Edit tour

Windows Analysis Report
https://covid19.auth-verify.com/XUXIrOHR6RjhQNXRDVW5iWmFYNTZaZlB0Z1ZnZHBzcVhlTW1qdU04ZXpTUXRDVmJVWGZzaSsxd05aQUF3emJmeFZyVkhKN3RPM2cwU3NDMWkrMFhSbTcwSEh5N09lN256QnJjRG9sWklQRy9KZm14M1JhMER1NzVYVjFlZUxmeTZnQVc4Z0t1T2pTTnJ5dHN3NVNSTFljQzlxOFJRb2NraUtMVVZ4ckN0eVF1WTFCS3VqVnNZazlaSlUrK3ZjUE1PcVM1eFhrQT0

Overview

General Information

Sample URL:	https://covid19.auth-verify.com/XUXIrOHR6RjhQNXRDVW5iWmFYNTZaZlB0Z1ZnZHBzcVhlTW1qdU04ZXpTUXRDVmJVWGZzaSsxd05aQUF3emJmeFZyVkhKN3RPM2cwU3NDMWkrMFhSbTcwSEh5N09lN256QnJjRG9sWklQRy9KZm14M1JhMER1NzVYVjFlZUx
Analysis ID:	1559459
Infos:

Detection

KnowBe4

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected KnowBe4 simulated phishing

AI detected landing page (webpage, office document or email)

AI detected suspicious URL

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 7004 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6976 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1904,i,1799070922863384488,5680841517388367676,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5012 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://covid19.auth-verify.com/XUXIrOHR6RjhQNXRDVW5iWmFYNTZaZlB0Z1ZnZHBzcVhlTW1qdU04ZXpTUXRDVmJVWGZzaSsxd05aQUF3emJmeFZyVkhKN3RPM2cwU3NDMWkrMFhSbTcwSEh5N09lN256QnJjRG9sWklQRy9KZm14M1JhMER1NzVYVjFlZUxmeTZnQVc4Z0t1T2pTTnJ5dHN3NVNSTFljQzlxOFJRb2NraUtMVVZ4ckN0eVF1WTFCS3VqVnNZazlaSlUrK3ZjUE1PcVM1eFhrQT0tLUs1UUpQQ3gzcDZ1VzRKVVEtLW44eGZTZUNwWmFkTnlqMFJCODNDZUE9PQ==?cid=289532680" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_67	JoeSecurity_KnowBe4	Yara detected KnowBe4 simulated phishing	Joe Security

HTML

Source	Rule	Description	Author	Strings
1.1.pages.csv	JoeSecurity_KnowBe4	Yara detected KnowBe4 simulated phishing	Joe Security
1.0.pages.csv	JoeSecurity_KnowBe4	Yara detected KnowBe4 simulated phishing	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Yara detected KnowBe4 simulated phishing

Source: Yara match	File source: 1.1.pages.csv, type: HTML
Source: Yara match	File source: 1.0.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_67, type: DROPPED

AI detected landing page (webpage, office document or email)

Source: https://secure.encryptedconnection.net/pages/5dcf267a4ff2/XUXIrOHR6RjhQNXRDVW5iWmFYNTZaZlB0Z1ZnZHBzcVhlTW1qdU04ZXpTUXRDVmJVWGZzaSsxd05aQUF3emJmeFZyVkhKN3RPM2cwU3NDMWkrMFhSbTcwSEh5N09lN256QnJjRG9sWklQRy9KZm14M1JhMER1NzVYVjFlZUxmeTZnQVc4Z0t1T2pTTnJ5dHN3NVNSTFljQzlxOFJRb2NraUtMVVZ4ckN0eVF1WTFCS3VqVnNZazlaSlUrK3ZjUE1PcVM1eFhrQT0tLUs1UUpQQ3gzcDZ1VzRKVVEtLW44eGZTZUNwWmFkTnlqMFJCODNDZUE9PQ==	Joe Sandbox AI: Page contains button: 'View Document' Source: '1.0.pages.csv'
Source: https://secure.encryptedconnection.net/pages/5dcf267a4ff2/XUXIrOHR6RjhQNXRDVW5iWmFYNTZaZlB0Z1ZnZHBzcVhlTW1qdU04ZXpTUXRDVmJVWGZzaSsxd05aQUF3emJmeFZyVkhKN3RPM2cwU3NDMWkrMFhSbTcwSEh5N09lN256QnJjRG9sWklQRy9KZm14M1JhMER1NzVYVjFlZUxmeTZnQVc4Z0t1T2pTTnJ5dHN3NVNSTFljQzlxOFJRb2NraUtMVVZ4ckN0eVF1WTFCS3VqVnNZazlaSlUrK3ZjUE1PcVM1eFhrQT0tLUs1UUpQQ3gzcDZ1VzRKVVEtLW44eGZTZUNwWmFkTnlqMFJCODNDZUE9PQ==	Joe Sandbox AI: Page contains button: 'View Document' Source: '1.1.pages.csv'

AI detected suspicious URL

Source: Email

Joe Sandbox AI: AI detected Brand spoofing attempt in URL: https://covid19.auth-verify.com

Source: https://secure.encryptedconnection.net/pages/5dcf267a4ff2/XUXIrOHR6RjhQNXRDVW5iWmFYNTZaZlB0Z1ZnZHBzcVhlTW1qdU04ZXpTUXRDVmJVWGZzaSsxd05aQUF3emJmeFZyVkhKN3RPM2cwU3NDMWkrMFhSbTcwSEh5N09lN256QnJjRG9sWklQRy9KZm14M1JhMER1NzVYVjFlZUxmeTZnQVc4Z0t1T2pTTnJ5dHN3NVNSTFljQzlxOFJRb2NraUtMVVZ4ckN0eVF1WTFCS3VqVnNZazlaSlUrK3ZjUE1PcVM1eFhrQT0tLUs1UUpQQ3gzcDZ1VzRKVVEtLW44eGZTZUNwWmFkTnlqMFJCODNDZUE9PQ==	HTTP Parser: No favicon
Source: https://secure.encryptedconnection.net/pages/5dcf267a4ff2/XUXIrOHR6RjhQNXRDVW5iWmFYNTZaZlB0Z1ZnZHBzcVhlTW1qdU04ZXpTUXRDVmJVWGZzaSsxd05aQUF3emJmeFZyVkhKN3RPM2cwU3NDMWkrMFhSbTcwSEh5N09lN256QnJjRG9sWklQRy9KZm14M1JhMER1NzVYVjFlZUxmeTZnQVc4Z0t1T2pTTnJ5dHN3NVNSTFljQzlxOFJRb2NraUtMVVZ4ckN0eVF1WTFCS3VqVnNZazlaSlUrK3ZjUE1PcVM1eFhrQT0tLUs1UUpQQ3gzcDZ1VzRKVVEtLW44eGZTZUNwWmFkTnlqMFJCODNDZUE9PQ==	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.8:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.8:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.8:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.8:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.8:49738 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63

Source: global traffic	HTTP traffic detected: GET /XUXIrOHR6RjhQNXRDVW5iWmFYNTZaZlB0Z1ZnZHBzcVhlTW1qdU04ZXpTUXRDVmJVWGZzaSsxd05aQUF3emJmeFZyVkhKN3RPM2cwU3NDMWkrMFhSbTcwSEh5N09lN256QnJjRG9sWklQRy9KZm14M1JhMER1NzVYVjFlZUxmeTZnQVc4Z0t1T2pTTnJ5dHN3NVNSTFljQzlxOFJRb2NraUtMVVZ4ckN0eVF1WTFCS3VqVnNZazlaSlUrK3ZjUE1PcVM1eFhrQT0tLUs1UUpQQ3gzcDZ1VzRKVVEtLW44eGZTZUNwWmFkTnlqMFJCODNDZUE9PQ==?cid=289532680 HTTP/1.1Host: covid19.auth-verify.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pages/5dcf267a4ff2/XUXIrOHR6RjhQNXRDVW5iWmFYNTZaZlB0Z1ZnZHBzcVhlTW1qdU04ZXpTUXRDVmJVWGZzaSsxd05aQUF3emJmeFZyVkhKN3RPM2cwU3NDMWkrMFhSbTcwSEh5N09lN256QnJjRG9sWklQRy9KZm14M1JhMER1NzVYVjFlZUxmeTZnQVc4Z0t1T2pTTnJ5dHN3NVNSTFljQzlxOFJRb2NraUtMVVZ4ckN0eVF1WTFCS3VqVnNZazlaSlUrK3ZjUE1PcVM1eFhrQT0tLUs1UUpQQ3gzcDZ1VzRKVVEtLW44eGZTZUNwWmFkTnlqMFJCODNDZUE9PQ== HTTP/1.1Host: secure.encryptedconnection.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://covid19.auth-verify.com/XUXIrOHR6RjhQNXRDVW5iWmFYNTZaZlB0Z1ZnZHBzcVhlTW1qdU04ZXpTUXRDVmJVWGZzaSsxd05aQUF3emJmeFZyVkhKN3RPM2cwU3NDMWkrMFhSbTcwSEh5N09lN256QnJjRG9sWklQRy9KZm14M1JhMER1NzVYVjFlZUxmeTZnQVc4Z0t1T2pTTnJ5dHN3NVNSTFljQzlxOFJRb2NraUtMVVZ4ckN0eVF1WTFCS3VqVnNZazlaSlUrK3ZjUE1PcVM1eFhrQT0tLUs1UUpQQ3gzcDZ1VzRKVVEtLW44eGZTZUNwWmFkTnlqMFJCODNDZUE9PQ==?cid=289532680Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css HTTP/1.1Host: secure.encryptedconnection.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://secure.encryptedconnection.net/pages/5dcf267a4ff2/XUXIrOHR6RjhQNXRDVW5iWmFYNTZaZlB0Z1ZnZHBzcVhlTW1qdU04ZXpTUXRDVmJVWGZzaSsxd05aQUF3emJmeFZyVkhKN3RPM2cwU3NDMWkrMFhSbTcwSEh5N09lN256QnJjRG9sWklQRy9KZm14M1JhMER1NzVYVjFlZUxmeTZnQVc4Z0t1T2pTTnJ5dHN3NVNSTFljQzlxOFJRb2NraUtMVVZ4ckN0eVF1WTFCS3VqVnNZazlaSlUrK3ZjUE1PcVM1eFhrQT0tLUs1UUpQQ3gzcDZ1VzRKVVEtLW44eGZTZUNwWmFkTnlqMFJCODNDZUE9PQ==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/sei-styles-1837e0b6e1baaf1af90438028a176241b70a365a8a09ff4bf668cf3bf9e3c759.css HTTP/1.1Host: secure.encryptedconnection.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://secure.encryptedconnection.net/pages/5dcf267a4ff2/XUXIrOHR6RjhQNXRDVW5iWmFYNTZaZlB0Z1ZnZHBzcVhlTW1qdU04ZXpTUXRDVmJVWGZzaSsxd05aQUF3emJmeFZyVkhKN3RPM2cwU3NDMWkrMFhSbTcwSEh5N09lN256QnJjRG9sWklQRy9KZm14M1JhMER1NzVYVjFlZUxmeTZnQVc4Z0t1T2pTTnJ5dHN3NVNSTFljQzlxOFJRb2NraUtMVVZ4ckN0eVF1WTFCS3VqVnNZazlaSlUrK3ZjUE1PcVM1eFhrQT0tLUs1UUpQQ3gzcDZ1VzRKVVEtLW44eGZTZUNwWmFkTnlqMFJCODNDZUE9PQ==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js HTTP/1.1Host: secure.encryptedconnection.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://secure.encryptedconnection.net/pages/5dcf267a4ff2/XUXIrOHR6RjhQNXRDVW5iWmFYNTZaZlB0Z1ZnZHBzcVhlTW1qdU04ZXpTUXRDVmJVWGZzaSsxd05aQUF3emJmeFZyVkhKN3RPM2cwU3NDMWkrMFhSbTcwSEh5N09lN256QnJjRG9sWklQRy9KZm14M1JhMER1NzVYVjFlZUxmeTZnQVc4Z0t1T2pTTnJ5dHN3NVNSTFljQzlxOFJRb2NraUtMVVZ4ckN0eVF1WTFCS3VqVnNZazlaSlUrK3ZjUE1PcVM1eFhrQT0tLUs1UUpQQ3gzcDZ1VzRKVVEtLW44eGZTZUNwWmFkTnlqMFJCODNDZUE9PQ==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /hubfs/241394/html_file/files/img/KB4-logo.png HTTP/1.1Host: cdn2.hubspot.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://secure.encryptedconnection.net/pages/5dcf267a4ff2/XUXIrOHR6RjhQNXRDVW5iWmFYNTZaZlB0Z1ZnZHBzcVhlTW1qdU04ZXpTUXRDVmJVWGZzaSsxd05aQUF3emJmeFZyVkhKN3RPM2cwU3NDMWkrMFhSbTcwSEh5N09lN256QnJjRG9sWklQRy9KZm14M1JhMER1NzVYVjFlZUxmeTZnQVc4Z0t1T2pTTnJ5dHN3NVNSTFljQzlxOFJRb2NraUtMVVZ4ckN0eVF1WTFCS3VqVnNZazlaSlUrK3ZjUE1PcVM1eFhrQT0tLUs1UUpQQ3gzcDZ1VzRKVVEtLW44eGZTZUNwWmFkTnlqMFJCODNDZUE9PQ==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Eav6yS1hyZwo3x2&MD=4vYWh4rf HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /hubfs/241394/html_file/files/img/KB4-logo.png HTTP/1.1Host: cdn2.hubspot.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/sei-flag-90af55d793544fe1893f26677661a4252761afbe811fab0eced85c67bc82f984.png HTTP/1.1Host: secure.encryptedconnection.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://secure.encryptedconnection.net/assets/sei-styles-1837e0b6e1baaf1af90438028a176241b70a365a8a09ff4bf668cf3bf9e3c759.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js HTTP/1.1Host: secure.encryptedconnection.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: secure.encryptedconnection.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://secure.encryptedconnection.net/pages/5dcf267a4ff2/XUXIrOHR6RjhQNXRDVW5iWmFYNTZaZlB0Z1ZnZHBzcVhlTW1qdU04ZXpTUXRDVmJVWGZzaSsxd05aQUF3emJmeFZyVkhKN3RPM2cwU3NDMWkrMFhSbTcwSEh5N09lN256QnJjRG9sWklQRy9KZm14M1JhMER1NzVYVjFlZUxmeTZnQVc4Z0t1T2pTTnJ5dHN3NVNSTFljQzlxOFJRb2NraUtMVVZ4ckN0eVF1WTFCS3VqVnNZazlaSlUrK3ZjUE1PcVM1eFhrQT0tLUs1UUpQQ3gzcDZ1VzRKVVEtLW44eGZTZUNwWmFkTnlqMFJCODNDZUE9PQ==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/sei-flag-90af55d793544fe1893f26677661a4252761afbe811fab0eced85c67bc82f984.png HTTP/1.1Host: secure.encryptedconnection.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: secure.encryptedconnection.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Eav6yS1hyZwo3x2&MD=4vYWh4rf HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net

Source: global traffic	DNS traffic detected: DNS query: covid19.auth-verify.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: secure.encryptedconnection.net
Source: global traffic	DNS traffic detected: DNS query: cdn2.hubspot.net
Source: global traffic	DNS traffic detected: DNS query: preview.eu.knowbe4.com

Source: chromecache_67.2.dr	String found in binary or memory: http://preview.eu.knowbe4.com/XYU5xVWFIRkxUYzNvSCtxS1JlRHNMdndXU1ZQWmJtYjBBSGd4andEaWdlQXVSMnJaMUV2R
Source: chromecache_70.2.dr, chromecache_63.2.dr	String found in binary or memory: http://www.day.com/dam/1.0
Source: chromecache_70.2.dr, chromecache_63.2.dr	String found in binary or memory: http://www.day.com/jcr/cq/1.0
Source: chromecache_67.2.dr	String found in binary or memory: https://cdn2.hubspot.net/hubfs/241394/html_file/files/img/KB4-logo.png
Source: chromecache_74.2.dr	String found in binary or memory: https://secure.encryptedconnection.net/pages/5dcf267a4ff2/XUXIrOHR6RjhQNXRDVW5iWmFYNTZaZlB0Z1ZnZHBzc

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.8:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.8:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.8:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.8:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.8:49738 version: TLS 1.2

Source: classification engine

Classification label: mal56.phis.win@17/26@14/7

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1904,i,1799070922863384488,5680841517388367676,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://covid19.auth-verify.com/XUXIrOHR6RjhQNXRDVW5iWmFYNTZaZlB0Z1ZnZHBzcVhlTW1qdU04ZXpTUXRDVmJVWGZzaSsxd05aQUF3emJmeFZyVkhKN3RPM2cwU3NDMWkrMFhSbTcwSEh5N09lN256QnJjRG9sWklQRy9KZm14M1JhMER1NzVYVjFlZUxmeTZnQVc4Z0t1T2pTTnJ5dHN3NVNSTFljQzlxOFJRb2NraUtMVVZ4ckN0eVF1WTFCS3VqVnNZazlaSlUrK3ZjUE1PcVM1eFhrQT0tLUs1UUpQQ3gzcDZ1VzRKVVEtLW44eGZTZUNwWmFkTnlqMFJCODNDZUE9PQ==?cid=289532680"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1904,i,1799070922863384488,5680841517388367676,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	2 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://covid19.auth-verify.com/XUXIrOHR6RjhQNXRDVW5iWmFYNTZaZlB0Z1ZnZHBzcVhlTW1qdU04ZXpTUXRDVmJVWGZzaSsxd05aQUF3emJmeFZyVkhKN3RPM2cwU3NDMWkrMFhSbTcwSEh5N09lN256QnJjRG9sWklQRy9KZm14M1JhMER1NzVYVjFlZUxmeTZnQVc4Z0t1T2pTTnJ5dHN3NVNSTFljQzlxOFJRb2NraUtMVVZ4ckN0eVF1WTFCS3VqVnNZazlaSlUrK3ZjUE1PcVM1eFhrQT0tLUs1UUpQQ3gzcDZ1VzRKVVEtLW44eGZTZUNwWmFkTnlqMFJCODNDZUE9PQ==?cid=289532680	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://preview.eu.knowbe4.com/XYU5xVWFIRkxUYzNvSCtxS1JlRHNMdndXU1ZQWmJtYjBBSGd4andEaWdlQXVSMnJaMUV2R	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
cdn2.hubspot.net	104.18.87.62	true	false	high
landing.eu.knowbe4.com	52.209.169.238	true	false	unknown
preview.eu.knowbe4.com	18.165.220.3	true	false	unknown
www.google.com	142.250.181.68	true	false	high
covid19.auth-verify.com	unknown	unknown	true	unknown
secure.encryptedconnection.net	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://secure.encryptedconnection.net/assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css	false	high
https://secure.encryptedconnection.net/assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js	false	high
https://secure.encryptedconnection.net/assets/sei-flag-90af55d793544fe1893f26677661a4252761afbe811fab0eced85c67bc82f984.png	false	high
https://secure.encryptedconnection.net/assets/sei-styles-1837e0b6e1baaf1af90438028a176241b70a365a8a09ff4bf668cf3bf9e3c759.css	false	high
https://cdn2.hubspot.net/hubfs/241394/html_file/files/img/KB4-logo.png	false	high
https://secure.encryptedconnection.net/favicon.ico	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://secure.encryptedconnection.net/pages/5dcf267a4ff2/XUXIrOHR6RjhQNXRDVW5iWmFYNTZaZlB0Z1ZnZHBzc	chromecache_74.2.dr	false		high
http://preview.eu.knowbe4.com/XYU5xVWFIRkxUYzNvSCtxS1JlRHNMdndXU1ZQWmJtYjBBSGd4andEaWdlQXVSMnJaMUV2R	chromecache_67.2.dr	false	Avira URL Cloud: safe	unknown
http://www.day.com/jcr/cq/1.0	chromecache_70.2.dr, chromecache_63.2.dr	false		high
http://www.day.com/dam/1.0	chromecache_70.2.dr, chromecache_63.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.18.87.62	cdn2.hubspot.net	United States	13335	CLOUDFLARENETUS	false
18.165.220.3	preview.eu.knowbe4.com	United States	3	MIT-GATEWAYSUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
54.194.166.37	unknown	United States	16509	AMAZON-02US	false
52.209.169.238	landing.eu.knowbe4.com	United States	16509	AMAZON-02US	false
142.250.181.68	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.8

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1559459
Start date and time:	2024-11-20 15:08:15 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 9s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://covid19.auth-verify.com/XUXIrOHR6RjhQNXRDVW5iWmFYNTZaZlB0Z1ZnZHBzcVhlTW1qdU04ZXpTUXRDVmJVWGZzaSsxd05aQUF3emJmeFZyVkhKN3RPM2cwU3NDMWkrMFhSbTcwSEh5N09lN256QnJjRG9sWklQRy9KZm14M1JhMER1NzVYVjFlZUxmeTZnQVc4Z0t1T2pTTnJ5dHN3NVNSTFljQzlxOFJRb2NraUtMVVZ4ckN0eVF1WTFCS3VqVnNZazlaSlUrK3ZjUE1PcVM1eFhrQT0tLUs1UUpQQ3gzcDZ1VzRKVVEtLW44eGZTZUNwWmFkTnlqMFJCODNDZUE9PQ==?cid=289532680
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.phis.win@17/26@14/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.21.35, 64.233.165.84, 172.217.19.238, 34.104.35.123, 104.120.218.64, 199.232.214.172, 172.217.17.35, 192.229.221.95
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, landing.adobe.com, e4578.dscf.akamaiedge.net, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com, landing.adobe.com.edgekey.net
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://covid19.auth-verify.com/XUXIrOHR6RjhQNXRDVW5iWmFYNTZaZlB0Z1ZnZHBzcVhlTW1qdU04ZXpTUXRDVmJVWGZzaSsxd05aQUF3emJmeFZyVkhKN3RPM2cwU3NDMWkrMFhSbTcwSEh5N09lN256QnJjRG9sWklQRy9KZm14M1JhMER1NzVYVjFlZUxmeTZnQVc4Z0t1T2pTTnJ5dHN3NVNSTFljQzlxOFJRb2NraUtMVVZ4ckN0eVF1WTFCS3VqVnNZazlaSlUrK3ZjUE1PcVM1eFhrQT0tLUs1UUpQQ3gzcDZ1VzRKVVEtLW44eGZTZUNwWmFkTnlqMFJCODNDZUE9PQ==?cid=289532680

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: https://covid19.auth-verify.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": true, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": true, "third_party_hosting": true }
URL: https://covid19.auth-verify.com
URL: https://secure.encryptedconnection.net/pages/5dcf267a4ff2/XUXIrOHR6RjhQNXRDVW5iWmFYNTZaZlB0Z1ZnZHBzcVhlTW1qdU04ZXpTUXRDVmJVWGZzaSsxd05aQUF3emJmeFZyVkhKN3RPM2cwU3NDMWkrMFhSbTcwSEh5N09lN256QnJjRG9sWklQRy9KZm14M1JhMER1NzVYVjFlZUxmeTZnQVc4Z0t1T2pTTnJ5dHN3NVNS Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "New message from Adobe file save", "prominent_button_name": "View Document", "text_input_field_labels": "unknown", "pdf_icon_visible": true, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false }

