted:	false
SSDEEP:	768:6jkZn8vhDlhq8UZYPVlw7gXmZ5K1GR4Ti0/iZos34s:6Y8Jlhq8U6PjugXmZlZysIs
MD5:	221A7402A54BF6F2CCED09A9B878CD08
SHA1:	4E50336A90ABEBC1AD3E59265B0E0528BCBDF6BC
SHA-256:	562EE34818E6134777AF51EF5F4EF12495A7160806BD7DDFFEEFE0461225F285
SHA-512:	6231F7B5A9E6C5AB27CFD9064569F3E61CD5F95872D8580888650BE4059399A79240F73065ECB0A25A82940132DA12FF4E6E91BBF2D6BFA6C54CE3F8761089CF
Malicious:	false
Reputation:	low
URL:	https://mato-vldcmm.click/static/images/aanh77.jpg
Preview:	......JFIF.....`.`....+>Exif..MM.*.............&.........................................(...........1.....&.....2.......................i.........................6....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 62

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text
Category:	downloaded
Size (bytes):	2401
Entropy (8bit):	4.53153620723126
Encrypted:	false
SSDEEP:	24:hY7wOupvMPRrYqJo3ZTVfj4m0T/zi2uTRg4DB6vQAfmv7VavJpE1T4cV4T:gupvM3JRT/W3TRHDBAQ37SJpMuT
MD5:	917D3B211BF215D1D559B826BF7E9065
SHA1:	C0820C4015E30A037229D36678DF0DB40A61B6A6
SHA-256:	4842B9EFFDD7D92497EB81BF38A2E903D6A704071A6CD2D266323ED2B6D69BC9
SHA-512:	F36F8B496BDD4BD758ED61EFC3B16DBDB6BF01A4791288DD3C1C2B877823BC77A11F001C2725634BF8DEC15D6EFB1A0DC82C3A1675A46141C644A7CC63C035B1
Malicious:	false
Reputation:	low
URL:	https://mato-vldcmm.click/4
Preview:	<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">. <title>Account verification</title>. <link rel="stylesheet" type="text/css" href="/static/css/4.css">. <link rel="icon" href="/static/images/anhfb.png" type="image/webp">.. <style>. input[type='number']::-webkit-outer-spin-button,. input[type='number']::-webkit-inner-spin-button {. -webkit-appearance: none;. -moz-appearance: textfield;. appearance: none;. margin: 0;. }. </style>. . <meta http-equiv="X-Content-Type-Options" content="nosniff">. <meta http-equiv="X-Frame-Options" content="DENY">. <meta http-equiv="X-XSS-Protection" content="1; mode=block">.</head>.<body>.. <div class="header-container">. <div class="lop3">. <img class="hinh1" src="/static/images/anh5.png" alt="H.nh .nh m. t.">.

Chrome Cache Entry: 63

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=10], baseline, precision 8, 565x320, components 3
Category:	dropped
Size (bytes):	46927
Entropy (8bit):	6.268034470280978
Encrypted:	false
SSDEEP:	768:6jkZn8vhDlhq8UZYPVlw7gXmZ5K1GR4Ti0/iZos34s:6Y8Jlhq8U6PjugXmZlZysIs
MD5:	221A7402A54BF6F2CCED09A9B878CD08
SHA1:	4E50336A90ABEBC1AD3E59265B0E0528BCBDF6BC
SHA-256:	562EE34818E6134777AF51EF5F4EF12495A7160806BD7DDFFEEFE0461225F285
SHA-512:	6231F7B5A9E6C5AB27CFD9064569F3E61CD5F95872D8580888650BE4059399A79240F73065ECB0A25A82940132DA12FF4E6E91BBF2D6BFA6C54CE3F8761089CF
Malicious:	false
Reputation:	low
Preview:	......JFIF.....`.`....+>Exif..MM.*.............&.........................................(...........1.....&.....2.......................i.........................6....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 64

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 225 x 225, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	2974
Entropy (8bit):	7.882383767695701
Encrypted:	false
SSDEEP:	48:bdA87jno0EegCavbhZwTJH2R6DUqGkMww+F8WMSrVm8KOgykgU69Aryt1fu4/4VT:bdAano0Eeyv9ZwT8R6/GkM5S8WMSmsgD
MD5:	237F47F500DC0A9AE91103831828731F
SHA1:	419A44F82EB05166083DCA1BCD59E3BA9461587C
SHA-256:	500917BA42B581B0EB80B73CEE28E2B8380E898583A017AEEA964340B420DF17
SHA-512:	DE856A9871D3E42E28ED9B0840264FF814EDBDD87B9970947D290421BB9CE40CCC50F78F0FEE8C5F30C6EFF808D3E273FAE272A600E930784AF7C33024255555
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR..............m"H....PLTE.w.....l..r..x..q..n........k......t..s...._.....Y..P..............h....................o.....y..(..A.....T......F........-...g..r.....IDATx............F...r.A....h9..X....j.n.u......X....&.......m...l.#..?.t>.mK0...7...._....j2.Kq...b..\.+...R\d....{..p:x.l........S........nd...X4........I{.U).;..H>........%....M._..sp...V\=..Ro.Sdor8..h>..U...,Z.=<.]....;.7.\...Ng.{.Y.<I...M8M..w2.!.H..b..%T.R.......Kp.v.s..+....(....6.A.1..Aa{..o.."......p.h.....F..!..;.{..Z.....=.;...p/.7Xj9.c'..B......'........J...^...a...$....T..{..fB.7..C.....i.o(.>.0#.\|...R...{.'L..H......<O%....G.........~....X+\|.7x.zb..i..K.o.F.>;0.njj.j..9..\|..v.R.}.....wS%\|.............+F.za........^.{..`]...p.T;..1I...6..)F.......D5..c...b0z.......0_...mK&.#.y..[....x.1A...N~..yo.U.t~/.L2j.-.G..afP...>K..V.p..G.\[.\...F.)....2.]...0b.Sa....g..`,.X..T.p.,.lh.>f.T/f....*i.8f#.XI..(l.z.s...F......zT..\|v... \|..(...J.%...p.j....Q.N.B.....

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 225 x 225, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	2974
Entropy (8bit):	7.882383767695701
Encrypted:	false
SSDEEP:	48:bdA87jno0EegCavbhZwTJH2R6DUqGkMww+F8WMSrVm8KOgykgU69Aryt1fu4/4VT:bdAano0Eeyv9ZwT8R6/GkM5S8WMSmsgD
MD5:	237F47F500DC0A9AE91103831828731F
SHA1:	419A44F82EB05166083DCA1BCD59E3BA9461587C
SHA-256:	500917BA42B581B0EB80B73CEE28E2B8380E898583A017AEEA964340B420DF17
SHA-512:	DE856A9871D3E42E28ED9B0840264FF814EDBDD87B9970947D290421BB9CE40CCC50F78F0FEE8C5F30C6EFF808D3E273FAE272A600E930784AF7C33024255555
Malicious:	false
Reputation:	low
URL:	https://mato-vldcmm.click/static/images/anhfb.png
Preview:	.PNG........IHDR..............m"H....PLTE.w.....l..r..x..q..n........k......t..s...._.....Y..P..............h....................o.....y..(..A.....T......F........-...g..r.....IDATx............F...r.A....h9..X....j.n.u......X....&.......m...l.#..?.t>.mK0...7...._....j2.Kq...b..\.+...R\d....{..p:x.l........S........nd...X4........I{.U).;..H>........%....M._..sp...V\=..Ro.Sdor8..h>..U...,Z.=<.]....;.7.\...Ng.{.Y.<I...M8M..w2.!.H..b..%T.R.......Kp.v.s..+....(....6.A.1..Aa{..o.."......p.h.....F..!..;.{..Z.....=.;...p/.7Xj9.c'..B......'........J...^...a...$....T..{..fB.7..C.....i.o(.>.0#.\|...R...{.'L..H......<O%....G.........~....X+\|.7x.zb..i..K.o.F.>;0.njj.j..9..\|..v.R.}.....wS%\|.............+F.za........^.{..`]...p.T;..1I...6..)F.......D5..c...b0z.......0_...mK&.#.y..[....x.1A...N~..yo.U.t~/.L2j.-.G..afP...>K..V.p..G.\[.\...F.)....2.]...0b.Sa....g..`,.X..T.p.,.lh.>f.T/f....*i.8f#.XI..(l.z.s...F......zT..\|v... \|..(...J.%...p.j....Q.N.B.....

Chrome Cache Entry: 66

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.75
Encrypted:	false
SSDEEP:	3:HBj:5
MD5:	08CC51D2CCA815261A61D4BBEE664FA3
SHA1:	75F61D1BF51BF7935113D0082C4006FCEB685A33
SHA-256:	36C71E7D367A491BA739F290F7B62987D8050FB52A0E1B38C0DDCA451B0E8F52
SHA-512:	9DAFF132D0A7F66C721AF3952840C711EC6BFA2877DA1C838839F260879822F1C91B97D88B6992C0333D301BAD62A1D22501695FDC56C957C2849849B85EBB53
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIZCY9yLBtAV7EREgUNdwWkEiGC-b40X3NIHw==?alt=proto
Preview:	CgkKBw13BaQSGgA=

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with CRLF line terminators
Category:	downloaded
Size (bytes):	3353
Entropy (8bit):	4.960311134290011
Encrypted:	false
SSDEEP:	48:FFQurLEk3rGjeIN7g8BTFxRgp9GKysBq4qWvkKy3Udirexhg4RL:v7rL141kkRxRSpq4qgirex+4RL
MD5:	87B7187F67E49C588733571A7FF7662E
SHA1:	5EE818B3F5963C501E57A24A23CAA02F111CB32B
SHA-256:	3EEE146619F13E5AAAD77E26626D7DCA9DB6496225663D74095F9690A1C781D4
SHA-512:	660AEEC973F6C92B335EA3931176E1EC5F0B125C7941A5A60337D6F209F1A66153373F4BE85818DDF73038A5103BA095FFF4DA3A606CC6A561618FDE820E686A
Malicious:	false
Reputation:	low
URL:	https://mato-vldcmm.click/static/js/4.js
Preview:	const messages = {.. en: {.. OTP1: "Don't be careless",.. otp1: "Incorrect OTP entered".. },.. it: {.. OTP1: "Non essere distratto",.. otp1: "OTP inserito non corretto".. },.. es: {.. OTP1: "No seas descuidado",.. otp1: "OTP ingresado incorrecto".. },.. de: {.. OTP1: "Sei nicht nachl.ssig",.. otp1: "Falscher OTP eingegeben".. },.. fr: {.. OTP1: "Ne sois pas n.gligent",.. otp1: "OTP incorrect saisi".. },.. id: {.. OTP1: "Jangan ceroboh",.. otp1: "OTP yang dimasukkan salah".. },.. ja: {.. OTP1: "...........",.. otp1: ".....OTP........".. },.. tw: {.. OTP1: "......",.. otp1: "...OTP...".. },.. th: {.. OTP1: "..........",.. otp1: ".... OTP ..........".. },.. ph: {.. OTP1: "Huwag magi

Chrome Cache Entry: 68

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 800 x 162, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	20853
Entropy (8bit):	7.983063609715178
Encrypted:	false
SSDEEP:	384:QIgyhEB8XjcQzqc2PzYVlMaqMxkwuva9d4nUsDem+Z7JB:Q8GS4bcOmO3nwlaqJ7JB
MD5:	15DE4E2F02BB0541E47037D8238B261C
SHA1:	DA72297816F1EAA6AE4809A44EA3A36178A99ACC
SHA-256:	B310A4DE3273331BBD765E004C21B829ECD722512DFFAEF39D5F29E767144617
SHA-512:	AE97919DA9731E8BFECC05B2FC8DB2E7B05D14E761B935A85C120B1209ECF45120BDC4BF43951A7417576E00EDFBC125D7D4237B3DEF2D5405E3184132EA56FE
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR... ...........&....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD..............tIME.....9-.=....PyIDATx..w\|...........P ...Hb.$.Vk.h.....U+......uOD.P.U..U;..-&A"...@. C.I....G.u0....y.^....9..<g\|....r..o. ...8.d$J1.;..QB(. ..c..X..Ft!.,DX.....L....#....86.......(..../......8.....E ."2.?1........0..0.#}.....{..i G.V.=.l...MD.@B..x.D.7..J.tT.\|..&...Ix.z.5.%...._7Ab..a..a.$..3o..G...C).....4.(.>MB../....m..x.h...c.(q%.s.M.0.".I...0..0....s..HL.v..wK.i>...!y....3w......E..t..J..(...O.Yb.b..a..a...L......!2 MM...A.a.g@47.G.0.+.}.Vq...^..:....0..0L.l.S.\.D....H...z5.J.../.....v`.4.... :..y564....+....I.kmx..k..bp..c...9.....GY...a$.pF.....%....S..~w.?1~..w%...g.z......(g.^...#Q...;.C#....."R!...".RQ..w3p.5Bz....`..8c/..a....6......^%$Od...,...../\|...g..R..q6..{..f.....H\|..c........Z\Vy..!}((.s `mb..a.$.......-..Y....;...T...s..0%.,w.}2.Mz.7#..QmCE..#..i.g.x.....`..a.$X.i............(S....N]<*c.br.......Y.6.....

