Edit tour

Windows Analysis Report
https://confirmationportal.com/cde2feda-a864-42b3-839c-7a2fa5508400/a/0c6ea613-19e3-408d-b644-ef80407a16a5/ccp?lang=it-IT

Overview

General Information

Sample URL:	https://confirmationportal.com/cde2feda-a864-42b3-839c-7a2fa5508400/a/0c6ea613-19e3-408d-b644-ef80407a16a5/ccp?lang=it-IT
Analysis ID:	1521949
Tags:	openphish
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

HTML page contains hidden javascript code

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5044 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 1056 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=2088,i,15873703508875450898,2543275696707719788,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 5016 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://confirmationportal.com/cde2feda-a864-42b3-839c-7a2fa5508400/a/0c6ea613-19e3-408d-b644-ef80407a16a5/ccp?lang=it-IT" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://confirmationportal.com/cde2feda-a864-42b3-839c-7a2fa5508400/a/0c6ea613-19e3-408d-b644-ef80407a16a5/ccp?lang=it-IT

HTTP Parser: Base64 decoded: <svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 197 29"> <path fill="#F9F9F9" d="M39.673 1.14c-1.483 1.56-1.94 2.398-3.004 4.756l-9.846 22.633-6.967-15.862-6.884 15.862L3.045 5.896C2.017 3.538 1.565 2.776.039 1.14h12.59a3.879 3.879 0 0 ...

Source: https://confirmationportal.com/cde2feda-a864-42b3-839c-7a2fa5508400/a/0c6ea613-19e3-408d-b644-ef80407a16a5/ccp?lang=it-IT

HTTP Parser: No favicon

Source: unknown

HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49735 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49741 version: TLS 1.2

Source: unknown

HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49735 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64

Source: global traffic	HTTP traffic detected: GET /cde2feda-a864-42b3-839c-7a2fa5508400/a/0c6ea613-19e3-408d-b644-ef80407a16a5/ccp?lang=it-IT HTTP/1.1Host: confirmationportal.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://confirmationportal.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://confirmationportal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /attack-sim/lp/js/credentialCaptureTelemetry.js HTTP/1.1Host: client-resources.outthink.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://confirmationportal.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://confirmationportal.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: confirmationportal.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://confirmationportal.com/cde2feda-a864-42b3-839c-7a2fa5508400/a/0c6ea613-19e3-408d-b644-ef80407a16a5/ccp?lang=it-ITAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /attack-sim/lp/js/credentialCaptureTelemetry.js HTTP/1.1Host: client-resources.outthink.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: confirmationportal.com
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: client-resources.outthink.io
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 29 Sep 2024 04:18:42 GMTContent-Length: 0Connection: closeServer: nginxx-envoy-upstream-service-time: 2

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49741 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@16/8@14/9

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=2088,i,15873703508875450898,2543275696707719788,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://confirmationportal.com/cde2feda-a864-42b3-839c-7a2fa5508400/a/0c6ea613-19e3-408d-b644-ef80407a16a5/ccp?lang=it-IT"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=2088,i,15873703508875450898,2543275696707719788,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://code.jquery.com/jquery-3.6.0.min.js	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false	unknown
code.jquery.com	151.101.130.137	true	false	unknown
confirmationportal.com	52.208.21.115	true	false	unknown
www.google.com	172.217.16.196	true	false	unknown
s-part-0032.t-0009.t-msedge.net	13.107.246.60	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown
client-resources.outthink.io	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://confirmationportal.com/cde2feda-a864-42b3-839c-7a2fa5508400/a/0c6ea613-19e3-408d-b644-ef80407a16a5/ccp?lang=it-IT	false		unknown
https://client-resources.outthink.io/attack-sim/lp/js/credentialCaptureTelemetry.js	false		unknown
https://code.jquery.com/jquery-3.6.0.min.js	false	URL Reputation: safe	unknown
https://confirmationportal.com/favicon.ico	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.184.196	unknown	United States	15169	GOOGLEUS	false
13.107.246.60	s-part-0032.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
151.101.130.137	code.jquery.com	United States	54113	FASTLYUS	false
151.101.2.137	unknown	United States	54113	FASTLYUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
52.208.21.115	confirmationportal.com	United States	16509	AMAZON-02US	false
172.217.16.196	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.6

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1521949
Start date and time:	2024-09-29 06:17:44 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 15s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://confirmationportal.com/cde2feda-a864-42b3-839c-7a2fa5508400/a/0c6ea613-19e3-408d-b644-ef80407a16a5/ccp?lang=it-IT
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@16/8@14/9
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.184.227, 216.58.212.142, 64.233.184.84, 34.104.35.123, 4.245.163.56, 192.229.221.95, 52.165.164.15, 199.232.214.172, 20.242.39.171, 172.217.18.3, 93.184.221.240
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, clientservices.googleapis.com, wu.azureedge.net, outthink-client-resources.azureedge.net, clients2.google.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, sls.update.microsoft.com, update.googleapis.com, hlb.apr-52dd2-0.edgecastdns.net, outthink-client-resources.afd.azureedge.net, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, client.wns.windows.com, fs.microsoft.com, accounts.google.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, azureedge-t-prod.trafficmanager.net, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://confirmationportal.com/cde2feda-a864-42b3-839c-7a2fa5508400/a/0c6ea613-19e3-408d-b644-ef80407a16a5/ccp?lang=it-IT

Input	Output
URL: https://confirmationportal.com/cde2feda-a864-42b3-839c-7a2fa5508400/a/0c6ea613-19e3-408d-b644-ef80407a16a5/ccp?lang=it-IT Model: jbxai	{ "brand":["WeTransfer"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"Sottoscrivi", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://confirmationportal.com/cde2feda-a864-42b3-839c-7a2fa5508400/a/0c6ea613-19e3-408d-b644-ef80407a16a5/ccp?lang=it-IT Model: jbxai

{
"brand":["WeTransfer"],
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"Sottoscrivi",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2874
Entropy (8bit):	4.969278140915952
Encrypted:	false
SSDEEP:	48:iD7Pa90BuvuJYivCPoepRXr1ryh6e87VY36+kzVxaw6mMVX3CphvWEO:iKWJYig/rsce8RYK+kZYmkCp5a
MD5:	65CEED3BC979F7C5BA374FE7C4A7626F
SHA1:	DF012315BA0CC32BDF467CBBBFFDE2B7BCA12ED2
SHA-256:	410F76ACECD15E39B8103ED94AB89375CD500FE37126B637EC706D07EC5E121E
SHA-512:	B5346313D754679D4373C5DB1CB7A26E119DAAE67291E857F8885E5898DB3641F41D2761B561BD72BF04BE157E9F83B85AE1B9DBBD692616CA8670857AD33A9F
Malicious:	false
Reputation:	low
Preview:	(function () {.. var domain;.. var tenantGlobalId;.. var assignmentId;.. var learnerId;.. var urlRe = /(.*)\/([a-zA-Z-0-9]{36})\/a\/([a-zA-Z-0-9]{36})\/ccp\?lid=([a-zA-Z-0-9]{36})/gi;.. var result = urlRe.exec(window.location.href);.. if (result) {.. exist = true;.. domain = result[1];.. tenantGlobalId = result[2];.. assignmentId = result[3];.. learnerId = result[4];.. }.. if (!domain \|\| !tenantGlobalId \|\| !assignmentId \|\| !learnerId) {.. console.error("Unable to get url parameters");.. return;.. }.. var isDev = domain.indexOf("-dev") !== -1;.. var url = "https://outthink-api" + (isDev ? "-dev" : "") + ".azure-api.net/phishing/telemetryInput/" + tenantGlobalId;.. var params = { domain: domain, assignmentId: assignmentId, learnerId: learnerId };.... var credentialEntered = false;.... $.ajaxSetup({.. type: "POST",.. url: url,.. contentType: "application/json; charset=utf-8",.. crossDomain: true,.. timeout: 5000,.. retryAfter: 2000,..

Chrome Cache Entry: 47

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Category:	downloaded
Size (bytes):	156291
Entropy (8bit):	6.058324608607091
Encrypted:	false
SSDEEP:	3072:jO988KHqRzbHEnPiItonjEdCK0VIeOTxkCLu9DFNEICPa5ApLr37TT:Si8Tz0uIM7ee+fLu9xNEI6a5AtrPT
MD5:	0AB8CDD526828D88E3BD2AEC4336E99F
SHA1:	8F81672D746F44114C75EDB9653AC9A47478AD14
SHA-256:	3BAC84BB637EB33E0EE9F581E20A520BEA3258F1112A3FAD34E273D36F235ADF
SHA-512:	509C5FE3AAAD5301BE42FA34DA5451874084DA0658758C2329FEA08EDBF4171FFFF1776F9B57DBCAB9E02C39E5C55D308FEA7CEF88C0DE0E07DC64D423E3CC3F
Malicious:	false
Reputation:	low
URL:	https://confirmationportal.com/cde2feda-a864-42b3-839c-7a2fa5508400/a/0c6ea613-19e3-408d-b644-ef80407a16a5/ccp?lang=it-IT
Preview:	<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width,initial-scale=1"><script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha256-/xUj+3OJU5yExlq6GSYGSHk7tPXikynS7ogEvDej/m4=" crossorigin="anonymous"></script><script src="https://client-resources.outthink.io/attack-sim/lp/js/credentialCaptureTelemetry.js" crossorigin="anonymous"></script><title>WeTransfer - Send Large Files & Share Photos Online - Up to 2GB Free</title><style>*,::after,::before{box-sizing:border-box}body{font-family:-apple-system,Roboto,Segoe UI,Helvetica Neue,Lucida Grande,sans-serif;color:#17181a;background-color:#272f00}body,html{height:100%;width:100%;margin:0;display:flex;justify-content:center;align-items:center}.logo1{position:fixed;top:26px;left:26px}.logo2{position:fixed;bottom:26px;left:26px}nav{position:fixed;top:10px;right:10px;background:#fff;border-radius:5px;border:1px solid rg

Chrome Cache Entry: 48

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	dropped
Size (bytes):	89501
Entropy (8bit):	5.289893677458563
Encrypted:	false
SSDEEP:	1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn
MD5:	8FB8FEE4FCC3CC86FF6C724154C49C42
SHA1:	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
SHA-256:	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
SHA-512:	F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
Malicious:	false
Reputation:	low
Preview:	/! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

Chrome Cache Entry: 49

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	2874
Entropy (8bit):	4.969278140915952
Encrypted:	false
SSDEEP:	48:iD7Pa90BuvuJYivCPoepRXr1ryh6e87VY36+kzVxaw6mMVX3CphvWEO:iKWJYig/rsce8RYK+kZYmkCp5a
MD5:	65CEED3BC979F7C5BA374FE7C4A7626F
SHA1:	DF012315BA0CC32BDF467CBBBFFDE2B7BCA12ED2
SHA-256:	410F76ACECD15E39B8103ED94AB89375CD500FE37126B637EC706D07EC5E121E
SHA-512:	B5346313D754679D4373C5DB1CB7A26E119DAAE67291E857F8885E5898DB3641F41D2761B561BD72BF04BE157E9F83B85AE1B9DBBD692616CA8670857AD33A9F
Malicious:	false
Reputation:	low
URL:	https://client-resources.outthink.io/attack-sim/lp/js/credentialCaptureTelemetry.js
Preview:	(function () {.. var domain;.. var tenantGlobalId;.. var assignmentId;.. var learnerId;.. var urlRe = /(.*)\/([a-zA-Z-0-9]{36})\/a\/([a-zA-Z-0-9]{36})\/ccp\?lid=([a-zA-Z-0-9]{36})/gi;.. var result = urlRe.exec(window.location.href);.. if (result) {.. exist = true;.. domain = result[1];.. tenantGlobalId = result[2];.. assignmentId = result[3];.. learnerId = result[4];.. }.. if (!domain \|\| !tenantGlobalId \|\| !assignmentId \|\| !learnerId) {.. console.error("Unable to get url parameters");.. return;.. }.. var isDev = domain.indexOf("-dev") !== -1;.. var url = "https://outthink-api" + (isDev ? "-dev" : "") + ".azure-api.net/phishing/telemetryInput/" + tenantGlobalId;.. var params = { domain: domain, assignmentId: assignmentId, learnerId: learnerId };.... var credentialEntered = false;.... $.ajaxSetup({.. type: "POST",.. url: url,.. contentType: "application/json; charset=utf-8",.. crossDomain: true,.. timeout: 5000,.. retryAfter: 2000,..