URL: https://secure.encryptedconnection.net/pages/5dcf267a4ff2/XUXIrOHR6RjhQNXRDVW5iWmFYNTZaZlB0Z1ZnZHBzcVhlTW1qdU04ZXpTUXRDVmJVWGZzaSsxd05aQUF3emJmeFZyVkhKN3RPM2cwU3NDMWkrMFhSbTcwSEh5N09lN256QnJjRG9sWklQRy9KZm14M1JhMER1NzVYVjFlZUxmeTZnQVc4Z0t1T2pTTnJ5dHN3NVNS Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "New message from Adobe file save", "prominent_button_name": "View Document", "text_input_field_labels": "unknown", "pdf_icon_visible": true, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false }

URL: https://secure.encryptedconnection.net/pages/5dcf267a4ff2/XUXIrOHR6RjhQNXRDVW5iWmFYNTZaZlB0Z1ZnZHBzcVhlTW1qdU04ZXpTUXRDVmJVWGZzaSsxd05aQUF3emJmeFZyVkhKN3RPM2cwU3NDMWkrMFhSbTcwSEh5N09lN256QnJjRG9sWklQRy9KZm14M1JhMER1NzVYVjFlZUxmeTZnQVc4Z0t1T2pTTnJ5dHN3NVNS Model: Joe Sandbox AI	{ "brands": [ "KnowBe4" ] }
	{ "brands": [ "KnowBe4" ] }
URL: https://secure.encryptedconnection.net Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": true, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://secure.encryptedconnection.net
URL: https://secure.encryptedconnection.net/pages/5dcf267a4ff2/XUXIrOHR6RjhQNXRDVW5iWmFYNTZaZlB0Z1ZnZHBzcVhlTW1qdU04ZXpTUXRDVmJVWGZzaSsxd05aQUF3emJmeFZyVkhKN3RPM2cwU3NDMWkrMFhSbTcwSEh5N09lN256QnJjRG9sWklQRy9KZm14M1JhMER1NzVYVjFlZUxmeTZnQVc4Z0t1T2pTTnJ5dHN3NVNS Model: Joe Sandbox AI	{ "brands": [ "KnowBe4" ] }
	{ "brands": [ "KnowBe4" ] }

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 13:09:20 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9781351409352896
Encrypted:	false
SSDEEP:	48:8P0djTL7kH0ZidAKZdA1oehwiZUklqehTy+3:8P8LHasy
MD5:	B3B66C21883A16DCE76DF7C05B014D0D
SHA1:	EE73DFD446609EF552435B4C4E3702298D355488
SHA-256:	81A04DE0DCAD6C76420210AC66778236165D9CE1E972C46A3BDF9E1E5D3E36FE
SHA-512:	258407A6B3EDEACE2DA8A17741950EB3C6B75508A8316A792982A14A8E3173115C1D939415C0A727B23AAC88E8218DAC6AEDBA6EDB6AC9759ECF896067528B75
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......C.U;..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.ItY(q....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY(q....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VtY(q....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VtY(q..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VtY+q...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............E\|z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 13:09:20 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.99454377601614
Encrypted:	false
SSDEEP:	48:8Cke0djTL7kH0ZidAKZdA1leh/iZUkAQkqehcy+2:8e8LHw9Qxy
MD5:	325995A4BA20E99B7E648020047EBB3F
SHA1:	45ADB78D7435EC0BBDADDF25C3A3743775E5D7FA
SHA-256:	844110607661120FEFCBFD7CC2458493EEA624861A9823788F266F8E908FC6E2
SHA-512:	1B3FA06F5D390F76304935A6A66A85FCFDC7C3E84525F5BB45D206AEFFC9C77955A82778110703BE5DC97A561946F15CA4A8ED26F615AAFF69F14D83BA3213B0
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....~2.U;..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.ItY(q....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY(q....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VtY(q....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VtY(q..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VtY+q...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............E\|z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:00:51 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.007018800161166
Encrypted:	false
SSDEEP:	48:8y0djTL7bH0ZidAKZdA14t5eh7sFiZUkmgqeh7s6y+BX:8y8Lo4noy
MD5:	1CA67B3839B39C11BBC1C6E0368A0921
SHA1:	EEFEDD58285263331CCD48961BA0190E2C079935
SHA-256:	F164B43F5284CD4B9943E88DBDB200A754BA1E49E9D745200199CE731C891DC4
SHA-512:	D214B55DB1BC6207D7908F73B9B9CF3F56694D461BCD53C4790B7ABEAF9946098FA921A6CCF89A18E9A112550D5CF5D48983EC7FAC010ACEC31A534F1B94EDFF
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....C..b...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.ItY(q....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY(q....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VtY(q....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VtY(q..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VEW.@...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............E\|z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 13:09:20 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.991964558636649
Encrypted:	false
SSDEEP:	48:8x0djTL7kH0ZidAKZdA16ehDiZUkwqehQy+R:8x8LHriy
MD5:	67BEFC18349F1F881A226274374B3A56
SHA1:	55092927434F90D1B2F36725777A37965B01907A
SHA-256:	2350882D3A303A0FD9518CFE6BF4A2EB8967311BCED29531BB64C3A89EE3BDBB
SHA-512:	0E605BACB1ACD13228ABA826BF2ABBE50A43E2915008B7F51A174DDB43B730933D1DE20D2A2558B5860DC5C87922195DEBE399A06AAB2FF8FC0A717EF9DFD072
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....I:,.U;..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.ItY(q....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY(q....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VtY(q....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VtY(q..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VtY+q...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............E\|z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 13:09:20 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.98170637304794
Encrypted:	false
SSDEEP:	48:8v0djTL7kH0ZidAKZdA1UehBiZUk1W1qehWy+C:8v8LHL92y
MD5:	8077F1626E68C4214AE4A5AE80906E42
SHA1:	3A4561501D932F30A53E3585CC01747AC5245CD3
SHA-256:	8F41EB17301F80A707EC9F4C00EDF88F4EE7F9C6B987BD23E5BEF419B0BF58A9
SHA-512:	F08FE1C2073DCC9D40970C4551869B85D7DA119CF68CC225C5B00FFA767491FE541BC6966EBD44E3828EC78302A5CF02855DB3C27A527A0FEF33C6BF50B2DBCC
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....U:.U;..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.ItY(q....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY(q....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VtY(q....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VtY(q..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VtY+q...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............E\|z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 13:09:20 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9922581428064645
Encrypted:	false
SSDEEP:	48:830djTL7kH0ZidAKZdA1duTrehOuTbbiZUk5OjqehOuTboy+yT+:838LHETYTbxWOvTboy7T
MD5:	C7FF957A09261E9879E89E3493E2B7CC
SHA1:	3470A3DF3339DDCECDD05445F5F4ADB62970FDF5
SHA-256:	BFA5C9D40AB634B08C2DBCC526744F180D44D42A1ACB9C878881F5F8616D3E7A
SHA-512:	F132FBFBF385693A8E2D7E25536F38B69EF54592A34EAD7ADAD54071DA49BB1FF29DEECC92019ADFB74C2B2E4FDCCBDC25A65C5E5F2C51F9EEB3DF77CC834E36
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......".U;..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.ItY(q....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY(q....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VtY(q....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VtY(q..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VtY+q...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............E\|z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 63

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 78 x 128, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	3017
Entropy (8bit):	7.0872427587361075
Encrypted:	false
SSDEEP:	48:u5akZzWNKwsUN5VNtFNwCxdJNnPXrugomiJ/llDpbQHcbzJWOxRz5XOch95R3/S8:jkBWNbsUNnLbwCxdJNnPXruge1lZ5qcf
MD5:	4D49A54984F70D683CFD7B47E5983896
SHA1:	8AB9E2A631A51C6D0AF0DA13599E99AAE2E63544
SHA-256:	01A36B68B4C22545FDA334D8A73014D2B7ADE040E85A1A33B45072F7BA25AB97
SHA-512:	0477A2F4A81CF668E7A27C246F14D25BC5A0E001DA8F5A95AC3463EE78336722269D0A3FD1251B7B44A46366C1484FFD71AE3057AC9AD7016B0A754D899425E2
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...N.................iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c012 1.149602, 2012/10/10-18:10:24 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:dam="http://www.day.com/dam/1.0". xmlns:tiff="http://ns.adobe.com/tiff/1.0/". xmlns:cq="http://www.day.com/jcr/cq/1.0". dc:format="image/png". dc:modified="2014-05-29T17:49:14.569Z". dam:Physicalwidthininches="-1.0". dam:sha1="1788692806f7a15a81f2043f6dbcadf1c536ca04". dam:extracted="2014-05-29T17:38:39.786Z". dam:MIMEtype="image/png". dam:Numberoftextualcomments="0". dam:Numberofimages="1". dam:Progressive="no". dam:Fileformat="PNG". dam:Bitsperpixel="8". dam:Physicalheightininches="-1.0". dam:Physicalwidthindpi="-1". dam:Physicalheightindpi="-1". tiff:ImageLength="128".

Chrome Cache Entry: 64

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	5934
Entropy (8bit):	4.931906350831601
Encrypted:	false
SSDEEP:	96:fiIg+VsCy59sZUAcYLoX9U0JePXOBaxAzi80JeaOV7Fzu/B3qn6dk/nGgje/mPFd:fiP+VbyPsZxcYLot7SXsaCQuu/Nq66/v
MD5:	134D934420B13974981A9634B7380865
SHA1:	18C01D3711CF8C21C1CD0CF544002358C1C929C6
SHA-256:	B3C447F15FCE33DFA869B9D2190364509EDE3937AE05B51BA394A78E28C244BA
SHA-512:	7FAE93AD1895DCF7CC58FC2C477BA51D3EB7D7B2884FE117E21C0A7E0160981EB53D23A6ACDA07DA594AF6984F52E1B57B6F157F84220729C7EEBF9AE062C092
Malicious:	false
Reputation:	low
URL:	https://secure.encryptedconnection.net/assets/sei-styles-1837e0b6e1baaf1af90438028a176241b70a365a8a09ff4bf668cf3bf9e3c759.css
Preview:	/* line 2, app/assets/stylesheets/sei-styles.scss /.x-sei.sei-flag {. border-bottom: 2px solid tomato;. padding-left: 3px;.}../ line 6, app/assets/stylesheets/sei-styles.scss /.x-sei.sei-flag::before {. content: ' ';. display: inline-block;. background: url(/assets/sei-flag-90af55d793544fe1893f26677661a4252761afbe811fab0eced85c67bc82f984.png) no-repeat;. background-size: contain;. height: 12px;. width: 12px;. margin: 0 .1rem;.}../ line 16, app/assets/stylesheets/sei-styles.scss /.x-sei.sei-flag[generic='true'] {. display: block;. border-bottom: 0px;.}../ line 21, app/assets/stylesheets/sei-styles.scss /.x-sei.sei-flag[generic='true']::after {. font-family: "Courier New", Courier, monospace;. line-height: 1.8;. color: #b65555;. font-weight: bold;. content: attr(data-original-title);.}../ line 29, app/assets/stylesheets/sei-styles.scss */.x-sei.sei-flag[generic='true']::before {. content: ' ';. display: inline-block;. background: url(/assets/dark-flag-2846d82c5

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	1471
Entropy (8bit):	4.754611179426391
Encrypted:	false
SSDEEP:	24:y40r8CQo40agx40mC400XLaR404hZYmx40vGk40vG/I40vGhH40VhZ40UrCmn:xdDgCFEiBZgnTOHTn
MD5:	15E89F9684B18EC43EE51F8D62A787C3
SHA1:	9CBAAACEAE96845ECD3497F41EE3B02588ABEC11
SHA-256:	16F13E16A7EF02FB6F94250AA1931DED83DBEE5D9FAD278E33DD5792D085194F
SHA-512:	79E0110A045F28437D192290AC9789270CB0D4E676A985564746DB439992D867BA89639D7738E2A7F7D83BBF37D9A02CAA2AE1DC4E0EE2519797E5840A47FABE
Malicious:	false
Reputation:	low
URL:	https://secure.encryptedconnection.net/assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css
Preview:	/* line 1, app/assets/stylesheets/landing-watermark.scss /..watermark {. -webkit-writing-mode: vertical-rl;. -ms-writing-mode: tb-rl;. writing-mode: vertical-rl;. text-orientation: sideways;.}../ line 4, app/assets/stylesheets/landing-watermark.scss /..watermark.left {. left: 0;.}../ line 7, app/assets/stylesheets/landing-watermark.scss /..watermark.right {. right: 0;.}../ line 10, app/assets/stylesheets/landing-watermark.scss /..watermark.top {. text-align: center;. -webkit-writing-mode: horizontal-tb;. -ms-writing-mode: lr-tb;. writing-mode: horizontal-tb;. top: -38px;.}../ line 15, app/assets/stylesheets/landing-watermark.scss /..watermark h1 {. -webkit-user-select: none;. -moz-user-select: none;. -ms-user-select: none;. user-select: none;. font-size: 15px;. color: #fdfdfa;. font-weight: bold;.}../ line 24, app/assets/stylesheets/landing-watermark.scss /.#template_sei .watermark.left {. margin-left: -10px;.}../ li

Chrome Cache Entry: 66

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 240 x 240, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3168
Entropy (8bit):	7.704911325185365
Encrypted:	false
SSDEEP:	48:37TcgUFv95NwPpK+adjaoVaqzGfYdIO+bExaLM2uO+xVwvpoP:ftUFvdy8dXVaGNdIb1Lz8PwvpY
MD5:	A907E6E737788176B026FA71DFE8AFFE
SHA1:	6844236F638CEDCD652EB0A805476A1A13376CF5
SHA-256:	FC5E7621BA0E98C5C6728E3B2BDF802311C0A0953A05E60A7551CB0C7BED00A9
SHA-512:	3A17E66931A15B5C6553DAE241C5A7BB40240699F0608F92ED940CB203CBEA3031CB0FAC23F9C962F50D573F56DB27A3369F1A38ED1AEA0168D7E707803CA27A
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............>U....'IDATx..].\...e.!.H..B/J."""R..R....E)"../..".H..3s......&.O....d.QJ.L......P.m.U..u.Q..$.....}.5..M.....{.y.!A...\|.\|...3{.-M....m..~~....0.a...0..`...0........C...!`...0.a...0..<.z......w.tt<X.f..f.O.f./.(QK&s.t.{..z+.T..J..r.....3.....<r..../..Z.}.`..^.gGF6....p%.y^.,.R.....dr.c6/....w_[^........#G.j.7x...?.N.l..k.}...0< a..'.M...XO&g.....to......B..q~.......{....:...^H*QT..m..x.'..K}}.eu.&a........a..{...o..8.".-`Yi.p..zs........l........X-..tt<..=N&...H....&^...eE^M.9...U..gd..D;....gw.xL{.E.1..}}.+Q..U.......x.rO....V.8.,.n.p{...+............m...V.8.\|~``.\.........[.......>s...r......v$.+ctq...B{.A....L...j..T..K...b.V.y.M.Z....7T..8...e-.>...u...&`)..\|...... .....2...d....=:.N.~.....g%..x..5...7..-.l.e.........Y.u..=..l-...s.&.......r.vx.....{..e....).<1S(.\{>j.....+5.....kO...\|"Q-.r.k.I..........]i..!...W..._...=7[.[uo....sk....t[..B.a....\...X......7..\.96...F..]..]...M{.6..!..lv...V..C..p5..q.f

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (792), with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	12905
Entropy (8bit):	5.604783710276426
Encrypted:	false
SSDEEP:	192:ObzAsjLvFcKDDv6w6+w4khVsZGqLG5opVQLn333G2WkhVsw:OjLCa6w6OkhVs1q5opVQFWkhVsw
MD5:	EE7E325973D4F9F0596CF0DC842BB0C3
SHA1:	861F2FD1E81BE43C30A96EBA891C59ACE09DF7A9
SHA-256:	E8040DB3D6EDBF8AD840430AB7B824BF0585FA259C0F5617AECE18B7F92A16CC
SHA-512:	E9461C4A08982794A1FA580E9AD0111CD9108420190FA28FCB4EFE223955C9C18150A2D7BD6B67DB25D06CE0EDF992429593C0ED1B825FEB3429363A8DF9802B
Malicious:	false
Reputation:	low
URL:	https://secure.encryptedconnection.net/pages/5dcf267a4ff2/XUXIrOHR6RjhQNXRDVW5iWmFYNTZaZlB0Z1ZnZHBzcVhlTW1qdU04ZXpTUXRDVmJVWGZzaSsxd05aQUF3emJmeFZyVkhKN3RPM2cwU3NDMWkrMFhSbTcwSEh5N09lN256QnJjRG9sWklQRy9KZm14M1JhMER1NzVYVjFlZUxmeTZnQVc4Z0t1T2pTTnJ5dHN3NVNSTFljQzlxOFJRb2NraUtMVVZ4ckN0eVF1WTFCS3VqVnNZazlaSlUrK3ZjUE1PcVM1eFhrQT0tLUs1UUpQQ3gzcDZ1VzRKVVEtLW44eGZTZUNwWmFkTnlqMFJCODNDZUE9PQ==
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="http://www.w3.org/1999/xhtml">. <meta name="IMPORTANT" content="This page is part of a simulated phishing attack initiated by KnowBe4 on behalf of its customers." />. <meta name="IMPORTANT" content="If you have any questions please contact support@knowbe4.com." />. <meta content="IE=edge,chrome=1" http-equiv="X-UA-Compatible"/>. <meta name="robots" content="noindex, nofollow" />.. <head>. <script src="/assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js"></script>.. <link rel="stylesheet" href="/assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css" media="all" />. <link rel="stylesheet" href="/assets/sei-styles-1837e0b6e1baaf1af90438028a176241b70a365a8a09ff4bf668cf3bf9e3c759.css" media="all" />.. <script>.//<![CDATA[.. $(document).ready(function() {.

Chrome Cache Entry: 68

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	downloaded
Size (bytes):	2368
Entropy (8bit):	7.857782123483033
Encrypted:	false
SSDEEP:	48:eN+jd/MwX0F4lR7ZlqMmlNl08Q0+mNUjxulVE2Uh9wg0n:Njd/M62KJZVmlDJQ0+mGxykh9wg0
MD5:	402214A564EAB22101571DF8C6E30B79
SHA1:	D5E452981A5C325383F92BFB964BA28ECEA6FFA6
SHA-256:	8D63A7ED00572C8B418FF91F5B2E5CD667AA7226CE280E48FC8FE9D58A4D98AC
SHA-512:	D7FD2C24B182ACEA57713FB9EFD19371802B1AE748F7B01FA82D822A86F70267D94C5105FB6BD1967BCDBC1FC43DE484F2B647DFD1EC729531BD4E89814CA42C
Malicious:	false
Reputation:	low
URL:	https://cdn2.hubspot.net/hubfs/241394/html_file/files/img/KB4-logo.png
Preview:	RIFF8...WEBPVP8L,.../.@...0..M._.w..1..WVaU.W,K..m..}.J.]...=..:].Dz.=....~......M.O.PneX(.......3.4..........;.f;..I2..L.....$[J....wA.a....,....@.$.].m.m.m..l.N.mcO..l.-....[t...5....-.%.....A.f ..D.`._@+.q.?.....8...(..-.^.i.,...]f..a...i....Tw.p..B....."...J'......O..J9..L.%P...{..H..JP.jP-.Cu...P{jFU..%.P[.%B....3....X.'PO.Y.....bE....P........?J.U...P!......O5.M..rT./LQ"JI..uCR...BR...S...-U.].YR...(..R..t4.....J...c..J1)\|....) ^.C....=`.bR..~+.h.5.T......".....GS.u..\|.._Dj..".D....,.7....<1.PU.t...X}.[8H1;T!+....H...R..I.\..f..V..P.S..+...m..s.659FlS.I....Ph.).....GhV.v+...&......l...K.^Q.)...7....5.<....a..%.t....<.(.....;2.n....K...9.J.B....Lf...T..!a..(....0H....E1......Qn.+.j.....v.R6.1G..?B......~.....&R....F...2.....}.(m.....).....]..I.....~.e.Z.T..U..C.OE.[......Zq..F.hc.W..,E.\|.Bu..SQ;..`.a.......\|..?..}..COX4.....!{'P..J.8:..U...\..S.{8U1......J.P.N*._...9L......#<...v..n...M...8..##.r..]\..e\|.....D.t.@...

Chrome Cache Entry: 69

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 240 x 240, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	3168
Entropy (8bit):	7.704911325185365
Encrypted:	false
SSDEEP:	48:37TcgUFv95NwPpK+adjaoVaqzGfYdIO+bExaLM2uO+xVwvpoP:ftUFvdy8dXVaGNdIb1Lz8PwvpY
MD5:	A907E6E737788176B026FA71DFE8AFFE
SHA1:	6844236F638CEDCD652EB0A805476A1A13376CF5
SHA-256:	FC5E7621BA0E98C5C6728E3B2BDF802311C0A0953A05E60A7551CB0C7BED00A9
SHA-512:	3A17E66931A15B5C6553DAE241C5A7BB40240699F0608F92ED940CB203CBEA3031CB0FAC23F9C962F50D573F56DB27A3369F1A38ED1AEA0168D7E707803CA27A
Malicious:	false
Reputation:	low
URL:	https://secure.encryptedconnection.net/assets/sei-flag-90af55d793544fe1893f26677661a4252761afbe811fab0eced85c67bc82f984.png
Preview:	.PNG........IHDR.............>U....'IDATx..].\...e.!.H..B/J."""R..R....E)"../..".H..3s......&.O....d.QJ.L......P.m.U..u.Q..$.....}.5..M.....{.y.!A...\|.\|...3{.-M....m..~~....0.a...0..`...0........C...!`...0.a...0..<.z......w.tt<X.f..f.O.f./.(QK&s.t.{..z+.T..J..r.....3.....<r..../..Z.}.`..^.gGF6....p%.y^.,.R.....dr.c6/....w_[^........#G.j.7x...?.N.l..k.}...0< a..'.M...XO&g.....to......B..q~.......{....:...^H*QT..m..x.'..K}}.eu.&a........a..{...o..8.".-`Yi.p..zs........l........X-..tt<..=N&...H....&^...eE^M.9...U..gd..D;....gw.xL{.E.1..}}.+Q..U.......x.rO....V.8.,.n.p{...+............m...V.8.\|~``.\.........[.......>s...r......v$.+ctq...B{.A....L...j..T..K...b.V.y.M.Z....7T..8...e-.>...u...&`)..\|...... .....2...d....=:.N.~.....g%..x..5...7..-.l.e.........Y.u..=..l-...s.&.......r.vx.....{..e....).<1S(.\{>j.....+5.....kO...\|"Q-.r.k.I..........]i..!...W..._...=7[.[uo....sk....t[..B.a....\...X......7..\.96...F..]..]...M{.6..!..lv...V..C..p5..q.f

Chrome Cache Entry: 70

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 78 x 128, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	3017
Entropy (8bit):	7.0872427587361075
Encrypted:	false
SSDEEP:	48:u5akZzWNKwsUN5VNtFNwCxdJNnPXrugomiJ/llDpbQHcbzJWOxRz5XOch95R3/S8:jkBWNbsUNnLbwCxdJNnPXruge1lZ5qcf
MD5:	4D49A54984F70D683CFD7B47E5983896
SHA1:	8AB9E2A631A51C6D0AF0DA13599E99AAE2E63544
SHA-256:	01A36B68B4C22545FDA334D8A73014D2B7ADE040E85A1A33B45072F7BA25AB97
SHA-512:	0477A2F4A81CF668E7A27C246F14D25BC5A0E001DA8F5A95AC3463EE78336722269D0A3FD1251B7B44A46366C1484FFD71AE3057AC9AD7016B0A754D899425E2
Malicious:	false
Reputation:	low
URL:	https://landing.adobe.com/dam/global/images/adobe-logo.red-tag.78x128.png
Preview:	.PNG........IHDR...N.................iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c012 1.149602, 2012/10/10-18:10:24 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:dam="http://www.day.com/dam/1.0". xmlns:tiff="http://ns.adobe.com/tiff/1.0/". xmlns:cq="http://www.day.com/jcr/cq/1.0". dc:format="image/png". dc:modified="2014-05-29T17:49:14.569Z". dam:Physicalwidthininches="-1.0". dam:sha1="1788692806f7a15a81f2043f6dbcadf1c536ca04". dam:extracted="2014-05-29T17:38:39.786Z". dam:MIMEtype="image/png". dam:Numberoftextualcomments="0". dam:Numberofimages="1". dam:Progressive="no". dam:Fileformat="PNG". dam:Bitsperpixel="8". dam:Physicalheightininches="-1.0". dam:Physicalwidthindpi="-1". dam:Physicalheightindpi="-1". tiff:ImageLength="128".