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 13, 2025 10:44:00.474570990 CET	49673	443	192.168.2.12	204.79.197.203
Mar 13, 2025 10:44:04.318753004 CET	49679	443	192.168.2.12	20.189.173.5
Mar 13, 2025 10:44:04.630697012 CET	49679	443	192.168.2.12	20.189.173.5
Mar 13, 2025 10:44:05.240123034 CET	49679	443	192.168.2.12	20.189.173.5
Mar 13, 2025 10:44:05.286978006 CET	49673	443	192.168.2.12	204.79.197.203
Mar 13, 2025 10:44:05.913292885 CET	443	49683	2.23.227.208	192.168.2.12
Mar 13, 2025 10:44:05.913388014 CET	443	49683	2.23.227.208	192.168.2.12
Mar 13, 2025 10:44:05.913455009 CET	49683	443	192.168.2.12	2.23.227.208
Mar 13, 2025 10:44:05.913491011 CET	49683	443	192.168.2.12	2.23.227.208
Mar 13, 2025 10:44:06.443249941 CET	49679	443	192.168.2.12	20.189.173.5
Mar 13, 2025 10:44:08.849462986 CET	49679	443	192.168.2.12	20.189.173.5
Mar 13, 2025 10:44:13.697598934 CET	49679	443	192.168.2.12	20.189.173.5
Mar 13, 2025 10:44:14.004750013 CET	49697	443	192.168.2.12	142.250.185.132
Mar 13, 2025 10:44:14.004781008 CET	443	49697	142.250.185.132	192.168.2.12
Mar 13, 2025 10:44:14.004853010 CET	49697	443	192.168.2.12	142.250.185.132
Mar 13, 2025 10:44:14.005245924 CET	49697	443	192.168.2.12	142.250.185.132
Mar 13, 2025 10:44:14.005259037 CET	443	49697	142.250.185.132	192.168.2.12
Mar 13, 2025 10:44:14.906065941 CET	49673	443	192.168.2.12	204.79.197.203
Mar 13, 2025 10:44:16.002638102 CET	443	49697	142.250.185.132	192.168.2.12
Mar 13, 2025 10:44:16.003060102 CET	49697	443	192.168.2.12	142.250.185.132
Mar 13, 2025 10:44:16.003073931 CET	443	49697	142.250.185.132	192.168.2.12
Mar 13, 2025 10:44:16.004111052 CET	443	49697	142.250.185.132	192.168.2.12
Mar 13, 2025 10:44:16.004203081 CET	49697	443	192.168.2.12	142.250.185.132
Mar 13, 2025 10:44:16.006314039 CET	49697	443	192.168.2.12	142.250.185.132
Mar 13, 2025 10:44:16.006381035 CET	443	49697	142.250.185.132	192.168.2.12
Mar 13, 2025 10:44:16.046699047 CET	49697	443	192.168.2.12	142.250.185.132
Mar 13, 2025 10:44:16.046716928 CET	443	49697	142.250.185.132	192.168.2.12
Mar 13, 2025 10:44:16.093564034 CET	49697	443	192.168.2.12	142.250.185.132
Mar 13, 2025 10:44:16.644313097 CET	49699	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:16.644356012 CET	443	49699	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:16.644495964 CET	49699	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:16.644973040 CET	49700	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:16.645009995 CET	443	49700	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:16.645080090 CET	49700	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:16.645771980 CET	49700	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:16.645787001 CET	443	49700	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:16.646315098 CET	49699	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:16.646337986 CET	443	49699	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:18.613015890 CET	443	49699	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:18.613429070 CET	49699	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:18.613445997 CET	443	49699	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:18.613657951 CET	443	49700	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:18.614231110 CET	49700	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:18.614243031 CET	443	49700	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:18.614464998 CET	443	49699	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:18.614531994 CET	49699	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:18.615356922 CET	443	49700	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:18.615413904 CET	49700	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:18.615581989 CET	49699	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:18.615653992 CET	443	49699	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:18.615968943 CET	49700	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:18.616035938 CET	443	49700	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:18.616235971 CET	49699	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:18.616251945 CET	443	49699	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:18.656929970 CET	49699	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:18.656960011 CET	49700	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:18.656972885 CET	443	49700	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:18.703119040 CET	49700	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:19.433674097 CET	443	49699	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:19.433691978 CET	443	49699	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:19.433751106 CET	443	49699	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:19.433773994 CET	49699	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:19.433821917 CET	49699	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:19.463473082 CET	49699	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:19.463494062 CET	443	49699	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:19.471008062 CET	49700	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:19.471544027 CET	49701	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:19.471594095 CET	443	49701	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:19.471721888 CET	49701	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:19.472162008 CET	49702	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:19.472187996 CET	443	49702	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:19.472250938 CET	49702	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:19.472656012 CET	49702	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:19.472672939 CET	443	49702	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:19.473062038 CET	49701	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:19.473077059 CET	443	49701	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:19.487890005 CET	49703	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:19.487922907 CET	443	49703	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:19.488106966 CET	49703	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:19.488620996 CET	49703	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:19.488632917 CET	443	49703	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:19.516315937 CET	443	49700	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:19.932086945 CET	443	49700	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:19.932113886 CET	443	49700	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:19.932164907 CET	49700	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:19.932178974 CET	443	49700	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:19.932193041 CET	443	49700	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:19.932246923 CET	49700	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:19.934426069 CET	49700	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:19.934443951 CET	443	49700	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:21.411623001 CET	443	49703	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:21.411935091 CET	49703	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:21.411959887 CET	443	49703	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:21.412996054 CET	443	49703	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:21.413093090 CET	49703	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:21.413467884 CET	49703	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:21.413537025 CET	443	49703	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:21.413661957 CET	49703	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:21.413672924 CET	443	49703	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:21.453898907 CET	49703	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:21.462261915 CET	443	49701	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:21.462605953 CET	49701	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:21.462629080 CET	443	49701	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:21.462984085 CET	443	49701	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:21.463551044 CET	49701	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:21.463623047 CET	443	49701	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:21.463737011 CET	49701	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:21.469851017 CET	443	49702	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:21.470221996 CET	49702	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:21.470246077 CET	443	49702	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:21.470592022 CET	443	49702	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:21.471237898 CET	49702	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:21.471302986 CET	443	49702	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:21.471611023 CET	49702	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:21.504333973 CET	443	49701	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:21.516333103 CET	443	49702	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:22.058837891 CET	443	49702	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:22.058871031 CET	443	49702	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:22.058942080 CET	443	49702	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:22.058989048 CET	49702	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:22.058989048 CET	49702	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:22.059748888 CET	49702	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:22.059768915 CET	443	49702	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:22.095640898 CET	443	49703	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:22.095653057 CET	443	49703	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:22.095665932 CET	443	49703	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:22.095681906 CET	443	49703	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:22.095717907 CET	443	49703	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:22.095824957 CET	49703	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:22.095824957 CET	49703	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:22.095846891 CET	443	49703	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:22.095918894 CET	49703	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:22.097690105 CET	443	49703	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:22.097747087 CET	443	49703	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:22.097789049 CET	49703	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:22.097815037 CET	49703	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:22.101299047 CET	49703	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:22.101314068 CET	443	49703	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:22.153269053 CET	443	49701	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:22.153301954 CET	443	49701	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:22.153340101 CET	443	49701	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:22.153397083 CET	49701	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:22.153420925 CET	443	49701	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:22.153440952 CET	49701	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:22.153501987 CET	49701	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:22.187161922 CET	443	49701	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:22.187186003 CET	443	49701	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:22.187268972 CET	49701	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:22.187297106 CET	443	49701	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:22.220710993 CET	443	49701	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:22.220762014 CET	443	49701	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:22.220791101 CET	49701	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:22.220796108 CET	443	49701	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:22.220869064 CET	49701	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:22.245431900 CET	49701	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:22.245465040 CET	443	49701	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:22.288361073 CET	49706	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:22.288409948 CET	443	49706	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:22.288494110 CET	49706	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:22.288893938 CET	49706	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:22.288906097 CET	443	49706	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:22.361906052 CET	49707	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:22.361975908 CET	443	49707	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:22.362098932 CET	49708	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:22.362133980 CET	443	49708	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:22.362140894 CET	49707	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:22.362215996 CET	49708	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:22.362554073 CET	49709	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:22.362593889 CET	443	49709	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:22.362853050 CET	49709	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:22.363364935 CET	49707	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:22.363399982 CET	443	49707	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:22.363691092 CET	49708	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:22.363717079 CET	443	49708	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:22.363981962 CET	49709	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:22.363996983 CET	443	49709	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:23.315525055 CET	49679	443	192.168.2.12	20.189.173.5
Mar 13, 2025 10:44:24.247495890 CET	443	49706	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:24.247931004 CET	49706	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:24.247944117 CET	443	49706	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:24.248325109 CET	443	49706	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:24.248684883 CET	49706	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:24.248743057 CET	443	49706	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:24.248999119 CET	49706	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:24.296324968 CET	443	49706	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:24.316842079 CET	443	49708	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:24.317188025 CET	49708	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:24.317199945 CET	443	49708	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:24.318272114 CET	443	49708	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:24.318358898 CET	49708	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:24.318939924 CET	49708	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:24.319001913 CET	443	49708	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:24.319166899 CET	49708	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:24.319174051 CET	443	49708	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:24.321628094 CET	443	49709	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:24.321866035 CET	49709	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:24.321886063 CET	443	49709	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:24.323019028 CET	443	49709	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:24.323082924 CET	49709	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:24.323498964 CET	49709	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:24.323565006 CET	443	49709	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:24.323671103 CET	49709	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:24.340974092 CET	443	49707	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:24.341836929 CET	49707	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:24.341850996 CET	443	49707	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:24.342920065 CET	443	49707	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:24.342987061 CET	49707	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:24.343427896 CET	49707	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:24.343494892 CET	443	49707	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:24.364326000 CET	443	49709	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:24.366199017 CET	49709	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:24.366208076 CET	443	49709	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:24.366216898 CET	49708	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:24.397434950 CET	49707	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:24.397445917 CET	443	49707	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:24.413072109 CET	49709	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:24.444330931 CET	49707	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:24.821537018 CET	443	49706	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:24.821566105 CET	443	49706	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:24.821626902 CET	443	49706	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:24.821643114 CET	49706	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:24.821691036 CET	49706	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:24.823051929 CET	49706	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:24.823065996 CET	443	49706	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:24.828109026 CET	49707	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:24.872324944 CET	443	49707	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:24.941914082 CET	49683	443	192.168.2.12	2.23.227.208
Mar 13, 2025 10:44:24.942290068 CET	49683	443	192.168.2.12	2.23.227.208
Mar 13, 2025 10:44:24.942428112 CET	49683	443	192.168.2.12	2.23.227.208
Mar 13, 2025 10:44:24.946634054 CET	443	49683	2.23.227.208	192.168.2.12
Mar 13, 2025 10:44:24.946966887 CET	443	49683	2.23.227.208	192.168.2.12
Mar 13, 2025 10:44:24.947127104 CET	443	49683	2.23.227.208	192.168.2.12
Mar 13, 2025 10:44:24.947137117 CET	443	49683	2.23.227.208	192.168.2.12
Mar 13, 2025 10:44:25.003469944 CET	443	49708	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:25.003498077 CET	443	49708	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:25.003505945 CET	443	49708	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:25.003520966 CET	443	49708	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:25.003557920 CET	443	49708	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:25.003578901 CET	49708	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:25.003592968 CET	443	49708	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:25.003643036 CET	49708	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:25.003643036 CET	49708	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:25.005625010 CET	443	49709	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:25.005650043 CET	443	49709	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:25.005660057 CET	443	49709	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:25.005693913 CET	443	49709	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:25.005705118 CET	443	49709	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:25.005716085 CET	443	49709	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:25.005779028 CET	49709	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:25.005800962 CET	443	49709	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:25.005821943 CET	49709	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:25.005860090 CET	49709	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:25.006831884 CET	443	49708	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:25.006911993 CET	49708	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:25.006917953 CET	443	49708	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:25.006932020 CET	443	49708	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:25.006977081 CET	49708	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:25.007033110 CET	49708	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:25.007241011 CET	49708	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:25.007258892 CET	443	49708	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:25.007288933 CET	49708	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:25.007309914 CET	49708	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:25.036115885 CET	443	49709	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:25.036144972 CET	443	49709	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:25.036251068 CET	49709	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:25.036251068 CET	49709	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:25.036267996 CET	443	49709	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:25.069170952 CET	443	49709	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:25.069219112 CET	443	49709	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:25.069274902 CET	443	49709	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:25.069308043 CET	49709	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:25.069308043 CET	49709	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:25.069343090 CET	49709	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:25.070030928 CET	49709	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:25.070059061 CET	443	49709	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:25.281913996 CET	443	49707	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:25.281943083 CET	443	49707	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:25.282010078 CET	443	49707	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:25.282013893 CET	49707	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:25.282058001 CET	49707	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:25.282953024 CET	49707	443	192.168.2.12	103.136.41.106
Mar 13, 2025 10:44:25.282973051 CET	443	49707	103.136.41.106	192.168.2.12
Mar 13, 2025 10:44:25.619826078 CET	443	49697	142.250.185.132	192.168.2.12
Mar 13, 2025 10:44:25.619934082 CET	443	49697	142.250.185.132	192.168.2.12
Mar 13, 2025 10:44:25.620007038 CET	49697	443	192.168.2.12	142.250.185.132
Mar 13, 2025 10:44:25.646091938 CET	49712	80	192.168.2.12	142.250.185.99
Mar 13, 2025 10:44:25.650758028 CET	80	49712	142.250.185.99	192.168.2.12
Mar 13, 2025 10:44:25.650856972 CET	49712	80	192.168.2.12	142.250.185.99
Mar 13, 2025 10:44:25.651114941 CET	49712	80	192.168.2.12	142.250.185.99
Mar 13, 2025 10:44:25.655795097 CET	80	49712	142.250.185.99	192.168.2.12
Mar 13, 2025 10:44:26.267115116 CET	80	49712	142.250.185.99	192.168.2.12
Mar 13, 2025 10:44:26.273581028 CET	49712	80	192.168.2.12	142.250.185.99
Mar 13, 2025 10:44:26.278251886 CET	80	49712	142.250.185.99	192.168.2.12
Mar 13, 2025 10:44:26.453066111 CET	80	49712	142.250.185.99	192.168.2.12
Mar 13, 2025 10:44:26.500283003 CET	49712	80	192.168.2.12	142.250.185.99
Mar 13, 2025 10:44:27.377121925 CET	49697	443	192.168.2.12	142.250.185.132
Mar 13, 2025 10:44:27.377142906 CET	443	49697	142.250.185.132	192.168.2.12
Mar 13, 2025 10:44:36.705637932 CET	49715	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:36.705684900 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:36.705792904 CET	49715	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:36.706193924 CET	49715	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:36.706203938 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:38.630583048 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:38.630759954 CET	49715	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:38.634103060 CET	49715	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:38.634125948 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:38.634421110 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:38.648325920 CET	49715	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:38.692352057 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.213392973 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.213423014 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.213430882 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.213525057 CET	49715	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.213543892 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.213587046 CET	49715	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.261004925 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.261028051 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.261172056 CET	49715	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.261194944 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.261255980 CET	49715	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.319632053 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.319662094 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.319761038 CET	49715	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.319777966 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.319817066 CET	49715	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.319962978 CET	49715	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.351893902 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.351912975 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.352014065 CET	49715	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.352031946 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.352047920 CET	49715	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.352247953 CET	49715	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.385870934 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.385920048 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.385988951 CET	49715	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.386008024 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.386058092 CET	49715	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.386058092 CET	49715	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.481441021 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.481461048 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.481563091 CET	49715	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.481586933 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.481713057 CET	49715	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.493195057 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.493211985 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.493479013 CET	49715	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.493500948 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.493772984 CET	49715	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.507791042 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.507806063 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.507898092 CET	49715	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.507910967 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.507993937 CET	49715	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.519510031 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.519526958 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.519670010 CET	49715	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.519700050 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.519785881 CET	49715	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.535720110 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.535738945 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.535880089 CET	49715	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.535906076 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.535972118 CET	49715	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.547338963 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.547357082 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.547450066 CET	49715	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.547466993 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.547599077 CET	49715	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.558829069 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.558845043 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.558918953 CET	49715	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.558943033 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.559030056 CET	49715	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.575861931 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.575880051 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.575948954 CET	49715	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.575974941 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.576040983 CET	49715	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.576138020 CET	49715	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.583693027 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.583780050 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.583791971 CET	49715	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.583868027 CET	49715	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.583972931 CET	49715	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.583991051 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.584006071 CET	49715	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.584012032 CET	443	49715	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.652689934 CET	49716	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.652735949 CET	443	49716	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.652818918 CET	49716	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.653383017 CET	49717	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.653424978 CET	443	49717	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.653619051 CET	49717	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.653939962 CET	49718	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.653975010 CET	443	49718	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.654042006 CET	49718	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.654797077 CET	49716	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.654808044 CET	443	49716	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.654959917 CET	49717	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.654974937 CET	443	49717	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.655380964 CET	49718	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.655405998 CET	443	49718	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.655405998 CET	49719	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.655447006 CET	443	49719	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.655576944 CET	49719	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.655988932 CET	49719	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.656013966 CET	443	49719	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.656310081 CET	49720	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.656332016 CET	443	49720	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:39.656415939 CET	49720	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.656508923 CET	49720	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:39.656528950 CET	443	49720	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:42.265124083 CET	443	49718	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:42.265839100 CET	49718	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:42.265853882 CET	443	49718	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:42.266439915 CET	49718	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:42.266444921 CET	443	49718	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:42.277313948 CET	443	49720	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:42.277766943 CET	49720	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:42.277796984 CET	443	49720	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:42.278186083 CET	49720	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:42.278191090 CET	443	49720	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:42.283586979 CET	443	49719	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:42.283966064 CET	49719	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:42.283988953 CET	443	49719	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:42.284399986 CET	49719	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:42.284404993 CET	443	49719	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:42.289011002 CET	443	49716	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:42.289397955 CET	49716	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:42.289424896 CET	443	49716	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:42.289808035 CET	49716	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:42.289813042 CET	443	49716	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:42.335525036 CET	443	49717	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:42.336267948 CET	49717	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:42.336303949 CET	443	49717	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:42.336747885 CET	49717	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:42.336754084 CET	443	49717	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:42.720880985 CET	443	49720	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:42.728411913 CET	443	49720	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:42.728471041 CET	49720	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:42.728549004 CET	49720	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:42.728570938 CET	443	49720	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:42.728586912 CET	49720	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:42.728593111 CET	443	49720	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:42.731905937 CET	49721	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:42.731945038 CET	443	49721	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:42.732023954 CET	49721	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:42.732227087 CET	49721	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:42.732240915 CET	443	49721	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:42.739438057 CET	443	49716	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:42.742280006 CET	443	49716	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:42.742341042 CET	49716	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:42.742487907 CET	49716	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:42.742505074 CET	443	49716	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:42.742516994 CET	49716	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:42.742522001 CET	443	49716	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:42.745625973 CET	49722	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:42.745652914 CET	443	49722	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:42.745806932 CET	49722	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:42.745980024 CET	49722	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:42.745991945 CET	443	49722	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:42.749591112 CET	443	49719	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:42.752619028 CET	443	49719	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:42.752723932 CET	49719	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:42.752749920 CET	49719	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:42.752763033 CET	443	49719	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:42.752774000 CET	49719	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:42.752779007 CET	443	49719	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:42.755703926 CET	49723	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:42.755753040 CET	443	49723	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:42.755820990 CET	49723	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:42.756021023 CET	49723	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:42.756036043 CET	443	49723	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:42.826792002 CET	443	49717	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:42.826827049 CET	443	49717	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:42.826888084 CET	443	49717	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:42.826894045 CET	49717	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:42.826940060 CET	49717	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:42.827162027 CET	49717	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:42.827183962 CET	443	49717	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:42.827195883 CET	49717	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:42.827202082 CET	443	49717	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:42.830741882 CET	49724	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:42.830786943 CET	443	49724	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:42.830926895 CET	49724	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:42.831142902 CET	49724	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:42.831163883 CET	443	49724	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:42.844961882 CET	443	49718	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:42.850822926 CET	443	49718	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:42.850879908 CET	49718	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:42.850981951 CET	49718	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:42.851001024 CET	443	49718	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:42.851012945 CET	49718	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:42.851020098 CET	443	49718	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:42.854145050 CET	49725	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:42.854183912 CET	443	49725	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:42.854330063 CET	49725	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:42.854463100 CET	49725	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:42.854476929 CET	443	49725	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:44.705569029 CET	443	49724	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:44.706340075 CET	49724	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:44.706371069 CET	443	49724	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:44.706481934 CET	443	49722	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:44.706871033 CET	49724	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:44.706876993 CET	443	49724	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:44.707312107 CET	49722	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:44.707331896 CET	443	49722	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:44.707706928 CET	49722	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:44.707712889 CET	443	49722	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:44.716597080 CET	443	49721	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:44.716957092 CET	49721	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:44.716984034 CET	443	49721	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:44.717514038 CET	49721	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:44.717534065 CET	443	49721	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:44.746628046 CET	443	49723	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:44.747178078 CET	49723	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:44.747216940 CET	443	49723	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:44.747721910 CET	49723	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:44.747729063 CET	443	49723	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:44.798474073 CET	443	49725	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:44.799228907 CET	49725	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:44.799246073 CET	443	49725	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:44.799778938 CET	49725	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:44.799783945 CET	443	49725	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:45.151797056 CET	443	49724	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:45.151858091 CET	443	49724	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:45.151964903 CET	49724	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:45.152369976 CET	49724	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:45.152394056 CET	443	49724	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:45.152405977 CET	49724	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:45.152412891 CET	443	49724	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:45.156342983 CET	49726	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:45.156382084 CET	443	49726	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:45.156553984 CET	49726	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:45.156824112 CET	49726	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:45.156840086 CET	443	49726	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:45.160898924 CET	443	49722	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:45.174510956 CET	443	49721	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:45.174541950 CET	443	49721	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:45.174601078 CET	443	49721	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:45.174603939 CET	49721	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:45.174696922 CET	49721	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:45.174880981 CET	49721	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:45.174880981 CET	49721	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:45.174897909 CET	443	49721	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:45.174909115 CET	443	49721	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:45.178594112 CET	49727	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:45.178639889 CET	443	49727	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:45.178721905 CET	49727	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:45.178987980 CET	49727	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:45.179003954 CET	443	49727	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:45.196693897 CET	443	49722	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:45.196767092 CET	49722	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:45.196891069 CET	49722	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:45.196907997 CET	443	49722	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:45.196921110 CET	49722	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:45.196927071 CET	443	49722	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:45.200414896 CET	49728	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:45.200437069 CET	443	49728	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:45.200529099 CET	49728	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:45.200782061 CET	49728	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:45.200793028 CET	443	49728	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:45.208084106 CET	443	49723	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:45.208137989 CET	443	49723	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:45.208214045 CET	443	49723	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:45.208213091 CET	49723	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:45.208256960 CET	49723	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:45.208508015 CET	49723	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:45.208534956 CET	443	49723	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:45.208549023 CET	49723	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:45.208555937 CET	443	49723	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:45.211966991 CET	49729	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:45.212007046 CET	443	49729	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:45.212089062 CET	49729	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:45.212333918 CET	49729	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:45.212348938 CET	443	49729	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:45.247677088 CET	443	49725	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:45.250627041 CET	443	49725	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:45.250711918 CET	49725	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:45.250834942 CET	49725	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:45.250850916 CET	443	49725	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:45.250895023 CET	49725	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:45.250901937 CET	443	49725	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:45.254770994 CET	49730	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:45.254806995 CET	443	49730	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:45.254901886 CET	49730	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:45.255052090 CET	49730	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:45.255068064 CET	443	49730	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:47.026932955 CET	443	49726	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:47.027558088 CET	49726	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:47.027578115 CET	443	49726	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:47.028050900 CET	49726	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:47.028055906 CET	443	49726	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:47.053047895 CET	443	49727	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:47.053811073 CET	49727	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:47.053844929 CET	443	49727	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:47.054275990 CET	49727	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:47.054280996 CET	443	49727	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:47.240720034 CET	443	49728	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:47.241312981 CET	49728	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:47.241327047 CET	443	49728	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:47.242311001 CET	49728	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:47.242316008 CET	443	49728	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:47.271893978 CET	443	49729	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:47.272473097 CET	49729	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:47.272497892 CET	443	49729	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:47.273053885 CET	49729	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:47.273063898 CET	443	49729	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:47.295150995 CET	443	49730	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:47.295773983 CET	49730	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:47.295795918 CET	443	49730	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:47.296230078 CET	49730	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:47.296236038 CET	443	49730	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:47.644350052 CET	443	49727	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:47.644438028 CET	443	49727	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:47.644499063 CET	49727	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:47.644706964 CET	49727	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:47.644723892 CET	443	49727	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:47.644733906 CET	49727	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:47.644742012 CET	443	49727	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:47.653717041 CET	49731	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:47.653754950 CET	443	49731	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:47.653841019 CET	49731	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:47.654010057 CET	443	49726	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:47.654038906 CET	443	49726	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:47.654090881 CET	443	49726	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:47.654098988 CET	49726	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:47.654154062 CET	49726	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:47.654412985 CET	49731	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:47.654427052 CET	443	49731	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:47.654841900 CET	49726	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:47.654864073 CET	443	49726	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:47.654875994 CET	49726	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:47.654882908 CET	443	49726	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:47.657615900 CET	49732	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:47.657634974 CET	443	49732	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:47.657689095 CET	49732	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:47.657871008 CET	49732	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:47.657881021 CET	443	49732	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:47.685838938 CET	443	49728	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:47.693432093 CET	443	49728	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:47.693500042 CET	49728	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:47.693670988 CET	49728	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:47.693685055 CET	443	49728	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:47.693696976 CET	49728	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:47.693701982 CET	443	49728	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:47.697710037 CET	49733	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:47.697757959 CET	443	49733	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:47.697911978 CET	49733	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:47.698132992 CET	49733	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:47.698148012 CET	443	49733	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:47.723655939 CET	443	49729	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:47.729502916 CET	443	49729	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:47.729546070 CET	443	49729	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:47.729578972 CET	49729	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:47.729600906 CET	49729	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:47.729768991 CET	49729	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:47.729779005 CET	443	49729	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:47.729818106 CET	49729	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:47.729823112 CET	443	49729	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:47.733447075 CET	49734	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:47.733489037 CET	443	49734	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:47.733743906 CET	49734	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:47.734004974 CET	49734	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:47.734026909 CET	443	49734	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:47.752737045 CET	443	49730	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:47.755661011 CET	443	49730	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:47.755748034 CET	49730	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:47.755880117 CET	49730	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:47.755893946 CET	443	49730	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:47.755906105 CET	49730	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:47.755911112 CET	443	49730	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:47.758902073 CET	49735	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:47.758929968 CET	443	49735	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:47.759232044 CET	49735	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:47.759433985 CET	49735	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:47.759445906 CET	443	49735	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:49.576617002 CET	443	49732	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:49.577234030 CET	49732	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:49.577254057 CET	443	49732	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:49.577754974 CET	49732	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:49.577760935 CET	443	49732	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:49.586308002 CET	443	49731	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:49.586723089 CET	49731	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:49.586745977 CET	443	49731	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:49.587129116 CET	49731	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:49.587136030 CET	443	49731	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:49.594784021 CET	443	49734	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:49.595155001 CET	49734	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:49.595176935 CET	443	49734	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:49.595520020 CET	49734	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:49.595525980 CET	443	49734	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:49.648300886 CET	443	49733	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:49.648900986 CET	49733	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:49.648926020 CET	443	49733	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:49.649363041 CET	49733	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:49.649369955 CET	443	49733	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:49.735090017 CET	443	49735	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:49.736095905 CET	49735	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:49.736112118 CET	443	49735	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:49.737226963 CET	49735	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:49.737234116 CET	443	49735	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:50.019774914 CET	443	49732	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:50.019839048 CET	443	49732	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:50.019958973 CET	49732	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:50.020225048 CET	49732	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:50.020241976 CET	443	49732	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:50.020293951 CET	49732	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:50.020302057 CET	443	49732	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:50.023570061 CET	49736	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:50.023613930 CET	443	49736	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:50.023700953 CET	49736	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:50.023952961 CET	49736	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:50.023967028 CET	443	49736	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:50.036493063 CET	443	49731	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:50.036520958 CET	443	49731	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:50.036567926 CET	443	49731	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:50.036596060 CET	49731	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:50.036649942 CET	49731	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:50.036907911 CET	49731	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:50.036907911 CET	49731	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:50.036925077 CET	443	49731	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:50.036940098 CET	443	49731	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:50.040327072 CET	49737	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:50.040352106 CET	443	49737	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:50.040642023 CET	49737	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:50.040651083 CET	443	49734	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:50.040709019 CET	443	49734	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:50.040885925 CET	49737	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:50.040899038 CET	443	49737	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:50.040910006 CET	49734	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:50.040941000 CET	49734	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:50.040941000 CET	49734	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:50.040956974 CET	443	49734	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:50.040966034 CET	443	49734	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:50.043766975 CET	49738	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:50.043795109 CET	443	49738	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:50.044116020 CET	49738	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:50.044348955 CET	49738	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:50.044361115 CET	443	49738	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:50.116523981 CET	443	49733	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:50.116580963 CET	443	49733	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:50.116655111 CET	49733	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:50.117717981 CET	49733	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:50.117739916 CET	443	49733	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:50.117749929 CET	49733	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:50.117755890 CET	443	49733	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:50.126092911 CET	49739	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:50.126140118 CET	443	49739	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:50.126204967 CET	49739	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:50.126409054 CET	49739	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:50.126424074 CET	443	49739	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:50.186954975 CET	443	49735	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:50.199950933 CET	443	49735	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:50.200042963 CET	49735	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:50.200047016 CET	443	49735	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:50.200119972 CET	49735	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:50.200251102 CET	49735	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:50.200251102 CET	49735	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:50.200272083 CET	443	49735	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:50.200282097 CET	443	49735	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:50.204018116 CET	49740	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:50.204051018 CET	443	49740	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:50.204303026 CET	49740	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:50.204519033 CET	49740	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:50.204534054 CET	443	49740	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:52.346507072 CET	443	49736	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:52.351404905 CET	49736	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:52.351419926 CET	443	49736	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:52.352202892 CET	49736	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:52.352216959 CET	443	49736	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:52.503447056 CET	443	49737	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:52.505390882 CET	443	49739	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:52.530988932 CET	49737	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:52.531007051 CET	443	49737	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:52.531749010 CET	49737	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:52.531754017 CET	443	49737	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:52.532107115 CET	49739	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:52.532143116 CET	443	49739	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:52.532804012 CET	49739	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:52.532809973 CET	443	49739	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:52.563033104 CET	443	49740	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:52.579632044 CET	443	49738	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:52.609210968 CET	49740	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:52.624804020 CET	49738	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:52.787237883 CET	443	49736	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:52.793768883 CET	443	49736	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:52.795205116 CET	49736	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:52.812732935 CET	49740	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:52.812767029 CET	443	49740	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:52.812803030 CET	49738	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:52.812843084 CET	443	49738	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:52.813364029 CET	49740	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:52.813364983 CET	49738	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:52.813370943 CET	443	49740	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:52.813374996 CET	443	49738	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:52.813911915 CET	49736	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:52.813911915 CET	49736	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:52.813927889 CET	443	49736	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:52.813937902 CET	443	49736	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:52.824744940 CET	49741	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:52.824784994 CET	443	49741	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:52.824968100 CET	49741	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:52.827061892 CET	49741	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:52.827073097 CET	443	49741	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:52.952013969 CET	443	49739	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:52.952069998 CET	443	49739	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:52.952116013 CET	443	49739	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:52.952126980 CET	49739	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:52.952164888 CET	49739	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:52.953368902 CET	49739	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:52.953387976 CET	443	49739	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:52.954070091 CET	443	49737	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:52.954093933 CET	443	49737	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:52.954161882 CET	443	49737	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:52.954174995 CET	49737	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:52.954211950 CET	49737	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:52.955609083 CET	49737	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:52.955621958 CET	443	49737	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:52.955667019 CET	49737	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:52.955672979 CET	443	49737	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:52.959927082 CET	49742	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:52.959964991 CET	443	49742	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:52.960045099 CET	49742	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:52.960213900 CET	49743	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:52.960238934 CET	443	49743	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:52.960299969 CET	49743	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:52.960530043 CET	49742	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:52.960546017 CET	443	49742	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:52.960580111 CET	49743	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:52.960592031 CET	443	49743	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:53.176393986 CET	443	49740	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:53.176471949 CET	443	49740	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:53.176558971 CET	49740	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:53.176873922 CET	49740	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:53.176898003 CET	443	49740	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:53.176908016 CET	49740	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:53.176914930 CET	443	49740	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:53.178147078 CET	443	49738	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:53.178222895 CET	443	49738	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:53.178273916 CET	49738	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:53.178417921 CET	49738	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:53.178436041 CET	443	49738	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:53.178447008 CET	49738	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:53.178452969 CET	443	49738	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:53.181067944 CET	49745	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:53.181071043 CET	49744	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:53.181102037 CET	443	49745	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:53.181102991 CET	443	49744	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:53.181181908 CET	49744	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:53.181324005 CET	49745	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:53.181328058 CET	49745	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:53.181355953 CET	443	49745	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:53.181418896 CET	49744	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:53.181433916 CET	443	49744	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:54.714946985 CET	443	49741	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:54.715888023 CET	49741	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:54.715917110 CET	443	49741	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:54.716428995 CET	49741	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:54.716437101 CET	443	49741	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:54.950860023 CET	443	49743	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:54.953737974 CET	49743	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:54.953757048 CET	443	49743	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:54.954229116 CET	49743	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:54.954235077 CET	443	49743	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:54.981895924 CET	443	49742	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:55.000263929 CET	49742	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:55.000273943 CET	443	49742	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:55.000757933 CET	49742	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:55.000765085 CET	443	49742	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:55.067318916 CET	443	49745	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:55.083583117 CET	49745	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:55.083600044 CET	443	49745	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:55.084111929 CET	49745	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:55.084117889 CET	443	49745	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:55.160501003 CET	443	49741	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:55.172436953 CET	443	49741	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:55.172615051 CET	49741	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:55.176104069 CET	49741	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:55.176124096 CET	443	49741	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:55.176146030 CET	49741	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:55.176151991 CET	443	49741	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:55.205003977 CET	443	49744	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:55.228756905 CET	49746	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:55.228799105 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:55.229269981 CET	49746	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:55.235869884 CET	49744	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:55.235918045 CET	443	49744	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:55.243196011 CET	49744	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:55.243220091 CET	443	49744	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:55.247078896 CET	49746	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:55.247106075 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:55.412054062 CET	443	49743	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:55.417727947 CET	443	49743	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:55.417779922 CET	443	49743	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:55.417804003 CET	49743	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:55.417853117 CET	49743	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:55.417931080 CET	49743	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:55.417954922 CET	443	49743	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:55.417969942 CET	49743	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:55.417975903 CET	443	49743	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:55.421152115 CET	49747	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:55.421174049 CET	443	49747	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:55.421269894 CET	49747	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:55.421466112 CET	49747	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:55.421478987 CET	443	49747	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:55.423089027 CET	443	49742	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:55.423155069 CET	443	49742	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:55.423302889 CET	49742	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:55.423336983 CET	49742	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:55.423345089 CET	443	49742	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:55.423357010 CET	49742	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:55.423363924 CET	443	49742	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:55.425622940 CET	49748	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:55.425669909 CET	443	49748	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:55.425741911 CET	49748	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:55.425877094 CET	49748	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:55.425900936 CET	443	49748	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:55.517052889 CET	443	49745	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:55.520093918 CET	443	49745	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:55.520196915 CET	49745	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:55.520272970 CET	49745	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:55.520272970 CET	49745	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:55.520288944 CET	443	49745	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:55.520298958 CET	443	49745	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:55.523592949 CET	49749	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:55.523614883 CET	443	49749	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:55.523762941 CET	49749	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:55.523920059 CET	49749	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:55.523930073 CET	443	49749	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:55.657576084 CET	443	49744	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:55.660162926 CET	443	49744	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:55.660262108 CET	49744	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:55.660324097 CET	49744	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:55.660324097 CET	49744	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:55.660343885 CET	443	49744	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:55.660348892 CET	443	49744	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:55.669286966 CET	49750	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:55.669326067 CET	443	49750	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:55.669425011 CET	49750	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:55.669610977 CET	49750	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:55.669625044 CET	443	49750	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:58.069747925 CET	443	49747	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:58.069827080 CET	49747	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:58.074770927 CET	49747	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:58.074795008 CET	443	49747	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:58.079929113 CET	49751	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:58.079993010 CET	443	49751	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:58.080085993 CET	49751	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:58.080379963 CET	49751	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:58.080395937 CET	443	49751	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:58.094151974 CET	443	49748	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:58.094219923 CET	49748	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:58.094280005 CET	49748	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:58.094297886 CET	443	49748	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:58.094624043 CET	49752	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:58.094635010 CET	443	49752	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:58.094707966 CET	49752	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:58.095048904 CET	49752	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:58.095057964 CET	443	49752	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:58.163528919 CET	443	49749	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:58.163602114 CET	49749	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:58.163641930 CET	49749	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:58.163650036 CET	443	49749	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:58.163978100 CET	49753	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:58.163995981 CET	443	49753	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:58.164093018 CET	49753	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:58.164319992 CET	49753	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:58.164330006 CET	443	49753	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:58.409835100 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:58.410756111 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:58.410810947 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:58.410959959 CET	49746	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:58.410970926 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:58.410991907 CET	49746	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:58.422818899 CET	49746	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:58.422830105 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:58.716655970 CET	443	49750	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:58.716794014 CET	49750	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:58.716873884 CET	49750	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:58.716887951 CET	443	49750	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:58.717190981 CET	49754	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:58.717231989 CET	443	49754	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:58.717437983 CET	49754	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:58.717729092 CET	49754	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:58.717747927 CET	443	49754	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:58.780006886 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:58.781342983 CET	49746	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:58.781358957 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:58.781371117 CET	49746	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:58.781374931 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:58.781404018 CET	49746	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:58.781408072 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:59.146765947 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:59.188421011 CET	49746	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:59.282644987 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:59.286343098 CET	49746	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:59.286361933 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:59.660733938 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:44:59.664581060 CET	49746	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:44:59.664603949 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:45:00.043030977 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:45:00.046677113 CET	49746	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:45:00.046703100 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:45:00.399218082 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:45:00.402726889 CET	49746	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:45:00.402744055 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:45:00.753896952 CET	443	49752	13.107.246.76	192.168.2.12
Mar 13, 2025 10:45:00.753974915 CET	49752	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:45:00.754031897 CET	49752	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:45:00.754044056 CET	443	49752	13.107.246.76	192.168.2.12
Mar 13, 2025 10:45:00.756697893 CET	49746	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:45:00.756714106 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:45:00.821446896 CET	443	49751	13.107.246.76	192.168.2.12
Mar 13, 2025 10:45:00.822212934 CET	49751	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:45:00.822896957 CET	49751	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:45:00.822907925 CET	443	49751	13.107.246.76	192.168.2.12
Mar 13, 2025 10:45:00.825826883 CET	49746	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:45:00.825836897 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:45:00.887384892 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:45:00.890985012 CET	49746	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:45:00.891016960 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:45:01.137387037 CET	443	49753	13.107.246.76	192.168.2.12
Mar 13, 2025 10:45:01.137764931 CET	49753	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:45:01.137866020 CET	443	49753	13.107.246.76	192.168.2.12
Mar 13, 2025 10:45:01.137999058 CET	49753	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:45:01.139101982 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:45:01.140271902 CET	49746	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:45:01.140280962 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:45:01.140328884 CET	49746	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:45:01.142896891 CET	49746	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:45:01.142900944 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:45:01.233887911 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:45:01.237601995 CET	49746	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:45:01.237621069 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:45:01.331029892 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:45:01.334692001 CET	49746	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:45:01.334709883 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:45:01.500154018 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:45:01.512543917 CET	49746	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:45:01.512569904 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:45:01.605962992 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:45:01.609894037 CET	49746	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:45:01.609924078 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:45:01.670202017 CET	443	49754	13.107.246.76	192.168.2.12
Mar 13, 2025 10:45:01.670450926 CET	49754	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:45:01.670488119 CET	49754	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:45:01.670506001 CET	443	49754	13.107.246.76	192.168.2.12
Mar 13, 2025 10:45:01.673269033 CET	49746	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:45:01.673289061 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:45:01.699551105 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:45:01.703152895 CET	49746	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:45:01.703211069 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:45:01.705466032 CET	49746	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:45:01.748325109 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:45:01.936676025 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:45:01.940521955 CET	49746	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:45:01.940537930 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:45:02.137067080 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:45:02.140845060 CET	49746	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:45:02.140856981 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:45:02.146697998 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:45:02.187433004 CET	49746	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:45:02.188422918 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:45:02.201704025 CET	49746	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:45:02.201704025 CET	49746	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:45:02.201756954 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:45:02.202491045 CET	49746	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:45:02.244322062 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:45:02.297827005 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:45:02.343681097 CET	49746	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:45:02.499593973 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:45:02.546756029 CET	49746	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:45:02.549204111 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:45:02.549321890 CET	49746	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:45:02.645711899 CET	443	49746	13.107.246.76	192.168.2.12
Mar 13, 2025 10:45:02.687501907 CET	49746	443	192.168.2.12	13.107.246.76
Mar 13, 2025 10:45:14.048404932 CET	49758	443	192.168.2.12	142.250.185.132
Mar 13, 2025 10:45:14.048451900 CET	443	49758	142.250.185.132	192.168.2.12
Mar 13, 2025 10:45:14.048625946 CET	49758	443	192.168.2.12	142.250.185.132
Mar 13, 2025 10:45:14.049159050 CET	49758	443	192.168.2.12	142.250.185.132
Mar 13, 2025 10:45:14.049180031 CET	443	49758	142.250.185.132	192.168.2.12
Mar 13, 2025 10:45:16.794192076 CET	443	49758	142.250.185.132	192.168.2.12
Mar 13, 2025 10:45:16.794703007 CET	49758	443	192.168.2.12	142.250.185.132
Mar 13, 2025 10:45:16.794717073 CET	443	49758	142.250.185.132	192.168.2.12
Mar 13, 2025 10:45:16.796375990 CET	443	49758	142.250.185.132	192.168.2.12
Mar 13, 2025 10:45:16.796766996 CET	49758	443	192.168.2.12	142.250.185.132
Mar 13, 2025 10:45:16.797552109 CET	443	49758	142.250.185.132	192.168.2.12
Mar 13, 2025 10:45:16.845818996 CET	49758	443	192.168.2.12	142.250.185.132
Mar 13, 2025 10:45:25.817257881 CET	443	49758	142.250.185.132	192.168.2.12
Mar 13, 2025 10:45:25.817337990 CET	443	49758	142.250.185.132	192.168.2.12
Mar 13, 2025 10:45:25.817563057 CET	49758	443	192.168.2.12	142.250.185.132
Mar 13, 2025 10:45:26.922096968 CET	49712	80	192.168.2.12	142.250.185.99
Mar 13, 2025 10:45:26.927021980 CET	80	49712	142.250.185.99	192.168.2.12
Mar 13, 2025 10:45:26.927112103 CET	49712	80	192.168.2.12	142.250.185.99
Mar 13, 2025 10:45:27.377429008 CET	49758	443	192.168.2.12	142.250.185.132
Mar 13, 2025 10:45:27.377465010 CET	443	49758	142.250.185.132	192.168.2.12