Chrome Cache Entry: 50

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	downloaded
Size (bytes):	89501
Entropy (8bit):	5.289893677458563
Encrypted:	false
SSDEEP:	1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn
MD5:	8FB8FEE4FCC3CC86FF6C724154C49C42
SHA1:	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
SHA-256:	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
SHA-512:	F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
Malicious:	false
Reputation:	low
URL:	https://code.jquery.com/jquery-3.6.0.min.js
Preview:	/! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 29, 2024 06:18:29.571840048 CEST	49673	443	192.168.2.6	173.222.162.64
Sep 29, 2024 06:18:29.649867058 CEST	49674	443	192.168.2.6	173.222.162.64
Sep 29, 2024 06:18:30.071744919 CEST	49672	443	192.168.2.6	173.222.162.64
Sep 29, 2024 06:18:38.618990898 CEST	49715	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:18:38.619033098 CEST	443	49715	40.115.3.253	192.168.2.6
Sep 29, 2024 06:18:38.619127989 CEST	49715	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:18:38.619690895 CEST	49715	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:18:38.619710922 CEST	443	49715	40.115.3.253	192.168.2.6
Sep 29, 2024 06:18:39.210371017 CEST	49673	443	192.168.2.6	173.222.162.64
Sep 29, 2024 06:18:39.257292032 CEST	49674	443	192.168.2.6	173.222.162.64
Sep 29, 2024 06:18:39.400661945 CEST	443	49715	40.115.3.253	192.168.2.6
Sep 29, 2024 06:18:39.400816917 CEST	49715	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:18:39.406260014 CEST	49715	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:18:39.406280994 CEST	443	49715	40.115.3.253	192.168.2.6
Sep 29, 2024 06:18:39.406488895 CEST	443	49715	40.115.3.253	192.168.2.6
Sep 29, 2024 06:18:39.408310890 CEST	49715	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:18:39.408557892 CEST	49715	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:18:39.408557892 CEST	49715	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:18:39.408562899 CEST	443	49715	40.115.3.253	192.168.2.6
Sep 29, 2024 06:18:39.455434084 CEST	443	49715	40.115.3.253	192.168.2.6
Sep 29, 2024 06:18:39.583045959 CEST	443	49715	40.115.3.253	192.168.2.6
Sep 29, 2024 06:18:39.583121061 CEST	443	49715	40.115.3.253	192.168.2.6
Sep 29, 2024 06:18:39.583317995 CEST	49715	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:18:39.583408117 CEST	49715	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:18:39.583431959 CEST	443	49715	40.115.3.253	192.168.2.6
Sep 29, 2024 06:18:39.681905985 CEST	49672	443	192.168.2.6	173.222.162.64
Sep 29, 2024 06:18:39.704077959 CEST	49716	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:39.704118013 CEST	443	49716	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:39.704251051 CEST	49716	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:39.704395056 CEST	49717	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:39.704432011 CEST	443	49717	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:39.704478025 CEST	49717	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:39.704606056 CEST	49716	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:39.704621077 CEST	443	49716	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:39.704891920 CEST	49717	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:39.704902887 CEST	443	49717	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:40.579566002 CEST	443	49716	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:40.579919100 CEST	49716	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:40.579943895 CEST	443	49716	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:40.581442118 CEST	443	49716	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:40.581554890 CEST	49716	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:40.588665962 CEST	49716	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:40.588749886 CEST	443	49716	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:40.589096069 CEST	49716	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:40.589103937 CEST	443	49716	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:40.619501114 CEST	443	49717	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:40.619848967 CEST	49717	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:40.619874954 CEST	443	49717	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:40.623536110 CEST	443	49717	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:40.623622894 CEST	49717	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:40.624372959 CEST	49717	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:40.624540091 CEST	443	49717	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:40.632190943 CEST	49716	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:40.665179014 CEST	49717	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:40.665196896 CEST	443	49717	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:40.711002111 CEST	49717	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:41.096060038 CEST	443	49716	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:41.096091986 CEST	443	49716	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:41.096101999 CEST	443	49716	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:41.096117973 CEST	443	49716	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:41.096152067 CEST	49716	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:41.096159935 CEST	443	49716	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:41.096179008 CEST	443	49716	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:41.096229076 CEST	49716	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:41.096229076 CEST	49716	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:41.101972103 CEST	443	49716	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:41.102021933 CEST	443	49716	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:41.102066994 CEST	49716	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:41.102073908 CEST	443	49716	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:41.102102041 CEST	49716	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:41.102116108 CEST	49716	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:41.138849020 CEST	443	49705	173.222.162.64	192.168.2.6
Sep 29, 2024 06:18:41.138936996 CEST	49705	443	192.168.2.6	173.222.162.64
Sep 29, 2024 06:18:41.176912069 CEST	443	49716	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:41.176938057 CEST	443	49716	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:41.177031040 CEST	49716	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:41.177045107 CEST	443	49716	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:41.177054882 CEST	49716	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:41.177094936 CEST	49716	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:41.187728882 CEST	443	49716	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:41.187748909 CEST	443	49716	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:41.187793016 CEST	49716	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:41.187803984 CEST	443	49716	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:41.187851906 CEST	49716	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:41.187851906 CEST	49716	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:41.189219952 CEST	443	49716	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:41.189239025 CEST	443	49716	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:41.189287901 CEST	49716	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:41.189295053 CEST	443	49716	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:41.189318895 CEST	443	49716	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:41.189323902 CEST	49716	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:41.189356089 CEST	49716	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:41.189362049 CEST	443	49716	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:41.189378977 CEST	49716	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:41.191005945 CEST	443	49716	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:41.191046953 CEST	443	49716	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:41.191075087 CEST	49716	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:41.191081047 CEST	443	49716	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:41.191119909 CEST	49716	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:41.191145897 CEST	49716	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:41.195779085 CEST	49720	443	192.168.2.6	151.101.130.137
Sep 29, 2024 06:18:41.195836067 CEST	443	49720	151.101.130.137	192.168.2.6
Sep 29, 2024 06:18:41.195908070 CEST	49720	443	192.168.2.6	151.101.130.137
Sep 29, 2024 06:18:41.196661949 CEST	49720	443	192.168.2.6	151.101.130.137
Sep 29, 2024 06:18:41.196691036 CEST	443	49720	151.101.130.137	192.168.2.6
Sep 29, 2024 06:18:41.245071888 CEST	49721	443	192.168.2.6	13.107.246.60
Sep 29, 2024 06:18:41.245107889 CEST	443	49721	13.107.246.60	192.168.2.6
Sep 29, 2024 06:18:41.245171070 CEST	49721	443	192.168.2.6	13.107.246.60
Sep 29, 2024 06:18:41.245959997 CEST	49721	443	192.168.2.6	13.107.246.60
Sep 29, 2024 06:18:41.245976925 CEST	443	49721	13.107.246.60	192.168.2.6
Sep 29, 2024 06:18:41.262862921 CEST	443	49716	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:41.262883902 CEST	443	49716	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:41.262945890 CEST	49716	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:41.262959957 CEST	443	49716	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:41.262970924 CEST	49716	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:41.263003111 CEST	49716	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:41.274071932 CEST	443	49716	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:41.274091959 CEST	443	49716	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:41.274144888 CEST	49716	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:41.274152994 CEST	443	49716	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:41.274207115 CEST	49716	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:41.274207115 CEST	49716	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:41.274846077 CEST	443	49716	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:41.274866104 CEST	443	49716	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:41.274921894 CEST	49716	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:41.274938107 CEST	443	49716	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:41.275000095 CEST	49716	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:41.275542974 CEST	443	49716	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:41.275578022 CEST	443	49716	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:41.275631905 CEST	49716	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:41.275631905 CEST	49716	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:41.275639057 CEST	443	49716	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:41.275652885 CEST	443	49716	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:41.275706053 CEST	49716	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:41.275744915 CEST	49716	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:41.276922941 CEST	49716	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:41.276937962 CEST	443	49716	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:41.682269096 CEST	443	49720	151.101.130.137	192.168.2.6
Sep 29, 2024 06:18:41.682571888 CEST	49720	443	192.168.2.6	151.101.130.137
Sep 29, 2024 06:18:41.682615042 CEST	443	49720	151.101.130.137	192.168.2.6
Sep 29, 2024 06:18:41.683624983 CEST	443	49720	151.101.130.137	192.168.2.6
Sep 29, 2024 06:18:41.683706045 CEST	49720	443	192.168.2.6	151.101.130.137
Sep 29, 2024 06:18:41.825937033 CEST	49720	443	192.168.2.6	151.101.130.137
Sep 29, 2024 06:18:41.826105118 CEST	49720	443	192.168.2.6	151.101.130.137
Sep 29, 2024 06:18:41.826126099 CEST	443	49720	151.101.130.137	192.168.2.6
Sep 29, 2024 06:18:41.826159000 CEST	443	49720	151.101.130.137	192.168.2.6
Sep 29, 2024 06:18:41.835799932 CEST	49722	443	192.168.2.6	172.217.16.196
Sep 29, 2024 06:18:41.835841894 CEST	443	49722	172.217.16.196	192.168.2.6
Sep 29, 2024 06:18:41.836077929 CEST	49722	443	192.168.2.6	172.217.16.196
Sep 29, 2024 06:18:41.836740017 CEST	49722	443	192.168.2.6	172.217.16.196
Sep 29, 2024 06:18:41.836751938 CEST	443	49722	172.217.16.196	192.168.2.6
Sep 29, 2024 06:18:41.869213104 CEST	49720	443	192.168.2.6	151.101.130.137
Sep 29, 2024 06:18:41.869235039 CEST	443	49720	151.101.130.137	192.168.2.6
Sep 29, 2024 06:18:41.909563065 CEST	443	49721	13.107.246.60	192.168.2.6
Sep 29, 2024 06:18:41.918165922 CEST	49720	443	192.168.2.6	151.101.130.137
Sep 29, 2024 06:18:41.928047895 CEST	443	49720	151.101.130.137	192.168.2.6
Sep 29, 2024 06:18:41.928107023 CEST	443	49720	151.101.130.137	192.168.2.6
Sep 29, 2024 06:18:41.928132057 CEST	443	49720	151.101.130.137	192.168.2.6
Sep 29, 2024 06:18:41.928153992 CEST	443	49720	151.101.130.137	192.168.2.6
Sep 29, 2024 06:18:41.928162098 CEST	49720	443	192.168.2.6	151.101.130.137
Sep 29, 2024 06:18:41.928195953 CEST	443	49720	151.101.130.137	192.168.2.6
Sep 29, 2024 06:18:41.928225994 CEST	49720	443	192.168.2.6	151.101.130.137
Sep 29, 2024 06:18:41.928242922 CEST	443	49720	151.101.130.137	192.168.2.6
Sep 29, 2024 06:18:41.928271055 CEST	443	49720	151.101.130.137	192.168.2.6
Sep 29, 2024 06:18:41.928319931 CEST	49720	443	192.168.2.6	151.101.130.137
Sep 29, 2024 06:18:41.928337097 CEST	443	49720	151.101.130.137	192.168.2.6
Sep 29, 2024 06:18:41.928420067 CEST	49720	443	192.168.2.6	151.101.130.137
Sep 29, 2024 06:18:41.928714037 CEST	443	49720	151.101.130.137	192.168.2.6
Sep 29, 2024 06:18:41.928770065 CEST	443	49720	151.101.130.137	192.168.2.6
Sep 29, 2024 06:18:41.928822994 CEST	49720	443	192.168.2.6	151.101.130.137
Sep 29, 2024 06:18:41.928838015 CEST	443	49720	151.101.130.137	192.168.2.6
Sep 29, 2024 06:18:41.933558941 CEST	49721	443	192.168.2.6	13.107.246.60
Sep 29, 2024 06:18:41.933594942 CEST	443	49721	13.107.246.60	192.168.2.6
Sep 29, 2024 06:18:41.936220884 CEST	443	49720	151.101.130.137	192.168.2.6
Sep 29, 2024 06:18:41.936306953 CEST	49720	443	192.168.2.6	151.101.130.137
Sep 29, 2024 06:18:41.936321974 CEST	443	49720	151.101.130.137	192.168.2.6
Sep 29, 2024 06:18:41.937681913 CEST	443	49721	13.107.246.60	192.168.2.6
Sep 29, 2024 06:18:41.937751055 CEST	49721	443	192.168.2.6	13.107.246.60
Sep 29, 2024 06:18:41.943187952 CEST	49721	443	192.168.2.6	13.107.246.60
Sep 29, 2024 06:18:41.943370104 CEST	443	49721	13.107.246.60	192.168.2.6
Sep 29, 2024 06:18:41.943686962 CEST	49721	443	192.168.2.6	13.107.246.60
Sep 29, 2024 06:18:41.943700075 CEST	443	49721	13.107.246.60	192.168.2.6
Sep 29, 2024 06:18:41.976881981 CEST	49720	443	192.168.2.6	151.101.130.137
Sep 29, 2024 06:18:42.002377033 CEST	49721	443	192.168.2.6	13.107.246.60
Sep 29, 2024 06:18:42.021567106 CEST	443	49720	151.101.130.137	192.168.2.6
Sep 29, 2024 06:18:42.021576881 CEST	443	49720	151.101.130.137	192.168.2.6
Sep 29, 2024 06:18:42.021609068 CEST	443	49720	151.101.130.137	192.168.2.6
Sep 29, 2024 06:18:42.021622896 CEST	443	49720	151.101.130.137	192.168.2.6
Sep 29, 2024 06:18:42.021635056 CEST	443	49720	151.101.130.137	192.168.2.6
Sep 29, 2024 06:18:42.021639109 CEST	49720	443	192.168.2.6	151.101.130.137
Sep 29, 2024 06:18:42.021667957 CEST	443	49720	151.101.130.137	192.168.2.6
Sep 29, 2024 06:18:42.021696091 CEST	49720	443	192.168.2.6	151.101.130.137
Sep 29, 2024 06:18:42.021696091 CEST	49720	443	192.168.2.6	151.101.130.137
Sep 29, 2024 06:18:42.021727085 CEST	49720	443	192.168.2.6	151.101.130.137
Sep 29, 2024 06:18:42.023283005 CEST	443	49720	151.101.130.137	192.168.2.6
Sep 29, 2024 06:18:42.023298979 CEST	443	49720	151.101.130.137	192.168.2.6
Sep 29, 2024 06:18:42.023341894 CEST	49720	443	192.168.2.6	151.101.130.137
Sep 29, 2024 06:18:42.023356915 CEST	443	49720	151.101.130.137	192.168.2.6
Sep 29, 2024 06:18:42.023411989 CEST	49720	443	192.168.2.6	151.101.130.137
Sep 29, 2024 06:18:42.023462057 CEST	49720	443	192.168.2.6	151.101.130.137
Sep 29, 2024 06:18:42.113598108 CEST	443	49720	151.101.130.137	192.168.2.6
Sep 29, 2024 06:18:42.113621950 CEST	443	49720	151.101.130.137	192.168.2.6
Sep 29, 2024 06:18:42.113683939 CEST	49720	443	192.168.2.6	151.101.130.137
Sep 29, 2024 06:18:42.113732100 CEST	443	49720	151.101.130.137	192.168.2.6
Sep 29, 2024 06:18:42.113784075 CEST	49720	443	192.168.2.6	151.101.130.137
Sep 29, 2024 06:18:42.113922119 CEST	49720	443	192.168.2.6	151.101.130.137
Sep 29, 2024 06:18:42.114476919 CEST	443	49720	151.101.130.137	192.168.2.6
Sep 29, 2024 06:18:42.114495039 CEST	443	49720	151.101.130.137	192.168.2.6
Sep 29, 2024 06:18:42.114566088 CEST	49720	443	192.168.2.6	151.101.130.137
Sep 29, 2024 06:18:42.114579916 CEST	443	49720	151.101.130.137	192.168.2.6
Sep 29, 2024 06:18:42.114737988 CEST	49720	443	192.168.2.6	151.101.130.137
Sep 29, 2024 06:18:42.115271091 CEST	443	49720	151.101.130.137	192.168.2.6
Sep 29, 2024 06:18:42.115348101 CEST	49720	443	192.168.2.6	151.101.130.137
Sep 29, 2024 06:18:42.115350962 CEST	443	49720	151.101.130.137	192.168.2.6
Sep 29, 2024 06:18:42.115422010 CEST	49720	443	192.168.2.6	151.101.130.137
Sep 29, 2024 06:18:42.124444008 CEST	49720	443	192.168.2.6	151.101.130.137
Sep 29, 2024 06:18:42.124480963 CEST	443	49720	151.101.130.137	192.168.2.6
Sep 29, 2024 06:18:42.427269936 CEST	443	49721	13.107.246.60	192.168.2.6
Sep 29, 2024 06:18:42.427297115 CEST	443	49721	13.107.246.60	192.168.2.6
Sep 29, 2024 06:18:42.427330017 CEST	443	49721	13.107.246.60	192.168.2.6
Sep 29, 2024 06:18:42.427391052 CEST	49721	443	192.168.2.6	13.107.246.60
Sep 29, 2024 06:18:42.427421093 CEST	443	49721	13.107.246.60	192.168.2.6
Sep 29, 2024 06:18:42.427469015 CEST	49721	443	192.168.2.6	13.107.246.60
Sep 29, 2024 06:18:42.496836901 CEST	443	49722	172.217.16.196	192.168.2.6
Sep 29, 2024 06:18:42.545258045 CEST	49722	443	192.168.2.6	172.217.16.196
Sep 29, 2024 06:18:42.590713978 CEST	49722	443	192.168.2.6	172.217.16.196
Sep 29, 2024 06:18:42.590729952 CEST	443	49722	172.217.16.196	192.168.2.6
Sep 29, 2024 06:18:42.592436075 CEST	443	49722	172.217.16.196	192.168.2.6
Sep 29, 2024 06:18:42.592506886 CEST	49722	443	192.168.2.6	172.217.16.196
Sep 29, 2024 06:18:42.593635082 CEST	49722	443	192.168.2.6	172.217.16.196
Sep 29, 2024 06:18:42.593728065 CEST	443	49722	172.217.16.196	192.168.2.6
Sep 29, 2024 06:18:42.603596926 CEST	49721	443	192.168.2.6	13.107.246.60
Sep 29, 2024 06:18:42.603631020 CEST	443	49721	13.107.246.60	192.168.2.6
Sep 29, 2024 06:18:42.633295059 CEST	49722	443	192.168.2.6	172.217.16.196
Sep 29, 2024 06:18:42.633308887 CEST	443	49722	172.217.16.196	192.168.2.6
Sep 29, 2024 06:18:42.678699970 CEST	49722	443	192.168.2.6	172.217.16.196
Sep 29, 2024 06:18:42.791879892 CEST	49717	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:42.839401960 CEST	443	49717	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:43.036873102 CEST	443	49717	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:43.036978960 CEST	443	49717	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:43.037193060 CEST	49717	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:43.168174028 CEST	49717	443	192.168.2.6	52.208.21.115
Sep 29, 2024 06:18:43.168207884 CEST	443	49717	52.208.21.115	192.168.2.6
Sep 29, 2024 06:18:43.243315935 CEST	49723	443	192.168.2.6	184.28.90.27
Sep 29, 2024 06:18:43.243372917 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 29, 2024 06:18:43.243442059 CEST	49723	443	192.168.2.6	184.28.90.27
Sep 29, 2024 06:18:43.246143103 CEST	49723	443	192.168.2.6	184.28.90.27
Sep 29, 2024 06:18:43.246160030 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 29, 2024 06:18:43.651690960 CEST	49724	443	192.168.2.6	151.101.2.137
Sep 29, 2024 06:18:43.651730061 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:43.651920080 CEST	49724	443	192.168.2.6	151.101.2.137
Sep 29, 2024 06:18:43.652307987 CEST	49724	443	192.168.2.6	151.101.2.137
Sep 29, 2024 06:18:43.652318954 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:43.760184050 CEST	49725	443	192.168.2.6	13.107.246.60
Sep 29, 2024 06:18:43.760248899 CEST	443	49725	13.107.246.60	192.168.2.6
Sep 29, 2024 06:18:43.760466099 CEST	49725	443	192.168.2.6	13.107.246.60
Sep 29, 2024 06:18:43.761601925 CEST	49725	443	192.168.2.6	13.107.246.60
Sep 29, 2024 06:18:43.761620998 CEST	443	49725	13.107.246.60	192.168.2.6
Sep 29, 2024 06:18:43.925493002 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 29, 2024 06:18:43.925628901 CEST	49723	443	192.168.2.6	184.28.90.27
Sep 29, 2024 06:18:43.942404032 CEST	49723	443	192.168.2.6	184.28.90.27
Sep 29, 2024 06:18:43.942434072 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 29, 2024 06:18:43.943511009 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 29, 2024 06:18:43.986848116 CEST	49723	443	192.168.2.6	184.28.90.27