Chrome Cache Entry: 71

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	dropped
Size (bytes):	380848
Entropy (8bit):	5.202109831427653
Encrypted:	false
SSDEEP:	3072:sHNwcv9VBQpLl88SMBQ47GKYQa8ITLYI9fB8NJOD3EAjV2Uc9M1U+/uz+rSLyCAV:sHWK9VC78UBQ47GKXIvd9sOVAqtNX
MD5:	67A0C4DBD69561F3226243034423F1ED
SHA1:	88C1B5C7EBBFA24D8196290206BF544F28EEB406
SHA-256:	74B9F1CFE7CAD31AE1C1901200890B76676E6D92AC817641F5EF9BFD552F2110
SHA-512:	D5326C46E2FC443AA0C75DB573B39957514BD025235ADB5F16797133394E1AFD0A6458B38DA8220BF7558333E8F2334532FBCC4CD9DD4DD5811AAC403B498542
Malicious:	false
Reputation:	low
Preview:	/! jQuery v3.7.1 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(ie,e){"use strict";var oe=[],r=Object.getPrototypeOf,ae=oe.slice,g=oe.flat?function(e){return oe.flat.call(e)}:function(e){return oe.concat.apply([],e)},s=oe.push,se=oe.indexOf,n={},i=n.toString,ue=n.hasOwnProperty,o=ue.toString,a=o.call(Object),le={},v=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},y=function(e){return null!=e&&e===e.window},C=ie.document,u={type:!0,src:!0,nonce:!0,noModule:!0};function m(e,t,n){var r,i,o=(n=n\|\|C).createElement("script");if(o.text=e,t)for(r in u)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.remove

Chrome Cache Entry: 72

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	downloaded
Size (bytes):	380848
Entropy (8bit):	5.202109831427653
Encrypted:	false
SSDEEP:	3072:sHNwcv9VBQpLl88SMBQ47GKYQa8ITLYI9fB8NJOD3EAjV2Uc9M1U+/uz+rSLyCAV:sHWK9VC78UBQ47GKXIvd9sOVAqtNX
MD5:	67A0C4DBD69561F3226243034423F1ED
SHA1:	88C1B5C7EBBFA24D8196290206BF544F28EEB406
SHA-256:	74B9F1CFE7CAD31AE1C1901200890B76676E6D92AC817641F5EF9BFD552F2110
SHA-512:	D5326C46E2FC443AA0C75DB573B39957514BD025235ADB5F16797133394E1AFD0A6458B38DA8220BF7558333E8F2334532FBCC4CD9DD4DD5811AAC403B498542
Malicious:	false
Reputation:	low
URL:	https://secure.encryptedconnection.net/assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js
Preview:	/! jQuery v3.7.1 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(ie,e){"use strict";var oe=[],r=Object.getPrototypeOf,ae=oe.slice,g=oe.flat?function(e){return oe.flat.call(e)}:function(e){return oe.concat.apply([],e)},s=oe.push,se=oe.indexOf,n={},i=n.toString,ue=n.hasOwnProperty,o=ue.toString,a=o.call(Object),le={},v=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},y=function(e){return null!=e&&e===e.window},C=ie.document,u={type:!0,src:!0,nonce:!0,noModule:!0};function m(e,t,n){var r,i,o=(n=n\|\|C).createElement("script");if(o.text=e,t)for(r in u)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.remove

Chrome Cache Entry: 73

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 200 x 38, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3014
Entropy (8bit):	7.902919939139106
Encrypted:	false
SSDEEP:	48:vnJJCJaqcfDoxU8qAg6opvwr+FYc1lWO1pPGDfMexqwFYRFlIe9BhGtAHIWVRs:vnJJ8CESXp66vwPuGDfMexqwALvhTFTs
MD5:	E154B58FD2CD3F1F2E2C6C810BB1E65B
SHA1:	CAEF301E8550A910909ECE9471669DA0C32EA6F0
SHA-256:	E8C5A2C9860C1A6CC7C949B9D7C793E5E435D75996DEBEB295A959F3D09831C0
SHA-512:	464EC940E824EAB8B7F83EB40852DD3019E84BE7B1A0F75AF288656605426B2EE386FA7FF102E0144AA065F053E88E8356E7C185B4DC393CC4D8EB0ADC877312
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......&........l....IDATx...{h.U..q...Ms"e.ej,..M.,](&..B...)G.F...2.22oY......L.%...iF......L.e.dsn.Oo.@..?...........y...s...=...D-jQ.D..&C1..Mr_9.n...p.8.W...x....8d..Nl.b..=h...b<.`...W .GI...S.Q....l..b ....G.F2.+ ...C..u...2j.?Z.).....!-...d)2]..d.;p.,.t@>F>.3}9....... ......v@.>4.= ..B.5H..e.....5i.?NP....<.Y.LWx.a.>8..?.M.$S> .C...r...:.,...OLWx.a.v8.....c.....Z../...M........m.,..Rl..1.X.Y........j@.@.%.2l....YJR..?.....5 ..G.d.BF./.L\........,J..~...0]...,...q.7x....h}.m..#...."<...0q....8.9.`...e...EV...m..p.M}H.y...H..l.~...x..0...<.....d..Xh.1.~.Y.M`.].Q....:...8.....M1.'..~.h...g{..OD..f.Hc.g.(..)....,.y.w.\.....HO" /A.\..Z@...$...].,.<.G..WavB...q....\...H..<.t=d...-VWTC.I........jv...!....N@..0..M...."._B....%X.R.q.....W.'WAL..'m].+.j.pF.8,...V.Jc..@....E...\|L...=.[..2&^......y....X..1..(.F..,..f.5..dT...b>..q>.;..d....:.O..)N. ..\.......s..R...UcD..d;ct.,+<.c;.W...!K.$..... .g.../.,5.T..g7l.,...p. .8.]...C_4...?

Chrome Cache Entry: 74

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (436)
Category:	downloaded
Size (bytes):	490
Entropy (8bit):	5.809284577104423
Encrypted:	false
SSDEEP:	12:3R+xnunlA+qlquAwvLRhhloaIEVKIQPVZ4AEdeIQL:3EulIdRhz1IEVKTVZNEkj
MD5:	09E381BA4858725A6DF7AD1713D82E16
SHA1:	312DB2AAC4E6D2CB966D6188D16A1D4D5819FAF3
SHA-256:	2C3FDD9C01A839C9DA114E2F68D483D9C883540B4579D5BB12E117B93A2C14B5
SHA-512:	D799491CB49350580D355B79540FDC8A4DA951EA2A524A228543D57EE259883226561FA888F38C961CF7E1296A915CE5827C046A332C0CE98051CDA5822CE55A
Malicious:	false
Reputation:	low
URL:	https://covid19.auth-verify.com/XUXIrOHR6RjhQNXRDVW5iWmFYNTZaZlB0Z1ZnZHBzcVhlTW1qdU04ZXpTUXRDVmJVWGZzaSsxd05aQUF3emJmeFZyVkhKN3RPM2cwU3NDMWkrMFhSbTcwSEh5N09lN256QnJjRG9sWklQRy9KZm14M1JhMER1NzVYVjFlZUxmeTZnQVc4Z0t1T2pTTnJ5dHN3NVNSTFljQzlxOFJRb2NraUtMVVZ4ckN0eVF1WTFCS3VqVnNZazlaSlUrK3ZjUE1PcVM1eFhrQT0tLUs1UUpQQ3gzcDZ1VzRKVVEtLW44eGZTZUNwWmFkTnlqMFJCODNDZUE9PQ==?cid=289532680
Preview:	<html>. <head>. <script>window.location.href = 'https://secure.encryptedconnection.net/pages/5dcf267a4ff2/XUXIrOHR6RjhQNXRDVW5iWmFYNTZaZlB0Z1ZnZHBzcVhlTW1qdU04ZXpTUXRDVmJVWGZzaSsxd05aQUF3emJmeFZyVkhKN3RPM2cwU3NDMWkrMFhSbTcwSEh5N09lN256QnJjRG9sWklQRy9KZm14M1JhMER1NzVYVjFlZUxmeTZnQVc4Z0t1T2pTTnJ5dHN3NVNSTFljQzlxOFJRb2NraUtMVVZ4ckN0eVF1WTFCS3VqVnNZazlaSlUrK3ZjUE1PcVM1eFhrQT0tLUs1UUpQQ3gzcDZ1VzRKVVEtLW44eGZTZUNwWmFkTnlqMFJCODNDZUE9PQ==';</script>. </head>. <body>. </body>.</html>.