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 13, 2025 10:44:10.343295097 CET	53	56024	1.1.1.1	192.168.2.12
Mar 13, 2025 10:44:10.346867085 CET	53	53785	1.1.1.1	192.168.2.12
Mar 13, 2025 10:44:13.837726116 CET	53	49605	1.1.1.1	192.168.2.12
Mar 13, 2025 10:44:13.995115995 CET	52358	53	192.168.2.12	1.1.1.1
Mar 13, 2025 10:44:13.995703936 CET	57091	53	192.168.2.12	1.1.1.1
Mar 13, 2025 10:44:14.002523899 CET	53	57091	1.1.1.1	192.168.2.12
Mar 13, 2025 10:44:14.002594948 CET	53	52358	1.1.1.1	192.168.2.12
Mar 13, 2025 10:44:14.010227919 CET	53	56876	1.1.1.1	192.168.2.12
Mar 13, 2025 10:44:16.296329021 CET	58938	53	192.168.2.12	1.1.1.1
Mar 13, 2025 10:44:16.298773050 CET	49541	53	192.168.2.12	1.1.1.1
Mar 13, 2025 10:44:16.589642048 CET	53	58938	1.1.1.1	192.168.2.12
Mar 13, 2025 10:44:16.693872929 CET	53	49541	1.1.1.1	192.168.2.12
Mar 13, 2025 10:44:22.075082064 CET	53	54062	1.1.1.1	192.168.2.12
Mar 13, 2025 10:44:22.107172966 CET	63138	53	192.168.2.12	1.1.1.1
Mar 13, 2025 10:44:22.107553959 CET	62749	53	192.168.2.12	1.1.1.1
Mar 13, 2025 10:44:22.309077978 CET	53	63138	1.1.1.1	192.168.2.12
Mar 13, 2025 10:44:22.405236959 CET	53	62749	1.1.1.1	192.168.2.12
Mar 13, 2025 10:44:31.165792942 CET	53	49935	1.1.1.1	192.168.2.12
Mar 13, 2025 10:44:50.010854006 CET	53	58972	1.1.1.1	192.168.2.12
Mar 13, 2025 10:45:05.604562044 CET	138	138	192.168.2.12	192.168.2.255
Mar 13, 2025 10:45:09.977112055 CET	53	62513	1.1.1.1	192.168.2.12
Mar 13, 2025 10:45:12.761543036 CET	53	56880	1.1.1.1	192.168.2.12
Mar 13, 2025 10:45:14.427313089 CET	53	55666	1.1.1.1	192.168.2.12