Sep 29, 2024 06:18:44.116480112 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.148648977 CEST	49724	443	192.168.2.6	151.101.2.137
Sep 29, 2024 06:18:44.148674965 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.150234938 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.150317907 CEST	49724	443	192.168.2.6	151.101.2.137
Sep 29, 2024 06:18:44.151123047 CEST	49724	443	192.168.2.6	151.101.2.137
Sep 29, 2024 06:18:44.151204109 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.151448011 CEST	49724	443	192.168.2.6	151.101.2.137
Sep 29, 2024 06:18:44.195420980 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.205636024 CEST	49724	443	192.168.2.6	151.101.2.137
Sep 29, 2024 06:18:44.205667019 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.247375011 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.247427940 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.247483015 CEST	49724	443	192.168.2.6	151.101.2.137
Sep 29, 2024 06:18:44.247492075 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.247555971 CEST	49724	443	192.168.2.6	151.101.2.137
Sep 29, 2024 06:18:44.247591972 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.247688055 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.247961044 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.248013973 CEST	49724	443	192.168.2.6	151.101.2.137
Sep 29, 2024 06:18:44.248018026 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.248068094 CEST	49724	443	192.168.2.6	151.101.2.137
Sep 29, 2024 06:18:44.248070955 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.248125076 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.248162985 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.248181105 CEST	49724	443	192.168.2.6	151.101.2.137
Sep 29, 2024 06:18:44.248184919 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.248234034 CEST	49724	443	192.168.2.6	151.101.2.137
Sep 29, 2024 06:18:44.248887062 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.298297882 CEST	49723	443	192.168.2.6	184.28.90.27
Sep 29, 2024 06:18:44.299362898 CEST	49724	443	192.168.2.6	151.101.2.137
Sep 29, 2024 06:18:44.299370050 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.335952997 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.335997105 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.336025000 CEST	49724	443	192.168.2.6	151.101.2.137
Sep 29, 2024 06:18:44.336030006 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.336067915 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.336076975 CEST	49724	443	192.168.2.6	151.101.2.137
Sep 29, 2024 06:18:44.336081028 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.336128950 CEST	49724	443	192.168.2.6	151.101.2.137
Sep 29, 2024 06:18:44.336133003 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.336854935 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.336893082 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.336930037 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.336946964 CEST	49724	443	192.168.2.6	151.101.2.137
Sep 29, 2024 06:18:44.336951017 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.336992979 CEST	49724	443	192.168.2.6	151.101.2.137
Sep 29, 2024 06:18:44.337661982 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.337728024 CEST	49724	443	192.168.2.6	151.101.2.137
Sep 29, 2024 06:18:44.337729931 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.337743044 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.337790012 CEST	49724	443	192.168.2.6	151.101.2.137
Sep 29, 2024 06:18:44.337795019 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.338608980 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.338645935 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.338664055 CEST	49724	443	192.168.2.6	151.101.2.137
Sep 29, 2024 06:18:44.338668108 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.338709116 CEST	49724	443	192.168.2.6	151.101.2.137
Sep 29, 2024 06:18:44.338711977 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.338722944 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.338778973 CEST	49724	443	192.168.2.6	151.101.2.137
Sep 29, 2024 06:18:44.339359999 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.339482069 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.339514971 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.339566946 CEST	49724	443	192.168.2.6	151.101.2.137
Sep 29, 2024 06:18:44.339571953 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.339612007 CEST	49724	443	192.168.2.6	151.101.2.137
Sep 29, 2024 06:18:44.340293884 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.343413115 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 29, 2024 06:18:44.390670061 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.390741110 CEST	49724	443	192.168.2.6	151.101.2.137
Sep 29, 2024 06:18:44.390748978 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.399353027 CEST	443	49725	13.107.246.60	192.168.2.6
Sep 29, 2024 06:18:44.402266026 CEST	49725	443	192.168.2.6	13.107.246.60
Sep 29, 2024 06:18:44.402301073 CEST	443	49725	13.107.246.60	192.168.2.6
Sep 29, 2024 06:18:44.403883934 CEST	443	49725	13.107.246.60	192.168.2.6
Sep 29, 2024 06:18:44.403975010 CEST	49725	443	192.168.2.6	13.107.246.60
Sep 29, 2024 06:18:44.404930115 CEST	49725	443	192.168.2.6	13.107.246.60
Sep 29, 2024 06:18:44.405030012 CEST	443	49725	13.107.246.60	192.168.2.6
Sep 29, 2024 06:18:44.405636072 CEST	49725	443	192.168.2.6	13.107.246.60
Sep 29, 2024 06:18:44.405649900 CEST	443	49725	13.107.246.60	192.168.2.6
Sep 29, 2024 06:18:44.423784018 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.423820972 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.423856020 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.423880100 CEST	49724	443	192.168.2.6	151.101.2.137
Sep 29, 2024 06:18:44.423886061 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.423930883 CEST	49724	443	192.168.2.6	151.101.2.137
Sep 29, 2024 06:18:44.423933029 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.423945904 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.423988104 CEST	49724	443	192.168.2.6	151.101.2.137
Sep 29, 2024 06:18:44.423991919 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.424036026 CEST	49724	443	192.168.2.6	151.101.2.137
Sep 29, 2024 06:18:44.424038887 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.424977064 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.424989939 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.425021887 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.425035000 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.425050974 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.425051928 CEST	49724	443	192.168.2.6	151.101.2.137
Sep 29, 2024 06:18:44.425069094 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.425098896 CEST	49724	443	192.168.2.6	151.101.2.137
Sep 29, 2024 06:18:44.425132990 CEST	49724	443	192.168.2.6	151.101.2.137
Sep 29, 2024 06:18:44.426687956 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.426718950 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.426758051 CEST	49724	443	192.168.2.6	151.101.2.137
Sep 29, 2024 06:18:44.426762104 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.426778078 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.426810980 CEST	49724	443	192.168.2.6	151.101.2.137
Sep 29, 2024 06:18:44.426841974 CEST	49724	443	192.168.2.6	151.101.2.137
Sep 29, 2024 06:18:44.455605030 CEST	49725	443	192.168.2.6	13.107.246.60
Sep 29, 2024 06:18:44.459687948 CEST	49724	443	192.168.2.6	151.101.2.137
Sep 29, 2024 06:18:44.459712982 CEST	443	49724	151.101.2.137	192.168.2.6
Sep 29, 2024 06:18:44.497193098 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 29, 2024 06:18:44.497287989 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 29, 2024 06:18:44.497487068 CEST	49723	443	192.168.2.6	184.28.90.27
Sep 29, 2024 06:18:44.505151033 CEST	443	49725	13.107.246.60	192.168.2.6
Sep 29, 2024 06:18:44.505181074 CEST	443	49725	13.107.246.60	192.168.2.6
Sep 29, 2024 06:18:44.505259991 CEST	49725	443	192.168.2.6	13.107.246.60
Sep 29, 2024 06:18:44.505291939 CEST	443	49725	13.107.246.60	192.168.2.6
Sep 29, 2024 06:18:44.505461931 CEST	443	49725	13.107.246.60	192.168.2.6
Sep 29, 2024 06:18:44.505516052 CEST	49725	443	192.168.2.6	13.107.246.60
Sep 29, 2024 06:18:44.563441038 CEST	49723	443	192.168.2.6	184.28.90.27
Sep 29, 2024 06:18:44.563477993 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 29, 2024 06:18:44.563492060 CEST	49723	443	192.168.2.6	184.28.90.27
Sep 29, 2024 06:18:44.563499928 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 29, 2024 06:18:44.565474033 CEST	49725	443	192.168.2.6	13.107.246.60
Sep 29, 2024 06:18:44.565505981 CEST	443	49725	13.107.246.60	192.168.2.6
Sep 29, 2024 06:18:45.266335964 CEST	49727	443	192.168.2.6	184.28.90.27
Sep 29, 2024 06:18:45.266408920 CEST	443	49727	184.28.90.27	192.168.2.6
Sep 29, 2024 06:18:45.266480923 CEST	49727	443	192.168.2.6	184.28.90.27
Sep 29, 2024 06:18:45.266813993 CEST	49727	443	192.168.2.6	184.28.90.27
Sep 29, 2024 06:18:45.266833067 CEST	443	49727	184.28.90.27	192.168.2.6
Sep 29, 2024 06:18:45.986499071 CEST	443	49727	184.28.90.27	192.168.2.6
Sep 29, 2024 06:18:45.986613989 CEST	49727	443	192.168.2.6	184.28.90.27
Sep 29, 2024 06:18:46.065937042 CEST	49727	443	192.168.2.6	184.28.90.27
Sep 29, 2024 06:18:46.066001892 CEST	443	49727	184.28.90.27	192.168.2.6
Sep 29, 2024 06:18:46.066989899 CEST	443	49727	184.28.90.27	192.168.2.6
Sep 29, 2024 06:18:46.068789959 CEST	49727	443	192.168.2.6	184.28.90.27
Sep 29, 2024 06:18:46.115402937 CEST	443	49727	184.28.90.27	192.168.2.6
Sep 29, 2024 06:18:46.313049078 CEST	443	49727	184.28.90.27	192.168.2.6
Sep 29, 2024 06:18:46.313231945 CEST	443	49727	184.28.90.27	192.168.2.6
Sep 29, 2024 06:18:46.313334942 CEST	49727	443	192.168.2.6	184.28.90.27
Sep 29, 2024 06:18:46.941184998 CEST	49727	443	192.168.2.6	184.28.90.27
Sep 29, 2024 06:18:46.941242933 CEST	443	49727	184.28.90.27	192.168.2.6
Sep 29, 2024 06:18:46.941266060 CEST	49727	443	192.168.2.6	184.28.90.27
Sep 29, 2024 06:18:46.941276073 CEST	443	49727	184.28.90.27	192.168.2.6
Sep 29, 2024 06:18:47.029824972 CEST	49730	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:18:47.029896021 CEST	443	49730	40.115.3.253	192.168.2.6
Sep 29, 2024 06:18:47.029988050 CEST	49730	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:18:47.030824900 CEST	49730	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:18:47.030843973 CEST	443	49730	40.115.3.253	192.168.2.6
Sep 29, 2024 06:18:48.037272930 CEST	443	49730	40.115.3.253	192.168.2.6
Sep 29, 2024 06:18:48.037368059 CEST	49730	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:18:48.040009975 CEST	49730	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:18:48.040028095 CEST	443	49730	40.115.3.253	192.168.2.6
Sep 29, 2024 06:18:48.040807009 CEST	443	49730	40.115.3.253	192.168.2.6
Sep 29, 2024 06:18:48.042560101 CEST	49730	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:18:48.042606115 CEST	49730	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:18:48.042635918 CEST	443	49730	40.115.3.253	192.168.2.6
Sep 29, 2024 06:18:48.042716980 CEST	49730	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:18:48.083420038 CEST	443	49730	40.115.3.253	192.168.2.6
Sep 29, 2024 06:18:48.256196976 CEST	443	49730	40.115.3.253	192.168.2.6
Sep 29, 2024 06:18:48.259537935 CEST	443	49730	40.115.3.253	192.168.2.6
Sep 29, 2024 06:18:48.259608030 CEST	49730	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:18:48.261080027 CEST	49730	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:18:48.261104107 CEST	443	49730	40.115.3.253	192.168.2.6
Sep 29, 2024 06:18:48.261120081 CEST	49730	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:18:51.883611917 CEST	49705	443	192.168.2.6	173.222.162.64
Sep 29, 2024 06:18:51.884593010 CEST	49705	443	192.168.2.6	173.222.162.64
Sep 29, 2024 06:18:51.886534929 CEST	49735	443	192.168.2.6	173.222.162.64
Sep 29, 2024 06:18:51.886575937 CEST	443	49735	173.222.162.64	192.168.2.6
Sep 29, 2024 06:18:51.886652946 CEST	49735	443	192.168.2.6	173.222.162.64
Sep 29, 2024 06:18:51.887734890 CEST	49735	443	192.168.2.6	173.222.162.64
Sep 29, 2024 06:18:51.887751102 CEST	443	49735	173.222.162.64	192.168.2.6
Sep 29, 2024 06:18:51.891081095 CEST	443	49705	173.222.162.64	192.168.2.6
Sep 29, 2024 06:18:51.891566038 CEST	443	49705	173.222.162.64	192.168.2.6
Sep 29, 2024 06:18:52.394589901 CEST	443	49722	172.217.16.196	192.168.2.6
Sep 29, 2024 06:18:52.394649029 CEST	443	49722	172.217.16.196	192.168.2.6
Sep 29, 2024 06:18:52.394752979 CEST	49722	443	192.168.2.6	172.217.16.196
Sep 29, 2024 06:18:52.551913977 CEST	443	49735	173.222.162.64	192.168.2.6
Sep 29, 2024 06:18:52.552061081 CEST	49735	443	192.168.2.6	173.222.162.64
Sep 29, 2024 06:18:54.171557903 CEST	49722	443	192.168.2.6	172.217.16.196
Sep 29, 2024 06:18:54.171593904 CEST	443	49722	172.217.16.196	192.168.2.6
Sep 29, 2024 06:19:00.231115103 CEST	49736	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:19:00.231152058 CEST	443	49736	40.115.3.253	192.168.2.6
Sep 29, 2024 06:19:00.231300116 CEST	49736	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:19:00.232073069 CEST	49736	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:19:00.232093096 CEST	443	49736	40.115.3.253	192.168.2.6
Sep 29, 2024 06:19:01.040200949 CEST	443	49736	40.115.3.253	192.168.2.6
Sep 29, 2024 06:19:01.040304899 CEST	49736	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:19:01.060944080 CEST	49736	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:19:01.060961962 CEST	443	49736	40.115.3.253	192.168.2.6
Sep 29, 2024 06:19:01.061244965 CEST	443	49736	40.115.3.253	192.168.2.6
Sep 29, 2024 06:19:01.064245939 CEST	49736	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:19:01.064445019 CEST	49736	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:19:01.064452887 CEST	443	49736	40.115.3.253	192.168.2.6
Sep 29, 2024 06:19:01.064707041 CEST	49736	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:19:01.111411095 CEST	443	49736	40.115.3.253	192.168.2.6
Sep 29, 2024 06:19:01.241410971 CEST	443	49736	40.115.3.253	192.168.2.6
Sep 29, 2024 06:19:01.242439985 CEST	49736	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:19:01.242454052 CEST	443	49736	40.115.3.253	192.168.2.6
Sep 29, 2024 06:19:01.242665052 CEST	49736	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:19:11.734560966 CEST	443	49735	173.222.162.64	192.168.2.6
Sep 29, 2024 06:19:11.734622002 CEST	49735	443	192.168.2.6	173.222.162.64
Sep 29, 2024 06:19:21.282705069 CEST	49737	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:19:21.282758951 CEST	443	49737	40.115.3.253	192.168.2.6
Sep 29, 2024 06:19:21.282825947 CEST	49737	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:19:21.283587933 CEST	49737	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:19:21.283598900 CEST	443	49737	40.115.3.253	192.168.2.6
Sep 29, 2024 06:19:22.095972061 CEST	443	49737	40.115.3.253	192.168.2.6
Sep 29, 2024 06:19:22.096071005 CEST	49737	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:19:22.097910881 CEST	49737	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:19:22.097922087 CEST	443	49737	40.115.3.253	192.168.2.6
Sep 29, 2024 06:19:22.098757982 CEST	443	49737	40.115.3.253	192.168.2.6
Sep 29, 2024 06:19:22.100466967 CEST	49737	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:19:22.100527048 CEST	49737	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:19:22.100533009 CEST	443	49737	40.115.3.253	192.168.2.6
Sep 29, 2024 06:19:22.100661039 CEST	49737	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:19:22.147397995 CEST	443	49737	40.115.3.253	192.168.2.6
Sep 29, 2024 06:19:22.279195070 CEST	443	49737	40.115.3.253	192.168.2.6
Sep 29, 2024 06:19:22.279402971 CEST	443	49737	40.115.3.253	192.168.2.6
Sep 29, 2024 06:19:22.279470921 CEST	49737	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:19:22.279670000 CEST	49737	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:19:22.279689074 CEST	443	49737	40.115.3.253	192.168.2.6
Sep 29, 2024 06:19:41.892452002 CEST	49740	443	192.168.2.6	142.250.184.196
Sep 29, 2024 06:19:41.892496109 CEST	443	49740	142.250.184.196	192.168.2.6
Sep 29, 2024 06:19:41.892610073 CEST	49740	443	192.168.2.6	142.250.184.196
Sep 29, 2024 06:19:41.892841101 CEST	49740	443	192.168.2.6	142.250.184.196
Sep 29, 2024 06:19:41.892852068 CEST	443	49740	142.250.184.196	192.168.2.6
Sep 29, 2024 06:19:42.561784983 CEST	443	49740	142.250.184.196	192.168.2.6
Sep 29, 2024 06:19:42.562175989 CEST	49740	443	192.168.2.6	142.250.184.196
Sep 29, 2024 06:19:42.562236071 CEST	443	49740	142.250.184.196	192.168.2.6
Sep 29, 2024 06:19:42.563334942 CEST	443	49740	142.250.184.196	192.168.2.6
Sep 29, 2024 06:19:42.563672066 CEST	49740	443	192.168.2.6	142.250.184.196
Sep 29, 2024 06:19:42.563857079 CEST	443	49740	142.250.184.196	192.168.2.6
Sep 29, 2024 06:19:42.617028952 CEST	49740	443	192.168.2.6	142.250.184.196
Sep 29, 2024 06:19:51.364744902 CEST	49741	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:19:51.364794970 CEST	443	49741	40.115.3.253	192.168.2.6
Sep 29, 2024 06:19:51.364908934 CEST	49741	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:19:51.365550995 CEST	49741	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:19:51.365561008 CEST	443	49741	40.115.3.253	192.168.2.6
Sep 29, 2024 06:19:52.208436012 CEST	443	49741	40.115.3.253	192.168.2.6
Sep 29, 2024 06:19:52.208518982 CEST	49741	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:19:52.212387085 CEST	49741	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:19:52.212393045 CEST	443	49741	40.115.3.253	192.168.2.6
Sep 29, 2024 06:19:52.212647915 CEST	443	49741	40.115.3.253	192.168.2.6
Sep 29, 2024 06:19:52.214539051 CEST	49741	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:19:52.214639902 CEST	49741	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:19:52.214646101 CEST	443	49741	40.115.3.253	192.168.2.6
Sep 29, 2024 06:19:52.214791059 CEST	49741	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:19:52.255393028 CEST	443	49741	40.115.3.253	192.168.2.6
Sep 29, 2024 06:19:52.389296055 CEST	443	49741	40.115.3.253	192.168.2.6
Sep 29, 2024 06:19:52.389828920 CEST	49741	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:19:52.389847994 CEST	443	49741	40.115.3.253	192.168.2.6
Sep 29, 2024 06:19:52.389869928 CEST	49741	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:19:52.389900923 CEST	49741	443	192.168.2.6	40.115.3.253
Sep 29, 2024 06:19:52.457195044 CEST	443	49740	142.250.184.196	192.168.2.6
Sep 29, 2024 06:19:52.457261086 CEST	443	49740	142.250.184.196	192.168.2.6
Sep 29, 2024 06:19:52.457315922 CEST	49740	443	192.168.2.6	142.250.184.196
Sep 29, 2024 06:19:54.154629946 CEST	49740	443	192.168.2.6	142.250.184.196
Sep 29, 2024 06:19:54.154660940 CEST	443	49740	142.250.184.196	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 29, 2024 06:18:37.766659975 CEST	53	58436	1.1.1.1	192.168.2.6
Sep 29, 2024 06:18:37.793144941 CEST	53	54100	1.1.1.1	192.168.2.6
Sep 29, 2024 06:18:38.846935034 CEST	53	57913	1.1.1.1	192.168.2.6
Sep 29, 2024 06:18:39.543782949 CEST	63902	53	192.168.2.6	1.1.1.1
Sep 29, 2024 06:18:39.546828985 CEST	50774	53	192.168.2.6	1.1.1.1
Sep 29, 2024 06:18:39.688076973 CEST	53	63902	1.1.1.1	192.168.2.6
Sep 29, 2024 06:18:39.703355074 CEST	53	50774	1.1.1.1	192.168.2.6
Sep 29, 2024 06:18:41.187705040 CEST	57181	53	192.168.2.6	1.1.1.1
Sep 29, 2024 06:18:41.188505888 CEST	58918	53	192.168.2.6	1.1.1.1
Sep 29, 2024 06:18:41.189610958 CEST	49190	53	192.168.2.6	1.1.1.1
Sep 29, 2024 06:18:41.190175056 CEST	61242	53	192.168.2.6	1.1.1.1
Sep 29, 2024 06:18:41.194638968 CEST	53	57181	1.1.1.1	192.168.2.6
Sep 29, 2024 06:18:41.195014000 CEST	53	58918	1.1.1.1	192.168.2.6
Sep 29, 2024 06:18:41.826705933 CEST	56426	53	192.168.2.6	1.1.1.1
Sep 29, 2024 06:18:41.826839924 CEST	56464	53	192.168.2.6	1.1.1.1
Sep 29, 2024 06:18:41.833504915 CEST	53	56426	1.1.1.1	192.168.2.6
Sep 29, 2024 06:18:41.833524942 CEST	53	56464	1.1.1.1	192.168.2.6
Sep 29, 2024 06:18:43.640254021 CEST	56271	53	192.168.2.6	1.1.1.1
Sep 29, 2024 06:18:43.640595913 CEST	58265	53	192.168.2.6	1.1.1.1
Sep 29, 2024 06:18:43.647294044 CEST	53	56271	1.1.1.1	192.168.2.6
Sep 29, 2024 06:18:43.647423983 CEST	53	58265	1.1.1.1	192.168.2.6
Sep 29, 2024 06:18:43.678833961 CEST	54191	53	192.168.2.6	1.1.1.1
Sep 29, 2024 06:18:43.679402113 CEST	51474	53	192.168.2.6	1.1.1.1
Sep 29, 2024 06:18:56.070899010 CEST	53	53175	1.1.1.1	192.168.2.6
Sep 29, 2024 06:19:15.143074989 CEST	53	63863	1.1.1.1	192.168.2.6
Sep 29, 2024 06:19:37.026382923 CEST	53	62653	1.1.1.1	192.168.2.6
Sep 29, 2024 06:19:37.632956028 CEST	53	54400	1.1.1.1	192.168.2.6
Sep 29, 2024 06:19:41.883862019 CEST	51922	53	192.168.2.6	1.1.1.1
Sep 29, 2024 06:19:41.884243965 CEST	51965	53	192.168.2.6	1.1.1.1
Sep 29, 2024 06:19:41.891565084 CEST	53	51922	1.1.1.1	192.168.2.6
Sep 29, 2024 06:19:41.891731024 CEST	53	51965	1.1.1.1	192.168.2.6