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 20, 2024 15:09:09.940749884 CET	49673	443	192.168.2.8	23.206.229.226
Nov 20, 2024 15:09:10.190778017 CET	49672	443	192.168.2.8	23.206.229.226
Nov 20, 2024 15:09:15.503190041 CET	49676	443	192.168.2.8	52.182.143.211
Nov 20, 2024 15:09:18.300040007 CET	49677	80	192.168.2.8	192.229.211.108
Nov 20, 2024 15:09:19.698432922 CET	49673	443	192.168.2.8	23.206.229.226
Nov 20, 2024 15:09:19.792188883 CET	49672	443	192.168.2.8	23.206.229.226
Nov 20, 2024 15:09:21.313530922 CET	49710	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:21.313581944 CET	443	49710	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:21.313642979 CET	49710	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:21.314759016 CET	49711	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:21.314810038 CET	443	49711	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:21.314874887 CET	49711	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:21.318150997 CET	49710	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:21.318171024 CET	443	49710	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:21.318541050 CET	49711	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:21.318557024 CET	443	49711	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:22.257630110 CET	443	49703	23.206.229.226	192.168.2.8
Nov 20, 2024 15:09:22.257735014 CET	49703	443	192.168.2.8	23.206.229.226
Nov 20, 2024 15:09:23.240253925 CET	49713	443	192.168.2.8	142.250.181.68
Nov 20, 2024 15:09:23.240299940 CET	443	49713	142.250.181.68	192.168.2.8
Nov 20, 2024 15:09:23.240360975 CET	49713	443	192.168.2.8	142.250.181.68
Nov 20, 2024 15:09:23.240731001 CET	49713	443	192.168.2.8	142.250.181.68
Nov 20, 2024 15:09:23.240742922 CET	443	49713	142.250.181.68	192.168.2.8
Nov 20, 2024 15:09:23.365607977 CET	443	49711	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:23.365953922 CET	49711	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:23.365974903 CET	443	49711	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:23.367846012 CET	443	49711	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:23.367970943 CET	49711	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:23.367983103 CET	443	49711	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:23.368102074 CET	49711	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:23.381912947 CET	49711	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:23.382024050 CET	443	49711	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:23.382190943 CET	49711	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:23.382200003 CET	443	49711	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:23.436966896 CET	49711	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:23.469562054 CET	443	49710	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:23.469873905 CET	49710	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:23.469892979 CET	443	49710	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:23.470963955 CET	443	49710	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:23.471064091 CET	49710	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:23.471074104 CET	443	49710	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:23.471131086 CET	49710	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:23.471630096 CET	49710	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:23.471693993 CET	443	49710	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:23.513072014 CET	49710	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:23.513086081 CET	443	49710	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:23.558960915 CET	49710	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:24.044955969 CET	443	49711	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:24.045042038 CET	443	49711	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:24.045159101 CET	49711	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:24.052927971 CET	49711	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:24.052948952 CET	443	49711	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:24.165585041 CET	49714	443	192.168.2.8	23.218.208.109
Nov 20, 2024 15:09:24.165647030 CET	443	49714	23.218.208.109	192.168.2.8
Nov 20, 2024 15:09:24.165735960 CET	49714	443	192.168.2.8	23.218.208.109
Nov 20, 2024 15:09:24.205452919 CET	49714	443	192.168.2.8	23.218.208.109
Nov 20, 2024 15:09:24.205477953 CET	443	49714	23.218.208.109	192.168.2.8
Nov 20, 2024 15:09:24.980561018 CET	49715	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:24.980614901 CET	443	49715	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:24.980675936 CET	49715	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:24.981381893 CET	49716	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:24.981426954 CET	443	49716	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:24.981875896 CET	49716	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:24.982065916 CET	49715	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:24.982081890 CET	443	49715	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:24.982531071 CET	49716	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:24.982544899 CET	443	49716	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:25.137583971 CET	443	49713	142.250.181.68	192.168.2.8
Nov 20, 2024 15:09:25.137859106 CET	49713	443	192.168.2.8	142.250.181.68
Nov 20, 2024 15:09:25.137873888 CET	443	49713	142.250.181.68	192.168.2.8
Nov 20, 2024 15:09:25.138937950 CET	443	49713	142.250.181.68	192.168.2.8
Nov 20, 2024 15:09:25.138995886 CET	49713	443	192.168.2.8	142.250.181.68
Nov 20, 2024 15:09:25.140763044 CET	49713	443	192.168.2.8	142.250.181.68
Nov 20, 2024 15:09:25.140825987 CET	443	49713	142.250.181.68	192.168.2.8
Nov 20, 2024 15:09:25.184508085 CET	49713	443	192.168.2.8	142.250.181.68
Nov 20, 2024 15:09:25.184529066 CET	443	49713	142.250.181.68	192.168.2.8
Nov 20, 2024 15:09:25.231705904 CET	49713	443	192.168.2.8	142.250.181.68
Nov 20, 2024 15:09:26.048362017 CET	443	49714	23.218.208.109	192.168.2.8
Nov 20, 2024 15:09:26.048438072 CET	49714	443	192.168.2.8	23.218.208.109
Nov 20, 2024 15:09:26.052354097 CET	49714	443	192.168.2.8	23.218.208.109
Nov 20, 2024 15:09:26.052366972 CET	443	49714	23.218.208.109	192.168.2.8
Nov 20, 2024 15:09:26.052613020 CET	443	49714	23.218.208.109	192.168.2.8
Nov 20, 2024 15:09:26.092120886 CET	49714	443	192.168.2.8	23.218.208.109
Nov 20, 2024 15:09:26.100613117 CET	49714	443	192.168.2.8	23.218.208.109
Nov 20, 2024 15:09:26.147339106 CET	443	49714	23.218.208.109	192.168.2.8
Nov 20, 2024 15:09:26.608606100 CET	443	49714	23.218.208.109	192.168.2.8
Nov 20, 2024 15:09:26.608664036 CET	443	49714	23.218.208.109	192.168.2.8
Nov 20, 2024 15:09:26.608791113 CET	49714	443	192.168.2.8	23.218.208.109
Nov 20, 2024 15:09:26.608958006 CET	49714	443	192.168.2.8	23.218.208.109
Nov 20, 2024 15:09:26.608975887 CET	443	49714	23.218.208.109	192.168.2.8
Nov 20, 2024 15:09:26.608990908 CET	49714	443	192.168.2.8	23.218.208.109
Nov 20, 2024 15:09:26.608998060 CET	443	49714	23.218.208.109	192.168.2.8
Nov 20, 2024 15:09:26.660301924 CET	49717	443	192.168.2.8	23.218.208.109
Nov 20, 2024 15:09:26.660346985 CET	443	49717	23.218.208.109	192.168.2.8
Nov 20, 2024 15:09:26.660510063 CET	49717	443	192.168.2.8	23.218.208.109
Nov 20, 2024 15:09:26.660851955 CET	49717	443	192.168.2.8	23.218.208.109
Nov 20, 2024 15:09:26.660867929 CET	443	49717	23.218.208.109	192.168.2.8
Nov 20, 2024 15:09:27.278934002 CET	443	49715	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:27.279175043 CET	49715	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:27.279198885 CET	443	49715	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:27.280204058 CET	443	49715	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:27.280266047 CET	49715	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:27.284847975 CET	49715	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:27.284909964 CET	443	49715	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:27.285013914 CET	49715	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:27.326040983 CET	443	49716	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:27.326366901 CET	49716	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:27.326380968 CET	443	49716	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:27.327353001 CET	443	49715	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:27.327445030 CET	443	49716	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:27.327519894 CET	49716	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:27.327872038 CET	49716	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:27.327929974 CET	443	49716	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:27.338581085 CET	49715	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:27.338608980 CET	443	49715	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:27.369643927 CET	49716	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:27.369653940 CET	443	49716	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:27.385754108 CET	49715	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:27.416687012 CET	49716	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:28.129458904 CET	443	49717	23.218.208.109	192.168.2.8
Nov 20, 2024 15:09:28.129551888 CET	49717	443	192.168.2.8	23.218.208.109
Nov 20, 2024 15:09:28.130795956 CET	49717	443	192.168.2.8	23.218.208.109
Nov 20, 2024 15:09:28.130805969 CET	443	49717	23.218.208.109	192.168.2.8
Nov 20, 2024 15:09:28.131033897 CET	443	49717	23.218.208.109	192.168.2.8
Nov 20, 2024 15:09:28.132272005 CET	49717	443	192.168.2.8	23.218.208.109
Nov 20, 2024 15:09:28.179327965 CET	443	49717	23.218.208.109	192.168.2.8
Nov 20, 2024 15:09:28.700788975 CET	443	49717	23.218.208.109	192.168.2.8
Nov 20, 2024 15:09:28.700856924 CET	443	49717	23.218.208.109	192.168.2.8
Nov 20, 2024 15:09:28.702409029 CET	49717	443	192.168.2.8	23.218.208.109
Nov 20, 2024 15:09:28.702537060 CET	49717	443	192.168.2.8	23.218.208.109
Nov 20, 2024 15:09:28.702559948 CET	443	49717	23.218.208.109	192.168.2.8
Nov 20, 2024 15:09:28.702569962 CET	49717	443	192.168.2.8	23.218.208.109
Nov 20, 2024 15:09:28.702575922 CET	443	49717	23.218.208.109	192.168.2.8
Nov 20, 2024 15:09:29.601706028 CET	443	49715	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:29.601733923 CET	443	49715	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:29.601742029 CET	443	49715	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:29.601768970 CET	443	49715	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:29.601782084 CET	443	49715	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:29.601800919 CET	443	49715	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:29.601833105 CET	49715	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:29.601872921 CET	49715	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:29.602876902 CET	49715	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:29.602885962 CET	443	49715	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:29.627753973 CET	49716	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:29.628278971 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:29.628304005 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:29.628380060 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:29.628643990 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:29.628654957 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:29.629091024 CET	49719	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:29.629134893 CET	443	49719	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:29.629220963 CET	49719	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:29.629399061 CET	49719	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:29.629405975 CET	443	49719	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:29.671331882 CET	443	49716	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:30.107640982 CET	49720	443	192.168.2.8	20.109.210.53
Nov 20, 2024 15:09:30.107692003 CET	443	49720	20.109.210.53	192.168.2.8
Nov 20, 2024 15:09:30.107774019 CET	49720	443	192.168.2.8	20.109.210.53
Nov 20, 2024 15:09:30.111299038 CET	49720	443	192.168.2.8	20.109.210.53
Nov 20, 2024 15:09:30.111309052 CET	443	49720	20.109.210.53	192.168.2.8
Nov 20, 2024 15:09:30.180247068 CET	443	49716	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:30.180274010 CET	443	49716	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:30.180356979 CET	443	49716	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:30.180372000 CET	49716	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:30.180427074 CET	49716	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:30.182370901 CET	49716	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:30.182388067 CET	443	49716	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:30.499690056 CET	49721	443	192.168.2.8	104.18.87.62
Nov 20, 2024 15:09:30.499744892 CET	443	49721	104.18.87.62	192.168.2.8
Nov 20, 2024 15:09:30.499819994 CET	49721	443	192.168.2.8	104.18.87.62
Nov 20, 2024 15:09:30.500500917 CET	49721	443	192.168.2.8	104.18.87.62
Nov 20, 2024 15:09:30.500524998 CET	443	49721	104.18.87.62	192.168.2.8
Nov 20, 2024 15:09:31.109663010 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:31.109976053 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:31.109987974 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:31.110089064 CET	443	49719	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:31.110383987 CET	49719	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:31.110400915 CET	443	49719	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:31.110688925 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:31.110707045 CET	443	49719	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:31.111059904 CET	49719	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:31.111116886 CET	443	49719	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:31.111766100 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:31.111851931 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:31.111996889 CET	49719	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:31.112009048 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:31.155332088 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:31.159332037 CET	443	49719	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:31.776246071 CET	443	49721	104.18.87.62	192.168.2.8
Nov 20, 2024 15:09:31.776870012 CET	49721	443	192.168.2.8	104.18.87.62
Nov 20, 2024 15:09:31.776884079 CET	443	49721	104.18.87.62	192.168.2.8
Nov 20, 2024 15:09:31.778558016 CET	443	49721	104.18.87.62	192.168.2.8
Nov 20, 2024 15:09:31.778630972 CET	49721	443	192.168.2.8	104.18.87.62
Nov 20, 2024 15:09:31.778641939 CET	443	49721	104.18.87.62	192.168.2.8
Nov 20, 2024 15:09:31.778680086 CET	49721	443	192.168.2.8	104.18.87.62
Nov 20, 2024 15:09:31.779973984 CET	49721	443	192.168.2.8	104.18.87.62
Nov 20, 2024 15:09:31.780057907 CET	443	49721	104.18.87.62	192.168.2.8
Nov 20, 2024 15:09:31.780210972 CET	49721	443	192.168.2.8	104.18.87.62
Nov 20, 2024 15:09:31.780222893 CET	443	49721	104.18.87.62	192.168.2.8
Nov 20, 2024 15:09:31.822834015 CET	49721	443	192.168.2.8	104.18.87.62
Nov 20, 2024 15:09:32.086586952 CET	443	49719	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.086623907 CET	443	49719	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.086694002 CET	49719	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.086699009 CET	443	49719	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.086858034 CET	49719	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.090095997 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.090121031 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.090142965 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.090209961 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.090221882 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.090265036 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.092312098 CET	49719	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.092331886 CET	443	49719	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.097012043 CET	443	49720	20.109.210.53	192.168.2.8
Nov 20, 2024 15:09:32.097100973 CET	49720	443	192.168.2.8	20.109.210.53
Nov 20, 2024 15:09:32.101933956 CET	49720	443	192.168.2.8	20.109.210.53
Nov 20, 2024 15:09:32.101943016 CET	443	49720	20.109.210.53	192.168.2.8
Nov 20, 2024 15:09:32.102258921 CET	443	49720	20.109.210.53	192.168.2.8
Nov 20, 2024 15:09:32.154903889 CET	49720	443	192.168.2.8	20.109.210.53
Nov 20, 2024 15:09:32.209408998 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.209440947 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.209480047 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.209489107 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.209527016 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.209538937 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.209542990 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.256953001 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.256984949 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.257067919 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.257069111 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.257081032 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.307308912 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.341861963 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.341876984 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.341916084 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.341950893 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.341970921 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.342000961 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.342021942 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.342035055 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.374224901 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.374254942 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.374337912 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.374346972 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.374356031 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.374560118 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.426135063 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.426209927 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.426224947 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.426244020 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.426314116 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.467175961 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.467246056 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.467273951 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.467283964 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.467334986 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.467334986 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.480973959 CET	443	49721	104.18.87.62	192.168.2.8
Nov 20, 2024 15:09:32.481045961 CET	443	49721	104.18.87.62	192.168.2.8
Nov 20, 2024 15:09:32.481097937 CET	443	49721	104.18.87.62	192.168.2.8
Nov 20, 2024 15:09:32.481146097 CET	49721	443	192.168.2.8	104.18.87.62
Nov 20, 2024 15:09:32.481156111 CET	443	49721	104.18.87.62	192.168.2.8
Nov 20, 2024 15:09:32.481173038 CET	443	49721	104.18.87.62	192.168.2.8
Nov 20, 2024 15:09:32.481211901 CET	49721	443	192.168.2.8	104.18.87.62
Nov 20, 2024 15:09:32.485023022 CET	49721	443	192.168.2.8	104.18.87.62
Nov 20, 2024 15:09:32.485037088 CET	443	49721	104.18.87.62	192.168.2.8
Nov 20, 2024 15:09:32.489986897 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.490031958 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.490092039 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.490102053 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.490149975 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.490149975 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.512347937 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.512392998 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.512429953 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.512437105 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.512502909 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.532516956 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.532546043 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.532593012 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.532603025 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.532656908 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.532656908 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.548109055 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.548151970 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.548224926 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.548234940 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.548280954 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.548280954 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.562469006 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.562489033 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.562593937 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.562609911 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.562674046 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.579540968 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.579561949 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.579648972 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.579660892 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.579745054 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.594775915 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.594794035 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.594883919 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.594892979 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.594934940 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.607458115 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.607475996 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.607518911 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.607526064 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.607599974 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.621217012 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.621239901 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.621310949 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.621318102 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.621350050 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.621429920 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.629272938 CET	49725	443	192.168.2.8	104.18.87.62
Nov 20, 2024 15:09:32.629304886 CET	443	49725	104.18.87.62	192.168.2.8
Nov 20, 2024 15:09:32.629486084 CET	49725	443	192.168.2.8	104.18.87.62
Nov 20, 2024 15:09:32.629719019 CET	49725	443	192.168.2.8	104.18.87.62
Nov 20, 2024 15:09:32.629739046 CET	443	49725	104.18.87.62	192.168.2.8
Nov 20, 2024 15:09:32.632389069 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.632406950 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.632461071 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.632472038 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.632581949 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.645026922 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.645097971 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.645134926 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.645155907 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.645200014 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.645200014 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.655695915 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.655714989 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.655756950 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.655767918 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.655806065 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.655806065 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.666718006 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.666745901 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.666810036 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.666821003 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.666841984 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.666997910 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.744342089 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.744393110 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.744445086 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.744457960 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.744507074 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.744507074 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.750293970 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.750338078 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.750361919 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.750391006 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.750421047 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.750499010 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.758053064 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.758076906 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.758120060 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.758140087 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.758215904 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.758215904 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.760288954 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.760379076 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.760380030 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.760469913 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.760682106 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.760700941 CET	443	49718	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.760737896 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.760761976 CET	49718	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.863348007 CET	49726	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.863398075 CET	443	49726	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.863477945 CET	49726	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.863781929 CET	49726	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:32.863801956 CET	443	49726	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:32.912218094 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:32.912246943 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:32.912348986 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:32.912573099 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:32.912585974 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:33.551246881 CET	49720	443	192.168.2.8	20.109.210.53
Nov 20, 2024 15:09:33.595325947 CET	443	49720	20.109.210.53	192.168.2.8
Nov 20, 2024 15:09:33.941287041 CET	443	49725	104.18.87.62	192.168.2.8
Nov 20, 2024 15:09:33.941672087 CET	49725	443	192.168.2.8	104.18.87.62
Nov 20, 2024 15:09:33.941688061 CET	443	49725	104.18.87.62	192.168.2.8
Nov 20, 2024 15:09:33.945266008 CET	443	49725	104.18.87.62	192.168.2.8
Nov 20, 2024 15:09:33.945416927 CET	49725	443	192.168.2.8	104.18.87.62
Nov 20, 2024 15:09:33.945424080 CET	443	49725	104.18.87.62	192.168.2.8
Nov 20, 2024 15:09:33.945472956 CET	49725	443	192.168.2.8	104.18.87.62
Nov 20, 2024 15:09:33.945796967 CET	49725	443	192.168.2.8	104.18.87.62
Nov 20, 2024 15:09:33.945856094 CET	443	49725	104.18.87.62	192.168.2.8
Nov 20, 2024 15:09:33.945887089 CET	49725	443	192.168.2.8	104.18.87.62
Nov 20, 2024 15:09:33.987334013 CET	443	49725	104.18.87.62	192.168.2.8
Nov 20, 2024 15:09:33.995296001 CET	49725	443	192.168.2.8	104.18.87.62
Nov 20, 2024 15:09:33.995305061 CET	443	49725	104.18.87.62	192.168.2.8
Nov 20, 2024 15:09:34.042707920 CET	49725	443	192.168.2.8	104.18.87.62
Nov 20, 2024 15:09:34.106575012 CET	443	49720	20.109.210.53	192.168.2.8
Nov 20, 2024 15:09:34.106596947 CET	443	49720	20.109.210.53	192.168.2.8
Nov 20, 2024 15:09:34.106604099 CET	443	49720	20.109.210.53	192.168.2.8
Nov 20, 2024 15:09:34.106641054 CET	443	49720	20.109.210.53	192.168.2.8
Nov 20, 2024 15:09:34.106659889 CET	443	49720	20.109.210.53	192.168.2.8
Nov 20, 2024 15:09:34.106664896 CET	49720	443	192.168.2.8	20.109.210.53
Nov 20, 2024 15:09:34.106667042 CET	443	49720	20.109.210.53	192.168.2.8
Nov 20, 2024 15:09:34.106678009 CET	443	49720	20.109.210.53	192.168.2.8
Nov 20, 2024 15:09:34.106718063 CET	49720	443	192.168.2.8	20.109.210.53
Nov 20, 2024 15:09:34.106770039 CET	49720	443	192.168.2.8	20.109.210.53
Nov 20, 2024 15:09:34.127753019 CET	443	49720	20.109.210.53	192.168.2.8
Nov 20, 2024 15:09:34.127826929 CET	49720	443	192.168.2.8	20.109.210.53
Nov 20, 2024 15:09:34.127835035 CET	443	49720	20.109.210.53	192.168.2.8
Nov 20, 2024 15:09:34.127856016 CET	443	49720	20.109.210.53	192.168.2.8
Nov 20, 2024 15:09:34.127933025 CET	49720	443	192.168.2.8	20.109.210.53
Nov 20, 2024 15:09:34.240744114 CET	443	49726	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:34.241210938 CET	49726	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:34.241257906 CET	443	49726	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:34.241641045 CET	443	49726	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:34.242048979 CET	49726	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:34.242129087 CET	443	49726	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:34.242325068 CET	49726	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:34.287328005 CET	443	49726	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:34.503894091 CET	443	49725	104.18.87.62	192.168.2.8
Nov 20, 2024 15:09:34.504096031 CET	443	49725	104.18.87.62	192.168.2.8
Nov 20, 2024 15:09:34.504170895 CET	49725	443	192.168.2.8	104.18.87.62
Nov 20, 2024 15:09:34.504184008 CET	443	49725	104.18.87.62	192.168.2.8
Nov 20, 2024 15:09:34.504286051 CET	443	49725	104.18.87.62	192.168.2.8
Nov 20, 2024 15:09:34.504362106 CET	49725	443	192.168.2.8	104.18.87.62
Nov 20, 2024 15:09:34.504367113 CET	443	49725	104.18.87.62	192.168.2.8
Nov 20, 2024 15:09:34.504427910 CET	443	49725	104.18.87.62	192.168.2.8
Nov 20, 2024 15:09:34.504504919 CET	49725	443	192.168.2.8	104.18.87.62
Nov 20, 2024 15:09:34.505609989 CET	49725	443	192.168.2.8	104.18.87.62
Nov 20, 2024 15:09:34.505620956 CET	443	49725	104.18.87.62	192.168.2.8
Nov 20, 2024 15:09:34.715890884 CET	443	49713	142.250.181.68	192.168.2.8
Nov 20, 2024 15:09:34.715960026 CET	443	49713	142.250.181.68	192.168.2.8
Nov 20, 2024 15:09:34.716018915 CET	49713	443	192.168.2.8	142.250.181.68
Nov 20, 2024 15:09:34.779980898 CET	443	49726	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:34.780046940 CET	443	49726	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:34.780126095 CET	49726	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:34.780179977 CET	443	49726	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:34.780239105 CET	443	49726	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:34.780251980 CET	49726	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:34.780320883 CET	49726	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:34.786724091 CET	49726	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:34.786755085 CET	443	49726	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:34.806711912 CET	49713	443	192.168.2.8	142.250.181.68
Nov 20, 2024 15:09:34.806756020 CET	443	49713	142.250.181.68	192.168.2.8
Nov 20, 2024 15:09:34.808361053 CET	49730	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:34.808407068 CET	443	49730	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:34.808571100 CET	49730	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:34.808876038 CET	49730	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:34.808891058 CET	443	49730	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:34.903036118 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:34.934644938 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:34.934658051 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:34.935899019 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:34.935985088 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:34.936729908 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:34.936808109 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:34.936876059 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:34.979535103 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:34.979551077 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:35.027532101 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:35.145047903 CET	49731	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:35.145098925 CET	443	49731	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:35.145198107 CET	49731	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:35.145411015 CET	49731	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:35.145426035 CET	443	49731	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:35.399957895 CET	49720	443	192.168.2.8	20.109.210.53
Nov 20, 2024 15:09:35.399980068 CET	443	49720	20.109.210.53	192.168.2.8
Nov 20, 2024 15:09:35.400001049 CET	49720	443	192.168.2.8	20.109.210.53
Nov 20, 2024 15:09:35.400006056 CET	443	49720	20.109.210.53	192.168.2.8
Nov 20, 2024 15:09:35.431529999 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:35.431559086 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:35.431571960 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:35.431592941 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:35.431602955 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:35.431612968 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:35.431617022 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:35.431638002 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:35.431642056 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:35.431652069 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:35.431677103 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:35.431677103 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:35.479686975 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:35.561507940 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:35.561520100 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:35.561553955 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:35.561594963 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:35.561623096 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:35.561671972 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:35.618052006 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:35.618066072 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:35.618098021 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:35.618139029 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:35.618149996 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:35.618165970 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:35.618192911 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:35.618220091 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:35.753209114 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:35.753245115 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:35.753304958 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:35.753320932 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:35.753349066 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:35.753367901 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:35.779014111 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:35.779042006 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:35.779088974 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:35.779103041 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:35.779133081 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:35.779148102 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:35.807995081 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:35.808022022 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:35.808077097 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:35.808084965 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:35.808134079 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:35.828603029 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:35.828629971 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:35.828670025 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:35.828691959 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:35.828725100 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:35.828741074 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:35.944760084 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:35.944796085 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:35.944842100 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:35.944859028 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:35.944895029 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:35.944915056 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:35.965322018 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:35.965346098 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:35.965388060 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:35.965396881 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:35.965436935 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:35.983676910 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:35.983707905 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:35.983740091 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:35.983747005 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:35.983774900 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:35.983793020 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.001101971 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.001136065 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.001173973 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.001189947 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.001213074 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.001241922 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.019387960 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.019414902 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.019459009 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.019465923 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.019509077 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.019531965 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.034533024 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.034554005 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.034600973 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.034609079 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.034641027 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.034661055 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.052690983 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.052711964 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.052756071 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.052763939 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.052797079 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.052814007 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.135915041 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.135946035 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.135991096 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.136003971 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.136039972 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.136056900 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.150850058 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.150871992 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.150913954 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.150921106 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.150959015 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.162559986 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.162584066 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.162623882 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.162633896 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.162661076 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.162689924 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.175271034 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.175299883 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.175334930 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.175343990 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.175379992 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.175391912 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.186717033 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.186738968 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.186784983 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.186794043 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.186820984 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.186841011 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.196978092 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.196999073 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.197103024 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.197110891 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.197123051 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.197410107 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.203613043 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.203634024 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.203687906 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.203695059 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.203735113 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.209327936 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.209350109 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.209398985 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.209408045 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.209429979 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.209458113 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.304811954 CET	443	49730	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:36.305113077 CET	49730	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:36.305141926 CET	443	49730	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:36.305510044 CET	443	49730	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:36.305824041 CET	49730	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:36.305886030 CET	443	49730	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:36.305970907 CET	49730	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:36.327578068 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.327605963 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.327653885 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.327681065 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.327699900 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.327764988 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.331269026 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.331335068 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.331340075 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.331381083 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.331384897 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.331423998 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.331609964 CET	49727	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.331623077 CET	443	49727	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.351341963 CET	443	49730	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:36.575401068 CET	443	49731	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.575892925 CET	49731	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.575967073 CET	443	49731	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.576364994 CET	443	49731	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.576709986 CET	49731	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.576788902 CET	443	49731	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.576884031 CET	49731	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.623331070 CET	443	49731	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.850002050 CET	443	49730	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:36.850903034 CET	49730	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:36.850991011 CET	443	49730	52.209.169.238	192.168.2.8
Nov 20, 2024 15:09:36.851052999 CET	49730	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:09:36.853964090 CET	49732	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.854006052 CET	443	49732	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:36.854290962 CET	49732	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.854290962 CET	49732	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:36.854319096 CET	443	49732	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:37.108935118 CET	443	49731	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:37.108962059 CET	443	49731	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:37.109042883 CET	443	49731	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:37.109069109 CET	49731	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:37.109118938 CET	49731	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:37.109915972 CET	49731	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:37.109935999 CET	443	49731	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:38.257127047 CET	443	49732	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:38.257754087 CET	49732	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:38.257771015 CET	443	49732	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:38.258263111 CET	443	49732	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:38.258985996 CET	49732	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:38.259145975 CET	49732	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:38.262537003 CET	443	49732	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:38.307806015 CET	49732	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:38.808511019 CET	443	49732	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:38.808579922 CET	443	49732	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:38.808635950 CET	49732	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:38.809278011 CET	49732	443	192.168.2.8	54.194.166.37
Nov 20, 2024 15:09:38.809293032 CET	443	49732	54.194.166.37	192.168.2.8
Nov 20, 2024 15:09:47.601491928 CET	49733	80	192.168.2.8	18.165.220.3
Nov 20, 2024 15:09:47.722141027 CET	80	49733	18.165.220.3	192.168.2.8
Nov 20, 2024 15:09:47.722316980 CET	49733	80	192.168.2.8	18.165.220.3
Nov 20, 2024 15:10:08.526539087 CET	49710	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:10:08.526566029 CET	443	49710	52.209.169.238	192.168.2.8
Nov 20, 2024 15:10:11.845942020 CET	49735	443	192.168.2.8	20.109.210.53
Nov 20, 2024 15:10:11.845977068 CET	443	49735	20.109.210.53	192.168.2.8
Nov 20, 2024 15:10:11.846048117 CET	49735	443	192.168.2.8	20.109.210.53
Nov 20, 2024 15:10:11.846513033 CET	49735	443	192.168.2.8	20.109.210.53
Nov 20, 2024 15:10:11.846524000 CET	443	49735	20.109.210.53	192.168.2.8
Nov 20, 2024 15:10:13.517767906 CET	443	49735	20.109.210.53	192.168.2.8
Nov 20, 2024 15:10:13.517875910 CET	49735	443	192.168.2.8	20.109.210.53
Nov 20, 2024 15:10:13.520894051 CET	49735	443	192.168.2.8	20.109.210.53
Nov 20, 2024 15:10:13.520905972 CET	443	49735	20.109.210.53	192.168.2.8
Nov 20, 2024 15:10:13.521169901 CET	443	49735	20.109.210.53	192.168.2.8
Nov 20, 2024 15:10:13.526458979 CET	49735	443	192.168.2.8	20.109.210.53
Nov 20, 2024 15:10:13.571332932 CET	443	49735	20.109.210.53	192.168.2.8
Nov 20, 2024 15:10:14.185007095 CET	443	49735	20.109.210.53	192.168.2.8
Nov 20, 2024 15:10:14.185039997 CET	443	49735	20.109.210.53	192.168.2.8
Nov 20, 2024 15:10:14.185055971 CET	443	49735	20.109.210.53	192.168.2.8
Nov 20, 2024 15:10:14.185091972 CET	49735	443	192.168.2.8	20.109.210.53
Nov 20, 2024 15:10:14.185101986 CET	443	49735	20.109.210.53	192.168.2.8
Nov 20, 2024 15:10:14.185132027 CET	49735	443	192.168.2.8	20.109.210.53
Nov 20, 2024 15:10:14.185153961 CET	49735	443	192.168.2.8	20.109.210.53
Nov 20, 2024 15:10:14.222426891 CET	443	49735	20.109.210.53	192.168.2.8
Nov 20, 2024 15:10:14.222492933 CET	443	49735	20.109.210.53	192.168.2.8
Nov 20, 2024 15:10:14.222567081 CET	49735	443	192.168.2.8	20.109.210.53
Nov 20, 2024 15:10:14.222594976 CET	443	49735	20.109.210.53	192.168.2.8
Nov 20, 2024 15:10:14.222609043 CET	49735	443	192.168.2.8	20.109.210.53
Nov 20, 2024 15:10:14.222609997 CET	443	49735	20.109.210.53	192.168.2.8
Nov 20, 2024 15:10:14.222661018 CET	49735	443	192.168.2.8	20.109.210.53
Nov 20, 2024 15:10:14.222835064 CET	49735	443	192.168.2.8	20.109.210.53
Nov 20, 2024 15:10:14.222852945 CET	443	49735	20.109.210.53	192.168.2.8
Nov 20, 2024 15:10:14.222863913 CET	49735	443	192.168.2.8	20.109.210.53
Nov 20, 2024 15:10:14.222870111 CET	443	49735	20.109.210.53	192.168.2.8
Nov 20, 2024 15:10:17.605840921 CET	443	49710	52.209.169.238	192.168.2.8
Nov 20, 2024 15:10:17.605930090 CET	443	49710	52.209.169.238	192.168.2.8
Nov 20, 2024 15:10:17.606010914 CET	49710	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:10:18.979055882 CET	80	49733	18.165.220.3	192.168.2.8
Nov 20, 2024 15:10:18.979295969 CET	49733	80	192.168.2.8	18.165.220.3
Nov 20, 2024 15:10:19.168582916 CET	49733	80	192.168.2.8	18.165.220.3
Nov 20, 2024 15:10:19.168617964 CET	49710	443	192.168.2.8	52.209.169.238
Nov 20, 2024 15:10:19.168643951 CET	443	49710	52.209.169.238	192.168.2.8
Nov 20, 2024 15:10:19.291603088 CET	80	49733	18.165.220.3	192.168.2.8
Nov 20, 2024 15:10:23.152591944 CET	49737	443	192.168.2.8	142.250.181.68
Nov 20, 2024 15:10:23.152647972 CET	443	49737	142.250.181.68	192.168.2.8
Nov 20, 2024 15:10:23.152739048 CET	49737	443	192.168.2.8	142.250.181.68
Nov 20, 2024 15:10:23.152951956 CET	49737	443	192.168.2.8	142.250.181.68
Nov 20, 2024 15:10:23.152965069 CET	443	49737	142.250.181.68	192.168.2.8
Nov 20, 2024 15:10:24.955414057 CET	443	49737	142.250.181.68	192.168.2.8
Nov 20, 2024 15:10:24.955965996 CET	49737	443	192.168.2.8	142.250.181.68
Nov 20, 2024 15:10:24.955996037 CET	443	49737	142.250.181.68	192.168.2.8
Nov 20, 2024 15:10:24.956454039 CET	443	49737	142.250.181.68	192.168.2.8
Nov 20, 2024 15:10:24.956774950 CET	49737	443	192.168.2.8	142.250.181.68
Nov 20, 2024 15:10:24.956847906 CET	443	49737	142.250.181.68	192.168.2.8
Nov 20, 2024 15:10:25.010591984 CET	49737	443	192.168.2.8	142.250.181.68
Nov 20, 2024 15:10:31.847897053 CET	49738	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:31.847943068 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:31.848002911 CET	49738	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:31.848467112 CET	49738	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:31.848479986 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:33.576103926 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:33.576265097 CET	49738	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:33.578068018 CET	49738	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:33.578090906 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:33.578522921 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:33.586554050 CET	49738	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:33.631335974 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:34.341999054 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:34.342036963 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:34.342056990 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:34.342087030 CET	49738	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:34.342108011 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:34.342137098 CET	49738	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:34.342144966 CET	49738	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:34.537686110 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:34.537728071 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:34.537837982 CET	49738	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:34.537869930 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:34.537910938 CET	49738	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:34.582973003 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:34.583009958 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:34.583105087 CET	49738	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:34.583132982 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:34.583174944 CET	49738	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:34.626060009 CET	443	49737	142.250.181.68	192.168.2.8
Nov 20, 2024 15:10:34.626149893 CET	443	49737	142.250.181.68	192.168.2.8
Nov 20, 2024 15:10:34.626235008 CET	49737	443	192.168.2.8	142.250.181.68
Nov 20, 2024 15:10:34.703668118 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:34.703732014 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:34.703892946 CET	49738	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:34.703927040 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:34.703973055 CET	49738	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:34.744213104 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:34.744275093 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:34.744395018 CET	49738	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:34.744427919 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:34.744477034 CET	49738	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:34.768333912 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:34.768361092 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:34.768440962 CET	49738	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:34.768450022 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:34.768490076 CET	49738	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:34.888219118 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:34.888256073 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:34.888294935 CET	49738	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:34.888312101 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:34.888340950 CET	49738	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:34.888359070 CET	49738	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:34.907510042 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:34.907550097 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:34.907587051 CET	49738	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:34.907601118 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:34.907628059 CET	49738	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:34.907648087 CET	49738	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:34.925472975 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:34.925501108 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:34.925553083 CET	49738	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:34.925565004 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:34.925591946 CET	49738	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:34.925609112 CET	49738	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:34.941231966 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:34.941265106 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:34.941303015 CET	49738	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:34.941323996 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:34.941338062 CET	49738	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:34.941358089 CET	49738	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:34.959639072 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:34.959678888 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:34.959772110 CET	49738	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:34.959806919 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:34.959851027 CET	49738	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:34.979228020 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:34.979264021 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:34.979342937 CET	49738	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:34.979353905 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:34.979443073 CET	49738	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:35.085599899 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:35.085632086 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:35.085700989 CET	49738	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:35.085727930 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:35.085769892 CET	49738	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:35.096452951 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:35.096519947 CET	49738	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:35.096541882 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:35.096559048 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:35.096582890 CET	49738	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:35.096618891 CET	49738	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:35.096708059 CET	49738	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:35.096733093 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:35.096745968 CET	49738	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:35.096752882 CET	443	49738	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:35.154932022 CET	49740	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:35.154989004 CET	443	49740	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:35.155055046 CET	49740	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:35.156155109 CET	49741	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:35.156197071 CET	443	49741	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:35.156275034 CET	49741	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:35.156446934 CET	49742	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:35.156462908 CET	443	49742	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:35.156502008 CET	49742	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:35.156645060 CET	49740	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:35.156660080 CET	443	49740	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:35.157344103 CET	49743	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:35.157363892 CET	443	49743	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:35.157413006 CET	49743	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:35.157485008 CET	49741	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:35.157495022 CET	443	49741	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:35.157572985 CET	49743	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:35.157581091 CET	443	49743	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:35.158376932 CET	49744	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:35.158411980 CET	443	49744	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:35.158478022 CET	49744	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:35.158581972 CET	49744	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:35.158593893 CET	443	49744	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:35.158643007 CET	49742	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:35.158659935 CET	443	49742	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:35.168653965 CET	49737	443	192.168.2.8	142.250.181.68
Nov 20, 2024 15:10:35.168709993 CET	443	49737	142.250.181.68	192.168.2.8
Nov 20, 2024 15:10:36.892472029 CET	443	49741	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:36.892949104 CET	49741	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:36.892976999 CET	443	49741	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:36.893435955 CET	49741	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:36.893440962 CET	443	49741	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:36.946141958 CET	443	49742	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:36.946650982 CET	49742	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:36.946671009 CET	443	49742	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:36.947098970 CET	49742	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:36.947104931 CET	443	49742	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:36.999527931 CET	443	49743	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:37.000087976 CET	49743	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:37.000111103 CET	443	49743	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:37.000560045 CET	49743	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:37.000565052 CET	443	49743	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:37.006978035 CET	443	49740	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:37.007292986 CET	443	49744	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:37.007397890 CET	49740	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:37.007430077 CET	443	49740	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:37.007627964 CET	49744	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:37.007659912 CET	443	49744	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:37.007812023 CET	49740	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:37.007819891 CET	443	49740	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:37.008109093 CET	49744	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:37.008115053 CET	443	49744	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:37.331513882 CET	443	49741	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:37.331617117 CET	443	49741	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:37.331800938 CET	49741	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:37.331835032 CET	49741	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:37.331852913 CET	443	49741	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:37.331866980 CET	49741	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:37.331872940 CET	443	49741	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:37.334506989 CET	49746	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:37.334544897 CET	443	49746	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:37.334707975 CET	49746	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:37.334855080 CET	49746	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:37.334867001 CET	443	49746	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:37.399506092 CET	443	49742	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:37.399539948 CET	443	49742	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:37.399765968 CET	49742	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:37.399789095 CET	443	49742	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:37.399867058 CET	49742	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:37.399882078 CET	443	49742	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:37.399892092 CET	49742	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:37.400039911 CET	443	49742	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:37.400075912 CET	443	49742	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:37.402524948 CET	49742	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:37.403223991 CET	49747	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:37.403270006 CET	443	49747	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:37.403336048 CET	49747	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:37.403603077 CET	49747	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:37.403614998 CET	443	49747	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:37.462116003 CET	443	49743	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:37.462137938 CET	443	49743	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:37.462197065 CET	49743	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:37.462215900 CET	443	49743	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:37.462256908 CET	49743	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:37.462445974 CET	49743	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:37.462450027 CET	443	49743	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:37.462464094 CET	49743	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:37.462584972 CET	443	49743	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:37.462611914 CET	443	49743	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:37.462666988 CET	49743	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:37.464976072 CET	49748	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:37.465003014 CET	443	49748	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:37.465150118 CET	49748	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:37.465307951 CET	49748	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:37.465315104 CET	443	49748	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:37.467710018 CET	443	49740	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:37.467739105 CET	443	49740	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:37.467797995 CET	49740	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:37.467811108 CET	443	49740	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:37.467911005 CET	49740	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:37.467995882 CET	49740	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:37.468000889 CET	443	49740	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:37.468017101 CET	49740	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:37.468173027 CET	443	49740	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:37.468214035 CET	443	49740	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:37.468447924 CET	49740	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:37.470062971 CET	49749	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:37.470094919 CET	443	49749	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:37.470145941 CET	49749	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:37.470186949 CET	443	49744	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:37.470243931 CET	443	49744	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:37.470273018 CET	49749	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:37.470283031 CET	443	49749	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:37.470305920 CET	49744	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:37.470406055 CET	49744	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:37.470423937 CET	443	49744	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:37.470448971 CET	49744	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:37.470455885 CET	443	49744	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:37.472223997 CET	49750	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:37.472239017 CET	443	49750	13.107.246.63	192.168.2.8
Nov 20, 2024 15:10:37.472297907 CET	49750	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:37.472527027 CET	49750	443	192.168.2.8	13.107.246.63
Nov 20, 2024 15:10:37.472536087 CET	443	49750	13.107.246.63	192.168.2.8