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Mar 13, 2025 10:44:16.693984032 CET	192.168.2.12	1.1.1.1	c22d	(Port unreachable)	Destination Unreachable
Mar 13, 2025 10:44:22.405365944 CET	192.168.2.12	1.1.1.1	c22d	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 13, 2025 10:44:13.995115995 CET	192.168.2.12	1.1.1.1	0xb3c4	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 13, 2025 10:44:13.995703936 CET	192.168.2.12	1.1.1.1	0x6562	Standard query (0)	www.google.com	65	IN (0x0001)	false
Mar 13, 2025 10:44:16.296329021 CET	192.168.2.12	1.1.1.1	0x502a	Standard query (0)	mato-vldcmm.click	A (IP address)	IN (0x0001)	false
Mar 13, 2025 10:44:16.298773050 CET	192.168.2.12	1.1.1.1	0xfe92	Standard query (0)	mato-vldcmm.click	65	IN (0x0001)	false
Mar 13, 2025 10:44:22.107172966 CET	192.168.2.12	1.1.1.1	0x376d	Standard query (0)	mato-vldcmm.click	A (IP address)	IN (0x0001)	false
Mar 13, 2025 10:44:22.107553959 CET	192.168.2.12	1.1.1.1	0xcbc8	Standard query (0)	mato-vldcmm.click	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Mar 13, 2025 10:44:14.002523899 CET	1.1.1.1	192.168.2.12	0x6562	No error (0)	www.google.com		65	IN (0x0001)	false
Mar 13, 2025 10:44:14.002594948 CET	1.1.1.1	192.168.2.12	0xb3c4	No error (0)	www.google.com	142.250.185.132	A (IP address)	IN (0x0001)	false
Mar 13, 2025 10:44:16.589642048 CET	1.1.1.1	192.168.2.12	0x502a	No error (0)	mato-vldcmm.click	103.136.41.106	A (IP address)	IN (0x0001)	false
Mar 13, 2025 10:44:22.309077978 CET	1.1.1.1	192.168.2.12	0x376d	No error (0)	mato-vldcmm.click	103.136.41.106	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