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Sep 29, 2024 06:18:41.247646093 CEST	192.168.2.6	1.1.1.1	c2f7	(Port unreachable)	Destination Unreachable
Sep 29, 2024 06:18:43.869750977 CEST	192.168.2.6	1.1.1.1	c2f7	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 29, 2024 06:18:39.543782949 CEST	192.168.2.6	1.1.1.1	0x98f2	Standard query (0)	confirmationportal.com	A (IP address)	IN (0x0001)	false
Sep 29, 2024 06:18:39.546828985 CEST	192.168.2.6	1.1.1.1	0xe5e4	Standard query (0)	confirmationportal.com	65	IN (0x0001)	false
Sep 29, 2024 06:18:41.187705040 CEST	192.168.2.6	1.1.1.1	0xeb15	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)	false
Sep 29, 2024 06:18:41.188505888 CEST	192.168.2.6	1.1.1.1	0xa4de	Standard query (0)	code.jquery.com	65	IN (0x0001)	false
Sep 29, 2024 06:18:41.189610958 CEST	192.168.2.6	1.1.1.1	0x2ff9	Standard query (0)	client-resources.outthink.io	A (IP address)	IN (0x0001)	false
Sep 29, 2024 06:18:41.190175056 CEST	192.168.2.6	1.1.1.1	0x83cf	Standard query (0)	client-resources.outthink.io	65	IN (0x0001)	false
Sep 29, 2024 06:18:41.826705933 CEST	192.168.2.6	1.1.1.1	0x9a2b	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 29, 2024 06:18:41.826839924 CEST	192.168.2.6	1.1.1.1	0x6c9b	Standard query (0)	www.google.com	65	IN (0x0001)	false
Sep 29, 2024 06:18:43.640254021 CEST	192.168.2.6	1.1.1.1	0x3921	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)	false
Sep 29, 2024 06:18:43.640595913 CEST	192.168.2.6	1.1.1.1	0x2562	Standard query (0)	code.jquery.com	65	IN (0x0001)	false
Sep 29, 2024 06:18:43.678833961 CEST	192.168.2.6	1.1.1.1	0xe74d	Standard query (0)	client-resources.outthink.io	A (IP address)	IN (0x0001)	false
Sep 29, 2024 06:18:43.679402113 CEST	192.168.2.6	1.1.1.1	0xffed	Standard query (0)	client-resources.outthink.io	65	IN (0x0001)	false
Sep 29, 2024 06:19:41.883862019 CEST	192.168.2.6	1.1.1.1	0xd8a3	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 29, 2024 06:19:41.884243965 CEST	192.168.2.6	1.1.1.1	0xf727	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 29, 2024 06:18:39.688076973 CEST	1.1.1.1	192.168.2.6	0x98f2	No error (0)	confirmationportal.com		52.208.21.115	A (IP address)	IN (0x0001)	false
Sep 29, 2024 06:18:39.688076973 CEST	1.1.1.1	192.168.2.6	0x98f2	No error (0)	confirmationportal.com		52.51.58.45	A (IP address)	IN (0x0001)	false
Sep 29, 2024 06:18:39.688076973 CEST	1.1.1.1	192.168.2.6	0x98f2	No error (0)	confirmationportal.com		52.17.22.92	A (IP address)	IN (0x0001)	false
Sep 29, 2024 06:18:41.194638968 CEST	1.1.1.1	192.168.2.6	0xeb15	No error (0)	code.jquery.com		151.101.130.137	A (IP address)	IN (0x0001)	false
Sep 29, 2024 06:18:41.194638968 CEST	1.1.1.1	192.168.2.6	0xeb15	No error (0)	code.jquery.com		151.101.66.137	A (IP address)	IN (0x0001)	false
Sep 29, 2024 06:18:41.194638968 CEST	1.1.1.1	192.168.2.6	0xeb15	No error (0)	code.jquery.com		151.101.194.137	A (IP address)	IN (0x0001)	false
Sep 29, 2024 06:18:41.194638968 CEST	1.1.1.1	192.168.2.6	0xeb15	No error (0)	code.jquery.com		151.101.2.137	A (IP address)	IN (0x0001)	false
Sep 29, 2024 06:18:41.233637094 CEST	1.1.1.1	192.168.2.6	0x2ff9	No error (0)	client-resources.outthink.io	outthink-client-resources.azureedge.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 06:18:41.233637094 CEST	1.1.1.1	192.168.2.6	0x2ff9	No error (0)	shed.dual-low.s-part-0032.t-0009.t-msedge.net	s-part-0032.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 06:18:41.233637094 CEST	1.1.1.1	192.168.2.6	0x2ff9	No error (0)	s-part-0032.t-0009.t-msedge.net		13.107.246.60	A (IP address)	IN (0x0001)	false
Sep 29, 2024 06:18:41.247592926 CEST	1.1.1.1	192.168.2.6	0x83cf	No error (0)	client-resources.outthink.io	outthink-client-resources.azureedge.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 06:18:41.833504915 CEST	1.1.1.1	192.168.2.6	0x9a2b	No error (0)	www.google.com		172.217.16.196	A (IP address)	IN (0x0001)	false
Sep 29, 2024 06:18:41.833524942 CEST	1.1.1.1	192.168.2.6	0x6c9b	No error (0)	www.google.com			65	IN (0x0001)	false
Sep 29, 2024 06:18:43.647294044 CEST	1.1.1.1	192.168.2.6	0x3921	No error (0)	code.jquery.com		151.101.2.137	A (IP address)	IN (0x0001)	false
Sep 29, 2024 06:18:43.647294044 CEST	1.1.1.1	192.168.2.6	0x3921	No error (0)	code.jquery.com		151.101.66.137	A (IP address)	IN (0x0001)	false
Sep 29, 2024 06:18:43.647294044 CEST	1.1.1.1	192.168.2.6	0x3921	No error (0)	code.jquery.com		151.101.130.137	A (IP address)	IN (0x0001)	false
Sep 29, 2024 06:18:43.647294044 CEST	1.1.1.1	192.168.2.6	0x3921	No error (0)	code.jquery.com		151.101.194.137	A (IP address)	IN (0x0001)	false
Sep 29, 2024 06:18:43.741833925 CEST	1.1.1.1	192.168.2.6	0xe74d	No error (0)	client-resources.outthink.io	outthink-client-resources.azureedge.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 06:18:43.741833925 CEST	1.1.1.1	192.168.2.6	0xe74d	No error (0)	shed.dual-low.s-part-0032.t-0009.t-msedge.net	s-part-0032.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 06:18:43.741833925 CEST	1.1.1.1	192.168.2.6	0xe74d	No error (0)	s-part-0032.t-0009.t-msedge.net		13.107.246.60	A (IP address)	IN (0x0001)	false
Sep 29, 2024 06:18:43.869637012 CEST	1.1.1.1	192.168.2.6	0xffed	No error (0)	client-resources.outthink.io	outthink-client-resources.azureedge.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 06:18:50.244215012 CEST	1.1.1.1	192.168.2.6	0xf9d4	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 06:18:50.244215012 CEST	1.1.1.1	192.168.2.6	0xf9d4	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 29, 2024 06:18:51.861870050 CEST	1.1.1.1	192.168.2.6	0x2610	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Sep 29, 2024 06:18:51.861870050 CEST	1.1.1.1	192.168.2.6	0x2610	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Sep 29, 2024 06:19:11.126718998 CEST	1.1.1.1	192.168.2.6	0x25a1	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Sep 29, 2024 06:19:11.126718998 CEST	1.1.1.1	192.168.2.6	0x25a1	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Sep 29, 2024 06:19:30.237709045 CEST	1.1.1.1	192.168.2.6	0xafed	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Sep 29, 2024 06:19:30.237709045 CEST	1.1.1.1	192.168.2.6	0xafed	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Sep 29, 2024 06:19:41.891565084 CEST	1.1.1.1	192.168.2.6	0xd8a3	No error (0)	www.google.com		142.250.184.196	A (IP address)	IN (0x0001)	false
Sep 29, 2024 06:19:41.891731024 CEST	1.1.1.1	192.168.2.6	0xf727	No error (0)	www.google.com			65	IN (0x0001)	false