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 20, 2024 15:09:19.101038933 CET	53	57552	1.1.1.1	192.168.2.8
Nov 20, 2024 15:09:19.101747036 CET	53	56337	1.1.1.1	192.168.2.8
Nov 20, 2024 15:09:20.312230110 CET	52625	53	192.168.2.8	1.1.1.1
Nov 20, 2024 15:09:20.312732935 CET	62257	53	192.168.2.8	1.1.1.1
Nov 20, 2024 15:09:21.304877996 CET	53	52625	1.1.1.1	192.168.2.8
Nov 20, 2024 15:09:21.305797100 CET	53	62257	1.1.1.1	192.168.2.8
Nov 20, 2024 15:09:21.880557060 CET	53	55158	1.1.1.1	192.168.2.8
Nov 20, 2024 15:09:23.090673923 CET	64875	53	192.168.2.8	1.1.1.1
Nov 20, 2024 15:09:23.090847015 CET	55821	53	192.168.2.8	1.1.1.1
Nov 20, 2024 15:09:23.233899117 CET	53	64875	1.1.1.1	192.168.2.8
Nov 20, 2024 15:09:23.234005928 CET	53	55821	1.1.1.1	192.168.2.8
Nov 20, 2024 15:09:24.087651014 CET	54994	53	192.168.2.8	1.1.1.1
Nov 20, 2024 15:09:24.087872028 CET	49682	53	192.168.2.8	1.1.1.1
Nov 20, 2024 15:09:24.978313923 CET	53	49682	1.1.1.1	192.168.2.8
Nov 20, 2024 15:09:24.979387045 CET	53	54994	1.1.1.1	192.168.2.8
Nov 20, 2024 15:09:30.185393095 CET	51949	53	192.168.2.8	1.1.1.1
Nov 20, 2024 15:09:30.185563087 CET	55342	53	192.168.2.8	1.1.1.1
Nov 20, 2024 15:09:30.325437069 CET	53	51949	1.1.1.1	192.168.2.8
Nov 20, 2024 15:09:30.329128981 CET	53	55342	1.1.1.1	192.168.2.8
Nov 20, 2024 15:09:32.489928961 CET	52809	53	192.168.2.8	1.1.1.1
Nov 20, 2024 15:09:32.490089893 CET	59378	53	192.168.2.8	1.1.1.1
Nov 20, 2024 15:09:32.627846956 CET	53	52809	1.1.1.1	192.168.2.8
Nov 20, 2024 15:09:32.628739119 CET	53	59378	1.1.1.1	192.168.2.8
Nov 20, 2024 15:09:32.768848896 CET	49692	53	192.168.2.8	1.1.1.1
Nov 20, 2024 15:09:32.769021988 CET	59725	53	192.168.2.8	1.1.1.1
Nov 20, 2024 15:09:32.907267094 CET	53	59725	1.1.1.1	192.168.2.8
Nov 20, 2024 15:09:32.911719084 CET	53	49692	1.1.1.1	192.168.2.8
Nov 20, 2024 15:09:39.086715937 CET	53	63247	1.1.1.1	192.168.2.8
Nov 20, 2024 15:09:47.088265896 CET	61737	53	192.168.2.8	1.1.1.1
Nov 20, 2024 15:09:47.088437080 CET	59504	53	192.168.2.8	1.1.1.1
Nov 20, 2024 15:09:47.560020924 CET	53	59504	1.1.1.1	192.168.2.8
Nov 20, 2024 15:09:47.600298882 CET	53	61737	1.1.1.1	192.168.2.8
Nov 20, 2024 15:09:56.298223019 CET	138	138	192.168.2.8	192.168.2.255
Nov 20, 2024 15:09:58.009835005 CET	53	60492	1.1.1.1	192.168.2.8
Nov 20, 2024 15:10:18.650238991 CET	53	60858	1.1.1.1	192.168.2.8
Nov 20, 2024 15:10:20.852255106 CET	53	51141	1.1.1.1	192.168.2.8

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Nov 20, 2024 15:09:30.611979961 CET	192.168.2.8	1.1.1.1	c277	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 20, 2024 15:09:20.312230110 CET	192.168.2.8	1.1.1.1	0x279a	Standard query (0)	covid19.auth-verify.com	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:20.312732935 CET	192.168.2.8	1.1.1.1	0xbf30	Standard query (0)	covid19.auth-verify.com	65	IN (0x0001)	false
Nov 20, 2024 15:09:23.090673923 CET	192.168.2.8	1.1.1.1	0xeb1e	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:23.090847015 CET	192.168.2.8	1.1.1.1	0x8606	Standard query (0)	www.google.com	65	IN (0x0001)	false
Nov 20, 2024 15:09:24.087651014 CET	192.168.2.8	1.1.1.1	0xc851	Standard query (0)	secure.encryptedconnection.net	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:24.087872028 CET	192.168.2.8	1.1.1.1	0xa98	Standard query (0)	secure.encryptedconnection.net	65	IN (0x0001)	false
Nov 20, 2024 15:09:30.185393095 CET	192.168.2.8	1.1.1.1	0x913c	Standard query (0)	cdn2.hubspot.net	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:30.185563087 CET	192.168.2.8	1.1.1.1	0x62aa	Standard query (0)	cdn2.hubspot.net	65	IN (0x0001)	false
Nov 20, 2024 15:09:32.489928961 CET	192.168.2.8	1.1.1.1	0x4d25	Standard query (0)	cdn2.hubspot.net	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:32.490089893 CET	192.168.2.8	1.1.1.1	0x5ef0	Standard query (0)	cdn2.hubspot.net	65	IN (0x0001)	false
Nov 20, 2024 15:09:32.768848896 CET	192.168.2.8	1.1.1.1	0xc7e3	Standard query (0)	secure.encryptedconnection.net	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:32.769021988 CET	192.168.2.8	1.1.1.1	0xc09e	Standard query (0)	secure.encryptedconnection.net	65	IN (0x0001)	false
Nov 20, 2024 15:09:47.088265896 CET	192.168.2.8	1.1.1.1	0x3366	Standard query (0)	preview.eu.knowbe4.com	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:47.088437080 CET	192.168.2.8	1.1.1.1	0x93c7	Standard query (0)	preview.eu.knowbe4.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 20, 2024 15:09:21.304877996 CET	1.1.1.1	192.168.2.8	0x279a	No error (0)	covid19.auth-verify.com	landing.eu.knowbe4.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 20, 2024 15:09:21.304877996 CET	1.1.1.1	192.168.2.8	0x279a	No error (0)	landing.eu.knowbe4.com		52.209.169.238	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:21.304877996 CET	1.1.1.1	192.168.2.8	0x279a	No error (0)	landing.eu.knowbe4.com		54.194.166.37	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:21.305797100 CET	1.1.1.1	192.168.2.8	0xbf30	No error (0)	covid19.auth-verify.com	landing.eu.knowbe4.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 20, 2024 15:09:23.233899117 CET	1.1.1.1	192.168.2.8	0xeb1e	No error (0)	www.google.com		142.250.181.68	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:23.234005928 CET	1.1.1.1	192.168.2.8	0x8606	No error (0)	www.google.com			65	IN (0x0001)	false
Nov 20, 2024 15:09:24.978313923 CET	1.1.1.1	192.168.2.8	0xa98	No error (0)	secure.encryptedconnection.net	landing.eu.knowbe4.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 20, 2024 15:09:24.979387045 CET	1.1.1.1	192.168.2.8	0xc851	No error (0)	secure.encryptedconnection.net	landing.eu.knowbe4.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 20, 2024 15:09:24.979387045 CET	1.1.1.1	192.168.2.8	0xc851	No error (0)	landing.eu.knowbe4.com		52.209.169.238	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:24.979387045 CET	1.1.1.1	192.168.2.8	0xc851	No error (0)	landing.eu.knowbe4.com		54.194.166.37	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:30.325437069 CET	1.1.1.1	192.168.2.8	0x913c	No error (0)	cdn2.hubspot.net		104.18.87.62	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:30.325437069 CET	1.1.1.1	192.168.2.8	0x913c	No error (0)	cdn2.hubspot.net		104.18.88.62	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:30.325437069 CET	1.1.1.1	192.168.2.8	0x913c	No error (0)	cdn2.hubspot.net		104.18.89.62	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:30.325437069 CET	1.1.1.1	192.168.2.8	0x913c	No error (0)	cdn2.hubspot.net		104.18.90.62	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:30.325437069 CET	1.1.1.1	192.168.2.8	0x913c	No error (0)	cdn2.hubspot.net		104.18.91.62	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:30.329128981 CET	1.1.1.1	192.168.2.8	0x62aa	No error (0)	cdn2.hubspot.net			65	IN (0x0001)	false
Nov 20, 2024 15:09:32.627846956 CET	1.1.1.1	192.168.2.8	0x4d25	No error (0)	cdn2.hubspot.net		104.18.87.62	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:32.627846956 CET	1.1.1.1	192.168.2.8	0x4d25	No error (0)	cdn2.hubspot.net		104.18.90.62	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:32.627846956 CET	1.1.1.1	192.168.2.8	0x4d25	No error (0)	cdn2.hubspot.net		104.18.89.62	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:32.627846956 CET	1.1.1.1	192.168.2.8	0x4d25	No error (0)	cdn2.hubspot.net		104.18.91.62	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:32.627846956 CET	1.1.1.1	192.168.2.8	0x4d25	No error (0)	cdn2.hubspot.net		104.18.88.62	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:32.628739119 CET	1.1.1.1	192.168.2.8	0x5ef0	No error (0)	cdn2.hubspot.net			65	IN (0x0001)	false
Nov 20, 2024 15:09:32.907267094 CET	1.1.1.1	192.168.2.8	0xc09e	No error (0)	secure.encryptedconnection.net	landing.eu.knowbe4.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 20, 2024 15:09:32.911719084 CET	1.1.1.1	192.168.2.8	0xc7e3	No error (0)	secure.encryptedconnection.net	landing.eu.knowbe4.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 20, 2024 15:09:32.911719084 CET	1.1.1.1	192.168.2.8	0xc7e3	No error (0)	landing.eu.knowbe4.com		54.194.166.37	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:32.911719084 CET	1.1.1.1	192.168.2.8	0xc7e3	No error (0)	landing.eu.knowbe4.com		52.209.169.238	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:47.600298882 CET	1.1.1.1	192.168.2.8	0x3366	No error (0)	preview.eu.knowbe4.com		18.165.220.3	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:47.600298882 CET	1.1.1.1	192.168.2.8	0x3366	No error (0)	preview.eu.knowbe4.com		18.165.220.84	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:47.600298882 CET	1.1.1.1	192.168.2.8	0x3366	No error (0)	preview.eu.knowbe4.com		18.165.220.113	A (IP address)	IN (0x0001)	false
Nov 20, 2024 15:09:47.600298882 CET	1.1.1.1	192.168.2.8	0x3366	No error (0)	preview.eu.knowbe4.com		18.165.220.119	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

covid19.auth-verify.com

https:

secure.encryptedconnection.net

cdn2.hubspot.net

fs.microsoft.com

slscr.update.microsoft.com

otelrules.azureedge.net

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.8	49711	52.209.169.238	443	6976	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:23 UTC	1009	OUT	GET /XUXIrOHR6RjhQNXRDVW5iWmFYNTZaZlB0Z1ZnZHBzcVhlTW1qdU04ZXpTUXRDVmJVWGZzaSsxd05aQUF3emJmeFZyVkhKN3RPM2cwU3NDMWkrMFhSbTcwSEh5N09lN256QnJjRG9sWklQRy9KZm14M1JhMER1NzVYVjFlZUxmeTZnQVc4Z0t1T2pTTnJ5dHN3NVNSTFljQzlxOFJRb2NraUtMVVZ4ckN0eVF1WTFCS3VqVnNZazlaSlUrK3ZjUE1PcVM1eFhrQT0tLUs1UUpQQ3gzcDZ1VzRKVVEtLW44eGZTZUNwWmFkTnlqMFJCODNDZUE9PQ==?cid=289532680 HTTP/1.1 Host: covid19.auth-verify.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-20 14:09:24 UTC	574	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:23 GMT Content-Type: text/html; charset=utf-8 Content-Length: 490 Connection: close X-Frame-Options: SAMEORIGIN X-XSS-Protection: 0 X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none Referrer-Policy: no-referrer-when-downgrade ETag: W/"2c3fdd9c01a839c9da114e2f68d483d9" Cache-Control: max-age=0, private, must-revalidate Content-Security-Policy: X-Request-Id: ceca775b-2354-44aa-adb5-1e0be2bbd615 X-Runtime: 0.103780 Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
2024-11-20 14:09:24 UTC	490	IN	Data Raw: 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 27 68 74 74 70 73 3a 2f 2f 73 65 63 75 72 65 2e 65 6e 63 72 79 70 74 65 64 63 6f 6e 6e 65 63 74 69 6f 6e 2e 6e 65 74 2f 70 61 67 65 73 2f 35 64 63 66 32 36 37 61 34 66 66 32 2f 58 55 58 49 72 4f 48 52 36 52 6a 68 51 4e 58 52 44 56 57 35 69 57 6d 46 59 4e 54 5a 61 5a 6c 42 30 5a 31 5a 6e 5a 48 42 7a 63 56 68 6c 54 57 31 71 64 55 30 34 5a 58 70 54 55 58 52 44 56 6d 4a 56 57 47 5a 7a 61 53 73 78 64 30 35 61 51 55 46 33 65 6d 4a 6d 65 46 5a 79 56 6b 68 4b 4e 33 52 50 4d 32 63 77 55 33 4e 44 4d 57 6b 72 4d 46 68 53 62 54 63 77 53 45 68 35 4e 30 39 6c 4e 32 35 36 51 6e 4a 6a 52 47 39 73 57 6b 6c 51 52 79 Data Ascii: <html> <head> <script>window.location.href = 'https://secure.encryptedconnection.net/pages/5dcf267a4ff2/XUXIrOHR6RjhQNXRDVW5iWmFYNTZaZlB0Z1ZnZHBzcVhlTW1qdU04ZXpTUXRDVmJVWGZzaSsxd05aQUF3emJmeFZyVkhKN3RPM2cwU3NDMWkrMFhSbTcwSEh5N09lN256QnJjRG9sWklQRy

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.8	49714	23.218.208.109	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:26 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-20 14:09:26 UTC	465	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF67) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=9361 Date: Wed, 20 Nov 2024 14:09:26 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.8	49715	52.209.169.238	443	6976	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:27 UTC	1393	OUT	GET /pages/5dcf267a4ff2/XUXIrOHR6RjhQNXRDVW5iWmFYNTZaZlB0Z1ZnZHBzcVhlTW1qdU04ZXpTUXRDVmJVWGZzaSsxd05aQUF3emJmeFZyVkhKN3RPM2cwU3NDMWkrMFhSbTcwSEh5N09lN256QnJjRG9sWklQRy9KZm14M1JhMER1NzVYVjFlZUxmeTZnQVc4Z0t1T2pTTnJ5dHN3NVNSTFljQzlxOFJRb2NraUtMVVZ4ckN0eVF1WTFCS3VqVnNZazlaSlUrK3ZjUE1PcVM1eFhrQT0tLUs1UUpQQ3gzcDZ1VzRKVVEtLW44eGZTZUNwWmFkTnlqMFJCODNDZUE9PQ== HTTP/1.1 Host: secure.encryptedconnection.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://covid19.auth-verify.com/XUXIrOHR6RjhQNXRDVW5iWmFYNTZaZlB0Z1ZnZHBzcVhlTW1qdU04ZXpTUXRDVmJVWGZzaSsxd05aQUF3emJmeFZyVkhKN3RPM2cwU3NDMWkrMFhSbTcwSEh5N09lN256QnJjRG9sWklQRy9KZm14M1JhMER1NzVYVjFlZUxmeTZnQVc4Z0t1T2pTTnJ5dHN3NVNSTFljQzlxOFJRb2NraUtMVVZ4ckN0eVF1WTFCS3VqVnNZazlaSlUrK3ZjUE1PcVM1eFhrQT0tLUs1UUpQQ3gzcDZ1VzRKVVEtLW44eGZTZUNwWmFkTnlqMFJCODNDZUE9PQ==?cid=289532680 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-20 14:09:29 UTC	954	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:29 GMT Content-Type: text/html; charset=utf-8 Content-Length: 12905 Connection: close X-Frame-Options: SAMEORIGIN X-XSS-Protection: 0 X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none Referrer-Policy: no-referrer-when-downgrade Link: </assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css>; rel=preload; as=style; nopush,</assets/sei-styles-1837e0b6e1baaf1af90438028a176241b70a365a8a09ff4bf668cf3bf9e3c759.css>; rel=preload; as=style; nopush,</assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js>; rel=preload; as=script; nopush ETag: W/"e8040db3d6edbf8ad840430ab7b824bf" Cache-Control: max-age=0, private, must-revalidate Content-Security-Policy: X-Request-Id: 6fecbc7e-1192-4cec-9d09-0771060dd5a4 X-Runtime: 1.738762 Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
2024-11-20 14:09:29 UTC	12905	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 49 4d 50 4f 52 54 41 4e 54 22 20 63 6f 6e 74 65 6e 74 3d 22 54 68 69 73 20 70 61 67 65 20 69 73 20 70 61 72 74 20 6f 66 20 61 20 73 69 6d 75 6c 61 74 65 64 20 70 68 69 73 68 69 6e 67 20 61 74 74 61 63 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"> <meta name="IMPORTANT" content="This page is part of a simulated phishing attac