mato-vldcmm.click

otelrules.svc.static.microsoft

c.pki.goog

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.12	49712	142.250.185.99	80

Timestamp	Bytes transferred	Direction	Data
Mar 13, 2025 10:44:25.651114941 CET	202	OUT	GET /r/gsr1.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Mar 13, 2025 10:44:26.267115116 CET	223	IN	HTTP/1.1 304 Not Modified Date: Thu, 13 Mar 2025 09:22:23 GMT Expires: Thu, 13 Mar 2025 10:12:23 GMT Age: 1323 Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT Cache-Control: public, max-age=3000 Vary: Accept-Encoding
Mar 13, 2025 10:44:26.273581028 CET	200	OUT	GET /r/r4.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Mar 13, 2025 10:44:26.453066111 CET	223	IN	HTTP/1.1 304 Not Modified Date: Thu, 13 Mar 2025 09:22:26 GMT Expires: Thu, 13 Mar 2025 10:12:26 GMT Age: 1320 Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT Cache-Control: public, max-age=3000 Vary: Accept-Encoding

HTTPS Connections

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Mar 13, 2025 10:44:58.410810947 CET	13.107.246.76	443	192.168.2.12	49746	CN=otelrules.svc.static.microsoft, O=Microsoft Corporation, L=Redmond, ST=WA, C=US CN=Microsoft Azure RSA TLS Issuing CA 04, O=Microsoft Corporation, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=Microsoft Azure RSA TLS Issuing CA 04, O=Microsoft Corporation, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Feb 04 01:57:58 CET 2025 Thu Jun 08 02:00:00 CEST 2023 Thu Aug 01 14:00:00 CEST 2013	Sun Aug 03 02:57:58 CEST 2025 Wed Aug 26 01:59:59 CEST 2026 Fri Jan 15 13:00:00 CET 2038	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-16-23-65281,29-23-24,0	28a2c9bd18a11de089ef85a160da29e4
					CN=Microsoft Azure RSA TLS Issuing CA 04, O=Microsoft Corporation, C=US	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Jun 08 02:00:00 CEST 2023	Wed Aug 26 01:59:59 CEST 2026
					CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Aug 01 14:00:00 CEST 2013	Fri Jan 15 13:00:00 CET 2038

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.12	49699	103.136.41.106	443	3944	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-13 09:44:18 UTC	668	OUT	GET /4 HTTP/1.1 Host: mato-vldcmm.click Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-13 09:44:19 UTC	271	IN	HTTP/1.1 200 OK Server: nginx/1.14.1 Date: Thu, 13 Mar 2025 09:44:19 GMT Content-Type: text/html; charset=utf-8 Content-Length: 2401 Connection: close Vary: Cookie Set-Cookie: session=eyJsYW5ndWFnZSI6ImVuIn0.Z9Ko8w._6gqv9B4NZE0cKPG-3UQLWguNWA; HttpOnly; Path=/
2025-03-13 09:44:19 UTC	2401	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 41 63 63 6f 75 6e 74 20 76 65 72 69 66 69 63 61 74 69 6f 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no"> <title>Account verification</title> <link rel="stylesheet" type="tex

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.12	49700	103.136.41.106	443	3944	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-13 09:44:19 UTC	633	OUT	GET /static/css/4.css HTTP/1.1 Host: mato-vldcmm.click Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://mato-vldcmm.click/4 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: session=eyJsYW5ndWFnZSI6ImVuIn0.Z9Ko8w._6gqv9B4NZE0cKPG-3UQLWguNWA
2025-03-13 09:44:19 UTC	274	IN	HTTP/1.1 200 OK Server: nginx/1.14.1 Date: Thu, 13 Mar 2025 09:44:19 GMT Content-Type: text/css; charset=utf-8 Content-Length: 2756 Connection: close Content-Disposition: inline; filename=4.css Last-Modified: Sat, 08 Feb 2025 20:45:17 GMT Cache-Control: no-cache
2025-03-13 09:44:19 UTC	2756	IN	Data Raw: 62 6f 64 79 20 7b 0d 0a 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 20 0d 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0d 0a 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 72 67 62 28 32 35 31 2c 20 32 34 33 2c 20 32 34 33 29 3b 0d 0a 20 20 20 20 6f 76 65 72 66 6c 6f 77 2d 78 3a 20 68 69 64 64 65 6e 3b 0d 0a 7d 0d 0a 0d 0a 2e 6c 6f 70 33 20 7b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 72 67 62 28 32 32 31 2c 20 32 31 31 2c 20 32 31 31 29 3b 0d 0a 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 25 3b 0d 0a 20 20 20 20 6d 61 78 2d 77 69 64 74 68 3a 20 31 30 30 25 3b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0d 0a 20 20 20 20 64 69 73 Data Ascii: body { height: 100%; margin: 0; width: 100%; background-color: rgb(251, 243, 243); overflow-x: hidden;}.lop3 { background-color: rgb(221, 211, 211); height: 10%; max-width: 100%; margin: 0 auto; dis

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.12	49703	103.136.41.106	443	3944	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-13 09:44:21 UTC	685	OUT	GET /static/images/anh5.png HTTP/1.1 Host: mato-vldcmm.click Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://mato-vldcmm.click/4 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: session=eyJsYW5ndWFnZSI6ImVuIn0.Z9Ko8w._6gqv9B4NZE0cKPG-3UQLWguNWA
2025-03-13 09:44:22 UTC	264	IN	HTTP/1.1 200 OK Server: nginx/1.14.1 Date: Thu, 13 Mar 2025 09:44:21 GMT Content-Type: image/png Content-Length: 20853 Connection: close Content-Disposition: inline; filename=anh5.png Last-Modified: Sat, 16 Nov 2024 21:56:53 GMT Cache-Control: no-cache
2025-03-13 09:44:22 UTC	16120	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 20 00 00 00 a2 08 06 00 00 00 b9 e0 a9 26 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 20 63 48 52 4d 00 00 7a 26 00 00 80 84 00 00 fa 00 00 00 80 e8 00 00 75 30 00 00 ea 60 00 00 3a 98 00 00 17 70 9c ba 51 3c 00 00 00 06 62 4b 47 44 00 ff 00 ff 00 ff a0 bd a7 93 00 00 00 07 74 49 4d 45 07 e8 07 09 06 39 2d b6 3d 0d a8 00 00 50 79 49 44 41 54 78 da ed 9d 77 7c d5 d5 f9 c7 df cf f7 de 1b c2 12 50 20 83 15 14 48 62 84 24 a2 56 6b ab 68 ad a3 d6 da a5 d5 aa 55 2b e2 de b3 0e b8 e0 1e 75 4f 44 ed 50 7f 55 ba 1c 55 3b a5 c3 2d 26 41 22 09 a0 82 40 06 20 43 19 49 ee bd df e7 f7 47 b0 75 30 02 dc f3 bd eb 79 bf 5e bc 94 91 ef 39 df e7 3c 67 7c be e7 9c e7 11 72 8d 09 6f f5 20 b6 d3 91 84 38 04 Data Ascii: PNGIHDR &gAMAa cHRMz&u0`:pQ<bKGDtIME9-=PyIDATxw\|P Hb$VkhU+uODPUU;-&A"@ CIGu0y^9<g\|ro 8
2025-03-13 09:44:22 UTC	4733	IN	Data Raw: c0 c5 5e 5f 5c 56 7d 79 26 d9 a9 b0 ac ea 24 54 9f 27 f8 40 4c 9b 11 20 57 cb 1c e0 a3 a4 89 0e 65 6b 36 0e f7 26 1e af 63 72 fc d8 24 08 8f 30 93 3b 4e 45 e2 b3 51 be 9f 42 fb d6 b0 63 f8 0a 9b 56 37 70 77 e1 23 c0 33 69 52 9b 23 f0 12 b3 b9 78 e5 f7 92 20 3c c6 30 a9 6d 21 aa c7 07 56 7b a5 9e a8 b4 99 53 19 46 76 d1 34 67 c4 2f 02 3c cb 0e ca 61 6b 23 bd fe 56 38 a2 7a 40 a6 db ae b8 ac fa d8 44 c2 9f 09 ba a5 d0 b2 fd 12 f0 f4 8e 23 be b2 43 26 bc 97 af e2 5c 80 08 8c 29 2c ab fa 49 a6 fb 80 f8 e1 9f 03 81 e6 59 53 f4 86 a2 d2 aa 87 18 3b 36 92 ce b6 29 29 19 97 5f 54 56 fd 80 c0 a3 1a 78 0a 8a 2d 09 10 08 24 21 d2 66 28 00 7d 82 c9 b1 ff 10 8d 7f 67 ab 8f c9 dc a8 7d 98 d2 71 12 12 af 07 99 0a a4 f2 92 dd 5a bc c4 b1 9c 2b ed 18 ff 23 ce a9 c0 52 a7 Data Ascii: ^_\V}y&$T'@L Wek6&cr$0;NEQBcV7pw#3iR#x <0m!V{SFv4g/<ak#V8z@D#C&\),IYS;6))_TVx-$!f(}g}qZ+#R

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.12	49701	103.136.41.106	443	3944	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-13 09:44:21 UTC	687	OUT	GET /static/images/aanh77.jpg HTTP/1.1 Host: mato-vldcmm.click Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://mato-vldcmm.click/4 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: session=eyJsYW5ndWFnZSI6ImVuIn0.Z9Ko8w._6gqv9B4NZE0cKPG-3UQLWguNWA
2025-03-13 09:44:22 UTC	267	IN	HTTP/1.1 200 OK Server: nginx/1.14.1 Date: Thu, 13 Mar 2025 09:44:21 GMT Content-Type: image/jpeg Content-Length: 46927 Connection: close Content-Disposition: inline; filename=aanh77.jpg Last-Modified: Fri, 07 Feb 2025 07:39:34 GMT Cache-Control: no-cache
2025-03-13 09:44:22 UTC	16117	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 2b 3e 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 0a 00 0b 00 02 00 00 00 26 00 00 08 92 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 08 b8 01 1b 00 05 00 00 00 01 00 00 08 c0 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 26 00 00 08 c8 01 32 00 02 00 00 00 14 00 00 08 ee 02 13 00 03 00 00 00 01 00 01 00 00 87 69 00 04 00 00 00 01 00 00 09 02 ea 1c 00 07 00 00 08 0c 00 00 00 86 00 00 12 36 1c ea 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: JFIF``+>ExifMM*&(1&2i6
2025-03-13 09:44:22 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii:
2025-03-13 09:44:22 UTC	14426	IN	Data Raw: 2a e2 68 c3 1b 46 b7 2b 67 b3 85 c0 fb 48 aa 8a 56 3b ff 00 84 7a f4 5a 1f c4 28 23 89 f3 65 78 4d b6 e3 df 77 2a 7f 3c 7e 66 bb 3f da d7 4f fb 67 c1 3d 4e 5c 13 f6 59 ed e7 3e d8 7c 1f fd 0a bc 52 c6 e5 ac 2f 6d ee 62 f9 5a 07 12 2f e0 73 5f 49 fc 63 d2 c7 8c 3e 0d f8 92 18 c6 4d d6 98 f3 20 f7 0a 24 1f ca bf a6 b8 66 a3 c3 55 a2 a6 ef ca e3 a9 f9 17 89 39 7f 2c 3d aa de 51 6b e6 7e 71 74 e3 bf 7a 29 03 6f c1 ce 09 e7 6d 2d 7f 62 c5 a9 45 49 76 3f 8d 9a b3 69 85 14 51 54 48 51 45 14 00 51 45 14 00 51 45 14 00 51 45 14 0d 6e 78 1f c7 cf f9 1a ac bf eb cd 7f f4 26 af 33 af 4c f8 f9 ff 00 23 55 97 fd 79 af fe 84 d5 e6 75 f8 86 71 fe fd 53 d4 fd 53 2d ff 00 74 a7 e8 15 f4 cf ec 3b ff 00 23 07 8a ff 00 eb ce 1f fd 19 5f 33 57 d3 5f b0 f7 fc 8c 1e 2b ff 00 af Data Ascii: hF+gHV;zZ(#exMw<~f?Og=N\Y>\|R/mbZ/s_Ic>M $fU9,=Qk~qtz)om-bEIv?iQTHQEQEQEQEnx&3L#UyuqSS-t;#_3W_+