HTTP Request Dependency Graph

confirmationportal.com

https:

code.jquery.com

client-resources.outthink.io

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49715	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 04:18:39 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 53 75 33 36 4a 56 4b 63 70 45 69 30 4c 68 74 54 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 39 35 64 36 63 64 36 33 36 36 37 33 65 38 33 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: Su36JVKcpEi0LhtT.1Context: 795d6cd636673e83
2024-09-29 04:18:39 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-29 04:18:39 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 53 75 33 36 4a 56 4b 63 70 45 69 30 4c 68 74 54 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 39 35 64 36 63 64 36 33 36 36 37 33 65 38 33 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 64 72 68 4a 34 45 68 50 5a 39 79 4e 6a 30 46 74 52 51 74 76 76 49 6f 51 75 61 54 6a 36 56 51 49 48 79 47 73 67 46 67 41 62 45 4d 4c 30 76 38 68 6f 42 6a 66 48 4c 79 33 68 37 33 58 46 37 32 64 73 43 79 4c 4b 56 4a 55 56 33 5a 57 73 51 39 56 55 6c 42 4e 75 64 52 77 45 6e 75 47 59 69 6d 31 69 6b 4b 67 4b 6a 49 79 37 64 72 74 53 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: Su36JVKcpEi0LhtT.2Context: 795d6cd636673e83<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAdrhJ4EhPZ9yNj0FtRQtvvIoQuaTj6VQIHyGsgFgAbEML0v8hoBjfHLy3h73XF72dsCyLKVJUV3ZWsQ9VUlBNudRwEnuGYim1ikKgKjIy7drtS
2024-09-29 04:18:39 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 53 75 33 36 4a 56 4b 63 70 45 69 30 4c 68 74 54 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 39 35 64 36 63 64 36 33 36 36 37 33 65 38 33 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: Su36JVKcpEi0LhtT.3Context: 795d6cd636673e83<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-29 04:18:39 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-29 04:18:39 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 33 68 6f 72 6a 35 4f 78 50 45 36 75 34 5a 67 6d 66 45 68 47 4e 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 3horj5OxPE6u4ZgmfEhGNg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49716	52.208.21.115	443	1056	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 04:18:40 UTC	755	OUT	GET /cde2feda-a864-42b3-839c-7a2fa5508400/a/0c6ea613-19e3-408d-b644-ef80407a16a5/ccp?lang=it-IT HTTP/1.1 Host: confirmationportal.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 04:18:41 UTC	190	IN	HTTP/1.1 200 OK Date: Sun, 29 Sep 2024 04:18:40 GMT Content-Type: text/html; charset=utf-8 Content-Length: 156291 Connection: close Server: nginx x-envoy-upstream-service-time: 172
2024-09-29 04:18:41 UTC	16194	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 64 65 2e 6a 71 75 65 72 79 2e 63 6f 6d 2f 6a 71 75 65 72 79 2d 33 2e 36 2e 30 2e 6d 69 6e 2e 6a 73 22 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 32 35 36 2d Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width,initial-scale=1"><script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha256-
2024-09-29 04:18:41 UTC	8943	IN	Data Raw: 4d 38 35 4a 36 43 33 47 37 42 39 4e 53 55 79 47 6d 44 65 53 70 4f 66 6f 6b 44 4c 6c 34 4d 43 63 75 6d 67 63 54 6d 6d 63 37 41 6f 41 35 33 75 4d 33 65 78 42 48 4c 67 2f 48 46 4f 49 4b 4c 4c 73 32 5a 72 55 2b 71 4b 49 4a 41 46 72 33 69 71 78 48 44 4a 61 4f 57 38 47 77 43 65 45 51 72 73 63 63 34 58 6b 77 66 59 34 66 63 77 66 54 32 4d 46 4f 4e 42 78 6b 4c 61 4f 7a 7a 56 30 51 34 77 38 38 51 4d 77 71 44 75 38 77 72 34 57 47 78 65 35 74 43 41 2f 36 42 5a 53 59 5a 37 74 64 57 32 42 6c 4b 39 51 50 72 42 7a 39 48 50 4f 51 67 72 32 41 37 49 70 75 6a 74 6c 73 32 6d 5a 72 4e 49 4b 50 71 47 49 53 75 6b 77 6b 46 66 33 4c 6c 45 6e 62 78 68 52 4a 72 75 41 57 58 35 67 2f 5a 42 6c 6a 43 7a 6d 52 6c 67 69 50 31 6e 4e 4d 4a 61 54 51 76 63 50 4f 43 4b 59 64 33 57 6b 33 34 4c Data Ascii: M85J6C3G7B9NSUyGmDeSpOfokDLl4MCcumgcTmmc7AoA53uM3exBHLg/HFOIKLLs2ZrU+qKIJAFr3iqxHDJaOW8GwCeEQrscc4XkwfY4fcwfT2MFONBxkLaOzzV0Q4w88QMwqDu8wr4WGxe5tCA/6BZSYZ7tdW2BlK9QPrBz9HPOQgr2A7Ipujtls2mZrNIKPqGISukwkFf3LlEnbxhRJruAWX5g/ZBljCzmRlgiP1nNMJaTQvcPOCKYd3Wk34L
2024-09-29 04:18:41 UTC	3339	IN	Data Raw: 30 67 58 49 35 6f 53 71 6b 72 66 39 2f 53 78 4a 2f 61 52 6d 48 72 36 32 4a 46 53 41 73 41 35 52 39 74 34 6c 71 31 6a 73 56 68 77 31 43 78 6f 51 30 50 77 48 6a 58 44 75 63 42 79 75 65 4c 4b 38 58 57 4f 6a 6f 34 35 57 6c 36 6e 62 56 6f 57 69 77 56 4e 30 35 52 65 4f 55 44 75 4e 45 51 41 52 4f 54 43 37 2b 72 50 2f 72 67 42 56 50 58 67 63 39 57 45 57 63 4c 4d 4d 44 4e 53 53 73 53 2b 70 39 75 65 63 6e 75 7a 5a 72 31 5a 63 37 70 5a 63 37 5a 5a 73 34 6b 39 32 2b 32 57 47 43 4d 78 52 76 71 75 34 33 61 2f 4a 61 56 45 53 67 6e 6e 48 45 33 54 63 47 55 68 4c 42 72 50 61 72 46 6b 31 62 52 34 35 77 45 44 59 58 68 50 37 72 41 6a 74 46 63 34 58 71 36 34 64 6e 79 44 61 38 66 58 57 43 35 57 4e 49 73 6a 76 50 64 34 37 34 66 78 7a 6f 31 37 66 7a 77 37 7a 37 35 45 63 38 37 74 Data Ascii: 0gXI5oSqkrf9/SxJ/aRmHr62JFSAsA5R9t4lq1jsVhw1CxoQ0PwHjXDucByueLK8XWOjo45Wl6nbVoWiwVN05ReOUDuNEQAROTC7+rP/rgBVPXgc9WEWcLMMDNSSsS+p9uecnuzZr1Zc7pZc7ZZs4k92+2WGCMxRvqu43a/JaVESgnnHE3TcGUhLBrParFk1bR45wEDYXhP7rAjtFc4Xq64dnyDa8fXWC5WNIsjvPd474fxzo17fzw7z75Ec87t
2024-09-29 04:18:41 UTC	16384	IN	Data Raw: 4c 37 33 47 4b 2b 76 62 2b 43 41 45 6b 57 49 4a 63 54 53 68 6f 58 64 5a 4d 4e 6c 68 36 4c 2f 39 6d 55 2f 39 6f 6f 6a 37 50 34 47 47 42 39 62 6d 74 63 37 37 61 34 4a 7a 4d 6b 76 49 33 38 72 4e 7a 74 48 47 35 35 72 4f 61 4f 6a 79 68 72 43 6c 32 74 64 44 7a 66 6d 74 31 76 61 31 79 6c 48 4c 6c 75 4b 57 47 62 6a 36 67 59 44 30 73 4f 64 75 31 44 6a 6c 4c 7a 56 54 76 35 74 32 59 49 6c 43 45 46 4f 57 54 63 75 71 62 56 6b 30 49 52 4f 37 42 39 70 63 4e 76 67 55 63 79 64 46 34 2f 49 61 53 43 6c 6d 51 6f 30 6a 4f 42 44 66 5a 4b 62 6c 42 61 51 76 57 70 69 67 39 4b 42 62 31 50 70 69 50 51 77 34 38 52 69 4b 6b 34 61 32 58 57 4b 71 61 4d 71 57 78 5a 4f 62 72 37 48 64 64 69 79 58 53 35 35 39 39 4a 68 6e 6e 2f 6f 49 50 2f 6a 42 39 2f 4b 54 66 2f 6f 56 76 76 77 6e 58 2b 48 Data Ascii: L73GK+vb+CAEkWIJcTShoXdZMNlh6L/9mU/9ooj7P4GGB9bmtc77a4JzMkvI38rNztHG55rOaOjyhrCl2tdDzfmt1va1ylHLluKWGbj6gYD0sOdu1DjlLzVTv5t2YIlCEFOWTcuqbVk0IRO7B9pcNvgUcydF4/IaSClmQo0jOBDfZKblBaQvWpig9KBb1PpiPQw48RiKk4a2XWKqaMqWxZObr7HddiyXS5599Jhnn/oIP/jB9/KTf/oVvvwnX+H
2024-09-29 04:18:41 UTC	16384	IN	Data Raw: 2b 66 58 66 2f 53 4b 66 2b 2b 4b 66 38 2f 4c 4e 55 31 78 6f 61 52 59 72 4c 45 55 2b 39 4f 4c 33 63 66 33 61 4d 65 74 74 5a 4c 46 6f 42 35 4f 36 46 4f 45 38 64 37 58 34 7a 45 6c 41 45 63 53 71 73 6a 59 42 2b 54 45 72 4e 4f 6c 41 42 77 66 74 35 41 4a 72 78 77 47 4e 42 71 7a 4d 58 56 33 4e 61 65 72 58 65 6b 39 46 67 6d 6c 53 59 6f 72 5a 33 4f 34 4c 54 5a 33 51 2b 57 67 39 66 65 71 4a 4b 53 46 6b 59 56 4b 4e 44 4b 6f 4d 66 67 44 73 6d 52 6b 75 4e 4f 42 61 56 44 78 4a 70 51 68 6c 34 31 6e 4f 39 65 59 6a 6e 73 53 74 4a 50 78 35 74 2b 43 6c 7a 75 4f 63 73 4e 44 73 5a 6c 4c 7a 68 59 34 72 4b 6f 6f 76 39 4f 50 42 6d 74 79 5a 5a 39 54 33 32 71 5a 49 33 66 45 33 77 77 46 37 71 35 63 57 50 53 43 75 45 39 53 70 54 61 36 35 72 33 63 77 4d 72 77 78 2f 74 78 4e 2f 68 35 Data Ascii: +fXf/SKf++Kf8/LNU1xoaRYrLEU+9OL3cf3aMettZLFoB5O6FOE8d7X4zElAEcSqsjYB+TErNOlABwft5AJrxwGNBqzMXV3NaerXek9FgmlSYorZ3O4LTZ3Q+Wg9feqJKSFkYVKNDKoMfgDsmRkuNOBaVDxJpQhl41nO9eYjnsStJPx5t+ClzuOcsNDsZlLzhY4rKoov9OPBmtyZZ9T32qZI3fE3wwF7q5cWPSCuE9SpTa65r3cwMrwx/txN/h5
2024-09-29 04:18:41 UTC	16384	IN	Data Raw: 6b 4e 53 2f 75 75 45 39 49 64 47 68 35 4e 52 62 58 73 6b 67 4b 52 63 72 57 4d 42 38 46 31 37 32 78 6d 73 76 72 57 38 2f 33 58 43 58 68 72 47 4e 78 2b 71 72 6b 72 35 57 39 39 78 46 38 79 66 58 31 6b 66 64 50 6a 6a 64 63 39 75 74 30 63 4b 30 38 7a 7a 37 69 72 50 51 35 34 37 74 59 7a 63 57 2f 4f 72 63 4a 78 76 32 43 38 64 33 50 57 61 39 51 37 69 59 68 2b 34 66 53 6b 59 69 56 46 50 74 51 45 6b 62 39 43 69 49 63 62 61 4b 30 36 51 6e 78 6d 4c 72 4b 4a 74 2b 79 78 52 53 2f 66 2f 4a 38 31 43 47 74 6d 78 46 76 72 48 63 58 6c 33 68 35 75 6f 4b 4e 2f 73 72 32 2b 42 46 76 56 62 61 36 57 5a 45 6f 4b 49 77 56 36 5a 50 55 62 4e 2f 50 55 4a 56 7a 36 56 75 42 41 6f 70 71 53 7a 75 65 70 6d 46 43 47 63 66 70 6e 58 39 6b 4f 66 4e 73 33 31 4a 68 75 59 4a 6d 6d 59 67 54 34 34 Data Ascii: kNS/uuE9IdGh5NRbXskgKRcrWMB8F172xmsvrW8/3XCXhrGNx+qrkr5W99xF8yfX1kfdPjjdc9ut0cK08zz7irPQ547tYzcW/OrcJxv2C8d3PWa9Q7iYh+4fSkYiVFPtQEkb9CiIcbaK06QnxmLrKJt+yxRS/f/J81CGtmxFvrHcXl3h5uoKN/sr2+BFvVba6WZEoKIwV6ZPUbN/PUJVz6VuBAopqSzuepmFCGcfpnX9kOfNs31JhuYJmmYgT44
2024-09-29 04:18:41 UTC	4096	IN	Data Raw: 2f 4d 56 33 68 4d 76 37 58 46 37 63 59 39 4e 66 59 68 62 51 59 73 51 6f 7a 44 44 58 57 49 47 49 68 71 51 77 4b 62 4f 43 35 7a 6d 66 57 65 4e 54 38 5a 68 6a 70 56 55 57 6e 70 63 32 7a 74 6e 6d 61 44 44 67 59 4d 63 51 4a 2f 72 63 71 54 4c 42 39 68 48 57 6a 64 6a 77 43 68 75 75 45 52 6c 63 71 47 47 55 66 4d 42 77 51 70 34 47 4c 41 74 74 78 75 70 31 6d 30 4c 65 4b 75 67 5a 6e 71 58 53 34 74 6a 2b 45 49 6c 4e 6b 51 6d 4b 78 55 44 59 64 48 7a 33 38 68 57 66 46 79 69 48 67 70 48 52 36 50 4d 62 54 34 72 30 59 48 36 39 35 64 35 58 73 36 50 4d 70 67 6c 67 52 76 49 39 48 42 51 30 51 6a 52 45 65 6f 49 75 75 4f 55 58 77 39 4b 77 4f 47 31 4d 58 58 65 4a 61 4f 78 41 6f 4c 65 42 42 2f 75 76 65 4c 5a 35 77 4a 58 63 49 2b 6f 31 57 48 4b 41 37 63 6c 36 6a 33 45 4f 64 52 33 Data Ascii: /MV3hMv7XF7cY9NfYhbQYsQozDDXWIGIhqQwKbOC5zmfWeNT8ZhjpVUWnpc2ztnmaDDgYMcQJ/rcqTLB9hHWjdjwChuuERlcqGGUfMBwQp4GLAttxup1m0LeKugZnqXS4tj+EIlNkQmKxUDYdHz38hWfFyiHgpHR6PMbT4r0YH695d5Xs6PMpglgRvI9HBQ0QjREeoIuuOUXw9KwOG1MXXeJaOxAoLeBB/uveLZ5wJXcI+o1WHKA7cl6j3EOdR3
2024-09-29 04:18:41 UTC	12288	IN	Data Raw: 48 6d 2f 31 32 6b 34 62 62 76 49 4a 38 33 61 6f 78 52 76 75 38 77 5a 50 38 71 6e 78 2b 7a 70 4e 34 67 63 57 5a 32 6d 50 4e 31 6d 64 7a 41 66 54 36 73 32 48 61 5a 41 62 34 4b 30 4a 37 32 57 48 57 70 4c 2f 63 52 78 64 66 68 51 72 39 61 32 62 63 61 4d 51 58 78 5a 59 61 63 39 50 43 32 72 79 57 4a 78 37 4d 58 37 4d 66 76 39 55 56 76 6f 53 6a 48 61 72 55 47 38 4c 76 66 31 5a 31 34 76 6d 7a 47 65 66 66 4d 72 48 48 33 35 49 46 36 4b 54 79 47 68 78 49 56 35 79 66 52 77 72 51 39 77 78 50 30 4a 62 6c 32 61 47 54 75 51 74 56 4d 74 37 6b 55 6f 6f 45 47 52 44 45 48 66 6e 4f 68 42 72 71 44 48 61 46 55 61 39 70 62 49 71 54 70 4a 6b 4a 31 62 7a 63 74 79 58 31 76 47 5a 6f 4b 39 45 47 2b 65 78 52 70 6e 69 34 59 33 68 37 6c 53 59 54 33 6d 33 61 6c 69 63 59 38 58 54 66 5a 37 Data Ascii: Hm/12k4bbvIJ83aoxRvu8wZP8qnx+zpN4gcWZ2mPN1mdzAfT6s2HaZAb4K0J72WHWpL/cRxdfhQr9a2bcaMQXxZYac9PC2ryWJx7MX7Mfv9UVvoSjHarUG8Lvf1Z14vmzGeffMrHH35IF6KTyGhxIV5yfRwrQ9wxP0Jbl2aGTuQtVMt7kUooEGRDEHfnOhBrqDHaFUa9pbIqTpJkJ1bzctyX1vGZoK9EG+exRpni4Y3h7lSYT3m3alicY8XTfZ7
2024-09-29 04:18:41 UTC	16384	IN	Data Raw: 78 38 4e 49 48 6b 65 65 50 66 73 47 45 53 63 41 43 54 46 77 66 66 57 43 6c 39 2b 2f 42 41 4b 6c 4b 42 39 2f 38 6a 6e 62 65 78 63 56 4e 52 32 78 48 4c 44 6f 66 50 51 30 73 4e 6b 69 50 45 5a 49 4b 42 31 71 45 64 48 67 6c 69 65 46 58 6a 4f 68 6f 6f 6a 64 55 31 49 59 54 55 6a 64 6c 69 44 47 34 66 43 53 76 4c 39 69 6e 2f 64 73 2b 67 66 30 6c 78 39 41 76 30 56 31 6a 32 57 6c 51 52 2b 58 66 51 35 61 51 59 49 56 76 41 69 67 61 59 75 57 76 56 74 31 4b 42 4c 46 69 58 53 30 65 44 36 2f 44 73 34 66 58 56 78 39 64 75 53 39 78 34 56 4e 74 64 61 57 58 77 67 46 71 52 43 36 42 65 4a 65 47 69 4f 59 47 57 6f 5a 71 70 41 4d 64 6d 37 2f 35 41 49 53 44 47 50 6b 79 79 38 2f 35 78 2f 2b 34 65 39 35 39 73 30 33 58 47 77 32 58 4f 34 75 73 4c 6a 42 70 50 4e 30 52 71 75 4b 49 46 37 Data Ascii: x8NIHkeePfsGEScACTFwffWCl9+/BAKlKB9/8jnbexcVNR2xHLDofPQ0sNkiPEZIKB1qEdHglieFXjOhoojdU1IYTUjdliDG4fCSvL9in/ds+gf0lx9Av0V1j2WlQR+XfQ5aQYIVvAigaYuWvVt1KBLFiXS0eD6/Ds4fXVx9duS9x4VNtdaWXwgFqRC6BeJeGiOYGWoZqpAMdm7/5AISDGPkyy8/5x/+4e959s03XGw2XO4usLjBpPN0RquKIF7
2024-09-29 04:18:41 UTC	16384	IN	Data Raw: 43 44 31 68 32 42 50 43 67 55 4d 49 62 44 5a 62 56 48 61 45 63 63 43 31 4f 2b 4e 4f 64 6f 47 59 5a 59 63 30 71 4b 61 4a 65 4d 4c 6d 4a 66 4d 61 61 41 62 4e 44 51 64 30 50 45 78 65 74 4b 6a 53 4f 45 65 69 34 57 45 59 63 30 32 37 55 61 56 75 32 68 76 77 31 79 54 58 5a 4f 42 64 74 4b 4e 43 63 75 57 41 78 71 6e 31 71 53 54 37 2f 4a 6c 32 57 43 7a 38 65 62 54 4a 79 49 65 37 31 65 70 61 72 2b 6e 43 6d 78 31 31 50 4a 4b 70 56 4b 43 35 57 75 37 42 45 50 73 55 63 70 7a 52 71 46 6d 54 72 53 73 7a 50 4e 70 63 49 6c 66 50 37 2f 4a 67 57 6e 78 6d 31 6b 46 4f 6e 50 55 6a 44 37 48 67 42 71 73 31 34 46 5a 7a 38 4d 57 51 64 66 56 2b 51 36 70 47 49 42 58 53 31 38 30 33 4d 42 30 38 4b 2b 74 49 36 6f 75 4c 57 4b 2f 30 4a 4a 6d 32 4d 79 45 75 35 6a 37 70 6c 51 65 63 49 7a 69 Data Ascii: CD1h2BPCgUMIbDZbVHaEccC1O+NOdoGYZYc0qKaJeMLmJfMaaAbNDQd0PExetKjSOEei4WEYc027UaVu2hvw1yTXZOBdtKNCcuWAxqn1qST7/Jl2WCz8ebTJyIe71epar+nCmx11PJKpVKC5Wu7BEPsUcpzRqFmTrSszPNpcIlfP7/JgWnxm1kFOnPUjD7HgBqs14FZz8MWQdfV+Q6pGIBXS1803MB08K+tI6ouLWK/0JJm2MyEu5j7plQecIzi

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49720	151.101.130.137	443	1056	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 04:18:41 UTC	577	OUT	GET /jquery-3.6.0.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://confirmationportal.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://confirmationportal.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 04:18:41 UTC	611	IN	HTTP/1.1 200 OK Connection: close Content-Length: 89501 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-15d9d" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Age: 3775304 Date: Sun, 29 Sep 2024 04:18:41 GMT X-Served-By: cache-lga21931-LGA, cache-nyc-kteb1890087-NYC X-Cache: HIT, HIT X-Cache-Hits: 55, 0 X-Timer: S1727583522.878599,VS0,VE1 Vary: Accept-Encoding
2024-09-29 04:18:41 UTC	1378	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 30 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 Data Ascii: /! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQu
2024-09-29 04:18:41 UTC	1378	IN	Data Raw: 7d 2c 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 65 3f 73 2e 63 61 6c 6c 28 74 68 69 73 29 3a 65 3c 30 3f 74 68 69 73 5b 65 2b 74 68 69 73 2e 6c 65 6e 67 74 68 5d 3a 74 68 69 73 5b 65 5d 7d 2c 70 75 73 68 53 74 61 63 6b 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 53 2e 6d 65 72 67 65 28 74 68 69 73 2e 63 6f 6e 73 74 72 75 63 74 6f 72 28 29 2c 65 29 3b 72 65 74 75 72 6e 20 74 2e 70 72 65 76 4f 62 6a 65 63 74 3d 74 68 69 73 2c 74 7d 2c 65 61 63 68 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 53 2e 65 61 63 68 28 74 68 69 73 2c 65 29 7d 2c 6d 61 70 3a 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 75 73 68 53 74 61 63 6b 28 53 2e 6d 61 70 28 74 68 69 73 2c 66 Data Ascii: },get:function(e){return null==e?s.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=S.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return S.each(this,e)},map:function(n){return this.pushStack(S.map(this,f
2024-09-29 04:18:41 UTC	1378	IN	Data Raw: 6f 6e 28 65 29 7b 76 61 72 20 74 2c 6e 3b 72 65 74 75 72 6e 21 28 21 65 7c 7c 22 5b 6f 62 6a 65 63 74 20 4f 62 6a 65 63 74 5d 22 21 3d 3d 6f 2e 63 61 6c 6c 28 65 29 29 26 26 28 21 28 74 3d 72 28 65 29 29 7c 7c 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 28 6e 3d 76 2e 63 61 6c 6c 28 74 2c 22 63 6f 6e 73 74 72 75 63 74 6f 72 22 29 26 26 74 2e 63 6f 6e 73 74 72 75 63 74 6f 72 29 26 26 61 2e 63 61 6c 6c 28 6e 29 3d 3d 3d 6c 29 7d 2c 69 73 45 6d 70 74 79 4f 62 6a 65 63 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3b 66 6f 72 28 74 20 69 6e 20 65 29 72 65 74 75 72 6e 21 31 3b 72 65 74 75 72 6e 21 30 7d 2c 67 6c 6f 62 61 6c 45 76 61 6c 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 62 28 65 2c 7b 6e 6f 6e 63 65 3a 74 26 26 74 2e 6e 6f Data Ascii: on(e){var t,n;return!(!e\|\|"[object Object]"!==o.call(e))&&(!(t=r(e))\|\|"function"==typeof(n=v.call(t,"constructor")&&t.constructor)&&a.call(n)===l)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e,t,n){b(e,{nonce:t&&t.no
2024-09-29 04:18:41 UTC	1378	IN	Data Raw: 5d 2c 71 3d 74 2e 70 6f 70 2c 4c 3d 74 2e 70 75 73 68 2c 48 3d 74 2e 70 75 73 68 2c 4f 3d 74 2e 73 6c 69 63 65 2c 50 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 66 6f 72 28 76 61 72 20 6e 3d 30 2c 72 3d 65 2e 6c 65 6e 67 74 68 3b 6e 3c 72 3b 6e 2b 2b 29 69 66 28 65 5b 6e 5d 3d 3d 3d 74 29 72 65 74 75 72 6e 20 6e 3b 72 65 74 75 72 6e 2d 31 7d 2c 52 3d 22 63 68 65 63 6b 65 64 7c 73 65 6c 65 63 74 65 64 7c 61 73 79 6e 63 7c 61 75 74 6f 66 6f 63 75 73 7c 61 75 74 6f 70 6c 61 79 7c 63 6f 6e 74 72 6f 6c 73 7c 64 65 66 65 72 7c 64 69 73 61 62 6c 65 64 7c 68 69 64 64 65 6e 7c 69 73 6d 61 70 7c 6c 6f 6f 70 7c 6d 75 6c 74 69 70 6c 65 7c 6f 70 65 6e 7c 72 65 61 64 6f 6e 6c 79 7c 72 65 71 75 69 72 65 64 7c 73 63 6f 70 65 64 22 2c 4d 3d 22 5b 5c 5c 78 32 30 5c 5c 74 Data Ascii: ],q=t.pop,L=t.push,H=t.push,O=t.slice,P=function(e,t){for(var n=0,r=e.length;n<r;n++)if(e[n]===t)return n;return-1},R="checked\|selected\|async\|autofocus\|autoplay\|controls\|defer\|disabled\|hidden\|ismap\|loop\|multiple\|open\|readonly\|required\|scoped",M="[\\x20\\t
2024-09-29 04:18:41 UTC	1378	IN	Data Raw: 2c 65 65 3d 2f 5b 2b 7e 5d 2f 2c 74 65 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5c 5c 5c 5c 5b 5c 5c 64 61 2d 66 41 2d 46 5d 7b 31 2c 36 7d 22 2b 4d 2b 22 3f 7c 5c 5c 5c 5c 28 5b 5e 5c 5c 72 5c 5c 6e 5c 5c 66 5d 29 22 2c 22 67 22 29 2c 6e 65 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 22 30 78 22 2b 65 2e 73 6c 69 63 65 28 31 29 2d 36 35 35 33 36 3b 72 65 74 75 72 6e 20 74 7c 7c 28 6e 3c 30 3f 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 6e 2b 36 35 35 33 36 29 3a 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 6e 3e 3e 31 30 7c 35 35 32 39 36 2c 31 30 32 33 26 6e 7c 35 36 33 32 30 29 29 7d 2c 72 65 3d 2f 28 5b 5c 30 2d 5c 78 31 66 5c 78 37 66 5d 7c 5e 2d 3f 5c 64 29 7c 5e 2d 24 7c 5b 5e 5c 30 2d 5c 78 31 66 5c Data Ascii: ,ee=/[+~]/,te=new RegExp("\\\\[\\da-fA-F]{1,6}"+M+"?\|\\\\([^\\r\\n\\f])","g"),ne=function(e,t){var n="0x"+e.slice(1)-65536;return t\|\|(n<0?String.fromCharCode(n+65536):String.fromCharCode(n>>10\|55296,1023&n\|56320))},re=/([\0-\x1f\x7f]\|^-?\d)\|^-$\|[^\0-\x1f\
2024-09-29 04:18:41 UTC	1378	IN	Data Raw: 29 29 7b 28 66 3d 65 65 2e 74 65 73 74 28 74 29 26 26 79 65 28 65 2e 70 61 72 65 6e 74 4e 6f 64 65 29 7c 7c 65 29 3d 3d 3d 65 26 26 64 2e 73 63 6f 70 65 7c 7c 28 28 73 3d 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 29 29 3f 73 3d 73 2e 72 65 70 6c 61 63 65 28 72 65 2c 69 65 29 3a 65 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 2c 73 3d 53 29 29 2c 6f 3d 28 6c 3d 68 28 74 29 29 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 6f 2d 2d 29 6c 5b 6f 5d 3d 28 73 3f 22 23 22 2b 73 3a 22 3a 73 63 6f 70 65 22 29 2b 22 20 22 2b 78 65 28 6c 5b 6f 5d 29 3b 63 3d 6c 2e 6a 6f 69 6e 28 22 2c 22 29 7d 74 72 79 7b 72 65 74 75 72 6e 20 48 2e 61 70 70 6c 79 28 6e 2c 66 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 63 29 29 2c 6e 7d 63 61 74 63 68 28 Data Ascii: )){(f=ee.test(t)&&ye(e.parentNode)\|\|e)===e&&d.scope\|\|((s=e.getAttribute("id"))?s=s.replace(re,ie):e.setAttribute("id",s=S)),o=(l=h(t)).length;while(o--)l[o]=(s?"#"+s:":scope")+" "+xe(l[o]);c=l.join(",")}try{return H.apply(n,f.querySelectorAll(c)),n}catch(
2024-09-29 04:18:41 UTC	1378	IN	Data Raw: 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 2c 72 3d 61 28 5b 5d 2c 65 2e 6c 65 6e 67 74 68 2c 6f 29 2c 69 3d 72 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 69 2d 2d 29 65 5b 6e 3d 72 5b 69 5d 5d 26 26 28 65 5b 6e 5d 3d 21 28 74 5b 6e 5d 3d 65 5b 6e 5d 29 29 7d 29 7d 29 7d 66 75 6e 63 74 69 6f 6e 20 79 65 28 65 29 7b 72 65 74 75 72 6e 20 65 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 65 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 26 26 65 7d 66 6f 72 28 65 20 69 6e 20 64 3d 73 65 2e 73 75 70 70 6f 72 74 3d 7b 7d 2c 69 3d 73 65 2e 69 73 58 4d 4c 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 26 26 65 2e 6e 61 6d 65 73 70 61 63 65 55 52 49 2c 6e 3d 65 26 26 28 65 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 7c Data Ascii: ion(e,t){var n,r=a([],e.length,o),i=r.length;while(i--)e[n=r[i]]&&(e[n]=!(t[n]=e[n]))})})}function ye(e){return e&&"undefined"!=typeof e.getElementsByTagName&&e}for(e in d=se.support={},i=se.isXML=function(e){var t=e&&e.namespaceURI,n=e&&(e.ownerDocument\|
2024-09-29 04:18:41 UTC	1378	IN	Data Raw: 74 69 6f 6e 28 65 29 7b 76 61 72 20 6e 3d 65 2e 72 65 70 6c 61 63 65 28 74 65 2c 6e 65 29 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 26 26 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 28 22 69 64 22 29 3b 72 65 74 75 72 6e 20 74 26 26 74 2e 76 61 6c 75 65 3d 3d 3d 6e 7d 7d 2c 62 2e 66 69 6e 64 2e 49 44 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 26 26 45 29 7b 76 61 72 20 6e 2c 72 2c 69 2c 6f 3d 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 65 29 3b 69 66 28 6f 29 7b 69 66 28 28 Data Ascii: tion(e){var n=e.replace(te,ne);return function(e){var t="undefined"!=typeof e.getAttributeNode&&e.getAttributeNode("id");return t&&t.value===n}},b.find.ID=function(e,t){if("undefined"!=typeof t.getElementById&&E){var n,r,i,o=t.getElementById(e);if(o){if((
2024-09-29 04:18:41 UTC	1378	IN	Data Raw: 5b 22 2b 4d 2b 22 2a 6e 61 6d 65 22 2b 4d 2b 22 2a 3d 22 2b 4d 2b 22 2a 28 3f 3a 27 27 7c 5c 22 5c 22 29 22 29 2c 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 3a 63 68 65 63 6b 65 64 22 29 2e 6c 65 6e 67 74 68 7c 7c 76 2e 70 75 73 68 28 22 3a 63 68 65 63 6b 65 64 22 29 2c 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 61 23 22 2b 53 2b 22 2b 2a 22 29 2e 6c 65 6e 67 74 68 7c 7c 76 2e 70 75 73 68 28 22 2e 23 2e 2b 5b 2b 7e 5d 22 29 2c 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 5c 5c 5c 66 22 29 2c 76 2e 70 75 73 68 28 22 5b 5c 5c 72 5c 5c 6e 5c 5c 66 5d 22 29 7d 29 2c 63 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 3c 61 20 68 72 65 66 3d 27 27 20 64 69 73 61 62 6c 65 64 3d 27 Data Ascii: ["+M+"name"+M+"="+M+"(?:''\|\"\")"),e.querySelectorAll(":checked").length\|\|v.push(":checked"),e.querySelectorAll("a#"+S+"+").length\|\|v.push(".#.+[+~]"),e.querySelectorAll("\\\f"),v.push("[\\r\\n\\f]")}),ce(function(e){e.innerHTML="<a href='' disabled='
2024-09-29 04:18:41 UTC	1378	IN	Data Raw: 65 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 2d 21 74 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 3b 72 65 74 75 72 6e 20 6e 7c 7c 28 31 26 28 6e 3d 28 65 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 7c 7c 65 29 3d 3d 28 74 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 7c 7c 74 29 3f 65 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 28 74 29 3a 31 29 7c 7c 21 64 2e 73 6f 72 74 44 65 74 61 63 68 65 64 26 26 74 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 28 65 29 3d 3d 3d 6e 3f 65 3d 3d 43 7c 7c 65 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 3d 3d 70 26 26 79 28 70 2c 65 29 3f 2d 31 3a 74 3d 3d 43 7c 7c 74 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 3d 3d 70 Data Ascii: e.compareDocumentPosition-!t.compareDocumentPosition;return n\|\|(1&(n=(e.ownerDocument\|\|e)==(t.ownerDocument\|\|t)?e.compareDocumentPosition(t):1)\|\|!d.sortDetached&&t.compareDocumentPosition(e)===n?e==C\|\|e.ownerDocument==p&&y(p,e)?-1:t==C\|\|t.ownerDocument==p

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49721	13.107.246.60	443	1056	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 04:18:41 UTC	617	OUT	GET /attack-sim/lp/js/credentialCaptureTelemetry.js HTTP/1.1 Host: client-resources.outthink.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://confirmationportal.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://confirmationportal.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 04:18:42 UTC	790	IN	HTTP/1.1 200 OK Date: Sun, 29 Sep 2024 04:18:42 GMT Content-Type: application/x-javascript Content-Length: 2874 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Last-Modified: Fri, 27 Sep 2024 09:47:28 GMT ETag: "0x8DCDED9668157AB" x-ms-request-id: 21681eb6-c01e-0079-7a26-126112000000 x-ms-version: 2018-03-28 Access-Control-Expose-Headers: Accept-Ranges,Content-Length,Content-Range,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version Access-Control-Allow-Origin: * x-azure-ref: 20240929T041841Z-15767c5fc55w69c2zvnrz0gmgw00000004r000000000dbg7 x-fd-int-roxy-purgeid: 76671685 X-Cache: TCP_MISS Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Accept-Ranges: bytes
2024-09-29 04:18:42 UTC	2874	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 76 61 72 20 64 6f 6d 61 69 6e 3b 0d 0a 20 20 76 61 72 20 74 65 6e 61 6e 74 47 6c 6f 62 61 6c 49 64 3b 0d 0a 20 20 76 61 72 20 61 73 73 69 67 6e 6d 65 6e 74 49 64 3b 0d 0a 20 20 76 61 72 20 6c 65 61 72 6e 65 72 49 64 3b 0d 0a 20 20 76 61 72 20 75 72 6c 52 65 20 3d 20 2f 28 2e 2a 29 5c 2f 28 5b 61 2d 7a 41 2d 5a 2d 30 2d 39 5d 7b 33 36 7d 29 5c 2f 61 5c 2f 28 5b 61 2d 7a 41 2d 5a 2d 30 2d 39 5d 7b 33 36 7d 29 5c 2f 63 63 70 5c 3f 6c 69 64 3d 28 5b 61 2d 7a 41 2d 5a 2d 30 2d 39 5d 7b 33 36 7d 29 2f 67 69 3b 0d 0a 20 20 76 61 72 20 72 65 73 75 6c 74 20 3d 20 75 72 6c 52 65 2e 65 78 65 63 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 3b 0d 0a 20 20 69 66 20 28 72 65 73 75 6c 74 29 20 7b Data Ascii: (function () { var domain; var tenantGlobalId; var assignmentId; var learnerId; var urlRe = /(.*)\/([a-zA-Z-0-9]{36})\/a\/([a-zA-Z-0-9]{36})\/ccp\?lid=([a-zA-Z-0-9]{36})/gi; var result = urlRe.exec(window.location.href); if (result) {

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49717	52.208.21.115	443	1056	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 04:18:42 UTC	690	OUT	GET /favicon.ico HTTP/1.1 Host: confirmationportal.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://confirmationportal.com/cde2feda-a864-42b3-839c-7a2fa5508400/a/0c6ea613-19e3-408d-b644-ef80407a16a5/ccp?lang=it-IT Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 04:18:43 UTC	150	IN	HTTP/1.1 404 Not Found Date: Sun, 29 Sep 2024 04:18:42 GMT Content-Length: 0 Connection: close Server: nginx x-envoy-upstream-service-time: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49724	151.101.2.137	443	1056	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 04:18:44 UTC	358	OUT	GET /jquery-3.6.0.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 04:18:44 UTC	613	IN	HTTP/1.1 200 OK Connection: close Content-Length: 89501 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-15d9d" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Age: 1534494 Date: Sun, 29 Sep 2024 04:18:44 GMT X-Served-By: cache-lga21931-LGA, cache-ewr-kewr1740058-EWR X-Cache: HIT, HIT X-Cache-Hits: 5889, 0 X-Timer: S1727583524.203724,VS0,VE1 Vary: Accept-Encoding
2024-09-29 04:18:44 UTC	1378	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 30 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 Data Ascii: /! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQu
2024-09-29 04:18:44 UTC	1378	IN	Data Raw: 7d 2c 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 65 3f 73 2e 63 61 6c 6c 28 74 68 69 73 29 3a 65 3c 30 3f 74 68 69 73 5b 65 2b 74 68 69 73 2e 6c 65 6e 67 74 68 5d 3a 74 68 69 73 5b 65 5d 7d 2c 70 75 73 68 53 74 61 63 6b 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 53 2e 6d 65 72 67 65 28 74 68 69 73 2e 63 6f 6e 73 74 72 75 63 74 6f 72 28 29 2c 65 29 3b 72 65 74 75 72 6e 20 74 2e 70 72 65 76 4f 62 6a 65 63 74 3d 74 68 69 73 2c 74 7d 2c 65 61 63 68 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 53 2e 65 61 63 68 28 74 68 69 73 2c 65 29 7d 2c 6d 61 70 3a 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 75 73 68 53 74 61 63 6b 28 53 2e 6d 61 70 28 74 68 69 73 2c 66 Data Ascii: },get:function(e){return null==e?s.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=S.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return S.each(this,e)},map:function(n){return this.pushStack(S.map(this,f
2024-09-29 04:18:44 UTC	1378	IN	Data Raw: 6f 6e 28 65 29 7b 76 61 72 20 74 2c 6e 3b 72 65 74 75 72 6e 21 28 21 65 7c 7c 22 5b 6f 62 6a 65 63 74 20 4f 62 6a 65 63 74 5d 22 21 3d 3d 6f 2e 63 61 6c 6c 28 65 29 29 26 26 28 21 28 74 3d 72 28 65 29 29 7c 7c 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 28 6e 3d 76 2e 63 61 6c 6c 28 74 2c 22 63 6f 6e 73 74 72 75 63 74 6f 72 22 29 26 26 74 2e 63 6f 6e 73 74 72 75 63 74 6f 72 29 26 26 61 2e 63 61 6c 6c 28 6e 29 3d 3d 3d 6c 29 7d 2c 69 73 45 6d 70 74 79 4f 62 6a 65 63 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3b 66 6f 72 28 74 20 69 6e 20 65 29 72 65 74 75 72 6e 21 31 3b 72 65 74 75 72 6e 21 30 7d 2c 67 6c 6f 62 61 6c 45 76 61 6c 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 62 28 65 2c 7b 6e 6f 6e 63 65 3a 74 26 26 74 2e 6e 6f Data Ascii: on(e){var t,n;return!(!e\|\|"[object Object]"!==o.call(e))&&(!(t=r(e))\|\|"function"==typeof(n=v.call(t,"constructor")&&t.constructor)&&a.call(n)===l)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e,t,n){b(e,{nonce:t&&t.no
2024-09-29 04:18:44 UTC	1378	IN	Data Raw: 5d 2c 71 3d 74 2e 70 6f 70 2c 4c 3d 74 2e 70 75 73 68 2c 48 3d 74 2e 70 75 73 68 2c 4f 3d 74 2e 73 6c 69 63 65 2c 50 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 66 6f 72 28 76 61 72 20 6e 3d 30 2c 72 3d 65 2e 6c 65 6e 67 74 68 3b 6e 3c 72 3b 6e 2b 2b 29 69 66 28 65 5b 6e 5d 3d 3d 3d 74 29 72 65 74 75 72 6e 20 6e 3b 72 65 74 75 72 6e 2d 31 7d 2c 52 3d 22 63 68 65 63 6b 65 64 7c 73 65 6c 65 63 74 65 64 7c 61 73 79 6e 63 7c 61 75 74 6f 66 6f 63 75 73 7c 61 75 74 6f 70 6c 61 79 7c 63 6f 6e 74 72 6f 6c 73 7c 64 65 66 65 72 7c 64 69 73 61 62 6c 65 64 7c 68 69 64 64 65 6e 7c 69 73 6d 61 70 7c 6c 6f 6f 70 7c 6d 75 6c 74 69 70 6c 65 7c 6f 70 65 6e 7c 72 65 61 64 6f 6e 6c 79 7c 72 65 71 75 69 72 65 64 7c 73 63 6f 70 65 64 22 2c 4d 3d 22 5b 5c 5c 78 32 30 5c 5c 74 Data Ascii: ],q=t.pop,L=t.push,H=t.push,O=t.slice,P=function(e,t){for(var n=0,r=e.length;n<r;n++)if(e[n]===t)return n;return-1},R="checked\|selected\|async\|autofocus\|autoplay\|controls\|defer\|disabled\|hidden\|ismap\|loop\|multiple\|open\|readonly\|required\|scoped",M="[\\x20\\t
2024-09-29 04:18:44 UTC	1378	IN	Data Raw: 2c 65 65 3d 2f 5b 2b 7e 5d 2f 2c 74 65 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5c 5c 5c 5c 5b 5c 5c 64 61 2d 66 41 2d 46 5d 7b 31 2c 36 7d 22 2b 4d 2b 22 3f 7c 5c 5c 5c 5c 28 5b 5e 5c 5c 72 5c 5c 6e 5c 5c 66 5d 29 22 2c 22 67 22 29 2c 6e 65 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 22 30 78 22 2b 65 2e 73 6c 69 63 65 28 31 29 2d 36 35 35 33 36 3b 72 65 74 75 72 6e 20 74 7c 7c 28 6e 3c 30 3f 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 6e 2b 36 35 35 33 36 29 3a 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 6e 3e 3e 31 30 7c 35 35 32 39 36 2c 31 30 32 33 26 6e 7c 35 36 33 32 30 29 29 7d 2c 72 65 3d 2f 28 5b 5c 30 2d 5c 78 31 66 5c 78 37 66 5d 7c 5e 2d 3f 5c 64 29 7c 5e 2d 24 7c 5b 5e 5c 30 2d 5c 78 31 66 5c Data Ascii: ,ee=/[+~]/,te=new RegExp("\\\\[\\da-fA-F]{1,6}"+M+"?\|\\\\([^\\r\\n\\f])","g"),ne=function(e,t){var n="0x"+e.slice(1)-65536;return t\|\|(n<0?String.fromCharCode(n+65536):String.fromCharCode(n>>10\|55296,1023&n\|56320))},re=/([\0-\x1f\x7f]\|^-?\d)\|^-$\|[^\0-\x1f\
2024-09-29 04:18:44 UTC	1378	IN	Data Raw: 29 29 7b 28 66 3d 65 65 2e 74 65 73 74 28 74 29 26 26 79 65 28 65 2e 70 61 72 65 6e 74 4e 6f 64 65 29 7c 7c 65 29 3d 3d 3d 65 26 26 64 2e 73 63 6f 70 65 7c 7c 28 28 73 3d 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 29 29 3f 73 3d 73 2e 72 65 70 6c 61 63 65 28 72 65 2c 69 65 29 3a 65 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 2c 73 3d 53 29 29 2c 6f 3d 28 6c 3d 68 28 74 29 29 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 6f 2d 2d 29 6c 5b 6f 5d 3d 28 73 3f 22 23 22 2b 73 3a 22 3a 73 63 6f 70 65 22 29 2b 22 20 22 2b 78 65 28 6c 5b 6f 5d 29 3b 63 3d 6c 2e 6a 6f 69 6e 28 22 2c 22 29 7d 74 72 79 7b 72 65 74 75 72 6e 20 48 2e 61 70 70 6c 79 28 6e 2c 66 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 63 29 29 2c 6e 7d 63 61 74 63 68 28 Data Ascii: )){(f=ee.test(t)&&ye(e.parentNode)\|\|e)===e&&d.scope\|\|((s=e.getAttribute("id"))?s=s.replace(re,ie):e.setAttribute("id",s=S)),o=(l=h(t)).length;while(o--)l[o]=(s?"#"+s:":scope")+" "+xe(l[o]);c=l.join(",")}try{return H.apply(n,f.querySelectorAll(c)),n}catch(
2024-09-29 04:18:44 UTC	1378	IN	Data Raw: 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 2c 72 3d 61 28 5b 5d 2c 65 2e 6c 65 6e 67 74 68 2c 6f 29 2c 69 3d 72 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 69 2d 2d 29 65 5b 6e 3d 72 5b 69 5d 5d 26 26 28 65 5b 6e 5d 3d 21 28 74 5b 6e 5d 3d 65 5b 6e 5d 29 29 7d 29 7d 29 7d 66 75 6e 63 74 69 6f 6e 20 79 65 28 65 29 7b 72 65 74 75 72 6e 20 65 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 65 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 26 26 65 7d 66 6f 72 28 65 20 69 6e 20 64 3d 73 65 2e 73 75 70 70 6f 72 74 3d 7b 7d 2c 69 3d 73 65 2e 69 73 58 4d 4c 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 26 26 65 2e 6e 61 6d 65 73 70 61 63 65 55 52 49 2c 6e 3d 65 26 26 28 65 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 7c Data Ascii: ion(e,t){var n,r=a([],e.length,o),i=r.length;while(i--)e[n=r[i]]&&(e[n]=!(t[n]=e[n]))})})}function ye(e){return e&&"undefined"!=typeof e.getElementsByTagName&&e}for(e in d=se.support={},i=se.isXML=function(e){var t=e&&e.namespaceURI,n=e&&(e.ownerDocument\|
2024-09-29 04:18:44 UTC	1378	IN	Data Raw: 74 69 6f 6e 28 65 29 7b 76 61 72 20 6e 3d 65 2e 72 65 70 6c 61 63 65 28 74 65 2c 6e 65 29 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 26 26 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 28 22 69 64 22 29 3b 72 65 74 75 72 6e 20 74 26 26 74 2e 76 61 6c 75 65 3d 3d 3d 6e 7d 7d 2c 62 2e 66 69 6e 64 2e 49 44 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 26 26 45 29 7b 76 61 72 20 6e 2c 72 2c 69 2c 6f 3d 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 65 29 3b 69 66 28 6f 29 7b 69 66 28 28 Data Ascii: tion(e){var n=e.replace(te,ne);return function(e){var t="undefined"!=typeof e.getAttributeNode&&e.getAttributeNode("id");return t&&t.value===n}},b.find.ID=function(e,t){if("undefined"!=typeof t.getElementById&&E){var n,r,i,o=t.getElementById(e);if(o){if((
2024-09-29 04:18:44 UTC	1378	IN	Data Raw: 5b 22 2b 4d 2b 22 2a 6e 61 6d 65 22 2b 4d 2b 22 2a 3d 22 2b 4d 2b 22 2a 28 3f 3a 27 27 7c 5c 22 5c 22 29 22 29 2c 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 3a 63 68 65 63 6b 65 64 22 29 2e 6c 65 6e 67 74 68 7c 7c 76 2e 70 75 73 68 28 22 3a 63 68 65 63 6b 65 64 22 29 2c 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 61 23 22 2b 53 2b 22 2b 2a 22 29 2e 6c 65 6e 67 74 68 7c 7c 76 2e 70 75 73 68 28 22 2e 23 2e 2b 5b 2b 7e 5d 22 29 2c 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 5c 5c 5c 66 22 29 2c 76 2e 70 75 73 68 28 22 5b 5c 5c 72 5c 5c 6e 5c 5c 66 5d 22 29 7d 29 2c 63 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 3c 61 20 68 72 65 66 3d 27 27 20 64 69 73 61 62 6c 65 64 3d 27 Data Ascii: ["+M+"name"+M+"="+M+"(?:''\|\"\")"),e.querySelectorAll(":checked").length\|\|v.push(":checked"),e.querySelectorAll("a#"+S+"+").length\|\|v.push(".#.+[+~]"),e.querySelectorAll("\\\f"),v.push("[\\r\\n\\f]")}),ce(function(e){e.innerHTML="<a href='' disabled='
2024-09-29 04:18:44 UTC	1378	IN	Data Raw: 65 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 2d 21 74 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 3b 72 65 74 75 72 6e 20 6e 7c 7c 28 31 26 28 6e 3d 28 65 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 7c 7c 65 29 3d 3d 28 74 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 7c 7c 74 29 3f 65 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 28 74 29 3a 31 29 7c 7c 21 64 2e 73 6f 72 74 44 65 74 61 63 68 65 64 26 26 74 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 28 65 29 3d 3d 3d 6e 3f 65 3d 3d 43 7c 7c 65 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 3d 3d 70 26 26 79 28 70 2c 65 29 3f 2d 31 3a 74 3d 3d 43 7c 7c 74 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 3d 3d 70 Data Ascii: e.compareDocumentPosition-!t.compareDocumentPosition;return n\|\|(1&(n=(e.ownerDocument\|\|e)==(t.ownerDocument\|\|t)?e.compareDocumentPosition(t):1)\|\|!d.sortDetached&&t.compareDocumentPosition(e)===n?e==C\|\|e.ownerDocument==p&&y(p,e)?-1:t==C\|\|t.ownerDocument==p

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49723	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 04:18:44 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-29 04:18:44 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF67) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=131178 Date: Sun, 29 Sep 2024 04:18:44 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49725	13.107.246.60	443	1056	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 04:18:44 UTC	398	OUT	GET /attack-sim/lp/js/credentialCaptureTelemetry.js HTTP/1.1 Host: client-resources.outthink.io Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 04:18:44 UTC	810	IN	HTTP/1.1 200 OK Date: Sun, 29 Sep 2024 04:18:44 GMT Content-Type: application/x-javascript Content-Length: 2874 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Last-Modified: Fri, 27 Sep 2024 09:47:28 GMT ETag: "0x8DCDED9668157AB" x-ms-request-id: 21681eb6-c01e-0079-7a26-126112000000 x-ms-version: 2018-03-28 Access-Control-Expose-Headers: Accept-Ranges,Content-Length,Content-Range,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version Access-Control-Allow-Origin: * x-azure-ref: 20240929T041844Z-15767c5fc55v7j95gq2uzq37a000000004qg00000000dh85 x-fd-int-roxy-purgeid: 76671685 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Accept-Ranges: bytes
2024-09-29 04:18:44 UTC	2874	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 76 61 72 20 64 6f 6d 61 69 6e 3b 0d 0a 20 20 76 61 72 20 74 65 6e 61 6e 74 47 6c 6f 62 61 6c 49 64 3b 0d 0a 20 20 76 61 72 20 61 73 73 69 67 6e 6d 65 6e 74 49 64 3b 0d 0a 20 20 76 61 72 20 6c 65 61 72 6e 65 72 49 64 3b 0d 0a 20 20 76 61 72 20 75 72 6c 52 65 20 3d 20 2f 28 2e 2a 29 5c 2f 28 5b 61 2d 7a 41 2d 5a 2d 30 2d 39 5d 7b 33 36 7d 29 5c 2f 61 5c 2f 28 5b 61 2d 7a 41 2d 5a 2d 30 2d 39 5d 7b 33 36 7d 29 5c 2f 63 63 70 5c 3f 6c 69 64 3d 28 5b 61 2d 7a 41 2d 5a 2d 30 2d 39 5d 7b 33 36 7d 29 2f 67 69 3b 0d 0a 20 20 76 61 72 20 72 65 73 75 6c 74 20 3d 20 75 72 6c 52 65 2e 65 78 65 63 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 3b 0d 0a 20 20 69 66 20 28 72 65 73 75 6c 74 29 20 7b Data Ascii: (function () { var domain; var tenantGlobalId; var assignmentId; var learnerId; var urlRe = /(.*)\/([a-zA-Z-0-9]{36})\/a\/([a-zA-Z-0-9]{36})\/ccp\?lid=([a-zA-Z-0-9]{36})/gi; var result = urlRe.exec(window.location.href); if (result) {

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	49727	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 04:18:46 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-29 04:18:46 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=131206 Date: Sun, 29 Sep 2024 04:18:46 GMT Content-Length: 55 Connection: close X-CID: 2
2024-09-29 04:18:46 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.6	49730	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 04:18:48 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4c 30 2b 47 51 64 31 75 69 55 2b 41 52 34 53 4d 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 62 36 62 61 35 66 33 63 33 36 34 64 64 31 39 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: L0+GQd1uiU+AR4SM.1Context: fb6ba5f3c364dd19
2024-09-29 04:18:48 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-29 04:18:48 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 4c 30 2b 47 51 64 31 75 69 55 2b 41 52 34 53 4d 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 62 36 62 61 35 66 33 63 33 36 34 64 64 31 39 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 64 72 68 4a 34 45 68 50 5a 39 79 4e 6a 30 46 74 52 51 74 76 76 49 6f 51 75 61 54 6a 36 56 51 49 48 79 47 73 67 46 67 41 62 45 4d 4c 30 76 38 68 6f 42 6a 66 48 4c 79 33 68 37 33 58 46 37 32 64 73 43 79 4c 4b 56 4a 55 56 33 5a 57 73 51 39 56 55 6c 42 4e 75 64 52 77 45 6e 75 47 59 69 6d 31 69 6b 4b 67 4b 6a 49 79 37 64 72 74 53 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: L0+GQd1uiU+AR4SM.2Context: fb6ba5f3c364dd19<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAdrhJ4EhPZ9yNj0FtRQtvvIoQuaTj6VQIHyGsgFgAbEML0v8hoBjfHLy3h73XF72dsCyLKVJUV3ZWsQ9VUlBNudRwEnuGYim1ikKgKjIy7drtS
2024-09-29 04:18:48 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4c 30 2b 47 51 64 31 75 69 55 2b 41 52 34 53 4d 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 62 36 62 61 35 66 33 63 33 36 34 64 64 31 39 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: L0+GQd1uiU+AR4SM.3Context: fb6ba5f3c364dd19<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-29 04:18:48 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-29 04:18:48 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 65 71 62 4d 43 65 6c 44 2b 6b 79 6f 56 52 75 44 47 67 6a 31 6f 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: eqbMCelD+kyoVRuDGgj1oQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.6	49736	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 04:19:01 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 73 54 35 73 59 69 78 58 4e 55 36 71 4a 69 74 68 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 36 63 33 65 35 39 39 61 36 64 30 36 30 31 62 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: sT5sYixXNU6qJith.1Context: 56c3e599a6d0601b
2024-09-29 04:19:01 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-29 04:19:01 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 73 54 35 73 59 69 78 58 4e 55 36 71 4a 69 74 68 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 36 63 33 65 35 39 39 61 36 64 30 36 30 31 62 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 64 72 68 4a 34 45 68 50 5a 39 79 4e 6a 30 46 74 52 51 74 76 76 49 6f 51 75 61 54 6a 36 56 51 49 48 79 47 73 67 46 67 41 62 45 4d 4c 30 76 38 68 6f 42 6a 66 48 4c 79 33 68 37 33 58 46 37 32 64 73 43 79 4c 4b 56 4a 55 56 33 5a 57 73 51 39 56 55 6c 42 4e 75 64 52 77 45 6e 75 47 59 69 6d 31 69 6b 4b 67 4b 6a 49 79 37 64 72 74 53 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: sT5sYixXNU6qJith.2Context: 56c3e599a6d0601b<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAdrhJ4EhPZ9yNj0FtRQtvvIoQuaTj6VQIHyGsgFgAbEML0v8hoBjfHLy3h73XF72dsCyLKVJUV3ZWsQ9VUlBNudRwEnuGYim1ikKgKjIy7drtS
2024-09-29 04:19:01 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 73 54 35 73 59 69 78 58 4e 55 36 71 4a 69 74 68 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 36 63 33 65 35 39 39 61 36 64 30 36 30 31 62 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: sT5sYixXNU6qJith.3Context: 56c3e599a6d0601b<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-29 04:19:01 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-29 04:19:01 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 68 71 78 63 79 76 44 6e 45 30 2b 4f 2b 61 70 45 74 6d 30 6e 2b 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: hqxcyvDnE0+O+apEtm0n+Q.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.6	49737	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 04:19:22 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 48 6d 4a 2f 64 43 75 76 77 6b 4f 5a 66 77 54 32 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 65 63 36 31 32 31 37 31 32 38 66 38 64 63 32 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: HmJ/dCuvwkOZfwT2.1Context: 9ec61217128f8dc2
2024-09-29 04:19:22 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-29 04:19:22 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 48 6d 4a 2f 64 43 75 76 77 6b 4f 5a 66 77 54 32 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 65 63 36 31 32 31 37 31 32 38 66 38 64 63 32 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 64 72 68 4a 34 45 68 50 5a 39 79 4e 6a 30 46 74 52 51 74 76 76 49 6f 51 75 61 54 6a 36 56 51 49 48 79 47 73 67 46 67 41 62 45 4d 4c 30 76 38 68 6f 42 6a 66 48 4c 79 33 68 37 33 58 46 37 32 64 73 43 79 4c 4b 56 4a 55 56 33 5a 57 73 51 39 56 55 6c 42 4e 75 64 52 77 45 6e 75 47 59 69 6d 31 69 6b 4b 67 4b 6a 49 79 37 64 72 74 53 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: HmJ/dCuvwkOZfwT2.2Context: 9ec61217128f8dc2<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAdrhJ4EhPZ9yNj0FtRQtvvIoQuaTj6VQIHyGsgFgAbEML0v8hoBjfHLy3h73XF72dsCyLKVJUV3ZWsQ9VUlBNudRwEnuGYim1ikKgKjIy7drtS
2024-09-29 04:19:22 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 48 6d 4a 2f 64 43 75 76 77 6b 4f 5a 66 77 54 32 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 65 63 36 31 32 31 37 31 32 38 66 38 64 63 32 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: HmJ/dCuvwkOZfwT2.3Context: 9ec61217128f8dc2<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-29 04:19:22 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-29 04:19:22 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 49 48 55 61 71 76 79 76 33 30 75 33 75 70 67 44 6e 65 67 44 49 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: IHUaqvyv30u3upgDnegDIQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.6	49741	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 04:19:52 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 30 7a 31 45 6f 52 56 34 72 55 57 66 59 47 77 35 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 36 64 30 32 31 64 33 65 61 63 61 36 36 61 66 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 0z1EoRV4rUWfYGw5.1Context: 46d021d3eaca66af
2024-09-29 04:19:52 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-29 04:19:52 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 30 7a 31 45 6f 52 56 34 72 55 57 66 59 47 77 35 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 36 64 30 32 31 64 33 65 61 63 61 36 36 61 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 64 72 68 4a 34 45 68 50 5a 39 79 4e 6a 30 46 74 52 51 74 76 76 49 6f 51 75 61 54 6a 36 56 51 49 48 79 47 73 67 46 67 41 62 45 4d 4c 30 76 38 68 6f 42 6a 66 48 4c 79 33 68 37 33 58 46 37 32 64 73 43 79 4c 4b 56 4a 55 56 33 5a 57 73 51 39 56 55 6c 42 4e 75 64 52 77 45 6e 75 47 59 69 6d 31 69 6b 4b 67 4b 6a 49 79 37 64 72 74 53 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 0z1EoRV4rUWfYGw5.2Context: 46d021d3eaca66af<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAdrhJ4EhPZ9yNj0FtRQtvvIoQuaTj6VQIHyGsgFgAbEML0v8hoBjfHLy3h73XF72dsCyLKVJUV3ZWsQ9VUlBNudRwEnuGYim1ikKgKjIy7drtS
2024-09-29 04:19:52 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 30 7a 31 45 6f 52 56 34 72 55 57 66 59 47 77 35 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 36 64 30 32 31 64 33 65 61 63 61 36 36 61 66 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: 0z1EoRV4rUWfYGw5.3Context: 46d021d3eaca66af<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-29 04:19:52 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-29 04:19:52 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 78 62 79 7a 74 5a 6c 57 4c 6b 6d 68 74 49 77 52 5a 45 78 33 43 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: xbyztZlWLkmhtIwRZEx3Cw.0Payload parsing failed.

Target ID:	0
Start time:	00:18:33
Start date:	29/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	00:18:35
Start date:	29/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=2088,i,15873703508875450898,2543275696707719788,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	00:18:38
Start date:	29/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://confirmationportal.com/cde2feda-a864-42b3-839c-7a2fa5508400/a/0c6ea613-19e3-408d-b644-ef80407a16a5/ccp?lang=it-IT"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://confirmationportal.com/cde2feda-a864-42b3-839c-7a2fa5508400/a/0c6ea613-19e3-408d-b644-ef80407a16a5/ccp?lang=it-IT

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 46

Chrome Cache Entry: 47

Chrome Cache Entry: 48

Chrome Cache Entry: 49

Chrome Cache Entry: 50

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5044, Parent PID: 5888

General

Chronological Activities

Analysis Process: chrome.exePID: 1056, Parent PID: 5044

General

Chronological Activities

Analysis Process: chrome.exePID: 5016, Parent PID: 5888

General

Chronological Activities

Windows Analysis Report
https://confirmationportal.com/cde2feda-a864-42b3-839c-7a2fa5508400/a/0c6ea613-19e3-408d-b644-ef80407a16a5/ccp?lang=it-IT