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.8	49717	23.218.208.109	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:28 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-20 14:09:28 UTC	533	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=9363 Date: Wed, 20 Nov 2024 14:09:28 GMT Content-Length: 55 Connection: close X-CID: 2
2024-11-20 14:09:28 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.8	49716	52.209.169.238	443	6976	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:29 UTC	1000	OUT	GET /assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css HTTP/1.1 Host: secure.encryptedconnection.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://secure.encryptedconnection.net/pages/5dcf267a4ff2/XUXIrOHR6RjhQNXRDVW5iWmFYNTZaZlB0Z1ZnZHBzcVhlTW1qdU04ZXpTUXRDVmJVWGZzaSsxd05aQUF3emJmeFZyVkhKN3RPM2cwU3NDMWkrMFhSbTcwSEh5N09lN256QnJjRG9sWklQRy9KZm14M1JhMER1NzVYVjFlZUxmeTZnQVc4Z0t1T2pTTnJ5dHN3NVNSTFljQzlxOFJRb2NraUtMVVZ4ckN0eVF1WTFCS3VqVnNZazlaSlUrK3ZjUE1PcVM1eFhrQT0tLUs1UUpQQ3gzcDZ1VzRKVVEtLW44eGZTZUNwWmFkTnlqMFJCODNDZUE9PQ== Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-20 14:09:30 UTC	263	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:29 GMT Content-Type: text/css Content-Length: 1471 Connection: close Last-Modified: Tue, 19 Nov 2024 17:51:47 GMT Vary: accept-encoding Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
2024-11-20 14:09:30 UTC	1471	IN	Data Raw: 2f 2a 20 6c 69 6e 65 20 31 2c 20 61 70 70 2f 61 73 73 65 74 73 2f 73 74 79 6c 65 73 68 65 65 74 73 2f 6c 61 6e 64 69 6e 67 2d 77 61 74 65 72 6d 61 72 6b 2e 73 63 73 73 20 2a 2f 0a 2e 77 61 74 65 72 6d 61 72 6b 20 7b 0a 20 20 2d 77 65 62 6b 69 74 2d 77 72 69 74 69 6e 67 2d 6d 6f 64 65 3a 20 76 65 72 74 69 63 61 6c 2d 72 6c 3b 0a 20 20 20 20 20 20 2d 6d 73 2d 77 72 69 74 69 6e 67 2d 6d 6f 64 65 3a 20 74 62 2d 72 6c 3b 0a 20 20 20 20 20 20 20 20 20 20 77 72 69 74 69 6e 67 2d 6d 6f 64 65 3a 20 76 65 72 74 69 63 61 6c 2d 72 6c 3b 0a 20 20 74 65 78 74 2d 6f 72 69 65 6e 74 61 74 69 6f 6e 3a 20 73 69 64 65 77 61 79 73 3b 0a 7d 0a 0a 2f 2a 20 6c 69 6e 65 20 34 2c 20 61 70 70 2f 61 73 73 65 74 73 2f 73 74 79 6c 65 73 68 65 65 74 73 2f 6c 61 6e 64 69 6e 67 2d 77 61 Data Ascii: /* line 1, app/assets/stylesheets/landing-watermark.scss /.watermark { -webkit-writing-mode: vertical-rl; -ms-writing-mode: tb-rl; writing-mode: vertical-rl; text-orientation: sideways;}/ line 4, app/assets/stylesheets/landing-wa

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.8	49719	52.209.169.238	443	6976	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:31 UTC	993	OUT	GET /assets/sei-styles-1837e0b6e1baaf1af90438028a176241b70a365a8a09ff4bf668cf3bf9e3c759.css HTTP/1.1 Host: secure.encryptedconnection.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://secure.encryptedconnection.net/pages/5dcf267a4ff2/XUXIrOHR6RjhQNXRDVW5iWmFYNTZaZlB0Z1ZnZHBzcVhlTW1qdU04ZXpTUXRDVmJVWGZzaSsxd05aQUF3emJmeFZyVkhKN3RPM2cwU3NDMWkrMFhSbTcwSEh5N09lN256QnJjRG9sWklQRy9KZm14M1JhMER1NzVYVjFlZUxmeTZnQVc4Z0t1T2pTTnJ5dHN3NVNSTFljQzlxOFJRb2NraUtMVVZ4ckN0eVF1WTFCS3VqVnNZazlaSlUrK3ZjUE1PcVM1eFhrQT0tLUs1UUpQQ3gzcDZ1VzRKVVEtLW44eGZTZUNwWmFkTnlqMFJCODNDZUE9PQ== Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-20 14:09:32 UTC	263	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:31 GMT Content-Type: text/css Content-Length: 5934 Connection: close Last-Modified: Tue, 19 Nov 2024 17:51:47 GMT Vary: accept-encoding Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
2024-11-20 14:09:32 UTC	5934	IN	Data Raw: 2f 2a 20 6c 69 6e 65 20 32 2c 20 61 70 70 2f 61 73 73 65 74 73 2f 73 74 79 6c 65 73 68 65 65 74 73 2f 73 65 69 2d 73 74 79 6c 65 73 2e 73 63 73 73 20 2a 2f 0a 78 2d 73 65 69 2e 73 65 69 2d 66 6c 61 67 20 7b 0a 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 20 73 6f 6c 69 64 20 74 6f 6d 61 74 6f 3b 0a 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 33 70 78 3b 0a 7d 0a 0a 2f 2a 20 6c 69 6e 65 20 36 2c 20 61 70 70 2f 61 73 73 65 74 73 2f 73 74 79 6c 65 73 68 65 65 74 73 2f 73 65 69 2d 73 74 79 6c 65 73 2e 73 63 73 73 20 2a 2f 0a 78 2d 73 65 69 2e 73 65 69 2d 66 6c 61 67 3a 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 27 20 27 3b 0a 20 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 0a 20 20 62 61 63 6b 67 Data Ascii: /* line 2, app/assets/stylesheets/sei-styles.scss /x-sei.sei-flag { border-bottom: 2px solid tomato; padding-left: 3px;}/ line 6, app/assets/stylesheets/sei-styles.scss */x-sei.sei-flag::before { content: ' '; display: inline-block; backg

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.8	49718	52.209.169.238	443	6976	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:31 UTC	979	OUT	GET /assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js HTTP/1.1 Host: secure.encryptedconnection.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://secure.encryptedconnection.net/pages/5dcf267a4ff2/XUXIrOHR6RjhQNXRDVW5iWmFYNTZaZlB0Z1ZnZHBzcVhlTW1qdU04ZXpTUXRDVmJVWGZzaSsxd05aQUF3emJmeFZyVkhKN3RPM2cwU3NDMWkrMFhSbTcwSEh5N09lN256QnJjRG9sWklQRy9KZm14M1JhMER1NzVYVjFlZUxmeTZnQVc4Z0t1T2pTTnJ5dHN3NVNSTFljQzlxOFJRb2NraUtMVVZ4ckN0eVF1WTFCS3VqVnNZazlaSlUrK3ZjUE1PcVM1eFhrQT0tLUs1UUpQQ3gzcDZ1VzRKVVEtLW44eGZTZUNwWmFkTnlqMFJCODNDZUE9PQ== Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-20 14:09:32 UTC	279	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:31 GMT Content-Type: application/javascript Content-Length: 380848 Connection: close Last-Modified: Tue, 19 Nov 2024 17:51:47 GMT Vary: accept-encoding Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
2024-11-20 14:09:32 UTC	16105	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 37 2e 31 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 Data Ascii: /! jQuery v3.7.1 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQu
2024-11-20 14:09:32 UTC	16384	IN	Data Raw: 4e 61 6d 65 29 7d 2c 69 6e 70 75 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 4e 2e 74 65 73 74 28 65 2e 6e 6f 64 65 4e 61 6d 65 29 7d 2c 62 75 74 74 6f 6e 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 66 65 28 65 2c 22 69 6e 70 75 74 22 29 26 26 22 62 75 74 74 6f 6e 22 3d 3d 3d 65 2e 74 79 70 65 7c 7c 66 65 28 65 2c 22 62 75 74 74 6f 6e 22 29 7d 2c 74 65 78 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3b 72 65 74 75 72 6e 20 66 65 28 65 2c 22 69 6e 70 75 74 22 29 26 26 22 74 65 78 74 22 3d 3d 3d 65 2e 74 79 70 65 26 26 28 6e 75 6c 6c 3d 3d 28 74 3d 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 74 79 70 65 22 29 29 7c 7c 22 74 65 78 74 22 3d 3d 3d 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 7d 2c 66 69 72 Data Ascii: Name)},input:function(e){return N.test(e.nodeName)},button:function(e){return fe(e,"input")&&"button"===e.type\|\|fe(e,"button")},text:function(e){var t;return fe(e,"input")&&"text"===e.type&&(null==(t=e.getAttribute("type"))\|\|"text"===t.toLowerCase())},fir
2024-11-20 14:09:32 UTC	56	IN	Data Raw: 28 65 2c 6e 29 7c 7c 5f 2e 61 63 63 65 73 73 28 65 2c 6e 2c 7b 65 6d 70 74 79 3a 63 65 2e 43 61 6c 6c 62 61 63 6b 73 28 22 6f 6e 63 65 20 6d 65 6d 6f 72 79 22 29 2e 61 Data Ascii: (e,n)\|\|_.access(e,n,{empty:ce.Callbacks("once memory").a
2024-11-20 14:09:32 UTC	16384	IN	Data Raw: 64 64 28 66 75 6e 63 74 69 6f 6e 28 29 7b 5f 2e 72 65 6d 6f 76 65 28 65 2c 5b 74 2b 22 71 75 65 75 65 22 2c 6e 5d 29 7d 29 7d 29 7d 7d 29 2c 63 65 2e 66 6e 2e 65 78 74 65 6e 64 28 7b 71 75 65 75 65 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 29 7b 76 61 72 20 65 3d 32 3b 72 65 74 75 72 6e 22 73 74 72 69 6e 67 22 21 3d 74 79 70 65 6f 66 20 74 26 26 28 6e 3d 74 2c 74 3d 22 66 78 22 2c 65 2d 2d 29 2c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3c 65 3f 63 65 2e 71 75 65 75 65 28 74 68 69 73 5b 30 5d 2c 74 29 3a 76 6f 69 64 20 30 3d 3d 3d 6e 3f 74 68 69 73 3a 74 68 69 73 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 63 65 2e 71 75 65 75 65 28 74 68 69 73 2c 74 2c 6e 29 3b 63 65 2e 5f 71 75 65 75 65 48 6f 6f 6b 73 28 74 68 69 73 2c 74 29 Data Ascii: dd(function(){_.remove(e,[t+"queue",n])})})}}),ce.fn.extend({queue:function(t,n){var e=2;return"string"!=typeof t&&(n=t,t="fx",e--),arguments.length<e?ce.queue(this[0],t):void 0===n?this:this.each(function(){var e=ce.queue(this,t,n);ce._queueHooks(this,t)
2024-11-20 14:09:32 UTC	16384	IN	Data Raw: 74 68 69 73 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 63 65 2e 69 6e 41 72 72 61 79 28 74 68 69 73 2c 6e 29 3c 30 26 26 28 63 65 2e 63 6c 65 61 6e 44 61 74 61 28 53 65 28 74 68 69 73 29 29 2c 74 26 26 74 2e 72 65 70 6c 61 63 65 43 68 69 6c 64 28 65 2c 74 68 69 73 29 29 7d 2c 6e 29 7d 7d 29 2c 63 65 2e 65 61 63 68 28 7b 61 70 70 65 6e 64 54 6f 3a 22 61 70 70 65 6e 64 22 2c 70 72 65 70 65 6e 64 54 6f 3a 22 70 72 65 70 65 6e 64 22 2c 69 6e 73 65 72 74 42 65 66 6f 72 65 3a 22 62 65 66 6f 72 65 22 2c 69 6e 73 65 72 74 41 66 74 65 72 3a 22 61 66 74 65 72 22 2c 72 65 70 6c 61 63 65 41 6c 6c 3a 22 72 65 70 6c 61 63 65 57 69 74 68 22 7d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 61 29 7b 63 65 2e 66 6e 5b 65 5d 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 Data Ascii: this.parentNode;ce.inArray(this,n)<0&&(ce.cleanData(Se(this)),t&&t.replaceChild(e,this))},n)}}),ce.each({appendTo:"append",prependTo:"prepend",insertBefore:"before",insertAfter:"after",replaceAll:"replaceWith"},function(e,a){ce.fn[e]=function(e){for(var t
2024-11-20 14:09:32 UTC	16384	IN	Data Raw: 28 72 3d 69 2e 73 65 74 28 65 2c 6e 2c 74 29 29 3f 72 3a 65 5b 74 5d 3d 6e 3a 69 26 26 22 67 65 74 22 69 6e 20 69 26 26 6e 75 6c 6c 21 3d 3d 28 72 3d 69 2e 67 65 74 28 65 2c 74 29 29 3f 72 3a 65 5b 74 5d 7d 2c 70 72 6f 70 48 6f 6f 6b 73 3a 7b 74 61 62 49 6e 64 65 78 3a 7b 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 63 65 2e 66 69 6e 64 2e 61 74 74 72 28 65 2c 22 74 61 62 69 6e 64 65 78 22 29 3b 72 65 74 75 72 6e 20 74 3f 70 61 72 73 65 49 6e 74 28 74 2c 31 30 29 3a 62 74 2e 74 65 73 74 28 65 2e 6e 6f 64 65 4e 61 6d 65 29 7c 7c 77 74 2e 74 65 73 74 28 65 2e 6e 6f 64 65 4e 61 6d 65 29 26 26 65 2e 68 72 65 66 3f 30 3a 2d 31 7d 7d 7d 2c 70 72 6f 70 46 69 78 3a 7b 22 66 6f 72 22 3a 22 68 74 6d 6c 46 6f 72 22 2c 22 63 6c 61 73 73 22 3a 22 Data Ascii: (r=i.set(e,n,t))?r:e[t]=n:i&&"get"in i&&null!==(r=i.get(e,t))?r:e[t]},propHooks:{tabIndex:{get:function(e){var t=ce.find.attr(e,"tabindex");return t?parseInt(t,10):bt.test(e.nodeName)\|\|wt.test(e.nodeName)&&e.href?0:-1}}},propFix:{"for":"htmlFor","class":"
2024-11-20 14:09:32 UTC	16384	IN	Data Raw: 65 66 69 6c 74 65 72 28 22 6a 73 6f 6e 20 6a 73 6f 6e 70 22 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 2c 69 2c 6f 2c 61 3d 21 31 21 3d 3d 65 2e 6a 73 6f 6e 70 26 26 28 5a 74 2e 74 65 73 74 28 65 2e 75 72 6c 29 3f 22 75 72 6c 22 3a 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 65 2e 64 61 74 61 26 26 30 3d 3d 3d 28 65 2e 63 6f 6e 74 65 6e 74 54 79 70 65 7c 7c 22 22 29 2e 69 6e 64 65 78 4f 66 28 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 77 77 77 2d 66 6f 72 6d 2d 75 72 6c 65 6e 63 6f 64 65 64 22 29 26 26 5a 74 2e 74 65 73 74 28 65 2e 64 61 74 61 29 26 26 22 64 61 74 61 22 29 3b 69 66 28 61 7c 7c 22 6a 73 6f 6e 70 22 3d 3d 3d 65 2e 64 61 74 61 54 79 70 65 73 5b 30 5d 29 72 65 74 75 72 6e 20 72 3d 65 2e 6a 73 6f 6e 70 43 61 6c Data Ascii: efilter("json jsonp",function(e,t,n){var r,i,o,a=!1!==e.jsonp&&(Zt.test(e.url)?"url":"string"==typeof e.data&&0===(e.contentType\|\|"").indexOf("application/x-www-form-urlencoded")&&Zt.test(e.data)&&"data");if(a\|\|"jsonp"===e.dataTypes[0])return r=e.jsonpCal
2024-11-20 14:09:32 UTC	16384	IN	Data Raw: 74 65 72 22 2c 69 5b 31 5d 3d 6c 2e 74 65 73 74 28 69 5b 31 5d 29 3f 69 5b 31 5d 3a 22 63 65 6e 74 65 72 22 2c 74 3d 68 2e 65 78 65 63 28 69 5b 30 5d 29 2c 65 3d 68 2e 65 78 65 63 28 69 5b 31 5d 29 2c 77 5b 74 68 69 73 5d 3d 5b 74 3f 74 5b 30 5d 3a 30 2c 65 3f 65 5b 30 5d 3a 30 5d 2c 75 5b 74 68 69 73 5d 3d 5b 63 2e 65 78 65 63 28 69 5b 30 5d 29 5b 30 5d 2c 63 2e 65 78 65 63 28 69 5b 31 5d 29 5b 30 5d 5d 7d 29 2c 31 3d 3d 3d 79 2e 6c 65 6e 67 74 68 26 26 28 79 5b 31 5d 3d 79 5b 30 5d 29 2c 22 72 69 67 68 74 22 3d 3d 3d 75 2e 61 74 5b 30 5d 3f 6d 2e 6c 65 66 74 2b 3d 70 3a 22 63 65 6e 74 65 72 22 3d 3d 3d 75 2e 61 74 5b 30 5d 26 26 28 6d 2e 6c 65 66 74 2b 3d 70 2f 32 29 2c 22 62 6f 74 74 6f 6d 22 3d 3d 3d 75 2e 61 74 5b 31 5d 3f 6d 2e 74 6f 70 2b 3d 66 3a Data Ascii: ter",i[1]=l.test(i[1])?i[1]:"center",t=h.exec(i[0]),e=h.exec(i[1]),w[this]=[t?t[0]:0,e?e[0]:0],u[this]=[c.exec(i[0])[0],c.exec(i[1])[0]]}),1===y.length&&(y[1]=y[0]),"right"===u.at[0]?m.left+=p:"center"===u.at[0]&&(m.left+=p/2),"bottom"===u.at[1]?m.top+=f:
2024-11-20 14:09:32 UTC	16384	IN	Data Raw: 66 66 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 74 68 69 73 2e 6f 66 66 73 65 74 50 61 72 65 6e 74 2e 6f 66 66 73 65 74 28 29 2c 65 3d 74 68 69 73 2e 64 6f 63 75 6d 65 6e 74 5b 30 5d 3b 72 65 74 75 72 6e 22 61 62 73 6f 6c 75 74 65 22 3d 3d 3d 74 68 69 73 2e 63 73 73 50 6f 73 69 74 69 6f 6e 26 26 74 68 69 73 2e 73 63 72 6f 6c 6c 50 61 72 65 6e 74 5b 30 5d 21 3d 3d 65 26 26 56 2e 63 6f 6e 74 61 69 6e 73 28 74 68 69 73 2e 73 63 72 6f 6c 6c 50 61 72 65 6e 74 5b 30 5d 2c 74 68 69 73 2e 6f 66 66 73 65 74 50 61 72 65 6e 74 5b 30 5d 29 26 26 28 74 2e 6c 65 66 74 2b 3d 74 68 69 73 2e 73 63 72 6f 6c 6c 50 61 72 65 6e 74 2e 73 63 72 6f 6c 6c 4c 65 66 74 28 29 2c 74 2e 74 6f 70 2b 3d 74 68 69 73 2e 73 63 72 6f 6c 6c 50 61 72 65 6e 74 2e 73 63 72 Data Ascii: ffset:function(){var t=this.offsetParent.offset(),e=this.document[0];return"absolute"===this.cssPosition&&this.scrollParent[0]!==e&&V.contains(this.scrollParent[0],this.offsetParent[0])&&(t.left+=this.scrollParent.scrollLeft(),t.top+=this.scrollParent.scr
2024-11-20 14:09:32 UTC	16384	IN	Data Raw: 74 2e 6f 66 66 73 65 74 28 29 2c 6e 5b 69 5d 2e 70 72 6f 70 6f 72 74 69 6f 6e 73 28 7b 77 69 64 74 68 3a 6e 5b 69 5d 2e 65 6c 65 6d 65 6e 74 5b 30 5d 2e 6f 66 66 73 65 74 57 69 64 74 68 2c 68 65 69 67 68 74 3a 6e 5b 69 5d 2e 65 6c 65 6d 65 6e 74 5b 30 5d 2e 6f 66 66 73 65 74 48 65 69 67 68 74 7d 29 29 7d 7d 2c 64 72 6f 70 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 76 61 72 20 69 3d 21 31 3b 72 65 74 75 72 6e 20 56 2e 65 61 63 68 28 28 56 2e 75 69 2e 64 64 6d 61 6e 61 67 65 72 2e 64 72 6f 70 70 61 62 6c 65 73 5b 74 2e 6f 70 74 69 6f 6e 73 2e 73 63 6f 70 65 5d 7c 7c 5b 5d 29 2e 73 6c 69 63 65 28 29 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 6f 70 74 69 6f 6e 73 26 26 28 21 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 64 69 73 61 62 6c 65 64 26 26 74 68 Data Ascii: t.offset(),n[i].proportions({width:n[i].element[0].offsetWidth,height:n[i].element[0].offsetHeight}))}},drop:function(t,e){var i=!1;return V.each((V.ui.ddmanager.droppables[t.options.scope]\|\|[]).slice(),function(){this.options&&(!this.options.disabled&&th