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.12	49702	103.136.41.106	443	3944	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-13 09:44:21 UTC	617	OUT	GET /static/js/4.js HTTP/1.1 Host: mato-vldcmm.click Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://mato-vldcmm.click/4 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: session=eyJsYW5ndWFnZSI6ImVuIn0.Z9Ko8w._6gqv9B4NZE0cKPG-3UQLWguNWA
2025-03-13 09:44:22 UTC	287	IN	HTTP/1.1 200 OK Server: nginx/1.14.1 Date: Thu, 13 Mar 2025 09:44:21 GMT Content-Type: application/javascript; charset=utf-8 Content-Length: 3353 Connection: close Content-Disposition: inline; filename=4.js Last-Modified: Sat, 22 Feb 2025 12:46:32 GMT Cache-Control: no-cache
2025-03-13 09:44:22 UTC	3353	IN	Data Raw: 63 6f 6e 73 74 20 6d 65 73 73 61 67 65 73 20 3d 20 7b 0d 0a 20 20 20 20 65 6e 3a 20 7b 0d 0a 20 20 20 20 20 20 20 20 4f 54 50 31 3a 20 22 44 6f 6e 27 74 20 62 65 20 63 61 72 65 6c 65 73 73 22 2c 0d 0a 20 20 20 20 20 20 20 20 6f 74 70 31 3a 20 22 49 6e 63 6f 72 72 65 63 74 20 4f 54 50 20 65 6e 74 65 72 65 64 22 0d 0a 20 20 20 20 7d 2c 0d 0a 20 20 20 20 69 74 3a 20 7b 0d 0a 20 20 20 20 20 20 20 20 4f 54 50 31 3a 20 22 4e 6f 6e 20 65 73 73 65 72 65 20 64 69 73 74 72 61 74 74 6f 22 2c 0d 0a 20 20 20 20 20 20 20 20 6f 74 70 31 3a 20 22 4f 54 50 20 69 6e 73 65 72 69 74 6f 20 6e 6f 6e 20 63 6f 72 72 65 74 74 6f 22 0d 0a 20 20 20 20 7d 2c 0d 0a 20 20 20 20 65 73 3a 20 7b 0d 0a 20 20 20 20 20 20 20 20 4f 54 50 31 3a 20 22 4e 6f 20 73 65 61 73 20 64 65 73 63 75 69 Data Ascii: const messages = { en: { OTP1: "Don't be careless", otp1: "Incorrect OTP entered" }, it: { OTP1: "Non essere distratto", otp1: "OTP inserito non corretto" }, es: { OTP1: "No seas descui

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.12	49706	103.136.41.106	443	3944	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-13 09:44:24 UTC	686	OUT	GET /static/images/anhfb.png HTTP/1.1 Host: mato-vldcmm.click Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://mato-vldcmm.click/4 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: session=eyJsYW5ndWFnZSI6ImVuIn0.Z9Ko8w._6gqv9B4NZE0cKPG-3UQLWguNWA
2025-03-13 09:44:24 UTC	264	IN	HTTP/1.1 200 OK Server: nginx/1.14.1 Date: Thu, 13 Mar 2025 09:44:24 GMT Content-Type: image/png Content-Length: 2974 Connection: close Content-Disposition: inline; filename=anhfb.png Last-Modified: Tue, 10 Dec 2024 17:30:07 GMT Cache-Control: no-cache
2025-03-13 09:44:24 UTC	2974	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 e1 00 00 00 e1 08 03 00 00 00 09 6d 22 48 00 00 00 84 50 4c 54 45 18 77 f2 ff ff ff 00 6c f1 00 72 f1 16 78 f2 00 71 f2 00 6e f1 f1 f7 fe a4 c2 f8 00 6b f1 92 b6 f7 8b b3 f7 0a 74 f2 00 73 f1 ed f4 fe 5f 99 f5 af c9 f9 59 96 f5 50 91 f4 ba d1 fa d6 e4 fc c1 d6 fb e0 eb fd 68 9e f5 e3 ed fd a9 c6 f9 9a bc f8 f9 fc ff cb dd fb e1 ec fd 6f a2 f6 9e bf f8 79 a8 f6 28 7f f3 41 89 f4 2e 81 f3 54 93 f4 83 ad f7 c6 da fb 46 8c f3 d2 e1 fb b4 cd f9 2d 80 f3 00 67 f1 cb bb 72 94 00 00 0a d5 49 44 41 54 78 9c dd dd d9 82 e2 aa 16 06 e0 04 04 8d d2 46 cb a9 d4 ea 72 aa 41 eb bc ff fb 9d 68 39 c5 84 04 58 fc c1 dd eb 6a ef 8b 6e f3 75 08 e3 02 a2 b8 91 58 f6 ff 8e df 26 a3 c3 e0 18 87 d1 e4 6d fc b7 bf 6c e6 a7 Data Ascii: PNGIHDRm"HPLTEwlrxqnkts_YPhoy(A.TF-grIDATxFrAh9XjnuX&ml

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.12	49708	103.136.41.106	443	3944	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-13 09:44:24 UTC	479	OUT	GET /static/images/anh5.png HTTP/1.1 Host: mato-vldcmm.click Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: session=eyJsYW5ndWFnZSI6ImVuIn0.Z9Ko8w._6gqv9B4NZE0cKPG-3UQLWguNWA
2025-03-13 09:44:24 UTC	264	IN	HTTP/1.1 200 OK Server: nginx/1.14.1 Date: Thu, 13 Mar 2025 09:44:24 GMT Content-Type: image/png Content-Length: 20853 Connection: close Content-Disposition: inline; filename=anh5.png Last-Modified: Sat, 16 Nov 2024 21:56:53 GMT Cache-Control: no-cache
2025-03-13 09:44:24 UTC	16120	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 20 00 00 00 a2 08 06 00 00 00 b9 e0 a9 26 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 20 63 48 52 4d 00 00 7a 26 00 00 80 84 00 00 fa 00 00 00 80 e8 00 00 75 30 00 00 ea 60 00 00 3a 98 00 00 17 70 9c ba 51 3c 00 00 00 06 62 4b 47 44 00 ff 00 ff 00 ff a0 bd a7 93 00 00 00 07 74 49 4d 45 07 e8 07 09 06 39 2d b6 3d 0d a8 00 00 50 79 49 44 41 54 78 da ed 9d 77 7c d5 d5 f9 c7 df cf f7 de 1b c2 12 50 20 83 15 14 48 62 84 24 a2 56 6b ab 68 ad a3 d6 da a5 d5 aa 55 2b e2 de b3 0e b8 e0 1e 75 4f 44 ed 50 7f 55 ba 1c 55 3b a5 c3 2d 26 41 22 09 a0 82 40 06 20 43 19 49 ee bd df e7 f7 47 b0 75 30 02 dc f3 bd eb 79 bf 5e bc 94 91 ef 39 df e7 3c 67 7c be e7 9c e7 11 72 8d 09 6f f5 20 b6 d3 91 84 38 04 Data Ascii: PNGIHDR &gAMAa cHRMz&u0`:pQ<bKGDtIME9-=PyIDATxw\|P Hb$VkhU+uODPUU;-&A"@ CIGu0y^9<g\|ro 8
2025-03-13 09:44:25 UTC	4733	IN	Data Raw: c0 c5 5e 5f 5c 56 7d 79 26 d9 a9 b0 ac ea 24 54 9f 27 f8 40 4c 9b 11 20 57 cb 1c e0 a3 a4 89 0e 65 6b 36 0e f7 26 1e af 63 72 fc d8 24 08 8f 30 93 3b 4e 45 e2 b3 51 be 9f 42 fb d6 b0 63 f8 0a 9b 56 37 70 77 e1 23 c0 33 69 52 9b 23 f0 12 b3 b9 78 e5 f7 92 20 3c c6 30 a9 6d 21 aa c7 07 56 7b a5 9e a8 b4 99 53 19 46 76 d1 34 67 c4 2f 02 3c cb 0e ca 61 6b 23 bd fe 56 38 a2 7a 40 a6 db ae b8 ac fa d8 44 c2 9f 09 ba a5 d0 b2 fd 12 f0 f4 8e 23 be b2 43 26 bc 97 af e2 5c 80 08 8c 29 2c ab fa 49 a6 fb 80 f8 e1 9f 03 81 e6 59 53 f4 86 a2 d2 aa 87 18 3b 36 92 ce b6 29 29 19 97 5f 54 56 fd 80 c0 a3 1a 78 0a 8a 2d 09 10 08 24 21 d2 66 28 00 7d 82 c9 b1 ff 10 8d 7f 67 ab 8f c9 dc a8 7d 98 d2 71 12 12 af 07 99 0a a4 f2 92 dd 5a bc c4 b1 9c 2b ed 18 ff 23 ce a9 c0 52 a7 Data Ascii: ^_\V}y&$T'@L Wek6&cr$0;NEQBcV7pw#3iR#x <0m!V{SFv4g/<ak#V8z@D#C&\),IYS;6))_TVx-$!f(}g}qZ+#R

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.12	49709	103.136.41.106	443	3944	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-13 09:44:24 UTC	481	OUT	GET /static/images/aanh77.jpg HTTP/1.1 Host: mato-vldcmm.click Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: session=eyJsYW5ndWFnZSI6ImVuIn0.Z9Ko8w._6gqv9B4NZE0cKPG-3UQLWguNWA
2025-03-13 09:44:25 UTC	267	IN	HTTP/1.1 200 OK Server: nginx/1.14.1 Date: Thu, 13 Mar 2025 09:44:24 GMT Content-Type: image/jpeg Content-Length: 46927 Connection: close Content-Disposition: inline; filename=aanh77.jpg Last-Modified: Fri, 07 Feb 2025 07:39:34 GMT Cache-Control: no-cache
2025-03-13 09:44:25 UTC	16117	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 2b 3e 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 0a 00 0b 00 02 00 00 00 26 00 00 08 92 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 08 b8 01 1b 00 05 00 00 00 01 00 00 08 c0 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 26 00 00 08 c8 01 32 00 02 00 00 00 14 00 00 08 ee 02 13 00 03 00 00 00 01 00 01 00 00 87 69 00 04 00 00 00 01 00 00 09 02 ea 1c 00 07 00 00 08 0c 00 00 00 86 00 00 12 36 1c ea 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: JFIF``+>ExifMM*&(1&2i6
2025-03-13 09:44:25 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii:
2025-03-13 09:44:25 UTC	14426	IN	Data Raw: 2a e2 68 c3 1b 46 b7 2b 67 b3 85 c0 fb 48 aa 8a 56 3b ff 00 84 7a f4 5a 1f c4 28 23 89 f3 65 78 4d b6 e3 df 77 2a 7f 3c 7e 66 bb 3f da d7 4f fb 67 c1 3d 4e 5c 13 f6 59 ed e7 3e d8 7c 1f fd 0a bc 52 c6 e5 ac 2f 6d ee 62 f9 5a 07 12 2f e0 73 5f 49 fc 63 d2 c7 8c 3e 0d f8 92 18 c6 4d d6 98 f3 20 f7 0a 24 1f ca bf a6 b8 66 a3 c3 55 a2 a6 ef ca e3 a9 f9 17 89 39 7f 2c 3d aa de 51 6b e6 7e 71 74 e3 bf 7a 29 03 6f c1 ce 09 e7 6d 2d 7f 62 c5 a9 45 49 76 3f 8d 9a b3 69 85 14 51 54 48 51 45 14 00 51 45 14 00 51 45 14 00 51 45 14 0d 6e 78 1f c7 cf f9 1a ac bf eb cd 7f f4 26 af 33 af 4c f8 f9 ff 00 23 55 97 fd 79 af fe 84 d5 e6 75 f8 86 71 fe fd 53 d4 fd 53 2d ff 00 74 a7 e8 15 f4 cf ec 3b ff 00 23 07 8a ff 00 eb ce 1f fd 19 5f 33 57 d3 5f b0 f7 fc 8c 1e 2b ff 00 af Data Ascii: hF+gHV;zZ(#exMw<~f?Og=N\Y>\|R/mbZ/s_Ic>M $fU9,=Qk~qtz)om-bEIv?iQTHQEQEQEQEnx&3L#UyuqSS-t;#_3W_+

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.12	49707	103.136.41.106	443	3944	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-13 09:44:24 UTC	480	OUT	GET /static/images/anhfb.png HTTP/1.1 Host: mato-vldcmm.click Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: session=eyJsYW5ndWFnZSI6ImVuIn0.Z9Ko8w._6gqv9B4NZE0cKPG-3UQLWguNWA
2025-03-13 09:44:25 UTC	264	IN	HTTP/1.1 200 OK Server: nginx/1.14.1 Date: Thu, 13 Mar 2025 09:44:25 GMT Content-Type: image/png Content-Length: 2974 Connection: close Content-Disposition: inline; filename=anhfb.png Last-Modified: Tue, 10 Dec 2024 17:30:07 GMT Cache-Control: no-cache
2025-03-13 09:44:25 UTC	2974	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 e1 00 00 00 e1 08 03 00 00 00 09 6d 22 48 00 00 00 84 50 4c 54 45 18 77 f2 ff ff ff 00 6c f1 00 72 f1 16 78 f2 00 71 f2 00 6e f1 f1 f7 fe a4 c2 f8 00 6b f1 92 b6 f7 8b b3 f7 0a 74 f2 00 73 f1 ed f4 fe 5f 99 f5 af c9 f9 59 96 f5 50 91 f4 ba d1 fa d6 e4 fc c1 d6 fb e0 eb fd 68 9e f5 e3 ed fd a9 c6 f9 9a bc f8 f9 fc ff cb dd fb e1 ec fd 6f a2 f6 9e bf f8 79 a8 f6 28 7f f3 41 89 f4 2e 81 f3 54 93 f4 83 ad f7 c6 da fb 46 8c f3 d2 e1 fb b4 cd f9 2d 80 f3 00 67 f1 cb bb 72 94 00 00 0a d5 49 44 41 54 78 9c dd dd d9 82 e2 aa 16 06 e0 04 04 8d d2 46 cb a9 d4 ea 72 aa 41 eb bc ff fb 9d 68 39 c5 84 04 58 fc c1 dd eb 6a ef 8b 6e f3 75 08 e3 02 a2 b8 91 58 f6 ff 8e df 26 a3 c3 e0 18 87 d1 e4 6d fc b7 bf 6c e6 a7 Data Ascii: PNGIHDRm"HPLTEwlrxqnkts_YPhoy(A.TF-grIDATxFrAh9XjnuX&ml

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.12	49715	13.107.246.76	443

Timestamp	Bytes transferred	Direction	Data
2025-03-13 09:44:38 UTC	202	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.svc.static.microsoft
2025-03-13 09:44:39 UTC	492	IN	HTTP/1.1 200 OK Date: Thu, 13 Mar 2025 09:44:38 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Cache-Control: public Last-Modified: Mon, 10 Mar 2025 13:15:17 GMT ETag: "0x8DD5FD59A5E5E0E" x-ms-request-id: 67465af2-201e-0071-327a-93ff15000000 x-ms-version: 2018-03-28 x-azure-ref: 20250313T094438Z-er1c6889b75dd5b7hC1CH129un00000004x0000000004h8v x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2025-03-13 09:44:39 UTC	15892	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticuserinessImpact" S="70" DL="A" DCa="PSP PSU"
2025-03-13 09:44:39 UTC	16384	IN	Data Raw: 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 Data Ascii: <V V="400" T="I32" /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" /> </L> <R> <V
2025-03-13 09:44:39 UTC	16384	IN	Data Raw: 32 30 76 33 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 Data Ascii: 20v3+<?xml version="1.0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" DCa="PSU" xmlns=""> <S> <A T="1" E="T
2025-03-13 09:44:39 UTC	16384	IN	Data Raw: 20 54 3d 22 32 22 20 46 3d 22 41 76 65 72 61 67 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 31 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 46 69 6c 65 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 38 22 20 46 3d Data Ascii: T="2" F="Average" /> </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32" I="11" O="true" N="File_Count"> <S T="8" F=
2025-03-13 09:44:39 UTC	16384	IN	Data Raw: 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 52 65 73 75 6c 74 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a Data Ascii: alse"> <C> <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Count_CreateResult_ValidPersona_False"> <C>
2025-03-13 09:44:39 UTC	16384	IN	Data Raw: 20 49 3d 22 31 39 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6c 65 61 6e 75 70 Data Ascii: I="19" O="false" N="Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C> </C> <C T="U32" I="21" O="false" N="Cleanup
2025-03-13 09:44:39 UTC	16384	IN	Data Raw: 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 Data Ascii: </L> <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R>
2025-03-13 09:44:39 UTC	16384	IN	Data Raw: 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 46 61 69 6c 65 64 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 Data Ascii: </O> </F> </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIntegrationFirstCallFailedCount"> <C>
2025-03-13 09:44:39 UTC	16384	IN	Data Raw: 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: O T="AND"> <L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L> <R> <V V="false" T="B" />
2025-03-13 09:44:39 UTC	16384	IN	Data Raw: 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 Data Ascii: <S T="2" F="HttpStatus" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <L> <S T="2" F="HttpStatus" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.12	49718	13.107.246.76	443

Timestamp	Bytes transferred	Direction	Data
2025-03-13 09:44:42 UTC	199	OUT	GET /rules/rule703050v3s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.svc.static.microsoft
2025-03-13 09:44:42 UTC	495	IN	HTTP/1.1 200 OK Date: Thu, 13 Mar 2025 09:44:42 GMT Content-Type: text/xml Content-Length: 1391 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT ETag: "0x8DC582BE9CC7A3E" x-ms-request-id: 83aff55b-201e-0071-6cfc-93ff15000000 x-ms-version: 2018-03-28 x-azure-ref: 20250313T094442Z-er1c6889b75w7tkvhC1CH1mysg00000009t0000000004cre x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2025-03-13 09:44:42 UTC	1391	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 30 35 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 45 78 63 65 6c 2e 49 6e 73 69 67 68 74 73 53 65 72 76 69 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 45 78 63 65 6c 49 6e 73 69 67 68 74 73 53 65 72 76 69 63 65 73 22 20 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703050" V="3" DC="SM" EN="Office.Telemetry.Event.Office.Excel.InsightsServices" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenExcelInsightsServices" S

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.12	49720	13.107.246.76	443

Timestamp	Bytes transferred	Direction	Data
2025-03-13 09:44:42 UTC	199	OUT	GET /rules/rule700100v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.svc.static.microsoft
2025-03-13 09:44:42 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 13 Mar 2025 09:44:42 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT ETag: "0x8DC582BE9BA0663" x-ms-request-id: 7737259f-401e-0064-1f7a-9354af000000 x-ms-version: 2018-03-28 x-azure-ref: 20250313T094442Z-er1c6889b75wmqrdhC1CH1qda800000004yg000000003e35 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2025-03-13 09:44:42 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 31 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 45 78 63 65 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 45 78 63 65 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700100" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Excel" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenExcel" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.12	49719	13.107.246.76	443

Timestamp	Bytes transferred	Direction	Data
2025-03-13 09:44:42 UTC	199	OUT	GET /rules/rule702100v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.svc.static.microsoft
2025-03-13 09:44:42 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 13 Mar 2025 09:44:42 GMT Content-Type: text/xml Content-Length: 1371 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE7DDEC0" x-ms-request-id: 9a4b7b8a-201e-0096-227a-93ace6000000 x-ms-version: 2018-03-28 x-azure-ref: 20250313T094442Z-er1c6889b754l2pbhC1CH1uwfc0000000ar0000000007hr0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2025-03-13 09:44:42 UTC	1371	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 45 78 63 65 6c 2e 43 6f 61 75 74 68 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 45 78 63 65 6c 43 6f 61 75 74 68 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702100" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Excel.Coauth" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenExcelCoauth" S="Medium" /> <F

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.12	49716	13.107.246.76	443

Timestamp	Bytes transferred	Direction	Data
2025-03-13 09:44:42 UTC	199	OUT	GET /rules/rule700101v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.svc.static.microsoft
2025-03-13 09:44:42 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 13 Mar 2025 09:44:42 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:07 GMT ETag: "0x8DC582BED8AA404" x-ms-request-id: 39e9aa9b-f01e-0020-6d7a-93956b000000 x-ms-version: 2018-03-28 x-azure-ref: 20250313T094442Z-er1c6889b757m2njhC1CH16ma80000000cyg000000004qy3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2025-03-13 09:44:42 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 31 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 45 78 63 65 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 45 78 63 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700101" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Excel.Critical" SP="CriticuserinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenExce

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.12	49717	13.107.246.76	443

Timestamp	Bytes transferred	Direction	Data
2025-03-13 09:44:42 UTC	199	OUT	GET /rules/rule702101v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.svc.static.microsoft
2025-03-13 09:44:42 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 13 Mar 2025 09:44:42 GMT Content-Type: text/xml Content-Length: 1408 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:57 GMT ETag: "0x8DC582BE7F89AC4" x-ms-request-id: be2b64f4-101e-0079-647a-935913000000 x-ms-version: 2018-03-28 x-azure-ref: 20250313T094442Z-er1c6889b75w7tkvhC1CH1mysg00000009sg000000005r9r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2025-03-13 09:44:42 UTC	1408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 45 78 63 65 6c 2e 43 6f 61 75 74 68 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702101" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Excel.Coauth.Critical" SP="CriticuserinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTo

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.12	49724	13.107.246.76	443

Timestamp	Bytes transferred	Direction	Data
2025-03-13 09:44:44 UTC	199	OUT	GET /rules/rule703550v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.svc.static.microsoft
2025-03-13 09:44:45 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 13 Mar 2025 09:44:44 GMT Content-Type: text/xml Content-Length: 1372 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT ETag: "0x8DC582BE3F3631C" x-ms-request-id: 68e325bf-201e-005d-577a-93afb3000000 x-ms-version: 2018-03-28 x-azure-ref: 20250313T094444Z-er1c6889b75stsgbhC1CH1xm8g00000008ug00000000av4p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2025-03-13 09:44:45 UTC	1372	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 44 6f 63 75 6d 65 6e 74 58 52 61 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 44 6f 63 75 6d 65 6e 74 58 52 61 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703550" V="0" DC="SM" EN="Office.Telemetry.Event.Office.DocumentXRay" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenDocumentXRay" S="Medium" /> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.12	49722	13.107.246.76	443

Timestamp	Bytes transferred	Direction	Data
2025-03-13 09:44:44 UTC	199	OUT	GET /rules/rule700950v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.svc.static.microsoft
2025-03-13 09:44:45 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 13 Mar 2025 09:44:44 GMT Content-Type: text/xml Content-Length: 1369 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT ETag: "0x8DC582BE96D9F3D" x-ms-request-id: 52144bc7-a01e-003d-3c7a-9398d7000000 x-ms-version: 2018-03-28 x-azure-ref: 20250313T094444Z-er1c6889b75b5t2shC1CH1rzy000000008v000000000crat x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2025-03-13 09:44:45 UTC	1369	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 39 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 44 79 6e 61 6d 69 63 43 61 6e 76 61 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 69 6c 64 66 69 72 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700950" V="1" DC="SM" EN="Office.Telemetry.Event.Office.DynamicCanvas" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWildfire" S="Medium" /> <F T

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.12	49721	13.107.246.76	443

Timestamp	Bytes transferred	Direction	Data
2025-03-13 09:44:44 UTC	199	OUT	GET /rules/rule700951v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.svc.static.microsoft
2025-03-13 09:44:45 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 13 Mar 2025 09:44:44 GMT Content-Type: text/xml Content-Length: 1406 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:59 GMT ETag: "0x8DC582BE8CC94C0" x-ms-request-id: 104f0c25-701e-0097-017a-93b8c1000000 x-ms-version: 2018-03-28 x-azure-ref: 20250313T094444Z-er1c6889b75w7tkvhC1CH1mysg00000009p000000000b8v7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2025-03-13 09:44:45 UTC	1406	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 39 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 44 79 6e 61 6d 69 63 43 61 6e 76 61 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700951" V="1" DC="SM" EN="Office.Telemetry.Event.Office.DynamicCanvas.Critical" SP="CriticuserinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantT

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.12	49723	13.107.246.76	443

Timestamp	Bytes transferred	Direction	Data
2025-03-13 09:44:44 UTC	199	OUT	GET /rules/rule703551v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.svc.static.microsoft
2025-03-13 09:44:45 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 13 Mar 2025 09:44:45 GMT Content-Type: text/xml Content-Length: 1409 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE572292" x-ms-request-id: 9a18249f-401e-0067-5a57-9309c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20250313T094445Z-er1c6889b75jt9l5hC1CH1xbq80000000c1g0000000047ys x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2025-03-13 09:44:45 UTC	1409	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 44 6f 63 75 6d 65 6e 74 58 52 61 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703551" V="0" DC="SM" EN="Office.Telemetry.Event.Office.DocumentXRay.Critical" SP="CriticuserinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTo

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.12	49725	13.107.246.76	443

Timestamp	Bytes transferred	Direction	Data
2025-03-13 09:44:44 UTC	199	OUT	GET /rules/rule700451v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.svc.static.microsoft
2025-03-13 09:44:45 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 13 Mar 2025 09:44:45 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF341BCB" x-ms-request-id: 92b9d5fd-001e-005a-105c-93c3d0000000 x-ms-version: 2018-03-28 x-azure-ref: 20250313T094445Z-er1c6889b75wmqrdhC1CH1qda800000004x0000000006d0v x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2025-03-13 09:44:45 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 44 6f 63 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 44 6f 63 73 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700451" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Docs.Critical" SP="CriticuserinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenDocs"

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.12	49726	13.107.246.76	443

Timestamp	Bytes transferred	Direction	Data
2025-03-13 09:44:47 UTC	199	OUT	GET /rules/rule702701v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.svc.static.microsoft
2025-03-13 09:44:47 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 13 Mar 2025 09:44:47 GMT Content-Type: text/xml Content-Length: 1404 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDD76594E" x-ms-request-id: 9a4b8a51-201e-0096-3e7a-93ace6000000 x-ms-version: 2018-03-28 x-azure-ref: 20250313T094447Z-er1c6889b75g9xr5hC1CH1uay400000004c00000000052bf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2025-03-13 09:44:47 UTC	1404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 44 6f 63 73 2e 41 70 70 6c 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702701" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Docs.Apple.Critical" SP="CriticuserinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.12	49727	13.107.246.76	443

Timestamp	Bytes transferred	Direction	Data
2025-03-13 09:44:47 UTC	199	OUT	GET /rules/rule702700v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.svc.static.microsoft
2025-03-13 09:44:47 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 13 Mar 2025 09:44:47 GMT Content-Type: text/xml Content-Length: 1367 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:04 GMT ETag: "0x8DC582BEBBC4213" x-ms-request-id: 7327dca7-c01e-00a2-587a-932327000000 x-ms-version: 2018-03-28 x-azure-ref: 20250313T094447Z-er1c6889b75rzpn9hC1CH1gwt800000006sg00000000fkqv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2025-03-13 09:44:47 UTC	1367	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 44 6f 63 73 2e 41 70 70 6c 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 44 6f 63 73 41 70 70 6c 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702700" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Docs.Apple" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenDocsApple" S="Medium" /> <F T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.12	49728	13.107.246.76	443

Timestamp	Bytes transferred	Direction	Data
2025-03-13 09:44:47 UTC	199	OUT	GET /rules/rule700450v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.svc.static.microsoft
2025-03-13 09:44:47 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 13 Mar 2025 09:44:47 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE57CD3FB" x-ms-request-id: b7234379-c01e-00a1-5e7a-937e4a000000 x-ms-version: 2018-03-28 x-azure-ref: 20250313T094447Z-er1c6889b75nhlgchC1CH170t400000003rg00000000demq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2025-03-13 09:44:47 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 44 6f 63 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 44 6f 63 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700450" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Docs" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenDocs" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.12	49729	13.107.246.76	443

Timestamp	Bytes transferred	Direction	Data
2025-03-13 09:44:47 UTC	199	OUT	GET /rules/rule701901v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.svc.static.microsoft
2025-03-13 09:44:47 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 13 Mar 2025 09:44:47 GMT Content-Type: text/xml Content-Length: 1407 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE60DB429" x-ms-request-id: be2b71b8-101e-0079-0e7a-935913000000 x-ms-version: 2018-03-28 x-azure-ref: 20250313T094447Z-er1c6889b754xznkhC1CH1vd8s0000000ck0000000000nyq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2025-03-13 09:44:47 UTC	1407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 39 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 44 69 61 67 6e 6f 73 74 69 63 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701901" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Diagnostics.Critical" SP="CriticuserinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.12	49730	13.107.246.76	443

Timestamp	Bytes transferred	Direction	Data
2025-03-13 09:44:47 UTC	199	OUT	GET /rules/rule701900v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.svc.static.microsoft
2025-03-13 09:44:47 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 13 Mar 2025 09:44:47 GMT Content-Type: text/xml Content-Length: 1370 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT ETag: "0x8DC582BE44A7711" x-ms-request-id: 928ca3e0-401e-0035-1c5e-9382d8000000 x-ms-version: 2018-03-28 x-azure-ref: 20250313T094447Z-er1c6889b75rzpn9hC1CH1gwt800000006t000000000ewx6 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2025-03-13 09:44:47 UTC	1370	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 39 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 44 69 61 67 6e 6f 73 74 69 63 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 44 69 61 67 6e 6f 73 74 69 63 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701900" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Diagnostics" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenDiagnostics" S="Medium" /> <F

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.12	49732	13.107.246.76	443

Timestamp	Bytes transferred	Direction	Data
2025-03-13 09:44:49 UTC	199	OUT	GET /rules/rule704000v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.svc.static.microsoft
2025-03-13 09:44:50 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 13 Mar 2025 09:44:49 GMT Content-Type: text/xml Content-Length: 1382 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDD58756F" x-ms-request-id: 01e01759-101e-000b-5a7a-935e5c000000 x-ms-version: 2018-03-28 x-azure-ref: 20250313T094449Z-er1c6889b758942khC1CH194cg00000004vg000000006k42 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2025-03-13 09:44:50 UTC	1382	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 34 30 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 44 69 61 67 6e 6f 73 74 69 63 73 53 79 73 74 65 6d 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 44 69 61 67 6e 6f 73 74 69 63 73 53 79 73 74 65 6d 22 20 53 3d 22 4d 65 64 69 75 6d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="704000" V="0" DC="SM" EN="Office.Telemetry.Event.Office.DiagnosticsSystem" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenDiagnosticsSystem" S="Medium"

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.12	49731	13.107.246.76	443

Timestamp	Bytes transferred	Direction	Data
2025-03-13 09:44:49 UTC	199	OUT	GET /rules/rule704001v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.svc.static.microsoft
2025-03-13 09:44:50 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 13 Mar 2025 09:44:49 GMT Content-Type: text/xml Content-Length: 1419 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT ETag: "0x8DC582BDEC4EF80" x-ms-request-id: 286f1fcf-b01e-0021-4d7a-93cab7000000 x-ms-version: 2018-03-28 x-azure-ref: 20250313T094449Z-er1c6889b75khmfshC1CH16f7400000006700000000038se x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2025-03-13 09:44:50 UTC	1419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 34 30 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 44 69 61 67 6e 6f 73 74 69 63 73 53 79 73 74 65 6d 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="704001" V="0" DC="SM" EN="Office.Telemetry.Event.Office.DiagnosticsSystem.Critical" SP="CriticuserinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTen

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.12	49734	13.107.246.76	443

Timestamp	Bytes transferred	Direction	Data
2025-03-13 09:44:49 UTC	199	OUT	GET /rules/rule703250v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.svc.static.microsoft
2025-03-13 09:44:50 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 13 Mar 2025 09:44:49 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:52 GMT ETag: "0x8DC582BE4B05315" x-ms-request-id: 088bc7f1-801e-007b-205c-93e7ab000000 x-ms-version: 2018-03-28 x-azure-ref: 20250313T094449Z-er1c6889b754l2pbhC1CH1uwfc0000000asg0000000049e7 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2025-03-13 09:44:50 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 43 6f 72 65 55 49 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 43 6f 72 65 55 49 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.CoreUI" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenCoreUI" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.12	49733	13.107.246.76	443

Timestamp	Bytes transferred	Direction	Data
2025-03-13 09:44:49 UTC	199	OUT	GET /rules/rule703251v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.svc.static.microsoft
2025-03-13 09:44:50 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 13 Mar 2025 09:44:49 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT ETag: "0x8DC582BE2D942BE" x-ms-request-id: 5f714c68-801e-002a-1f7a-9331dc000000 x-ms-version: 2018-03-28 x-azure-ref: 20250313T094449Z-er1c6889b75kv2t4hC1CH1w8cw0000000ay000000000092e x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2025-03-13 09:44:50 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 43 6f 72 65 55 49 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 43 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.CoreUI.Critical" SP="CriticuserinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenCor

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.12	49735	13.107.246.76	443

Timestamp	Bytes transferred	Direction	Data
2025-03-13 09:44:49 UTC	199	OUT	GET /rules/rule702401v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.svc.static.microsoft
2025-03-13 09:44:50 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 13 Mar 2025 09:44:49 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:56 GMT ETag: "0x8DC582BE7663425" x-ms-request-id: 98489c74-c01e-007a-597a-93b877000000 x-ms-version: 2018-03-28 x-azure-ref: 20250313T094449Z-er1c6889b754l2pbhC1CH1uwfc0000000ap000000000b8g4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2025-03-13 09:44:50 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 34 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 43 6f 6d 70 6c 69 61 6e 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702401" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Compliance.Critical" SP="CriticuserinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.12	49736	13.107.246.76	443

Timestamp	Bytes transferred	Direction	Data
2025-03-13 09:44:52 UTC	199	OUT	GET /rules/rule702400v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.svc.static.microsoft
2025-03-13 09:44:52 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 13 Mar 2025 09:44:52 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:02 GMT ETag: "0x8DC582BEAC69440" x-ms-request-id: 853f7769-201e-003f-347a-936d94000000 x-ms-version: 2018-03-28 x-azure-ref: 20250313T094452Z-er1c6889b75cflz8hC1CH1f4ks0000000cq000000000caha x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2025-03-13 09:44:52 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 34 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 43 6f 6d 70 6c 69 61 6e 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 43 6f 6d 70 6c 69 61 6e 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702400" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Compliance" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenCompliance" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.12	49737	13.107.246.76	443

Timestamp	Bytes transferred	Direction	Data
2025-03-13 09:44:52 UTC	199	OUT	GET /rules/rule701551v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.svc.static.microsoft
2025-03-13 09:44:52 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 13 Mar 2025 09:44:52 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT ETag: "0x8DC582BE998C79E" x-ms-request-id: 2eab37ae-e01e-0003-0e7a-930fa8000000 x-ms-version: 2018-03-28 x-azure-ref: 20250313T094452Z-er1c6889b75mxx9bhC1CH1s51c0000000bp000000000bgft x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2025-03-13 09:44:52 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 43 6c 69 63 6b 54 6f 52 75 6e 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701551" V="1" DC="SM" EN="Office.Telemetry.Event.Office.ClickToRun.Critical" SP="CriticuserinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.12	49739	13.107.246.76	443

Timestamp	Bytes transferred	Direction	Data
2025-03-13 09:44:52 UTC	199	OUT	GET /rules/rule700301v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.svc.static.microsoft
2025-03-13 09:44:52 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 13 Mar 2025 09:44:52 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB757F64" x-ms-request-id: 1bda7a40-a01e-0021-507a-93814c000000 x-ms-version: 2018-03-28 x-azure-ref: 20250313T094452Z-er1c6889b75nhlgchC1CH170t400000003tg000000009zzx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2025-03-13 09:44:52 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 43 68 61 72 74 69 6e 67 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 43 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700301" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Charting.Critical" SP="CriticuserinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenC

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.12	49738	13.107.246.76	443

Timestamp	Bytes transferred	Direction	Data
2025-03-13 09:44:52 UTC	199	OUT	GET /rules/rule701550v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.svc.static.microsoft
2025-03-13 09:44:53 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 13 Mar 2025 09:44:52 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:06 GMT ETag: "0x8DC582BED220670" x-ms-request-id: 5f834aa0-201e-000c-697a-9379c4000000 x-ms-version: 2018-03-28 x-azure-ref: 20250313T094452Z-er1c6889b759lrmchC1CH11a4w00000007yg00000000g785 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2025-03-13 09:44:53 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 43 6c 69 63 6b 54 6f 52 75 6e 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 43 6c 69 63 6b 54 6f 52 75 6e 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701550" V="1" DC="SM" EN="Office.Telemetry.Event.Office.ClickToRun" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenClickToRun" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.12	49740	13.107.246.76	443

Timestamp	Bytes transferred	Direction	Data
2025-03-13 09:44:52 UTC	199	OUT	GET /rules/rule700300v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.svc.static.microsoft
2025-03-13 09:44:53 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 13 Mar 2025 09:44:52 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB30DF54" x-ms-request-id: d06b629b-b01e-003d-087a-93d32c000000 x-ms-version: 2018-03-28 x-azure-ref: 20250313T094452Z-er1c6889b754xznkhC1CH1vd8s0000000ce0000000009gx7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2025-03-13 09:44:53 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 43 68 61 72 74 69 6e 67 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 43 68 61 72 74 69 6e 67 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700300" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Charting" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenCharting" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.12	49741	13.107.246.76	443

Timestamp	Bytes transferred	Direction	Data
2025-03-13 09:44:54 UTC	199	OUT	GET /rules/rule702001v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.svc.static.microsoft
2025-03-13 09:44:55 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 13 Mar 2025 09:44:54 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB7EA38B" x-ms-request-id: 5425aeea-d01e-0082-027a-93e489000000 x-ms-version: 2018-03-28 x-azure-ref: 20250313T094454Z-er1c6889b75vgjllhC1CH11kmc00000009n0000000009s6m x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2025-03-13 09:44:55 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 30 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 43 61 6e 76 61 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 43 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702001" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Canvas.Critical" SP="CriticuserinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenCan

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.12	49743	13.107.246.76	443

Timestamp	Bytes transferred	Direction	Data
2025-03-13 09:44:54 UTC	199	OUT	GET /rules/rule702601v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.svc.static.microsoft
2025-03-13 09:44:55 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 13 Mar 2025 09:44:55 GMT Content-Type: text/xml Content-Length: 1409 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:52 GMT ETag: "0x8DC582BE4B338DC" x-ms-request-id: 784a9b90-101e-0046-7b7a-9391b0000000 x-ms-version: 2018-03-28 x-azure-ref: 20250313T094455Z-er1c6889b75t5ckthC1CH1x2cn0000000cpg000000006dpv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2025-03-13 09:44:55 UTC	1409	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 36 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 41 75 74 6f 54 65 6d 70 6c 61 74 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702601" V="1" DC="SM" EN="Office.Telemetry.Event.Office.AutoTemplate.Critical" SP="CriticuserinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTo

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.12	49742	13.107.246.76	443

Timestamp	Bytes transferred	Direction	Data
2025-03-13 09:44:54 UTC	199	OUT	GET /rules/rule702000v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.svc.static.microsoft
2025-03-13 09:44:55 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 13 Mar 2025 09:44:55 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT ETag: "0x8DC582BE46A7D87" x-ms-request-id: 6d2185ce-301e-0000-6c7a-93eecc000000 x-ms-version: 2018-03-28 x-azure-ref: 20250313T094455Z-er1c6889b757m2njhC1CH16ma80000000ctg00000000fhvx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2025-03-13 09:44:55 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 30 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 43 61 6e 76 61 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 43 61 6e 76 61 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702000" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Canvas" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenCanvas" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.12	49745	13.107.246.76	443

Timestamp	Bytes transferred	Direction	Data
2025-03-13 09:44:55 UTC	199	OUT	GET /rules/rule703201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.svc.static.microsoft
2025-03-13 09:44:55 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 13 Mar 2025 09:44:55 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:47 GMT ETag: "0x8DC582BE20AC65F" x-ms-request-id: 54006fc6-501e-00a3-417a-93c0f2000000 x-ms-version: 2018-03-28 x-azure-ref: 20250313T094455Z-er1c6889b758942khC1CH194cg00000004ug0000000088th x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2025-03-13 09:44:55 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 41 75 67 4c 6f 6f 70 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 41 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.AugLoop.Critical" SP="CriticuserinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenAu

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.12	49744	13.107.246.76	443

Timestamp	Bytes transferred	Direction	Data
2025-03-13 09:44:55 UTC	199	OUT	GET /rules/rule702600v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.svc.static.microsoft
2025-03-13 09:44:55 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 13 Mar 2025 09:44:55 GMT Content-Type: text/xml Content-Length: 1372 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT ETag: "0x8DC582BE9956CBB" x-ms-request-id: fce591e8-e01e-0033-737a-934695000000 x-ms-version: 2018-03-28 x-azure-ref: 20250313T094455Z-er1c6889b75wmqrdhC1CH1qda800000004ug00000000bwb0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2025-03-13 09:44:55 UTC	1372	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 36 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 41 75 74 6f 54 65 6d 70 6c 61 74 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 41 75 74 6f 54 65 6d 70 6c 61 74 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702600" V="1" DC="SM" EN="Office.Telemetry.Event.Office.AutoTemplate" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenAutoTemplate" S="Medium" /> <

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 4600, Parent PID: 5852

General

Target ID:	5
Start time:	05:44:04
Start date:	13/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff743610000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3944, Parent PID: 4600

General

Target ID:	6
Start time:	05:44:07
Start date:	13/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1936,i,4356601583853059159,6849157878571113239,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2188 /prefetch:3
Imagebase:	0x7ff743610000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6912, Parent PID: 5852

General

Target ID:	12
Start time:	05:44:14
Start date:	13/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mato-vldcmm.click/4"
Imagebase:	0x7ff743610000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://mato-vldcmm.click/4

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Chrome Cache Entry: 62

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Connections

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 4600, Parent PID: 5852

General

Chronological Activities

Windows Analysis Report
https://mato-vldcmm.click/4