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.8	49721	104.18.87.62	443	6976	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:31 UTC	983	OUT	GET /hubfs/241394/html_file/files/img/KB4-logo.png HTTP/1.1 Host: cdn2.hubspot.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://secure.encryptedconnection.net/pages/5dcf267a4ff2/XUXIrOHR6RjhQNXRDVW5iWmFYNTZaZlB0Z1ZnZHBzcVhlTW1qdU04ZXpTUXRDVmJVWGZzaSsxd05aQUF3emJmeFZyVkhKN3RPM2cwU3NDMWkrMFhSbTcwSEh5N09lN256QnJjRG9sWklQRy9KZm14M1JhMER1NzVYVjFlZUxmeTZnQVc4Z0t1T2pTTnJ5dHN3NVNSTFljQzlxOFJRb2NraUtMVVZ4ckN0eVF1WTFCS3VqVnNZazlaSlUrK3ZjUE1PcVM1eFhrQT0tLUs1UUpQQ3gzcDZ1VzRKVVEtLW44eGZTZUNwWmFkTnlqMFJCODNDZUE9PQ== Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-20 14:09:32 UTC	1331	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:32 GMT Content-Type: image/webp Content-Length: 2368 Connection: close CF-Ray: 8e5904b0bc920c74-EWR CF-Cache-Status: HIT Accept-Ranges: bytes Access-Control-Allow-Origin: * Age: 528473 Cache-Control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900 Content-Disposition: inline; filename="KB4-logo.webp" ETag: "ddf47be00ad3eebaabd63fec4c5733f2" Last-Modified: Fri, 29 Mar 2024 19:46:11 GMT Vary: Accept Via: 1.1 dd462bc6996e0000e9b2cde9e1f25e20.cloudfront.net (CloudFront) Access-Control-Allow-Methods: GET cache-tag: F-3711502880,FD-3711502755,P-241394,FLS-ALL Cf-Bgj: imgq:85,h2pri Cf-Polished: origFmt=png, origSize=3873 Edge-Cache-Tag: F-3711502880,FD-3711502755,P-241394,FLS-ALL Timing-Allow-Origin: cdn2.hubspot.net X-Amz-Cf-Id: QKqrrk-o8hm4YOAc5hd22S53yFm2LEefdoJC-8A90IP2gpZ2suQ3fg== X-Amz-Cf-Pop: BOS50-P1 x-amz-id-2: jJtNu4bygFgZzqCYwDHQJVMDWNLrbBdcG7C+9mPmBg6z1SbJnfrVy8hgqaOpvZ3rFjX7G28zb3o= x-amz-meta-access-tag: public-not-indexable x-amz-meta-cache-tag: F-3711502880,FD-3711502755,P-241394,FLS-ALL x-amz-meta-created-unix-time-millis: 1447343595191 x-amz-meta-index-tag: none x-amz-replication-status: COMPLETED x-amz-request-id: 5T65YXZ9JEV92BRD x-amz-server-side-encryption: AES256 x-amz-storage-class: INTELLIGENT_TIERING
2024-11-20 14:09:32 UTC	597	IN	Data Raw: 78 2d 61 6d 7a 2d 76 65 72 73 69 6f 6e 2d 69 64 3a 20 47 4f 75 41 4a 7a 41 31 2e 62 6f 31 76 6a 6f 74 5f 48 73 71 30 6f 77 45 59 39 38 58 6a 59 48 39 0d 0a 58 2d 43 61 63 68 65 3a 20 52 65 66 72 65 73 68 48 69 74 20 66 72 6f 6d 20 63 6c 6f 75 64 66 72 6f 6e 74 0d 0a 58 2d 48 53 2d 43 46 2d 4c 61 6d 62 64 61 3a 20 75 73 2d 65 61 73 74 2d 31 2e 45 6e 66 6f 72 63 65 41 63 6c 46 6f 72 52 65 61 64 73 20 33 0d 0a 58 2d 48 53 2d 43 46 2d 4c 61 6d 62 64 61 2d 45 6e 66 6f 72 63 65 3a 20 75 73 2d 65 61 73 74 2d 31 2e 45 6e 66 6f 72 63 65 41 63 6c 46 6f 72 52 65 61 64 73 20 33 0d 0a 58 2d 52 6f 62 6f 74 73 2d 54 61 67 3a 20 6e 6f 6e 65 0d 0a 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c Data Ascii: x-amz-version-id: GOuAJzA1.bo1vjot_Hsq0owEY98XjYH9X-Cache: RefreshHit from cloudfrontX-HS-CF-Lambda: us-east-1.EnforceAclForReads 3X-HS-CF-Lambda-Enforce: us-east-1.EnforceAclForReads 3X-Robots-Tag: noneReport-To: {"endpoints":[{"url":"https:\/\
2024-11-20 14:09:32 UTC	810	IN	Data Raw: 52 49 46 46 38 09 00 00 57 45 42 50 56 50 38 4c 2c 09 00 00 2f c7 40 09 10 e2 30 90 b6 4d e3 5f f8 77 07 11 31 01 e9 57 56 61 55 0f 57 2c 4b db b6 fe 6d 93 a3 7d bc 4a da 5d 8f 80 97 3d 83 ee 3a 5d f7 44 7a 0e 3d 80 9e 01 fd 7e bf ef f7 fd ff 1e 4d b7 4f c9 50 6e 65 58 28 0c e6 e0 bf 0c f2 84 99 93 7f 33 d6 34 cc cc cc cc 8c 8a 03 0a 93 1c 86 3b 8c 66 3b 9c 98 49 32 d3 df 4c 1a cf fc b3 89 24 5b 4a ff 1f df f9 77 41 91 61 00 1d e4 97 05 2c e1 04 11 d8 40 02 24 db a6 5d d9 b6 6d db b6 6d db b6 6d db b6 ed a4 6c db 4e be 6d 63 4f 00 d4 6c db 96 2d db fe b8 bb 5b 74 a9 ae dd 35 b9 bb d3 dc 2d b9 25 97 01 fe 01 d8 82 41 1c 66 20 f9 0a 44 16 60 02 5f 40 2b c7 71 b5 3f fd 03 e0 f5 e9 38 0c d0 7f 28 b6 b5 2d ab 5e dc 69 96 2c b9 0e c0 5d 66 a0 c9 61 0c d0 a0 d1 Data Ascii: RIFF8WEBPVP8L,/@0M_w1WVaUW,Km}J]=:]Dz=~MOPneX(34;f;I2L$[JwAa,@$]mmmlNmcOl-[t5-%Af D`_@+q?8(-^i,]fa
2024-11-20 14:09:32 UTC	1369	IN	Data Raw: 03 94 5d 88 8a 49 a8 c7 90 06 f5 1d 7e 1e 65 84 5a 04 54 a0 03 55 06 c0 43 aa 4f 45 be 5b bb f8 86 0b 01 f5 5a 71 06 a9 46 e8 a0 68 63 cd 57 df e0 2c 45 e5 7c aa 42 75 c1 8e 2a 53 51 3b b9 c9 60 e0 61 02 c5 f5 10 f0 8d 0b 7c ff 0b 3f fc c3 84 7d 0f df be 43 4f 58 34 c0 f6 e6 c0 95 21 7b 27 50 c2 01 4a 05 38 3a 86 e2 55 eb 80 9a ac 04 5c 00 b4 53 b1 7b 38 55 31 dd 00 a8 cb 11 01 4a 02 50 f1 4e 2a 8a 5f d5 fd a9 39 4c e1 1e 0e bd 95 b2 23 3c 03 83 8f 76 a6 e2 6e 07 bd f6 4d b9 e5 13 38 1e fb 23 23 df 72 8a fc 5d 5c 14 9c 65 7c ed e2 12 ba af 44 ce 74 89 40 01 b7 ad b4 d5 19 fc a3 92 a5 68 80 87 40 25 07 a8 3c 50 77 ce ea 38 25 f9 b6 d2 53 71 6a 19 60 d6 08 67 5f 7f 2d 5c bb 89 b3 2b aa 1a 50 69 59 95 db 41 3d 28 cc 94 c5 40 a7 a0 d2 c6 80 8a 76 0c e8 35 c0 Data Ascii: ]I~eZTUCOE[ZqFhcW,E\|BuSQ;`a\|?}COX4!{'PJ8:U\S{8U1JPN_9L#<vnM8##r]\e\|Dt@h@%<Pw8%Sqj`g_-\+PiYA=(@v5
2024-11-20 14:09:32 UTC	189	IN	Data Raw: da 47 16 9d b7 04 3e 1c 55 38 57 7e ff 61 98 fa d6 54 72 68 d7 83 80 83 1a 42 2a ea 05 f0 bf 9a 3c 79 a7 2b ff 8a 03 1b 17 b7 23 ef 93 c5 e7 ad 81 df 6d 54 38 bb d3 bc fa ac b5 4f 1b ef 9c 6f 01 c3 1c 7c 14 a0 fa 5d 08 b5 d3 34 d4 39 37 bf 75 c7 b0 ab ff 5a a0 07 4f 79 f7 bc 7c a5 41 e5 6a 65 bf d2 1e d4 a5 cb c4 3c 75 b5 17 cc 0e b1 f7 b8 b4 e3 84 05 0b 0e bd 73 d7 11 ce 3d a0 ed bd 6d 15 63 d8 f5 17 ec 5e 7b 7a d0 bf 94 d3 f1 aa fa 93 1e 6d d4 dd 67 87 b7 f9 db 95 6f 28 a3 8d 56 01 21 e6 d0 33 3b aa e1 3f 9f bc 41 9b 35 97 76 ec f9 b1 e3 de ab d5 5b 9b e3 00 Data Ascii: G>U8W~aTrhB*<y+#mT8Oo\|]497uZOy\|Aje<us=mc^{zmgo(V!3;?A5v[

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.8	49720	20.109.210.53	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:33 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Eav6yS1hyZwo3x2&MD=4vYWh4rf HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-20 14:09:34 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 786ef079-00de-43dd-a9a0-8f51248054cd MS-RequestId: 60b2e0b1-6823-447b-b1fb-7013cb23c9f8 MS-CV: 99s87f8iH0ya5xuM.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 20 Nov 2024 14:09:33 GMT Connection: close Content-Length: 24490
2024-11-20 14:09:34 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-11-20 14:09:34 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.8	49725	104.18.87.62	443	6976	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:33 UTC	385	OUT	GET /hubfs/241394/html_file/files/img/KB4-logo.png HTTP/1.1 Host: cdn2.hubspot.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-20 14:09:34 UTC	1351	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:34 GMT Content-Type: image/png Content-Length: 3014 Connection: close CF-Ray: 8e5904bceb7f8c71-EWR CF-Cache-Status: HIT Accept-Ranges: bytes Access-Control-Allow-Origin: * Age: 522639 Cache-Control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900 ETag: "ddf47be00ad3eebaabd63fec4c5733f2" Last-Modified: Fri, 29 Mar 2024 19:46:11 GMT Vary: Accept Via: 1.1 dd462bc6996e0000e9b2cde9e1f25e20.cloudfront.net (CloudFront) Access-Control-Allow-Methods: GET cache-tag: F-3711502880,FD-3711502755,P-241394,FLS-ALL Cf-Bgj: imgq:85,h2pri Cf-Polished: origSize=3873 Edge-Cache-Tag: F-3711502880,FD-3711502755,P-241394,FLS-ALL Timing-Allow-Origin: cdn2.hubspot.net X-Amz-Cf-Id: QKqrrk-o8hm4YOAc5hd22S53yFm2LEefdoJC-8A90IP2gpZ2suQ3fg== X-Amz-Cf-Pop: BOS50-P1 x-amz-id-2: jJtNu4bygFgZzqCYwDHQJVMDWNLrbBdcG7C+9mPmBg6z1SbJnfrVy8hgqaOpvZ3rFjX7G28zb3o= x-amz-meta-access-tag: public-not-indexable x-amz-meta-cache-tag: F-3711502880,FD-3711502755,P-241394,FLS-ALL x-amz-meta-created-unix-time-millis: 1447343595191 x-amz-meta-index-tag: none x-amz-replication-status: COMPLETED x-amz-request-id: 5T65YXZ9JEV92BRD x-amz-server-side-encryption: AES256 x-amz-storage-class: INTELLIGENT_TIERING x-amz-version-id: GOuAJzA1.bo1vjot_Hsq0owEY98XjYH9 X-Cache: RefreshHit from cloudfront
2024-11-20 14:09:34 UTC	502	IN	Data Raw: 58 2d 48 53 2d 43 46 2d 4c 61 6d 62 64 61 3a 20 75 73 2d 65 61 73 74 2d 31 2e 45 6e 66 6f 72 63 65 41 63 6c 46 6f 72 52 65 61 64 73 20 33 0d 0a 58 2d 48 53 2d 43 46 2d 4c 61 6d 62 64 61 2d 45 6e 66 6f 72 63 65 3a 20 75 73 2d 65 61 73 74 2d 31 2e 45 6e 66 6f 72 63 65 41 63 6c 46 6f 72 52 65 61 64 73 20 33 0d 0a 58 2d 52 6f 62 6f 74 73 2d 54 61 67 3a 20 6e 6f 6e 65 0d 0a 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 34 3f 73 3d 32 37 31 72 65 53 62 73 6a 68 31 42 25 32 46 54 41 39 44 33 74 72 65 38 53 35 33 69 66 4e 4f 77 41 72 42 39 68 37 33 6c 70 4a 55 59 5a 39 72 62 42 4d 56 4c 54 Data Ascii: X-HS-CF-Lambda: us-east-1.EnforceAclForReads 3X-HS-CF-Lambda-Enforce: us-east-1.EnforceAclForReads 3X-Robots-Tag: noneReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=271reSbsjh1B%2FTA9D3tre8S53ifNOwArB9h73lpJUYZ9rbBMVLT
2024-11-20 14:09:34 UTC	885	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 c8 00 00 00 26 08 06 00 00 00 81 16 d4 6c 00 00 0b 8d 49 44 41 54 78 da ec da 7b 68 97 55 1c c7 71 f7 9b b7 4d 73 22 65 a9 65 6a 2c bb 98 4d cc 2c 5d 28 26 d4 e8 42 17 b0 12 29 47 e2 46 9a b8 84 32 f3 32 32 6f 59 ce d4 c2 14 91 d4 4c 12 25 c3 b4 0b 16 69 46 a6 a5 2e 99 97 92 4c a7 65 da 98 64 73 6e ce 4f 6f f0 40 a7 83 3f f7 9c df cf 07 f6 1b cf 81 d7 1f db 79 be cf d9 73 9e f3 f9 3d 97 fd 9a 44 2d 6a 51 bb 44 d3 c8 26 43 31 dc c8 4d 72 5f 39 18 6e e9 1e cd 70 83 38 c7 57 a1 00 c5 78 17 eb b0 05 a5 38 64 ec c7 4e 6c c2 62 8c c5 3d 68 d6 08 e7 62 3c 16 60 06 ba d7 57 20 cb 47 49 0c 9c 8d 53 90 51 8e f6 d1 f2 6c 10 8b 62 20 94 a0 0a cc 47 e7 46 32 17 2b 20 a3 12 ed 43 0f 08 75 99 f8 09 32 6a d1 3f 5a Data Ascii: PNGIHDR&lIDATx{hUqMs"eej,M,](&B)GF222oYL%iF.LedsnOo@?ys=D-jQD&C1Mr_9np8Wx8dNlb=hb<`W GISQlb GF2+ Cu2j?Z
2024-11-20 14:09:34 UTC	1369	IN	Data Raw: fe 71 3e b9 3b 9a ee 64 03 b2 10 1f 3a b7 4f b3 d0 29 4e ed 20 94 fb 5c c9 e8 bf 05 95 10 80 d7 73 a5 f2 52 d5 db aa 2a a5 55 63 44 98 dc 90 64 3b 63 74 87 2c 2b 3c e6 63 3b 04 57 ef 80 f5 83 21 4b cf 24 02 e2 d6 dd 86 ef 20 cb 67 88 05 ac 2f 80 2c 35 98 54 cf f3 67 37 6c 84 2c 07 90 19 70 cc bb 20 cb 94 38 db 5d 83 fe c8 43 5f 34 f7 0e 08 3f 5f 81 03 90 51 87 7b 4d 77 d2 01 71 1e f8 cb d1 33 40 fd ad a8 81 8c 0a b4 8c b3 6d 2b ec 83 00 b0 e0 75 be 4e 12 ed 5c 8d b4 ed 7d 69 c9 30 69 6a 2f e9 d5 db a5 f9 0f 48 1b a6 4b 15 47 64 da 85 2b ca e8 4c 7b 9e 76 a3 a5 33 d6 5e e7 53 2f 16 e0 58 ae 85 2c 76 90 a7 06 9c cf 39 90 f1 6b c0 b7 58 b3 91 03 57 2e 1e c6 64 7c 03 39 d6 7a 2c d4 6e ce 6d 59 35 06 05 ac 8d 61 31 64 99 1e a4 ce 79 4e fe 0d 19 71 b6 2d 86 2c Data Ascii: q>;d:O)N \sR*UcDd;ct,+<c;W!K$ g/,5Tg7l,p 8]C_4?_Q{Mwq3@m+uN\}i0ij/HKGd+L{v3^S/X,v9kXW.d\|9z,nmY5a1dyNq-,
2024-11-20 14:09:34 UTC	760	IN	Data Raw: 85 81 44 b0 a7 c1 b7 df b1 00 c4 71 17 6c 31 08 8a 4e 13 81 e0 3c b3 07 da be 9c 22 02 c1 11 d8 9e cd 25 24 c5 f9 bb 9a 9b e4 96 1e 0e 7d dc ef 92 b3 35 3d 46 34 9a 14 66 2b f1 a9 6e 86 84 82 04 0b 24 0f 63 63 9a 3a 2d ea ba 81 c9 f0 51 1c 69 90 40 19 24 5d c6 02 01 9f ff 15 98 0b cf 49 21 81 2c 64 c8 0e f1 84 75 b6 93 53 7e fa 8a 0c e2 1c 27 21 e3 18 b3 7e ff 62 42 31 9e f1 18 ba d6 c5 93 44 c2 d9 44 6d b9 1d 22 d6 f3 9d a6 4e 0d d4 99 e6 f3 01 70 1b 99 1a 4b 50 64 3b 35 75 d6 d9 9e 8b b5 1a da f7 32 85 29 22 90 0c e6 17 6b 81 bc 75 df 60 8a 49 f7 ef 4e 2c c4 6b 7e 91 44 ab 49 38 a5 f1 ba 6c f3 f0 8c 6b 21 cd 3e 04 fd 56 27 41 20 75 d0 d7 6b 1e 72 e5 f6 5e 93 f4 12 fc 22 dd ad fd 2e e8 a3 95 19 9b 24 81 60 9d 79 0c 59 b3 63 11 d1 c6 22 fc f9 8c 18 f7 37 Data Ascii: Dql1N<"%$}5=F4f+n$cc:-Qi@$]I!,duS~'!~bB1DDm"NpKPd;5u2)"ku`IN,k~DI8lk!>V'A ukr^".$`yYc"7

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.8	49726	52.209.169.238	443	6976	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:34 UTC	775	OUT	GET /assets/sei-flag-90af55d793544fe1893f26677661a4252761afbe811fab0eced85c67bc82f984.png HTTP/1.1 Host: secure.encryptedconnection.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://secure.encryptedconnection.net/assets/sei-styles-1837e0b6e1baaf1af90438028a176241b70a365a8a09ff4bf668cf3bf9e3c759.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-20 14:09:34 UTC	241	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:34 GMT Content-Type: image/png Content-Length: 3168 Connection: close Last-Modified: Tue, 19 Nov 2024 17:51:47 GMT Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
2024-11-20 14:09:34 UTC	3168	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 f0 00 00 00 f0 08 06 00 00 00 3e 55 e9 92 00 00 0c 27 49 44 41 54 78 da ed 9d 5d 88 5c e5 19 80 65 09 21 88 48 90 10 42 2f 4a 08 22 22 22 52 8a 84 52 a4 88 14 e9 45 29 22 d2 0b 2f 8a 17 22 e2 85 48 10 11 33 73 e6 cc 99 99 9d cc fe 26 ec 4f c2 0e 9b dd 64 0d 51 4a 13 4c 8c 89 11 11 1b ac 50 ed 85 6d a5 55 bb 8d 75 b3 51 b3 99 24 9b ec ee fc ad 7d bf 35 17 a9 4d 9c dd ec ec bc df 7b f6 79 e0 21 41 e2 ce 9c ef 7c cf 7c df d9 d9 33 7b cb 2d 4d e6 db ed db bf 6d a6 cd 7e 7e 00 f0 03 10 30 80 61 08 18 c0 30 04 0c 60 18 02 06 30 0c 01 03 18 86 80 01 0c 43 c0 00 86 21 60 00 c3 10 30 80 61 08 18 c0 30 04 bc 3c fe 7a fc f8 ba 0b 03 03 77 cd 74 74 3c 58 ce 66 1f ab 66 b3 4f cd 66 b3 2f d6 a2 28 51 4b 26 73 e5 Data Ascii: PNGIHDR>U'IDATx]\e!HB/J"""RRE)"/"H3s&OdQJLPmUuQ$}5M{y!A\|\|3{-Mm~~0a0`0C!`0a0<zwtt<XffOf/(QK&s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.8	49727	54.194.166.37	443	6976	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:34 UTC	440	OUT	GET /assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js HTTP/1.1 Host: secure.encryptedconnection.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-20 14:09:35 UTC	279	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:35 GMT Content-Type: application/javascript Content-Length: 380848 Connection: close Last-Modified: Tue, 19 Nov 2024 17:51:47 GMT Vary: accept-encoding Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
2024-11-20 14:09:35 UTC	16105	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 37 2e 31 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 Data Ascii: /! jQuery v3.7.1 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQu
2024-11-20 14:09:35 UTC	10519	IN	Data Raw: 4e 61 6d 65 29 7d 2c 69 6e 70 75 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 4e 2e 74 65 73 74 28 65 2e 6e 6f 64 65 4e 61 6d 65 29 7d 2c 62 75 74 74 6f 6e 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 66 65 28 65 2c 22 69 6e 70 75 74 22 29 26 26 22 62 75 74 74 6f 6e 22 3d 3d 3d 65 2e 74 79 70 65 7c 7c 66 65 28 65 2c 22 62 75 74 74 6f 6e 22 29 7d 2c 74 65 78 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3b 72 65 74 75 72 6e 20 66 65 28 65 2c 22 69 6e 70 75 74 22 29 26 26 22 74 65 78 74 22 3d 3d 3d 65 2e 74 79 70 65 26 26 28 6e 75 6c 6c 3d 3d 28 74 3d 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 74 79 70 65 22 29 29 7c 7c 22 74 65 78 74 22 3d 3d 3d 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 7d 2c 66 69 72 Data Ascii: Name)},input:function(e){return N.test(e.nodeName)},button:function(e){return fe(e,"input")&&"button"===e.type\|\|fe(e,"button")},text:function(e){var t;return fe(e,"input")&&"text"===e.type&&(null==(t=e.getAttribute("type"))\|\|"text"===t.toLowerCase())},fir
2024-11-20 14:09:35 UTC	16384	IN	Data Raw: 67 75 6d 65 6e 74 73 29 2c 74 68 69 73 7d 2c 22 63 61 74 63 68 22 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 61 2e 74 68 65 6e 28 6e 75 6c 6c 2c 65 29 7d 2c 70 69 70 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 69 3d 61 72 67 75 6d 65 6e 74 73 3b 72 65 74 75 72 6e 20 63 65 2e 44 65 66 65 72 72 65 64 28 66 75 6e 63 74 69 6f 6e 28 72 29 7b 63 65 2e 65 61 63 68 28 6f 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 76 28 69 5b 74 5b 34 5d 5d 29 26 26 69 5b 74 5b 34 5d 5d 3b 73 5b 74 5b 31 5d 5d 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 6e 26 26 6e 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 3b 65 26 26 76 28 65 2e 70 72 6f 6d 69 73 65 29 3f 65 2e 70 72 6f 6d 69 73 65 28 29 2e 70 72 6f 67 Data Ascii: guments),this},"catch":function(e){return a.then(null,e)},pipe:function(){var i=arguments;return ce.Deferred(function(r){ce.each(o,function(e,t){var n=v(i[t[4]])&&i[t[4]];s[t[1]](function(){var e=n&&n.apply(this,arguments);e&&v(e.promise)?e.promise().prog
2024-11-20 14:09:35 UTC	16384	IN	Data Raw: 67 65 74 54 6f 75 63 68 65 73 3a 21 30 2c 74 6f 45 6c 65 6d 65 6e 74 3a 21 30 2c 74 6f 75 63 68 65 73 3a 21 30 2c 77 68 69 63 68 3a 21 30 7d 2c 63 65 2e 65 76 65 6e 74 2e 61 64 64 50 72 6f 70 29 2c 63 65 2e 65 61 63 68 28 7b 66 6f 63 75 73 3a 22 66 6f 63 75 73 69 6e 22 2c 62 6c 75 72 3a 22 66 6f 63 75 73 6f 75 74 22 7d 2c 66 75 6e 63 74 69 6f 6e 28 72 2c 69 29 7b 66 75 6e 63 74 69 6f 6e 20 6f 28 65 29 7b 69 66 28 43 2e 64 6f 63 75 6d 65 6e 74 4d 6f 64 65 29 7b 76 61 72 20 74 3d 5f 2e 67 65 74 28 74 68 69 73 2c 22 68 61 6e 64 6c 65 22 29 2c 6e 3d 63 65 2e 65 76 65 6e 74 2e 66 69 78 28 65 29 3b 6e 2e 74 79 70 65 3d 22 66 6f 63 75 73 69 6e 22 3d 3d 3d 65 2e 74 79 70 65 3f 22 66 6f 63 75 73 22 3a 22 62 6c 75 72 22 2c 6e 2e 69 73 53 69 6d 75 6c 61 74 65 64 3d Data Ascii: getTouches:!0,toElement:!0,touches:!0,which:!0},ce.event.addProp),ce.each({focus:"focusin",blur:"focusout"},function(r,i){function o(e){if(C.documentMode){var t=_.get(this,"handle"),n=ce.event.fix(e);n.type="focusin"===e.type?"focus":"blur",n.isSimulated=
2024-11-20 14:09:35 UTC	16384	IN	Data Raw: 69 6e 20 74 2c 70 3d 74 68 69 73 2c 64 3d 7b 7d 2c 68 3d 65 2e 73 74 79 6c 65 2c 67 3d 65 2e 6e 6f 64 65 54 79 70 65 26 26 65 65 28 65 29 2c 76 3d 5f 2e 67 65 74 28 65 2c 22 66 78 73 68 6f 77 22 29 3b 66 6f 72 28 72 20 69 6e 20 6e 2e 71 75 65 75 65 7c 7c 28 6e 75 6c 6c 3d 3d 28 61 3d 63 65 2e 5f 71 75 65 75 65 48 6f 6f 6b 73 28 65 2c 22 66 78 22 29 29 2e 75 6e 71 75 65 75 65 64 26 26 28 61 2e 75 6e 71 75 65 75 65 64 3d 30 2c 73 3d 61 2e 65 6d 70 74 79 2e 66 69 72 65 2c 61 2e 65 6d 70 74 79 2e 66 69 72 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 61 2e 75 6e 71 75 65 75 65 64 7c 7c 73 28 29 7d 29 2c 61 2e 75 6e 71 75 65 75 65 64 2b 2b 2c 70 2e 61 6c 77 61 79 73 28 66 75 6e 63 74 69 6f 6e 28 29 7b 70 2e 61 6c 77 61 79 73 28 66 75 6e 63 74 69 6f 6e 28 29 7b 61 2e Data Ascii: in t,p=this,d={},h=e.style,g=e.nodeType&&ee(e),v=_.get(e,"fxshow");for(r in n.queue\|\|(null==(a=ce._queueHooks(e,"fx")).unqueued&&(a.unqueued=0,s=a.empty.fire,a.empty.fire=function(){a.unqueued\|\|s()}),a.unqueued++,p.always(function(){p.always(function(){a.
2024-11-20 14:09:35 UTC	16384	IN	Data Raw: 22 2c 76 2e 64 61 74 61 54 79 70 65 73 5b 30 5d 26 26 76 2e 61 63 63 65 70 74 73 5b 76 2e 64 61 74 61 54 79 70 65 73 5b 30 5d 5d 3f 76 2e 61 63 63 65 70 74 73 5b 76 2e 64 61 74 61 54 79 70 65 73 5b 30 5d 5d 2b 28 22 2a 22 21 3d 3d 76 2e 64 61 74 61 54 79 70 65 73 5b 30 5d 3f 22 2c 20 22 2b 7a 74 2b 22 3b 20 71 3d 30 2e 30 31 22 3a 22 22 29 3a 76 2e 61 63 63 65 70 74 73 5b 22 2a 22 5d 29 2c 76 2e 68 65 61 64 65 72 73 29 54 2e 73 65 74 52 65 71 75 65 73 74 48 65 61 64 65 72 28 69 2c 76 2e 68 65 61 64 65 72 73 5b 69 5d 29 3b 69 66 28 76 2e 62 65 66 6f 72 65 53 65 6e 64 26 26 28 21 31 3d 3d 3d 76 2e 62 65 66 6f 72 65 53 65 6e 64 2e 63 61 6c 6c 28 79 2c 54 2c 76 29 7c 7c 68 29 29 72 65 74 75 72 6e 20 54 2e 61 62 6f 72 74 28 29 3b 69 66 28 75 3d 22 61 62 6f 72 Data Ascii: ",v.dataTypes[0]&&v.accepts[v.dataTypes[0]]?v.accepts[v.dataTypes[0]]+(""!==v.dataTypes[0]?", "+zt+"; q=0.01":""):v.accepts[""]),v.headers)T.setRequestHeader(i,v.headers[i]);if(v.beforeSend&&(!1===v.beforeSend.call(y,T,v)\|\|h))return T.abort();if(u="abor
2024-11-20 14:09:35 UTC	16384	IN	Data Raw: 26 26 28 69 3d 56 28 73 2e 67 65 74 28 29 29 2c 74 68 69 73 2e 5f 72 65 6d 6f 76 65 43 6c 61 73 73 28 73 2c 65 29 2c 69 2e 61 64 64 43 6c 61 73 73 28 74 68 69 73 2e 5f 63 6c 61 73 73 65 73 28 7b 65 6c 65 6d 65 6e 74 3a 69 2c 6b 65 79 73 3a 65 2c 63 6c 61 73 73 65 73 3a 74 2c 61 64 64 3a 21 30 7d 29 29 29 7d 2c 5f 73 65 74 4f 70 74 69 6f 6e 44 69 73 61 62 6c 65 64 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 74 68 69 73 2e 5f 74 6f 67 67 6c 65 43 6c 61 73 73 28 74 68 69 73 2e 77 69 64 67 65 74 28 29 2c 74 68 69 73 2e 77 69 64 67 65 74 46 75 6c 6c 4e 61 6d 65 2b 22 2d 64 69 73 61 62 6c 65 64 22 2c 6e 75 6c 6c 2c 21 21 74 29 2c 74 26 26 28 74 68 69 73 2e 5f 72 65 6d 6f 76 65 43 6c 61 73 73 28 74 68 69 73 2e 68 6f 76 65 72 61 62 6c 65 2c 6e 75 6c 6c 2c 22 75 69 2d Data Ascii: &&(i=V(s.get()),this._removeClass(s,e),i.addClass(this._classes({element:i,keys:e,classes:t,add:!0})))},_setOptionDisabled:function(t){this._toggleClass(this.widget(),this.widgetFullName+"-disabled",null,!!t),t&&(this._removeClass(this.hoverable,null,"ui-
2024-11-20 14:09:35 UTC	16384	IN	Data Raw: 69 3d 65 2e 61 63 74 69 76 65 45 6c 65 6d 65 6e 74 7d 63 61 74 63 68 28 74 29 7b 69 3d 65 2e 62 6f 64 79 7d 72 65 74 75 72 6e 28 69 3d 69 7c 7c 65 2e 62 6f 64 79 29 2e 6e 6f 64 65 4e 61 6d 65 7c 7c 28 69 3d 65 2e 62 6f 64 79 29 2c 69 7d 2c 56 2e 75 69 2e 73 61 66 65 42 6c 75 72 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 74 26 26 22 62 6f 64 79 22 21 3d 3d 74 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 26 26 56 28 74 29 2e 74 72 69 67 67 65 72 28 22 62 6c 75 72 22 29 7d 3b 56 2e 77 69 64 67 65 74 28 22 75 69 2e 64 72 61 67 67 61 62 6c 65 22 2c 56 2e 75 69 2e 6d 6f 75 73 65 2c 7b 76 65 72 73 69 6f 6e 3a 22 31 2e 31 33 2e 32 22 2c 77 69 64 67 65 74 45 76 65 6e 74 50 72 65 66 69 78 3a 22 64 72 61 67 22 2c 6f 70 74 69 6f 6e 73 3a 7b 61 64 Data Ascii: i=e.activeElement}catch(t){i=e.body}return(i=i\|\|e.body).nodeName\|\|(i=e.body),i},V.ui.safeBlur=function(t){t&&"body"!==t.nodeName.toLowerCase()&&V(t).trigger("blur")};V.widget("ui.draggable",V.ui.mouse,{version:"1.13.2",widgetEventPrefix:"drag",options:{ad
2024-11-20 14:09:35 UTC	16384	IN	Data Raw: 74 65 6e 64 28 69 2e 5f 75 69 48 61 73 68 28 29 2c 7b 73 6e 61 70 49 74 65 6d 3a 69 2e 73 6e 61 70 45 6c 65 6d 65 6e 74 73 5b 76 5d 2e 69 74 65 6d 7d 29 29 2c 69 2e 73 6e 61 70 45 6c 65 6d 65 6e 74 73 5b 76 5d 2e 73 6e 61 70 70 69 6e 67 3d 21 31 29 3a 28 22 69 6e 6e 65 72 22 21 3d 3d 64 2e 73 6e 61 70 4d 6f 64 65 26 26 28 73 3d 4d 61 74 68 2e 61 62 73 28 68 2d 5f 29 3c 3d 70 2c 6e 3d 4d 61 74 68 2e 61 62 73 28 63 2d 6d 29 3c 3d 70 2c 6f 3d 4d 61 74 68 2e 61 62 73 28 72 2d 67 29 3c 3d 70 2c 61 3d 4d 61 74 68 2e 61 62 73 28 6c 2d 66 29 3c 3d 70 2c 73 26 26 28 65 2e 70 6f 73 69 74 69 6f 6e 2e 74 6f 70 3d 69 2e 5f 63 6f 6e 76 65 72 74 50 6f 73 69 74 69 6f 6e 54 6f 28 22 72 65 6c 61 74 69 76 65 22 2c 7b 74 6f 70 3a 68 2d 69 2e 68 65 6c 70 65 72 50 72 6f 70 6f Data Ascii: tend(i._uiHash(),{snapItem:i.snapElements[v].item})),i.snapElements[v].snapping=!1):("inner"!==d.snapMode&&(s=Math.abs(h-_)<=p,n=Math.abs(c-m)<=p,o=Math.abs(r-g)<=p,a=Math.abs(l-f)<=p,s&&(e.position.top=i._convertPositionTo("relative",{top:h-i.helperPropo
2024-11-20 14:09:35 UTC	16384	IN	Data Raw: 70 65 63 74 52 61 74 69 6f 2c 65 3e 6e 2e 6d 69 6e 57 69 64 74 68 26 26 28 6e 2e 6d 69 6e 57 69 64 74 68 3d 65 29 2c 69 3e 6e 2e 6d 69 6e 48 65 69 67 68 74 26 26 28 6e 2e 6d 69 6e 48 65 69 67 68 74 3d 69 29 2c 73 3c 6e 2e 6d 61 78 57 69 64 74 68 26 26 28 6e 2e 6d 61 78 57 69 64 74 68 3d 73 29 2c 74 3c 6e 2e 6d 61 78 48 65 69 67 68 74 26 26 28 6e 2e 6d 61 78 48 65 69 67 68 74 3d 74 29 29 2c 74 68 69 73 2e 5f 76 42 6f 75 6e 64 61 72 69 65 73 3d 6e 7d 2c 5f 75 70 64 61 74 65 43 61 63 68 65 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 74 68 69 73 2e 6f 66 66 73 65 74 3d 74 68 69 73 2e 68 65 6c 70 65 72 2e 6f 66 66 73 65 74 28 29 2c 74 68 69 73 2e 5f 69 73 4e 75 6d 62 65 72 28 74 2e 6c 65 66 74 29 26 26 28 74 68 69 73 2e 70 6f 73 69 74 69 6f 6e 2e 6c 65 66 74 3d 74 Data Ascii: pectRatio,e>n.minWidth&&(n.minWidth=e),i>n.minHeight&&(n.minHeight=i),s<n.maxWidth&&(n.maxWidth=s),t<n.maxHeight&&(n.maxHeight=t)),this._vBoundaries=n},_updateCache:function(t){this.offset=this.helper.offset(),this._isNumber(t.left)&&(this.position.left=t

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.8	49730	52.209.169.238	443	6976	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:36 UTC	964	OUT	GET /favicon.ico HTTP/1.1 Host: secure.encryptedconnection.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://secure.encryptedconnection.net/pages/5dcf267a4ff2/XUXIrOHR6RjhQNXRDVW5iWmFYNTZaZlB0Z1ZnZHBzcVhlTW1qdU04ZXpTUXRDVmJVWGZzaSsxd05aQUF3emJmeFZyVkhKN3RPM2cwU3NDMWkrMFhSbTcwSEh5N09lN256QnJjRG9sWklQRy9KZm14M1JhMER1NzVYVjFlZUxmeTZnQVc4Z0t1T2pTTnJ5dHN3NVNSTFljQzlxOFJRb2NraUtMVVZ4ckN0eVF1WTFCS3VqVnNZazlaSlUrK3ZjUE1PcVM1eFhrQT0tLUs1UUpQQ3gzcDZ1VzRKVVEtLW44eGZTZUNwWmFkTnlqMFJCODNDZUE9PQ== Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-20 14:09:36 UTC	253	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:36 GMT Content-Type: image/vnd.microsoft.icon Content-Length: 0 Connection: close Last-Modified: Tue, 19 Nov 2024 17:52:33 GMT Strict-Transport-Security: max-age=63113904; includeSubDomains; preload

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.8	49731	54.194.166.37	443	6976	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:36 UTC	438	OUT	GET /assets/sei-flag-90af55d793544fe1893f26677661a4252761afbe811fab0eced85c67bc82f984.png HTTP/1.1 Host: secure.encryptedconnection.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-20 14:09:37 UTC	241	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:36 GMT Content-Type: image/png Content-Length: 3168 Connection: close Last-Modified: Tue, 19 Nov 2024 17:51:47 GMT Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
2024-11-20 14:09:37 UTC	3168	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 f0 00 00 00 f0 08 06 00 00 00 3e 55 e9 92 00 00 0c 27 49 44 41 54 78 da ed 9d 5d 88 5c e5 19 80 65 09 21 88 48 90 10 42 2f 4a 08 22 22 22 52 8a 84 52 a4 88 14 e9 45 29 22 d2 0b 2f 8a 17 22 e2 85 48 10 11 33 73 e6 cc 99 99 9d cc fe 26 ec 4f c2 0e 9b dd 64 0d 51 4a 13 4c 8c 89 11 11 1b ac 50 ed 85 6d a5 55 bb 8d 75 b3 51 b3 99 24 9b ec ee fc ad 7d bf 35 17 a9 4d 9c dd ec ec bc df 7b f6 79 e0 21 41 e2 ce 9c ef 7c cf 7c df d9 d9 33 7b cb 2d 4d e6 db ed db bf 6d a6 cd 7e 7e 00 f0 03 10 30 80 61 08 18 c0 30 04 0c 60 18 02 06 30 0c 01 03 18 86 80 01 0c 43 c0 00 86 21 60 00 c3 10 30 80 61 08 18 c0 30 04 bc 3c fe 7a fc f8 ba 0b 03 03 77 cd 74 74 3c 58 ce 66 1f ab 66 b3 4f cd 66 b3 2f d6 a2 28 51 4b 26 73 e5 Data Ascii: PNGIHDR>U'IDATx]\e!HB/J"""RRE)"/"H3s&OdQJLPmUuQ$}5M{y!A\|\|3{-Mm~~0a0`0C!`0a0<zwtt<XffOf/(QK&s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.8	49732	54.194.166.37	443	6976	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:09:38 UTC	365	OUT	GET /favicon.ico HTTP/1.1 Host: secure.encryptedconnection.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-20 14:09:38 UTC	253	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:09:38 GMT Content-Type: image/vnd.microsoft.icon Content-Length: 0 Connection: close Last-Modified: Tue, 19 Nov 2024 17:52:33 GMT Strict-Transport-Security: max-age=63113904; includeSubDomains; preload

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.8	49735	20.109.210.53	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:10:13 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Eav6yS1hyZwo3x2&MD=4vYWh4rf HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-20 14:10:14 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 59a9330a-ca82-49cc-8e55-f407a8d8a2f7 MS-RequestId: 9ec45959-33d9-45cf-8bd9-23c1088ae0f3 MS-CV: kNjI7ADJzUSyG8BY.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 20 Nov 2024 14:10:12 GMT Connection: close Content-Length: 30005
2024-11-20 14:10:14 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-11-20 14:10:14 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.8	49738	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:10:33 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:10:34 UTC	471	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:10:34 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Cache-Control: public Last-Modified: Tue, 19 Nov 2024 13:10:03 GMT ETag: "0x8DD089B7B2F27B3" x-ms-request-id: 082f1a68-301e-005d-348c-3ae448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T141033Z-185f5d8b95ctl8xlhC1NYCn94g0000000aag00000000puw0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:10:34 UTC	15913	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-11-20 14:10:34 UTC	16384	IN	Data Raw: 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 Data Ascii: /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" /> </L> <R> <V V="400" T="I32" />
2024-11-20 14:10:34 UTC	16384	IN	Data Raw: 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d Data Ascii: .0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryShutdown" />
2024-11-20 14:10:34 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 31 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 46 69 6c 65 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 38 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 Data Ascii: </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32" I="11" O="true" N="File_Count"> <S T="8" F="Count" /> </C>
2024-11-20 14:10:34 UTC	16384	IN	Data Raw: 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 52 65 73 75 6c 74 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 32 22 20 2f 3e 0d 0a 20 Data Ascii: <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Count_CreateResult_ValidPersona_False"> <C> <S T="12" />
2024-11-20 14:10:34 UTC	16384	IN	Data Raw: 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6c 65 61 6e 75 70 4d 73 6f 50 65 72 73 6f 6e 61 5f 49 4d 73 6f 50 65 72 73 6f 6e Data Ascii: Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C> </C> <C T="U32" I="21" O="false" N="CleanupMsoPersona_IMsoPerson
2024-11-20 14:10:34 UTC	16384	IN	Data Raw: 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 Data Ascii: <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="400"
2024-11-20 14:10:34 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 46 61 69 6c 65 64 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 Data Ascii: </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIntegrationFirstCallFailedCount"> <C> <S T="10" /> </C
2024-11-20 14:10:34 UTC	16384	IN	Data Raw: 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 Data Ascii: L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L> <R> <V V="false" T="B" /> </R>
2024-11-20 14:10:34 UTC	16384	IN	Data Raw: 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 Data Ascii: us" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <L> <S T="2" F="HttpStatus" /> </L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.8	49741	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:10:36 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:10:37 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:10:37 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: ac6669be-e01e-003c-668c-3ac70b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T141037Z-185f5d8b95c96jn4hC1NYCbgp80000000a8000000000q8cz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:10:37 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.8	49742	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:10:36 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:10:37 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:10:37 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: 8753231e-501e-008f-038c-3a9054000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T141037Z-185f5d8b95c4hl5whC1NYCeex00000000a5000000000pw96 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:10:37 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.8	49743	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:10:36 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:10:37 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:10:37 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 884d2a23-a01e-00ab-5b8c-3a9106000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T141037Z-1777c6cb754lvj6mhC1TEBke9400000009ng00000000ppk9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:10:37 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.8	49740	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:10:37 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:10:37 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:10:37 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: f909c6c7-c01e-0049-518c-3aac27000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T141037Z-r1d97b99577dd2gchC1TEBz5ys00000008r000000000k4db x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:10:37 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.8	49744	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:10:37 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:10:37 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:10:37 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: e579fe48-a01e-001e-648c-3a49ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T141037Z-r1d97b9957744xz5hC1TEB5bf800000008x0000000005hty x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:10:37 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.8	49747	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:10:39 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:10:39 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:10:39 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: bfe6cc7a-201e-006e-7e8c-3abbe3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T141039Z-185f5d8b95cqnkdjhC1NYCm8w80000000a6g00000000cu55 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:10:39 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.8	49746	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:10:39 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:10:39 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:10:39 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: 3126d9de-f01e-0099-4d8c-3a9171000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T141039Z-185f5d8b95cdcwrthC1NYCy5b80000000acg000000004x29 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:10:39 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.8	49750	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:10:39 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-20 14:10:39 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 14:10:39 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: 7f65a9a1-801e-0067-788c-3afe30000000 x-ms-version: 2018-03-28 x-azure-ref: 20241120T141039Z-185f5d8b95crwqd8hC1NYCps680000000a7g00000000pq7n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-20 14:10:39 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.8	49748	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:10:39 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.8	49749	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-20 14:10:39 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 7004, Parent PID: 1500

General

Target ID:	0
Start time:	09:09:11
Start date:	20/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6976, Parent PID: 7004

General

Target ID:	2
Start time:	09:09:17
Start date:	20/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1904,i,1799070922863384488,5680841517388367676,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 5012, Parent PID: 1500

General

Target ID:	3
Start time:	09:09:19
Start date:	20/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://covid19.auth-verify.com/XUXIrOHR6RjhQNXRDVW5iWmFYNTZaZlB0Z1ZnZHBzcVhlTW1qdU04ZXpTUXRDVmJVWGZzaSsxd05aQUF3emJmeFZyVkhKN3RPM2cwU3NDMWkrMFhSbTcwSEh5N09lN256QnJjRG9sWklQRy9KZm14M1JhMER1NzVYVjFlZUxmeTZnQVc4Z0t1T2pTTnJ5dHN3NVNSTFljQzlxOFJRb2NraUtMVVZ4ckN0eVF1WTFCS3VqVnNZazlaSlUrK3ZjUE1PcVM1eFhrQT0tLUs1UUpQQ3gzcDZ1VzRKVVEtLW44eGZTZUNwWmFkTnlqMFJCODNDZUE9PQ==?cid=289532680"
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers