Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://ithelpdesk.automationanywhere.com/app/itdesk/ui/requests/27746000065200260/details

Overview

General Information

Sample URL:https://ithelpdesk.automationanywhere.com/app/itdesk/ui/requests/27746000065200260/details
Analysis ID:1543671
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected non-DNS traffic on DNS port
HTML body contains low number of good links
Uses insecure TLS / SSL version for HTTPS connection

Classification

  • System is w10x64
  • chrome.exe (PID: 5324 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • chrome.exe (PID: 4996 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 --field-trial-handle=2216,i,14187799758207872673,14442970336596630755,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • chrome.exe (PID: 4540 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ithelpdesk.automationanywhere.com/app/itdesk/ui/requests/27746000065200260/details" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://automationanywhere.okta.com/app/automationanywhere_ithelpdesk_1/exk3ez7zehmk8x48s2p7/sso/saml?SAMLRequest=fVLLbtswEPwVgXdLpCxbFmEZUGMUNZC2Ruz2kIvBSKuKsESqXMpx%2FPWlmCYwkMd1Zndmdsgliq7teTHYRt3B3wHQBueuVcg9kZPBKK4FSuRKdIDclnxXfL%2FlcUh5b7TVpW5JsFnn5JCy2Yxm85omGU2qmi4qqJL5dJY9sCSrU8bSKWWUkuA3GJRa5cSJuF3EATYKrVDWQTROJoxO4sWepnw655SFWRLfk%2BCrNiX4oDmpRYswrm4FojzBK7L9H%2BmLVJVUfz7P%2F%2FA8hPzbfr%2BdbH%2Fu9iQoEMFYl%2B5GKxw6MDswJ1nCr7vbnDTW9sijSJSlHpTF8KIbHZa6i8a2DGDvliASg9WdGEWEenpswMA4Q4K1a1cqT1xpvR3WRyu8quj7d%2FiDtA20fQV4PLAIzscpXNILNN1xcU4WGPdphKh9JF%2FISVZgfrjrc3Lv8pLVcqS4791cvfbnZYmXYsjq5epldCX0rNrz0Wiz3upWlk9B0bb68caAsM7cmgH8M7pzPvZiIfOIrCa1H%2BXQCdkWVeX6RRc%2BeuvzCl7%2F49U%2F&RelayState=aHR0cHM6Ly9pdGhlbHBkZXNrLmF1dG9tYXRpb25hbnl3aGVyZS5jb20vYXBwL2l0ZGVzay91aS9yZXF1ZXN0cy8yNzc0NjAwMDA2NTIwMDI2MC9kZXRhaWxzX19JQU1fX1NEUE9uRGVtYW5kX19JQU1fX19fSUFNX19mYWxzZV9fSUFNX18%3DHTTP Parser: Number of links: 1
Source: https://automationanywhere.okta.com/app/automationanywhere_ithelpdesk_1/exk3ez7zehmk8x48s2p7/sso/saml?SAMLRequest=fVLLbtswEPwVgXdLpCxbFmEZUGMUNZC2Ruz2kIvBSKuKsESqXMpx%2FPWlmCYwkMd1Zndmdsgliq7teTHYRt3B3wHQBueuVcg9kZPBKK4FSuRKdIDclnxXfL%2FlcUh5b7TVpW5JsFnn5JCy2Yxm85omGU2qmi4qqJL5dJY9sCSrU8bSKWWUkuA3GJRa5cSJuF3EATYKrVDWQTROJoxO4sWepnw655SFWRLfk%2BCrNiX4oDmpRYswrm4FojzBK7L9H%2BmLVJVUfz7P%2F%2FA8hPzbfr%2BdbH%2Fu9iQoEMFYl%2B5GKxw6MDswJ1nCr7vbnDTW9sijSJSlHpTF8KIbHZa6i8a2DGDvliASg9WdGEWEenpswMA4Q4K1a1cqT1xpvR3WRyu8quj7d%2FiDtA20fQV4PLAIzscpXNILNN1xcU4WGPdphKh9JF%2FISVZgfrjrc3Lv8pLVcqS4791cvfbnZYmXYsjq5epldCX0rNrz0Wiz3upWlk9B0bb68caAsM7cmgH8M7pzPvZiIfOIrCa1H%2BXQCdkWVeX6RRc%2BeuvzCl7%2F49U%2F&RelayState=aHR0cHM6Ly9pdGhlbHBkZXNrLmF1dG9tYXRpb25hbnl3aGVyZS5jb20vYXBwL2l0ZGVzay91aS9yZXF1ZXN0cy8yNzc0NjAwMDA2NTIwMDI2MC9kZXRhaWxzX19JQU1fX1NEUE9uRGVtYW5kX19JQU1fX19fSUFNX19mYWxzZV9fSUFNX18%3DHTTP Parser: No <meta name="author".. found
Source: https://automationanywhere.okta.com/app/automationanywhere_ithelpdesk_1/exk3ez7zehmk8x48s2p7/sso/saml?SAMLRequest=fVLLbtswEPwVgXdLpCxbFmEZUGMUNZC2Ruz2kIvBSKuKsESqXMpx%2FPWlmCYwkMd1Zndmdsgliq7teTHYRt3B3wHQBueuVcg9kZPBKK4FSuRKdIDclnxXfL%2FlcUh5b7TVpW5JsFnn5JCy2Yxm85omGU2qmi4qqJL5dJY9sCSrU8bSKWWUkuA3GJRa5cSJuF3EATYKrVDWQTROJoxO4sWepnw655SFWRLfk%2BCrNiX4oDmpRYswrm4FojzBK7L9H%2BmLVJVUfz7P%2F%2FA8hPzbfr%2BdbH%2Fu9iQoEMFYl%2B5GKxw6MDswJ1nCr7vbnDTW9sijSJSlHpTF8KIbHZa6i8a2DGDvliASg9WdGEWEenpswMA4Q4K1a1cqT1xpvR3WRyu8quj7d%2FiDtA20fQV4PLAIzscpXNILNN1xcU4WGPdphKh9JF%2FISVZgfrjrc3Lv8pLVcqS4791cvfbnZYmXYsjq5epldCX0rNrz0Wiz3upWlk9B0bb68caAsM7cmgH8M7pzPvZiIfOIrCa1H%2BXQCdkWVeX6RRc%2BeuvzCl7%2F49U%2F&RelayState=aHR0cHM6Ly9pdGhlbHBkZXNrLmF1dG9tYXRpb25hbnl3aGVyZS5jb20vYXBwL2l0ZGVzay91aS9yZXF1ZXN0cy8yNzc0NjAwMDA2NTIwMDI2MC9kZXRhaWxzX19JQU1fX1NEUE9uRGVtYW5kX19JQU1fX19fSUFNX19mYWxzZV9fSUFNX18%3DHTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.6:49730 version: TLS 1.0
Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.6:49753 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.6:49760 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.6:49769 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.6:49770 version: TLS 1.2
Source: unknownHTTPS traffic detected: 76.223.42.213:443 -> 192.168.2.6:49773 version: TLS 1.2
Source: global trafficTCP traffic: 192.168.2.6:49726 -> 1.1.1.1:53
Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.6:49730 version: TLS 1.0
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: global trafficHTTP traffic detected: GET /app/itdesk/ui/requests/27746000065200260/details HTTP/1.1Host: ithelpdesk.automationanywhere.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /Login.jsp?serviceurl=%2Fapp%2Fitdesk%2Fui%2Frequests%2F27746000065200260%2Fdetails HTTP/1.1Host: ithelpdesk.automationanywhere.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: zalb_6bc9ae5955=8ffc757add8670d4be8660e2f5588b6e; sdpcscook=86188593-62bd-491c-b54e-1f56c1bcc4e6; _zcsr_tmp=86188593-62bd-491c-b54e-1f56c1bcc4e6
Source: global trafficHTTP traffic detected: GET /samlauthrequest/630778920?serviceurl=https%3A%2F%2Fithelpdesk.automationanywhere.com%2Fapp%2Fitdesk%2Fui%2Frequests%2F27746000065200260%2Fdetails&servicename=SDPOnDemand&portal_id=630778920&hide_signup=false HTTP/1.1Host: accounts.zoho.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /app/automationanywhere_ithelpdesk_1/exk3ez7zehmk8x48s2p7/sso/saml?SAMLRequest=fVLLbtswEPwVgXdLpCxbFmEZUGMUNZC2Ruz2kIvBSKuKsESqXMpx%2FPWlmCYwkMd1Zndmdsgliq7teTHYRt3B3wHQBueuVcg9kZPBKK4FSuRKdIDclnxXfL%2FlcUh5b7TVpW5JsFnn5JCy2Yxm85omGU2qmi4qqJL5dJY9sCSrU8bSKWWUkuA3GJRa5cSJuF3EATYKrVDWQTROJoxO4sWepnw655SFWRLfk%2BCrNiX4oDmpRYswrm4FojzBK7L9H%2BmLVJVUfz7P%2F%2FA8hPzbfr%2BdbH%2Fu9iQoEMFYl%2B5GKxw6MDswJ1nCr7vbnDTW9sijSJSlHpTF8KIbHZa6i8a2DGDvliASg9WdGEWEenpswMA4Q4K1a1cqT1xpvR3WRyu8quj7d%2FiDtA20fQV4PLAIzscpXNILNN1xcU4WGPdphKh9JF%2FISVZgfrjrc3Lv8pLVcqS4791cvfbnZYmXYsjq5epldCX0rNrz0Wiz3upWlk9B0bb68caAsM7cmgH8M7pzPvZiIfOIrCa1H%2BXQCdkWVeX6RRc%2BeuvzCl7%2F49U%2F&RelayState=aHR0cHM6Ly9pdGhlbHBkZXNrLmF1dG9tYXRpb25hbnl3aGVyZS5jb20vYXBwL2l0ZGVzay91aS9yZXF1ZXN0cy8yNzc0NjAwMDA2NTIwMDI2MC9kZXRhaWxzX19JQU1fX1NEUE9uRGVtYW5kX19JQU1fX19fSUFNX19mYWxzZV9fSUFNX18%3D HTTP/1.1Host: automationanywhere.okta.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /api/internal/brand/theme/style-sheet?touch-point=SIGN_IN_PAGE&v=abc4780733b2999dc5536ea4bf18a7237d32beafe91e2f7611b8af3ecb8ae0d0dfb208992a3b1ecefd0c0f9333f4b59d HTTP/1.1Host: automationanywhere.okta.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://automationanywhere.okta.com/app/automationanywhere_ithelpdesk_1/exk3ez7zehmk8x48s2p7/sso/saml?SAMLRequest=fVLLbtswEPwVgXdLpCxbFmEZUGMUNZC2Ruz2kIvBSKuKsESqXMpx%2FPWlmCYwkMd1Zndmdsgliq7teTHYRt3B3wHQBueuVcg9kZPBKK4FSuRKdIDclnxXfL%2FlcUh5b7TVpW5JsFnn5JCy2Yxm85omGU2qmi4qqJL5dJY9sCSrU8bSKWWUkuA3GJRa5cSJuF3EATYKrVDWQTROJoxO4sWepnw655SFWRLfk%2BCrNiX4oDmpRYswrm4FojzBK7L9H%2BmLVJVUfz7P%2F%2FA8hPzbfr%2BdbH%2Fu9iQoEMFYl%2B5GKxw6MDswJ1nCr7vbnDTW9sijSJSlHpTF8KIbHZa6i8a2DGDvliASg9WdGEWEenpswMA4Q4K1a1cqT1xpvR3WRyu8quj7d%2FiDtA20fQV4PLAIzscpXNILNN1xcU4WGPdphKh9JF%2FISVZgfrjrc3Lv8pLVcqS4791cvfbnZYmXYsjq5epldCX0rNrz0Wiz3upWlk9B0bb68caAsM7cmgH8M7pzPvZiIfOIrCa1H%2BXQCdkWVeX6RRc%2BeuvzCl7%2F49U%2F&RelayState=aHR0cHM6Ly9pdGhlbHBkZXNrLmF1dG9tYXRpb25hbnl3aGVyZS5jb20vYXBwL2l0ZGVzay91aS9yZXF1ZXN0cy8yNzc0NjAwMDA2NTIwMDI2MC9kZXRhaWxzX19JQU1fX1NEUE9uRGVtYW5kX19JQU1fX19fSUFNX19mYWxzZV9fSUFNX18%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FDA37EE175411A44AC964E71264A30E0; DT=DI1xilJgciFQtiXvrCZ_ut5jw
Source: global trafficHTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: automationanywhere.okta.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://automationanywhere.okta.com/app/automationanywhere_ithelpdesk_1/exk3ez7zehmk8x48s2p7/sso/saml?SAMLRequest=fVLLbtswEPwVgXdLpCxbFmEZUGMUNZC2Ruz2kIvBSKuKsESqXMpx%2FPWlmCYwkMd1Zndmdsgliq7teTHYRt3B3wHQBueuVcg9kZPBKK4FSuRKdIDclnxXfL%2FlcUh5b7TVpW5JsFnn5JCy2Yxm85omGU2qmi4qqJL5dJY9sCSrU8bSKWWUkuA3GJRa5cSJuF3EATYKrVDWQTROJoxO4sWepnw655SFWRLfk%2BCrNiX4oDmpRYswrm4FojzBK7L9H%2BmLVJVUfz7P%2F%2FA8hPzbfr%2BdbH%2Fu9iQoEMFYl%2B5GKxw6MDswJ1nCr7vbnDTW9sijSJSlHpTF8KIbHZa6i8a2DGDvliASg9WdGEWEenpswMA4Q4K1a1cqT1xpvR3WRyu8quj7d%2FiDtA20fQV4PLAIzscpXNILNN1xcU4WGPdphKh9JF%2FISVZgfrjrc3Lv8pLVcqS4791cvfbnZYmXYsjq5epldCX0rNrz0Wiz3upWlk9B0bb68caAsM7cmgH8M7pzPvZiIfOIrCa1H%2BXQCdkWVeX6RRc%2BeuvzCl7%2F49U%2F&RelayState=aHR0cHM6Ly9pdGhlbHBkZXNrLmF1dG9tYXRpb25hbnl3aGVyZS5jb20vYXBwL2l0ZGVzay91aS9yZXF1ZXN0cy8yNzc0NjAwMDA2NTIwMDI2MC9kZXRhaWxzX19JQU1fX1NEUE9uRGVtYW5kX19JQU1fX19fSUFNX19mYWxzZV9fSUFNX18%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: DT=DI1xilJgciFQtiXvrCZ_ut5jw; JSESSIONID=A7CDE4AA7CA38E344464BACCD7A20BB9
Source: global trafficHTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficDNS traffic detected: DNS query: ithelpdesk.automationanywhere.com
Source: global trafficDNS traffic detected: DNS query: accounts.zoho.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: automationanywhere.okta.com
Source: global trafficDNS traffic detected: DNS query: ok6static.oktacdn.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.6:49753 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.6:49760 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.6:49769 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.6:49770 version: TLS 1.2
Source: unknownHTTPS traffic detected: 76.223.42.213:443 -> 192.168.2.6:49773 version: TLS 1.2
Source: classification engineClassification label: clean1.win@17/4@12/9
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 --field-trial-handle=2216,i,14187799758207872673,14442970336596630755,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ithelpdesk.automationanywhere.com/app/itdesk/ui/requests/27746000065200260/details"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 --field-trial-handle=2216,i,14187799758207872673,14442970336596630755,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection
1
Process Injection
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer
Traffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.214.172
truefalse
    unknown
    csdp.manageuser.com
    204.141.42.199
    truefalse
      unknown
      dpxbp5vi8wz3w.cloudfront.net
      52.222.214.58
      truefalse
        unknown
        www.google.com
        142.251.116.105
        truefalse
          unknown
          ae52e19d4a7095f43.awsglobalaccelerator.com
          13.248.165.67
          truefalse
            unknown
            accounts.zoho.com
            204.141.42.100
            truefalse
              unknown
              fp2e7a.wpc.phicdn.net
              192.229.221.95
              truefalse
                unknown
                ithelpdesk.automationanywhere.com
                unknown
                unknownfalse
                  unknown
                  ok6static.oktacdn.com
                  unknown
                  unknownfalse
                    unknown
                    automationanywhere.okta.com
                    unknown
                    unknownfalse
                      unknown
                      NameMaliciousAntivirus DetectionReputation
                      https://ithelpdesk.automationanywhere.com/Login.jsp?serviceurl=%2Fapp%2Fitdesk%2Fui%2Frequests%2F27746000065200260%2Fdetailsfalse
                        unknown
                        https://accounts.zoho.com/samlauthrequest/630778920?serviceurl=https%3A%2F%2Fithelpdesk.automationanywhere.com%2Fapp%2Fitdesk%2Fui%2Frequests%2F27746000065200260%2Fdetails&servicename=SDPOnDemand&portal_id=630778920&hide_signup=falsefalse
                          unknown
                          https://automationanywhere.okta.com/api/internal/brand/theme/style-sheet?touch-point=SIGN_IN_PAGE&v=abc4780733b2999dc5536ea4bf18a7237d32beafe91e2f7611b8af3ecb8ae0d0dfb208992a3b1ecefd0c0f9333f4b59dfalse
                            unknown
                            https://ithelpdesk.automationanywhere.com/app/itdesk/ui/requests/27746000065200260/detailsfalse
                              unknown
                              https://automationanywhere.okta.com/favicon.icofalse
                                unknown
                                • No. of IPs < 25%
                                • 25% < No. of IPs < 50%
                                • 50% < No. of IPs < 75%
                                • 75% < No. of IPs
                                IPDomainCountryFlagASNASN NameMalicious
                                142.251.116.105
                                www.google.comUnited States
                                15169GOOGLEUSfalse
                                239.255.255.250
                                unknownReserved
                                unknownunknownfalse
                                76.223.42.213
                                unknownUnited States
                                16509AMAZON-02USfalse
                                204.141.42.199
                                csdp.manageuser.comUnited States
                                2639ZOHO-ASUSfalse
                                204.141.42.100
                                accounts.zoho.comUnited States
                                2639ZOHO-ASUSfalse
                                13.248.165.67
                                ae52e19d4a7095f43.awsglobalaccelerator.comUnited States
                                16509AMAZON-02USfalse
                                52.222.214.58
                                dpxbp5vi8wz3w.cloudfront.netUnited States
                                16509AMAZON-02USfalse
                                IP
                                192.168.2.4
                                192.168.2.6
                                Joe Sandbox version:41.0.0 Charoite
                                Analysis ID:1543671
                                Start date and time:2024-10-28 08:35:03 +01:00
                                Joe Sandbox product:CloudBasic
                                Overall analysis duration:0h 3m 10s
                                Hypervisor based Inspection enabled:false
                                Report type:full
                                Cookbook file name:browseurl.jbs
                                Sample URL:https://ithelpdesk.automationanywhere.com/app/itdesk/ui/requests/27746000065200260/details
                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                Number of analysed new started processes analysed:6
                                Number of new started drivers analysed:0
                                Number of existing processes analysed:0
                                Number of existing drivers analysed:0
                                Number of injected processes analysed:0
                                Technologies:
                                • HCA enabled
                                • EGA enabled
                                • AMSI enabled
                                Analysis Mode:default
                                Analysis stop reason:Timeout
                                Detection:CLEAN
                                Classification:clean1.win@17/4@12/9
                                EGA Information:Failed
                                HCA Information:
                                • Successful, ratio: 100%
                                • Number of executed functions: 0
                                • Number of non-executed functions: 0
                                • Exclude process from analysis (whitelisted): WMIADAP.exe, SIHClient.exe, svchost.exe
                                • Excluded IPs from analysis (whitelisted): 142.250.181.227, 216.58.212.142, 74.125.206.84, 34.104.35.123, 4.175.87.197, 192.229.221.95, 13.85.23.206, 199.232.214.172, 52.165.164.15, 93.184.221.240, 142.250.185.195
                                • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, clientservices.googleapis.com, wu.azureedge.net, clients2.google.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, client.wns.windows.com, fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, clients.l.google.com
                                • Not all processes where analyzed, report is missing behavior information
                                • Report size getting too big, too many NtSetInformationFile calls found.
                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                • VT rate limit hit for: https://ithelpdesk.automationanywhere.com/app/itdesk/ui/requests/27746000065200260/details
                                No simulations
                                No context
                                No context
                                No context
                                No context
                                No context
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:ASCII text
                                Category:downloaded
                                Size (bytes):556
                                Entropy (8bit):4.81705343903535
                                Encrypted:false
                                SSDEEP:12:iK8p1+M8HTpT2ShHmlFc8r5WUFBfYH6TSb7y3F88r5WUFBaNtYeHi:iSLCS4UC5RFh66YG5RFIt4
                                MD5:28D025743B8FC0765A7CFE4C08FDF2A9
                                SHA1:80737E656DC7DBA19F122504A3A1D53A6A1C9FF2
                                SHA-256:9AF30B5E4695010F9BE253F861784E638C81274CA0390214629886029CA9B509
                                SHA-512:D9F693858B1AAFA379940B122382EC1CA0008A7A6405ADF674C729EB3577254AEEEABB29FB66BC88BFAAA8FF812E53399185CB4D5DDCB7D18F46D8332D93819B
                                Malicious:false
                                Reputation:low
                                URL:https://automationanywhere.okta.com/api/internal/brand/theme/style-sheet?touch-point=SIGN_IN_PAGE&v=abc4780733b2999dc5536ea4bf18a7237d32beafe91e2f7611b8af3ecb8ae0d0dfb208992a3b1ecefd0c0f9333f4b59d
                                Preview:.tb--background {. background-color: #ebebed !important;.}..tb--button,..button-primary {. background: #1662dd !important;. border-color: #1662dd !important;. color: #ffffff !important;.}..tb--button:hover,..button-primary:hover {. background-image: linear-gradient(hsla(0, 0%, 100%, 0.04) 0 0) !important;. }..tb--link {. color: #1662dd !important;.}..link-button-disabled,..link-button-disabled:hover {. background-image: linear-gradient(hsla(0, 0%, 100%, 0.5) 0 0) !important;. border-color: #ffffff !important;.}.
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                Category:downloaded
                                Size (bytes):5430
                                Entropy (8bit):2.7209270279774733
                                Encrypted:false
                                SSDEEP:24:E+As6X5OjYp4bEZVJkeZvwnDK4lBit6ubJdhlcolwptQutJt9LSWtF4alXlAXmBQ:Gs6XwjHbqkeKVlA9/zv3urGVu1gmykQ
                                MD5:449C9DD651DB589388B721EB2496F5B0
                                SHA1:64F3B213A89A00F7B0940271576ECC72280236F7
                                SHA-256:F9E86FB363A05F75AB3B525439D46BF4911D4CD4AE94C656C0198206374002AA
                                SHA-512:410C701B5050A6D039EE82C6D1B1B596983622E35256A2628A108B20E03D8B0CC85D2033292D5E13ACE0199FFFBB34DBFE9DF82EA4161285082837056A06F2DC
                                Malicious:false
                                Reputation:low
                                URL:https://automationanywhere.okta.com/favicon.ico
                                Preview:............ .h...&... .... .........(....... ..... .................................y)..y)..y).Lz)..z)..z)..z)..z)..z)..y(.Vx)..x)..........z+..y)..y)..y)..z)..z)..z)..z)..z)..z)..z)..z)..y)..y)..y)..z+..z*..z*..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..y)..{*..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..y(..y).Vz)..z)..z)..z)..z)..z(.Py)..x(..y).Pz)..z)..z)..z)..z)..z).Lz)..z)..z)..z)..z)..y)..v+..|'..s'..|*..y). z)..z)..z)..z)..z)..z)..z)..z)..z)..y).Pz)..s'..........z'..z*..z).Qz)..z)..z)..z)..z)..z)..z)..z)..y(..y)..................z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..................z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z(.Lz)..y'..........s&..{)..y).Pz)..z)..z)..z)..z)..z)..z)..z)..z)..y)..|*..s'..w'..},..y)..z)..z)..z)..z)..z)..y).Lz)..z)..z)..z)..z)..y(.Px(..y)..y).Lz)..z)..z)..z)..z)..y).Vx)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..w)..{*..y)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..x(..y(..z+..z)..z)..z)..z)..z)..z)
                                No static file info
                                TimestampSource PortDest PortSource IPDest IP
                                Oct 28, 2024 08:35:51.576598883 CET49674443192.168.2.6173.222.162.64
                                Oct 28, 2024 08:35:51.723603010 CET49673443192.168.2.6173.222.162.64
                                Oct 28, 2024 08:35:51.810998917 CET49672443192.168.2.6173.222.162.64
                                Oct 28, 2024 08:35:58.365094900 CET49717443192.168.2.640.115.3.253
                                Oct 28, 2024 08:35:58.365134001 CET4434971740.115.3.253192.168.2.6
                                Oct 28, 2024 08:35:58.365283012 CET49717443192.168.2.640.115.3.253
                                Oct 28, 2024 08:35:58.366162062 CET49717443192.168.2.640.115.3.253
                                Oct 28, 2024 08:35:58.366183043 CET4434971740.115.3.253192.168.2.6
                                Oct 28, 2024 08:35:59.642143965 CET4434971740.115.3.253192.168.2.6
                                Oct 28, 2024 08:35:59.642260075 CET49717443192.168.2.640.115.3.253
                                Oct 28, 2024 08:35:59.652642965 CET49717443192.168.2.640.115.3.253
                                Oct 28, 2024 08:35:59.652662992 CET4434971740.115.3.253192.168.2.6
                                Oct 28, 2024 08:35:59.926613092 CET4434971740.115.3.253192.168.2.6
                                Oct 28, 2024 08:35:59.929052114 CET49717443192.168.2.640.115.3.253
                                Oct 28, 2024 08:35:59.929083109 CET4434971740.115.3.253192.168.2.6
                                Oct 28, 2024 08:35:59.929109097 CET49717443192.168.2.640.115.3.253
                                Oct 28, 2024 08:35:59.929121017 CET4434971740.115.3.253192.168.2.6
                                Oct 28, 2024 08:35:59.929274082 CET49717443192.168.2.640.115.3.253
                                Oct 28, 2024 08:35:59.929284096 CET4434971740.115.3.253192.168.2.6
                                Oct 28, 2024 08:35:59.943360090 CET49721443192.168.2.6204.141.42.199
                                Oct 28, 2024 08:35:59.943407059 CET44349721204.141.42.199192.168.2.6
                                Oct 28, 2024 08:35:59.943595886 CET49721443192.168.2.6204.141.42.199
                                Oct 28, 2024 08:35:59.944161892 CET49722443192.168.2.6204.141.42.199
                                Oct 28, 2024 08:35:59.944224119 CET44349722204.141.42.199192.168.2.6
                                Oct 28, 2024 08:35:59.944325924 CET49722443192.168.2.6204.141.42.199
                                Oct 28, 2024 08:35:59.944375038 CET49721443192.168.2.6204.141.42.199
                                Oct 28, 2024 08:35:59.944401979 CET44349721204.141.42.199192.168.2.6
                                Oct 28, 2024 08:35:59.944602013 CET49722443192.168.2.6204.141.42.199
                                Oct 28, 2024 08:35:59.944618940 CET44349722204.141.42.199192.168.2.6
                                Oct 28, 2024 08:36:00.177643061 CET4434971740.115.3.253192.168.2.6
                                Oct 28, 2024 08:36:00.233192921 CET49717443192.168.2.640.115.3.253
                                Oct 28, 2024 08:36:00.233202934 CET4434971740.115.3.253192.168.2.6
                                Oct 28, 2024 08:36:00.241321087 CET49717443192.168.2.640.115.3.253
                                Oct 28, 2024 08:36:00.241332054 CET4434971740.115.3.253192.168.2.6
                                Oct 28, 2024 08:36:00.489562035 CET4434971740.115.3.253192.168.2.6
                                Oct 28, 2024 08:36:00.543070078 CET49717443192.168.2.640.115.3.253
                                Oct 28, 2024 08:36:00.638473988 CET44349722204.141.42.199192.168.2.6
                                Oct 28, 2024 08:36:00.640049934 CET49722443192.168.2.6204.141.42.199
                                Oct 28, 2024 08:36:00.640072107 CET44349722204.141.42.199192.168.2.6
                                Oct 28, 2024 08:36:00.640505075 CET44349722204.141.42.199192.168.2.6
                                Oct 28, 2024 08:36:00.640573978 CET49722443192.168.2.6204.141.42.199
                                Oct 28, 2024 08:36:00.641331911 CET44349722204.141.42.199192.168.2.6
                                Oct 28, 2024 08:36:00.641391039 CET49722443192.168.2.6204.141.42.199
                                Oct 28, 2024 08:36:00.642729044 CET49722443192.168.2.6204.141.42.199
                                Oct 28, 2024 08:36:00.642819881 CET44349722204.141.42.199192.168.2.6
                                Oct 28, 2024 08:36:00.642904043 CET49722443192.168.2.6204.141.42.199
                                Oct 28, 2024 08:36:00.642915964 CET44349722204.141.42.199192.168.2.6
                                Oct 28, 2024 08:36:00.684392929 CET44349721204.141.42.199192.168.2.6
                                Oct 28, 2024 08:36:00.684668064 CET49721443192.168.2.6204.141.42.199
                                Oct 28, 2024 08:36:00.684704065 CET44349721204.141.42.199192.168.2.6
                                Oct 28, 2024 08:36:00.685223103 CET44349721204.141.42.199192.168.2.6
                                Oct 28, 2024 08:36:00.685239077 CET49722443192.168.2.6204.141.42.199
                                Oct 28, 2024 08:36:00.685333014 CET49721443192.168.2.6204.141.42.199
                                Oct 28, 2024 08:36:00.686235905 CET44349721204.141.42.199192.168.2.6
                                Oct 28, 2024 08:36:00.686311960 CET49721443192.168.2.6204.141.42.199
                                Oct 28, 2024 08:36:00.693063021 CET49721443192.168.2.6204.141.42.199
                                Oct 28, 2024 08:36:00.693212032 CET44349721204.141.42.199192.168.2.6
                                Oct 28, 2024 08:36:00.736674070 CET49721443192.168.2.6204.141.42.199
                                Oct 28, 2024 08:36:00.736687899 CET44349721204.141.42.199192.168.2.6
                                Oct 28, 2024 08:36:00.782587051 CET49721443192.168.2.6204.141.42.199
                                Oct 28, 2024 08:36:00.823334932 CET44349722204.141.42.199192.168.2.6
                                Oct 28, 2024 08:36:00.823429108 CET44349722204.141.42.199192.168.2.6
                                Oct 28, 2024 08:36:00.823492050 CET49722443192.168.2.6204.141.42.199
                                Oct 28, 2024 08:36:00.825818062 CET49722443192.168.2.6204.141.42.199
                                Oct 28, 2024 08:36:00.825839996 CET44349722204.141.42.199192.168.2.6
                                Oct 28, 2024 08:36:00.830192089 CET49721443192.168.2.6204.141.42.199
                                Oct 28, 2024 08:36:00.871370077 CET44349721204.141.42.199192.168.2.6
                                Oct 28, 2024 08:36:01.026895046 CET44349721204.141.42.199192.168.2.6
                                Oct 28, 2024 08:36:01.027097940 CET44349721204.141.42.199192.168.2.6
                                Oct 28, 2024 08:36:01.027194977 CET49721443192.168.2.6204.141.42.199
                                Oct 28, 2024 08:36:01.027427912 CET49721443192.168.2.6204.141.42.199
                                Oct 28, 2024 08:36:01.027453899 CET44349721204.141.42.199192.168.2.6
                                Oct 28, 2024 08:36:01.027465105 CET49721443192.168.2.6204.141.42.199
                                Oct 28, 2024 08:36:01.027509928 CET49721443192.168.2.6204.141.42.199
                                Oct 28, 2024 08:36:01.138477087 CET49725443192.168.2.6204.141.42.100
                                Oct 28, 2024 08:36:01.138528109 CET44349725204.141.42.100192.168.2.6
                                Oct 28, 2024 08:36:01.138624907 CET49725443192.168.2.6204.141.42.100
                                Oct 28, 2024 08:36:01.138853073 CET49725443192.168.2.6204.141.42.100
                                Oct 28, 2024 08:36:01.138871908 CET44349725204.141.42.100192.168.2.6
                                Oct 28, 2024 08:36:01.184340000 CET49674443192.168.2.6173.222.162.64
                                Oct 28, 2024 08:36:01.324779987 CET49673443192.168.2.6173.222.162.64
                                Oct 28, 2024 08:36:01.412110090 CET49672443192.168.2.6173.222.162.64
                                Oct 28, 2024 08:36:01.513894081 CET4972653192.168.2.61.1.1.1
                                Oct 28, 2024 08:36:01.519370079 CET53497261.1.1.1192.168.2.6
                                Oct 28, 2024 08:36:01.519448042 CET4972653192.168.2.61.1.1.1
                                Oct 28, 2024 08:36:01.519562960 CET4972653192.168.2.61.1.1.1
                                Oct 28, 2024 08:36:01.519627094 CET4972653192.168.2.61.1.1.1
                                Oct 28, 2024 08:36:01.524880886 CET53497261.1.1.1192.168.2.6
                                Oct 28, 2024 08:36:01.525362015 CET53497261.1.1.1192.168.2.6
                                Oct 28, 2024 08:36:01.841844082 CET44349725204.141.42.100192.168.2.6
                                Oct 28, 2024 08:36:01.846606016 CET49725443192.168.2.6204.141.42.100
                                Oct 28, 2024 08:36:01.846622944 CET44349725204.141.42.100192.168.2.6
                                Oct 28, 2024 08:36:01.848201036 CET44349725204.141.42.100192.168.2.6
                                Oct 28, 2024 08:36:01.848285913 CET49725443192.168.2.6204.141.42.100
                                Oct 28, 2024 08:36:01.851238012 CET49725443192.168.2.6204.141.42.100
                                Oct 28, 2024 08:36:01.851368904 CET44349725204.141.42.100192.168.2.6
                                Oct 28, 2024 08:36:01.851618052 CET49725443192.168.2.6204.141.42.100
                                Oct 28, 2024 08:36:01.851628065 CET44349725204.141.42.100192.168.2.6
                                Oct 28, 2024 08:36:01.903930902 CET49725443192.168.2.6204.141.42.100
                                Oct 28, 2024 08:36:02.027693033 CET44349725204.141.42.100192.168.2.6
                                Oct 28, 2024 08:36:02.027761936 CET49725443192.168.2.6204.141.42.100
                                Oct 28, 2024 08:36:02.027899981 CET44349725204.141.42.100192.168.2.6
                                Oct 28, 2024 08:36:02.027982950 CET44349725204.141.42.100192.168.2.6
                                Oct 28, 2024 08:36:02.028019905 CET49725443192.168.2.6204.141.42.100
                                Oct 28, 2024 08:36:02.031522036 CET49725443192.168.2.6204.141.42.100
                                Oct 28, 2024 08:36:02.031544924 CET44349725204.141.42.100192.168.2.6
                                Oct 28, 2024 08:36:02.031588078 CET49725443192.168.2.6204.141.42.100
                                Oct 28, 2024 08:36:02.031615019 CET49725443192.168.2.6204.141.42.100
                                Oct 28, 2024 08:36:02.113818884 CET53497261.1.1.1192.168.2.6
                                Oct 28, 2024 08:36:02.115271091 CET4972653192.168.2.61.1.1.1
                                Oct 28, 2024 08:36:02.117451906 CET49727443192.168.2.6142.251.116.105
                                Oct 28, 2024 08:36:02.117489100 CET44349727142.251.116.105192.168.2.6
                                Oct 28, 2024 08:36:02.117548943 CET49727443192.168.2.6142.251.116.105
                                Oct 28, 2024 08:36:02.118350029 CET49727443192.168.2.6142.251.116.105
                                Oct 28, 2024 08:36:02.118364096 CET44349727142.251.116.105192.168.2.6
                                Oct 28, 2024 08:36:02.121069908 CET53497261.1.1.1192.168.2.6
                                Oct 28, 2024 08:36:02.121117115 CET4972653192.168.2.61.1.1.1
                                Oct 28, 2024 08:36:02.292037010 CET49728443192.168.2.613.248.165.67
                                Oct 28, 2024 08:36:02.292097092 CET4434972813.248.165.67192.168.2.6
                                Oct 28, 2024 08:36:02.292186022 CET49728443192.168.2.613.248.165.67
                                Oct 28, 2024 08:36:02.292768955 CET49728443192.168.2.613.248.165.67
                                Oct 28, 2024 08:36:02.292782068 CET4434972813.248.165.67192.168.2.6
                                Oct 28, 2024 08:36:02.346997023 CET49729443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:02.347040892 CET4434972913.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:02.347201109 CET49729443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:02.348238945 CET49729443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:02.348258972 CET4434972913.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:02.359890938 CET4434972913.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:02.364275932 CET49730443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:02.364316940 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:02.364393950 CET49730443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:02.365293980 CET49730443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:02.365307093 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:02.677797079 CET49731443192.168.2.6184.28.90.27
                                Oct 28, 2024 08:36:02.677845955 CET44349731184.28.90.27192.168.2.6
                                Oct 28, 2024 08:36:02.677958965 CET49731443192.168.2.6184.28.90.27
                                Oct 28, 2024 08:36:02.687558889 CET49731443192.168.2.6184.28.90.27
                                Oct 28, 2024 08:36:02.687583923 CET44349731184.28.90.27192.168.2.6
                                Oct 28, 2024 08:36:02.700007915 CET44349731184.28.90.27192.168.2.6
                                Oct 28, 2024 08:36:02.700779915 CET49732443192.168.2.6184.28.90.27
                                Oct 28, 2024 08:36:02.700809956 CET44349732184.28.90.27192.168.2.6
                                Oct 28, 2024 08:36:02.700973034 CET49732443192.168.2.6184.28.90.27
                                Oct 28, 2024 08:36:02.702393055 CET49732443192.168.2.6184.28.90.27
                                Oct 28, 2024 08:36:02.702418089 CET44349732184.28.90.27192.168.2.6
                                Oct 28, 2024 08:36:02.714864016 CET44349732184.28.90.27192.168.2.6
                                Oct 28, 2024 08:36:02.715651035 CET49733443192.168.2.6184.28.90.27
                                Oct 28, 2024 08:36:02.715687037 CET44349733184.28.90.27192.168.2.6
                                Oct 28, 2024 08:36:02.715992928 CET49733443192.168.2.6184.28.90.27
                                Oct 28, 2024 08:36:02.717334986 CET49733443192.168.2.6184.28.90.27
                                Oct 28, 2024 08:36:02.717410088 CET44349733184.28.90.27192.168.2.6
                                Oct 28, 2024 08:36:02.718684912 CET49733443192.168.2.6184.28.90.27
                                Oct 28, 2024 08:36:02.742105961 CET44349727142.251.116.105192.168.2.6
                                Oct 28, 2024 08:36:02.742497921 CET49727443192.168.2.6142.251.116.105
                                Oct 28, 2024 08:36:02.742512941 CET44349727142.251.116.105192.168.2.6
                                Oct 28, 2024 08:36:02.744324923 CET44349727142.251.116.105192.168.2.6
                                Oct 28, 2024 08:36:02.744393110 CET49727443192.168.2.6142.251.116.105
                                Oct 28, 2024 08:36:03.067085028 CET4434972813.248.165.67192.168.2.6
                                Oct 28, 2024 08:36:03.067419052 CET49728443192.168.2.613.248.165.67
                                Oct 28, 2024 08:36:03.067440033 CET4434972813.248.165.67192.168.2.6
                                Oct 28, 2024 08:36:03.069361925 CET4434972813.248.165.67192.168.2.6
                                Oct 28, 2024 08:36:03.069468021 CET49728443192.168.2.613.248.165.67
                                Oct 28, 2024 08:36:03.111392021 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:03.111499071 CET49730443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:03.115082979 CET49730443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:03.115097046 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:03.115540028 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:03.130845070 CET49730443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:03.163471937 CET49727443192.168.2.6142.251.116.105
                                Oct 28, 2024 08:36:03.163674116 CET44349727142.251.116.105192.168.2.6
                                Oct 28, 2024 08:36:03.164540052 CET49728443192.168.2.613.248.165.67
                                Oct 28, 2024 08:36:03.164864063 CET4434972813.248.165.67192.168.2.6
                                Oct 28, 2024 08:36:03.165556908 CET49728443192.168.2.613.248.165.67
                                Oct 28, 2024 08:36:03.165581942 CET4434972813.248.165.67192.168.2.6
                                Oct 28, 2024 08:36:03.175328970 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:03.176022053 CET44349705173.222.162.64192.168.2.6
                                Oct 28, 2024 08:36:03.176187992 CET49705443192.168.2.6173.222.162.64
                                Oct 28, 2024 08:36:03.219150066 CET49727443192.168.2.6142.251.116.105
                                Oct 28, 2024 08:36:03.219161034 CET49728443192.168.2.613.248.165.67
                                Oct 28, 2024 08:36:03.219163895 CET44349727142.251.116.105192.168.2.6
                                Oct 28, 2024 08:36:03.262253046 CET49727443192.168.2.6142.251.116.105
                                Oct 28, 2024 08:36:03.417700052 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:03.417733908 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:03.417763948 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:03.417861938 CET49730443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:03.417861938 CET49730443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:03.417876959 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:03.417941093 CET49730443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:03.536529064 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:03.536561966 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:03.536659002 CET49730443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:03.536680937 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:03.536734104 CET49730443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:03.536767960 CET49730443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:03.555599928 CET4434972813.248.165.67192.168.2.6
                                Oct 28, 2024 08:36:03.555625916 CET4434972813.248.165.67192.168.2.6
                                Oct 28, 2024 08:36:03.555641890 CET4434972813.248.165.67192.168.2.6
                                Oct 28, 2024 08:36:03.555648088 CET4434972813.248.165.67192.168.2.6
                                Oct 28, 2024 08:36:03.555663109 CET4434972813.248.165.67192.168.2.6
                                Oct 28, 2024 08:36:03.555670977 CET4434972813.248.165.67192.168.2.6
                                Oct 28, 2024 08:36:03.555686951 CET49728443192.168.2.613.248.165.67
                                Oct 28, 2024 08:36:03.555716991 CET4434972813.248.165.67192.168.2.6
                                Oct 28, 2024 08:36:03.555757999 CET49728443192.168.2.613.248.165.67
                                Oct 28, 2024 08:36:03.555768967 CET49728443192.168.2.613.248.165.67
                                Oct 28, 2024 08:36:03.655364990 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:03.655400038 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:03.655519962 CET49730443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:03.655533075 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:03.655642986 CET49730443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:03.655745029 CET49730443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:03.661546946 CET49734443192.168.2.613.248.165.67
                                Oct 28, 2024 08:36:03.661586046 CET4434973413.248.165.67192.168.2.6
                                Oct 28, 2024 08:36:03.661708117 CET49734443192.168.2.613.248.165.67
                                Oct 28, 2024 08:36:03.662266970 CET49734443192.168.2.613.248.165.67
                                Oct 28, 2024 08:36:03.662281990 CET4434973413.248.165.67192.168.2.6
                                Oct 28, 2024 08:36:03.670744896 CET4434972813.248.165.67192.168.2.6
                                Oct 28, 2024 08:36:03.670778036 CET4434972813.248.165.67192.168.2.6
                                Oct 28, 2024 08:36:03.670861006 CET49728443192.168.2.613.248.165.67
                                Oct 28, 2024 08:36:03.670883894 CET4434972813.248.165.67192.168.2.6
                                Oct 28, 2024 08:36:03.670917988 CET49728443192.168.2.613.248.165.67
                                Oct 28, 2024 08:36:03.670939922 CET49728443192.168.2.613.248.165.67
                                Oct 28, 2024 08:36:03.671055079 CET4434972813.248.165.67192.168.2.6
                                Oct 28, 2024 08:36:03.671175003 CET4434972813.248.165.67192.168.2.6
                                Oct 28, 2024 08:36:03.671240091 CET49728443192.168.2.613.248.165.67
                                Oct 28, 2024 08:36:03.671495914 CET49728443192.168.2.613.248.165.67
                                Oct 28, 2024 08:36:03.671510935 CET4434972813.248.165.67192.168.2.6
                                Oct 28, 2024 08:36:03.681085110 CET49735443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:03.681114912 CET4434973552.222.214.58192.168.2.6
                                Oct 28, 2024 08:36:03.681221008 CET49735443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:03.681615114 CET49736443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:03.681632042 CET4434973652.222.214.58192.168.2.6
                                Oct 28, 2024 08:36:03.681843996 CET49736443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:03.682138920 CET49737443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:03.682163954 CET4434973752.222.214.58192.168.2.6
                                Oct 28, 2024 08:36:03.682255030 CET49737443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:03.682547092 CET49738443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:03.682554007 CET4434973852.222.214.58192.168.2.6
                                Oct 28, 2024 08:36:03.682632923 CET49738443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:03.682868004 CET49739443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:03.682879925 CET4434973952.222.214.58192.168.2.6
                                Oct 28, 2024 08:36:03.682980061 CET49739443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:03.683490038 CET49739443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:03.683501959 CET4434973952.222.214.58192.168.2.6
                                Oct 28, 2024 08:36:03.683832884 CET49738443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:03.683842897 CET4434973852.222.214.58192.168.2.6
                                Oct 28, 2024 08:36:03.684319973 CET49737443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:03.684329033 CET4434973752.222.214.58192.168.2.6
                                Oct 28, 2024 08:36:03.684633017 CET49736443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:03.684644938 CET4434973652.222.214.58192.168.2.6
                                Oct 28, 2024 08:36:03.684748888 CET49735443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:03.684762955 CET4434973552.222.214.58192.168.2.6
                                Oct 28, 2024 08:36:03.696225882 CET4434973752.222.214.58192.168.2.6
                                Oct 28, 2024 08:36:03.696296930 CET4434973652.222.214.58192.168.2.6
                                Oct 28, 2024 08:36:03.696435928 CET4434973552.222.214.58192.168.2.6
                                Oct 28, 2024 08:36:03.697051048 CET49740443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:03.697071075 CET4434974052.222.214.58192.168.2.6
                                Oct 28, 2024 08:36:03.697128057 CET49740443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:03.697726965 CET49741443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:03.697748899 CET4434974152.222.214.58192.168.2.6
                                Oct 28, 2024 08:36:03.697940111 CET49741443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:03.698147058 CET49741443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:03.698158026 CET4434974152.222.214.58192.168.2.6
                                Oct 28, 2024 08:36:03.698322058 CET49740443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:03.698332071 CET4434974052.222.214.58192.168.2.6
                                Oct 28, 2024 08:36:03.698916912 CET49742443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:03.698925018 CET4434974252.222.214.58192.168.2.6
                                Oct 28, 2024 08:36:03.699018955 CET49742443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:03.699542999 CET49742443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:03.699549913 CET4434974252.222.214.58192.168.2.6
                                Oct 28, 2024 08:36:03.706485987 CET4434973852.222.214.58192.168.2.6
                                Oct 28, 2024 08:36:03.706593990 CET4434973952.222.214.58192.168.2.6
                                Oct 28, 2024 08:36:03.706679106 CET49739443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:03.706700087 CET49738443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:03.706813097 CET49739443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:03.706826925 CET4434973952.222.214.58192.168.2.6
                                Oct 28, 2024 08:36:03.707845926 CET49743443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:03.707865953 CET4434974352.222.214.58192.168.2.6
                                Oct 28, 2024 08:36:03.707954884 CET49743443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:03.708230019 CET49738443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:03.708239079 CET4434973852.222.214.58192.168.2.6
                                Oct 28, 2024 08:36:03.710993052 CET49744443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:03.711011887 CET4434974452.222.214.58192.168.2.6
                                Oct 28, 2024 08:36:03.711111069 CET49744443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:03.711112022 CET49743443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:03.711124897 CET4434974352.222.214.58192.168.2.6
                                Oct 28, 2024 08:36:03.711594105 CET49744443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:03.711606026 CET4434974452.222.214.58192.168.2.6
                                Oct 28, 2024 08:36:03.712412119 CET4434974052.222.214.58192.168.2.6
                                Oct 28, 2024 08:36:03.712613106 CET4434974252.222.214.58192.168.2.6
                                Oct 28, 2024 08:36:03.725097895 CET4434974152.222.214.58192.168.2.6
                                Oct 28, 2024 08:36:03.725476980 CET49741443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:03.725677013 CET4434974352.222.214.58192.168.2.6
                                Oct 28, 2024 08:36:03.726183891 CET4434974452.222.214.58192.168.2.6
                                Oct 28, 2024 08:36:03.740264893 CET49741443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:03.740277052 CET4434974152.222.214.58192.168.2.6
                                Oct 28, 2024 08:36:03.774333000 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:03.774369001 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:03.774413109 CET49730443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:03.774509907 CET49730443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:03.774517059 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:03.774631977 CET49730443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:03.892616987 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:03.892651081 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:03.892738104 CET49730443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:03.892755985 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:03.892776966 CET49730443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:03.892819881 CET49730443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.011694908 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.011727095 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.011775970 CET49730443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.011784077 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.011822939 CET49730443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.011833906 CET49730443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.135685921 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.135718107 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.135910988 CET49730443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.135910988 CET49730443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.135925055 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.136920929 CET49730443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.198117018 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.198151112 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.198191881 CET49730443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.198204994 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.198277950 CET49730443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.299215078 CET4434973413.248.165.67192.168.2.6
                                Oct 28, 2024 08:36:04.301647902 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.301673889 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.301774025 CET49730443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.301774025 CET49730443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.301784039 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.301987886 CET49730443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.333780050 CET49734443192.168.2.613.248.165.67
                                Oct 28, 2024 08:36:04.333820105 CET4434973413.248.165.67192.168.2.6
                                Oct 28, 2024 08:36:04.334357977 CET4434973413.248.165.67192.168.2.6
                                Oct 28, 2024 08:36:04.348226070 CET49734443192.168.2.613.248.165.67
                                Oct 28, 2024 08:36:04.348366976 CET4434973413.248.165.67192.168.2.6
                                Oct 28, 2024 08:36:04.348747015 CET49734443192.168.2.613.248.165.67
                                Oct 28, 2024 08:36:04.348768950 CET4434973413.248.165.67192.168.2.6
                                Oct 28, 2024 08:36:04.373543978 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.373573065 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.373780012 CET49730443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.373780012 CET49730443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.373800039 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.374156952 CET49730443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.608488083 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.608503103 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.608578920 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.608603954 CET49730443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.608624935 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.608715057 CET49730443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.608715057 CET49730443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.608932018 CET4434973413.248.165.67192.168.2.6
                                Oct 28, 2024 08:36:04.609002113 CET49734443192.168.2.613.248.165.67
                                Oct 28, 2024 08:36:04.609023094 CET4434973413.248.165.67192.168.2.6
                                Oct 28, 2024 08:36:04.609040976 CET4434973413.248.165.67192.168.2.6
                                Oct 28, 2024 08:36:04.609091043 CET49734443192.168.2.613.248.165.67
                                Oct 28, 2024 08:36:04.609092951 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.609119892 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.609220982 CET49730443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.609220982 CET49730443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.609231949 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.609354973 CET49730443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.610881090 CET49734443192.168.2.613.248.165.67
                                Oct 28, 2024 08:36:04.610905886 CET4434973413.248.165.67192.168.2.6
                                Oct 28, 2024 08:36:04.698890924 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.698925018 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.699002981 CET49730443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.699018955 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.699090004 CET49730443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.705790997 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.705873966 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.705894947 CET49730443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.705941916 CET49730443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.706091881 CET49730443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.706104994 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.706132889 CET49730443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.706139088 CET4434973013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.762942076 CET49745443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.762989998 CET4434974513.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.763170958 CET49746443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.763202906 CET4434974613.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.763261080 CET49746443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.763338089 CET49745443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.764134884 CET49745443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.764147043 CET4434974513.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.764349937 CET49746443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.764360905 CET4434974613.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.766330957 CET49747443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.766345024 CET4434974713.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.766418934 CET49747443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.766765118 CET49747443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.766767979 CET4434974713.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.767344952 CET49748443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.767394066 CET4434974813.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.767465115 CET49748443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.768033981 CET49748443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.768043995 CET4434974813.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.768944025 CET49749443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.768978119 CET4434974913.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.769061089 CET49749443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.769371033 CET49749443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.769383907 CET4434974913.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.776211977 CET4434974513.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.776336908 CET4434974613.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.776640892 CET49751443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.776645899 CET49750443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.776678085 CET4434975113.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.776690960 CET4434975013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.776757002 CET49751443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.776907921 CET49750443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.777024031 CET49750443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.777035952 CET4434975013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.777200937 CET49751443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.777208090 CET4434975113.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.787857056 CET4434974713.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.788243055 CET49752443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.788289070 CET4434975213.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.788418055 CET49752443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.788697004 CET49752443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.788712978 CET4434975213.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.799511909 CET4434974913.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.799621105 CET49749443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.801150084 CET4434975213.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.802299976 CET4434975013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.802387953 CET49750443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.802659035 CET4434975113.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.802731037 CET49751443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.808423996 CET49751443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.808446884 CET4434975113.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.808609009 CET49749443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.808614969 CET4434974913.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.808967113 CET49753443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.808998108 CET4434975313.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.809273958 CET49753443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.841036081 CET49750443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.841084957 CET4434975013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.856528997 CET49753443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.856548071 CET4434975313.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.883308887 CET49756443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:04.883378983 CET4434975652.222.214.58192.168.2.6
                                Oct 28, 2024 08:36:04.883553982 CET49756443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:04.884443045 CET49757443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:04.884506941 CET4434975752.222.214.58192.168.2.6
                                Oct 28, 2024 08:36:04.885286093 CET49757443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:04.961014032 CET49757443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:04.961050987 CET4434975752.222.214.58192.168.2.6
                                Oct 28, 2024 08:36:04.961577892 CET49756443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:04.961604118 CET4434975652.222.214.58192.168.2.6
                                Oct 28, 2024 08:36:04.965353012 CET49759443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.965399981 CET4434975913.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.965548992 CET49759443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.966175079 CET49759443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.966197014 CET4434975913.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.968772888 CET49760443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.968810081 CET4434976013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.968915939 CET49760443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.972323895 CET49761443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.972366095 CET4434976113.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.972564936 CET49761443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.972748995 CET49760443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.972768068 CET4434976013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.972970009 CET4434975752.222.214.58192.168.2.6
                                Oct 28, 2024 08:36:04.973234892 CET4434975652.222.214.58192.168.2.6
                                Oct 28, 2024 08:36:04.976022959 CET49762443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:04.976046085 CET4434976252.222.214.58192.168.2.6
                                Oct 28, 2024 08:36:04.976118088 CET49762443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:04.976547956 CET49763443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:04.976586103 CET4434976352.222.214.58192.168.2.6
                                Oct 28, 2024 08:36:04.976613045 CET49762443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:04.976628065 CET4434976252.222.214.58192.168.2.6
                                Oct 28, 2024 08:36:04.976691961 CET49763443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:04.976849079 CET49763443192.168.2.652.222.214.58
                                Oct 28, 2024 08:36:04.976869106 CET4434976352.222.214.58192.168.2.6
                                Oct 28, 2024 08:36:04.977440119 CET49761443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.977463007 CET4434976113.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.990272045 CET4434976252.222.214.58192.168.2.6
                                Oct 28, 2024 08:36:04.991363049 CET4434976352.222.214.58192.168.2.6
                                Oct 28, 2024 08:36:04.991564989 CET4434976113.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.991764069 CET4434975913.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.991816998 CET49759443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.995399952 CET49764443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.995444059 CET4434976413.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:04.995541096 CET49764443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.995779037 CET49759443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:04.995806932 CET4434975913.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:05.012614965 CET49765443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:05.012687922 CET4434976513.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:05.012945890 CET49765443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:05.019570112 CET49766443192.168.2.613.248.165.67
                                Oct 28, 2024 08:36:05.019610882 CET4434976613.248.165.67192.168.2.6
                                Oct 28, 2024 08:36:05.019674063 CET49766443192.168.2.613.248.165.67
                                Oct 28, 2024 08:36:05.020406961 CET49766443192.168.2.613.248.165.67
                                Oct 28, 2024 08:36:05.020427942 CET4434976613.248.165.67192.168.2.6
                                Oct 28, 2024 08:36:05.021405935 CET49764443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:05.021435022 CET4434976413.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:05.021794081 CET49765443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:05.021826982 CET4434976513.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:05.033370018 CET4434976413.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:05.041322947 CET49767443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:05.041378021 CET4434976713.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:05.041459084 CET49767443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:05.042309046 CET49767443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:05.042325020 CET4434976713.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:05.054399967 CET4434976713.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:05.055512905 CET49768443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:05.055576086 CET4434976813.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:05.055650949 CET49768443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:05.056809902 CET49768443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:05.056834936 CET4434976813.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:05.068603992 CET4434976813.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:05.073733091 CET49769443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:05.073772907 CET4434976913.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:05.074018002 CET49769443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:05.074455976 CET49769443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:05.074470997 CET4434976913.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:05.386007071 CET4434974813.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:05.387111902 CET4434974813.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:05.387170076 CET49748443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:05.413923979 CET49748443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:05.413964987 CET4434974813.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:05.415730953 CET49770443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:05.415779114 CET4434977013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:05.415846109 CET49770443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:05.449783087 CET49770443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:05.449815989 CET4434977013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:05.589864016 CET4434975313.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:05.589950085 CET49753443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:05.634130955 CET4434976513.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:05.635970116 CET4434976513.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:05.636033058 CET49765443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:05.730029106 CET4434976013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:05.730134964 CET49760443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:05.771333933 CET49753443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:05.771351099 CET4434975313.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:05.771770000 CET4434975313.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:05.796495914 CET4434976613.248.165.67192.168.2.6
                                Oct 28, 2024 08:36:05.812062979 CET4434976913.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:05.812150955 CET49769443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:05.824656010 CET49753443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:05.840044022 CET49766443192.168.2.613.248.165.67
                                Oct 28, 2024 08:36:05.906699896 CET49766443192.168.2.613.248.165.67
                                Oct 28, 2024 08:36:05.906714916 CET4434976613.248.165.67192.168.2.6
                                Oct 28, 2024 08:36:05.907124996 CET49753443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:05.908219099 CET4434976613.248.165.67192.168.2.6
                                Oct 28, 2024 08:36:05.924331903 CET49766443192.168.2.613.248.165.67
                                Oct 28, 2024 08:36:05.924405098 CET49769443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:05.924423933 CET4434976913.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:05.924673080 CET4434976613.248.165.67192.168.2.6
                                Oct 28, 2024 08:36:05.924766064 CET4434976913.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:05.927438021 CET49766443192.168.2.613.248.165.67
                                Oct 28, 2024 08:36:05.927489042 CET4434976613.248.165.67192.168.2.6
                                Oct 28, 2024 08:36:05.935122967 CET49769443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:05.936414003 CET49765443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:05.936441898 CET4434976513.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:05.951322079 CET4434975313.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:05.979322910 CET4434976913.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:06.007421970 CET49760443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:06.007463932 CET4434976013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:06.007807016 CET4434976013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:06.009047031 CET49760443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:06.033564091 CET4434975313.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:06.033740044 CET4434975313.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:06.033819914 CET49753443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:06.051227093 CET49753443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:06.051244974 CET4434975313.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:06.051515102 CET49753443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:06.051532030 CET4434975313.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:06.055324078 CET4434976013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:06.062500000 CET4434976913.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:06.062712908 CET4434976913.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:06.062875986 CET49769443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:06.064186096 CET49769443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:06.064196110 CET4434976913.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:06.079516888 CET4434976613.248.165.67192.168.2.6
                                Oct 28, 2024 08:36:06.079540968 CET4434976613.248.165.67192.168.2.6
                                Oct 28, 2024 08:36:06.079617977 CET49766443192.168.2.613.248.165.67
                                Oct 28, 2024 08:36:06.079631090 CET4434976613.248.165.67192.168.2.6
                                Oct 28, 2024 08:36:06.079785109 CET4434976613.248.165.67192.168.2.6
                                Oct 28, 2024 08:36:06.079839945 CET49766443192.168.2.613.248.165.67
                                Oct 28, 2024 08:36:06.106128931 CET49766443192.168.2.613.248.165.67
                                Oct 28, 2024 08:36:06.106149912 CET4434976613.248.165.67192.168.2.6
                                Oct 28, 2024 08:36:06.136557102 CET4434976013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:06.136723995 CET4434976013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:06.136800051 CET49760443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:06.142081022 CET49760443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:06.142095089 CET4434976013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:06.196934938 CET4434977013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:06.197031975 CET49770443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:06.214641094 CET49770443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:06.214673996 CET4434977013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:06.214921951 CET4434977013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:06.220135927 CET49770443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:06.263335943 CET4434977013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:06.355954885 CET4434977013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:06.355982065 CET4434977013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:06.356092930 CET49770443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:06.356112003 CET4434977013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:06.356168985 CET4434977013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:06.356175900 CET49770443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:06.356213093 CET49770443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:06.356600046 CET49771443192.168.2.676.223.42.213
                                Oct 28, 2024 08:36:06.356625080 CET4434977176.223.42.213192.168.2.6
                                Oct 28, 2024 08:36:06.356693029 CET49771443192.168.2.676.223.42.213
                                Oct 28, 2024 08:36:06.356908083 CET49771443192.168.2.676.223.42.213
                                Oct 28, 2024 08:36:06.356924057 CET4434977176.223.42.213192.168.2.6
                                Oct 28, 2024 08:36:06.357242107 CET49770443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:06.357254028 CET4434977013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:06.357269049 CET49770443192.168.2.613.107.246.60
                                Oct 28, 2024 08:36:06.357274055 CET4434977013.107.246.60192.168.2.6
                                Oct 28, 2024 08:36:06.368488073 CET4434977176.223.42.213192.168.2.6
                                Oct 28, 2024 08:36:06.368988037 CET49772443192.168.2.676.223.42.213
                                Oct 28, 2024 08:36:06.369019985 CET4434977276.223.42.213192.168.2.6
                                Oct 28, 2024 08:36:06.369081974 CET49772443192.168.2.676.223.42.213
                                Oct 28, 2024 08:36:06.369334936 CET49773443192.168.2.676.223.42.213
                                Oct 28, 2024 08:36:06.369373083 CET4434977376.223.42.213192.168.2.6
                                Oct 28, 2024 08:36:06.369445086 CET49773443192.168.2.676.223.42.213
                                Oct 28, 2024 08:36:06.369564056 CET49772443192.168.2.676.223.42.213
                                Oct 28, 2024 08:36:06.369582891 CET4434977276.223.42.213192.168.2.6
                                Oct 28, 2024 08:36:06.369802952 CET49773443192.168.2.676.223.42.213
                                Oct 28, 2024 08:36:06.369820118 CET4434977376.223.42.213192.168.2.6
                                Oct 28, 2024 08:36:06.381412029 CET4434977276.223.42.213192.168.2.6
                                Oct 28, 2024 08:36:07.004205942 CET4434977376.223.42.213192.168.2.6
                                Oct 28, 2024 08:36:07.004287004 CET49773443192.168.2.676.223.42.213
                                Oct 28, 2024 08:36:07.004307032 CET4434977376.223.42.213192.168.2.6
                                Oct 28, 2024 08:36:07.006309032 CET49773443192.168.2.676.223.42.213
                                Oct 28, 2024 08:36:07.006324053 CET4434977376.223.42.213192.168.2.6
                                Oct 28, 2024 08:36:07.152652025 CET4434977376.223.42.213192.168.2.6
                                Oct 28, 2024 08:36:07.200288057 CET49773443192.168.2.676.223.42.213
                                Oct 28, 2024 08:36:12.635607958 CET44349727142.251.116.105192.168.2.6
                                Oct 28, 2024 08:36:12.635678053 CET44349727142.251.116.105192.168.2.6
                                Oct 28, 2024 08:36:12.635763884 CET49727443192.168.2.6142.251.116.105
                                Oct 28, 2024 08:36:14.005114079 CET49727443192.168.2.6142.251.116.105
                                Oct 28, 2024 08:36:14.005127907 CET44349727142.251.116.105192.168.2.6
                                Oct 28, 2024 08:36:52.154102087 CET49773443192.168.2.676.223.42.213
                                Oct 28, 2024 08:36:52.154135942 CET4434977376.223.42.213192.168.2.6
                                Oct 28, 2024 08:37:01.534348011 CET49780443192.168.2.6142.251.116.105
                                Oct 28, 2024 08:37:01.534390926 CET44349780142.251.116.105192.168.2.6
                                Oct 28, 2024 08:37:01.534486055 CET49780443192.168.2.6142.251.116.105
                                Oct 28, 2024 08:37:01.534815073 CET49780443192.168.2.6142.251.116.105
                                Oct 28, 2024 08:37:01.534828901 CET44349780142.251.116.105192.168.2.6
                                Oct 28, 2024 08:37:02.622020006 CET44349780142.251.116.105192.168.2.6
                                Oct 28, 2024 08:37:02.622381926 CET49780443192.168.2.6142.251.116.105
                                Oct 28, 2024 08:37:02.622400045 CET44349780142.251.116.105192.168.2.6
                                Oct 28, 2024 08:37:02.622757912 CET44349780142.251.116.105192.168.2.6
                                Oct 28, 2024 08:37:02.623265982 CET49780443192.168.2.6142.251.116.105
                                Oct 28, 2024 08:37:02.623330116 CET44349780142.251.116.105192.168.2.6
                                Oct 28, 2024 08:37:02.669373989 CET49780443192.168.2.6142.251.116.105
                                Oct 28, 2024 08:37:07.986939907 CET49773443192.168.2.676.223.42.213
                                Oct 28, 2024 08:37:07.987098932 CET4434977376.223.42.213192.168.2.6
                                Oct 28, 2024 08:37:07.987179041 CET49773443192.168.2.676.223.42.213
                                Oct 28, 2024 08:37:12.228231907 CET44349780142.251.116.105192.168.2.6
                                Oct 28, 2024 08:37:12.228317976 CET44349780142.251.116.105192.168.2.6
                                Oct 28, 2024 08:37:12.228375912 CET49780443192.168.2.6142.251.116.105
                                Oct 28, 2024 08:37:12.254990101 CET49780443192.168.2.6142.251.116.105
                                Oct 28, 2024 08:37:12.255017042 CET44349780142.251.116.105192.168.2.6
                                TimestampSource PortDest PortSource IPDest IP
                                Oct 28, 2024 08:35:57.543003082 CET53500891.1.1.1192.168.2.6
                                Oct 28, 2024 08:35:57.732573032 CET53591211.1.1.1192.168.2.6
                                Oct 28, 2024 08:35:59.130273104 CET5289553192.168.2.61.1.1.1
                                Oct 28, 2024 08:35:59.130446911 CET5967353192.168.2.61.1.1.1
                                Oct 28, 2024 08:35:59.672713995 CET53596731.1.1.1192.168.2.6
                                Oct 28, 2024 08:35:59.942277908 CET53528951.1.1.1192.168.2.6
                                Oct 28, 2024 08:36:00.997539043 CET53538581.1.1.1192.168.2.6
                                Oct 28, 2024 08:36:01.128758907 CET4965753192.168.2.61.1.1.1
                                Oct 28, 2024 08:36:01.129463911 CET5670153192.168.2.61.1.1.1
                                Oct 28, 2024 08:36:01.137526035 CET53567011.1.1.1192.168.2.6
                                Oct 28, 2024 08:36:01.137676954 CET53496571.1.1.1192.168.2.6
                                Oct 28, 2024 08:36:01.495007992 CET5404753192.168.2.61.1.1.1
                                Oct 28, 2024 08:36:01.495388985 CET5931953192.168.2.61.1.1.1
                                Oct 28, 2024 08:36:01.502240896 CET53540471.1.1.1192.168.2.6
                                Oct 28, 2024 08:36:01.502682924 CET53593191.1.1.1192.168.2.6
                                Oct 28, 2024 08:36:02.037873983 CET5925653192.168.2.61.1.1.1
                                Oct 28, 2024 08:36:02.038475037 CET5758353192.168.2.61.1.1.1
                                Oct 28, 2024 08:36:02.280550003 CET53575831.1.1.1192.168.2.6
                                Oct 28, 2024 08:36:02.291104078 CET53592561.1.1.1192.168.2.6
                                Oct 28, 2024 08:36:03.660414934 CET6456153192.168.2.61.1.1.1
                                Oct 28, 2024 08:36:03.660609007 CET5341153192.168.2.61.1.1.1
                                Oct 28, 2024 08:36:03.667853117 CET53645611.1.1.1192.168.2.6
                                Oct 28, 2024 08:36:03.680129051 CET53534111.1.1.1192.168.2.6
                                Oct 28, 2024 08:36:06.115940094 CET5292553192.168.2.61.1.1.1
                                Oct 28, 2024 08:36:06.116450071 CET5426053192.168.2.61.1.1.1
                                Oct 28, 2024 08:36:06.124991894 CET53542601.1.1.1192.168.2.6
                                Oct 28, 2024 08:36:06.355864048 CET53529251.1.1.1192.168.2.6
                                Oct 28, 2024 08:36:18.022429943 CET53519951.1.1.1192.168.2.6
                                Oct 28, 2024 08:36:37.005650997 CET53543011.1.1.1192.168.2.6
                                Oct 28, 2024 08:36:57.034722090 CET53588451.1.1.1192.168.2.6
                                Oct 28, 2024 08:36:59.428126097 CET53619291.1.1.1192.168.2.6
                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                Oct 28, 2024 08:35:59.130273104 CET192.168.2.61.1.1.10x5d93Standard query (0)ithelpdesk.automationanywhere.comA (IP address)IN (0x0001)false
                                Oct 28, 2024 08:35:59.130446911 CET192.168.2.61.1.1.10xe228Standard query (0)ithelpdesk.automationanywhere.com65IN (0x0001)false
                                Oct 28, 2024 08:36:01.128758907 CET192.168.2.61.1.1.10xa90aStandard query (0)accounts.zoho.comA (IP address)IN (0x0001)false
                                Oct 28, 2024 08:36:01.129463911 CET192.168.2.61.1.1.10x44bcStandard query (0)accounts.zoho.com65IN (0x0001)false
                                Oct 28, 2024 08:36:01.495007992 CET192.168.2.61.1.1.10x4d50Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                Oct 28, 2024 08:36:01.495388985 CET192.168.2.61.1.1.10xcdb6Standard query (0)www.google.com65IN (0x0001)false
                                Oct 28, 2024 08:36:02.037873983 CET192.168.2.61.1.1.10x1fa5Standard query (0)automationanywhere.okta.comA (IP address)IN (0x0001)false
                                Oct 28, 2024 08:36:02.038475037 CET192.168.2.61.1.1.10x4079Standard query (0)automationanywhere.okta.com65IN (0x0001)false
                                Oct 28, 2024 08:36:03.660414934 CET192.168.2.61.1.1.10xa3b6Standard query (0)ok6static.oktacdn.comA (IP address)IN (0x0001)false
                                Oct 28, 2024 08:36:03.660609007 CET192.168.2.61.1.1.10xb90bStandard query (0)ok6static.oktacdn.com65IN (0x0001)false
                                Oct 28, 2024 08:36:06.115940094 CET192.168.2.61.1.1.10x6661Standard query (0)automationanywhere.okta.comA (IP address)IN (0x0001)false
                                Oct 28, 2024 08:36:06.116450071 CET192.168.2.61.1.1.10x41d5Standard query (0)automationanywhere.okta.com65IN (0x0001)false
                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                Oct 28, 2024 08:35:59.672713995 CET1.1.1.1192.168.2.60xe228No error (0)ithelpdesk.automationanywhere.comcustomer-sdpondemand.manageuser.comCNAME (Canonical name)IN (0x0001)false
                                Oct 28, 2024 08:35:59.672713995 CET1.1.1.1192.168.2.60xe228No error (0)customer-sdpondemand.manageuser.comcsdp.manageuser.comCNAME (Canonical name)IN (0x0001)false
                                Oct 28, 2024 08:35:59.942277908 CET1.1.1.1192.168.2.60x5d93No error (0)ithelpdesk.automationanywhere.comcustomer-sdpondemand.manageuser.comCNAME (Canonical name)IN (0x0001)false
                                Oct 28, 2024 08:35:59.942277908 CET1.1.1.1192.168.2.60x5d93No error (0)customer-sdpondemand.manageuser.comcsdp.manageuser.comCNAME (Canonical name)IN (0x0001)false
                                Oct 28, 2024 08:35:59.942277908 CET1.1.1.1192.168.2.60x5d93No error (0)csdp.manageuser.com204.141.42.199A (IP address)IN (0x0001)false
                                Oct 28, 2024 08:36:01.137676954 CET1.1.1.1192.168.2.60xa90aNo error (0)accounts.zoho.com204.141.42.100A (IP address)IN (0x0001)false
                                Oct 28, 2024 08:36:01.502682924 CET1.1.1.1192.168.2.60xcdb6No error (0)www.google.com65IN (0x0001)false
                                Oct 28, 2024 08:36:02.113818884 CET1.1.1.1192.168.2.60x9a98No error (0)www.google.com142.251.116.105A (IP address)IN (0x0001)false
                                Oct 28, 2024 08:36:02.113818884 CET1.1.1.1192.168.2.60x9a98No error (0)www.google.com142.251.116.106A (IP address)IN (0x0001)false
                                Oct 28, 2024 08:36:02.113818884 CET1.1.1.1192.168.2.60x9a98No error (0)www.google.com142.251.116.104A (IP address)IN (0x0001)false
                                Oct 28, 2024 08:36:02.113818884 CET1.1.1.1192.168.2.60x9a98No error (0)www.google.com142.251.116.147A (IP address)IN (0x0001)false
                                Oct 28, 2024 08:36:02.113818884 CET1.1.1.1192.168.2.60x9a98No error (0)www.google.com142.251.116.103A (IP address)IN (0x0001)false
                                Oct 28, 2024 08:36:02.113818884 CET1.1.1.1192.168.2.60x9a98No error (0)www.google.com142.251.116.99A (IP address)IN (0x0001)false
                                Oct 28, 2024 08:36:02.280550003 CET1.1.1.1192.168.2.60x4079No error (0)automationanywhere.okta.comok6-crtrs.tng.okta.comCNAME (Canonical name)IN (0x0001)false
                                Oct 28, 2024 08:36:02.280550003 CET1.1.1.1192.168.2.60x4079No error (0)ok6-crtrs.tng.okta.comok6-crtrs.oktaedge.okta.comCNAME (Canonical name)IN (0x0001)false
                                Oct 28, 2024 08:36:02.280550003 CET1.1.1.1192.168.2.60x4079No error (0)ok6-crtrs.oktaedge.okta.comae52e19d4a7095f43.awsglobalaccelerator.comCNAME (Canonical name)IN (0x0001)false
                                Oct 28, 2024 08:36:02.291104078 CET1.1.1.1192.168.2.60x1fa5No error (0)automationanywhere.okta.comok6-crtrs.tng.okta.comCNAME (Canonical name)IN (0x0001)false
                                Oct 28, 2024 08:36:02.291104078 CET1.1.1.1192.168.2.60x1fa5No error (0)ok6-crtrs.tng.okta.comok6-crtrs.oktaedge.okta.comCNAME (Canonical name)IN (0x0001)false
                                Oct 28, 2024 08:36:02.291104078 CET1.1.1.1192.168.2.60x1fa5No error (0)ok6-crtrs.oktaedge.okta.comae52e19d4a7095f43.awsglobalaccelerator.comCNAME (Canonical name)IN (0x0001)false
                                Oct 28, 2024 08:36:02.291104078 CET1.1.1.1192.168.2.60x1fa5No error (0)ae52e19d4a7095f43.awsglobalaccelerator.com13.248.165.67A (IP address)IN (0x0001)false
                                Oct 28, 2024 08:36:02.291104078 CET1.1.1.1192.168.2.60x1fa5No error (0)ae52e19d4a7095f43.awsglobalaccelerator.com76.223.42.213A (IP address)IN (0x0001)false
                                Oct 28, 2024 08:36:03.667853117 CET1.1.1.1192.168.2.60xa3b6No error (0)ok6static.oktacdn.comdpxbp5vi8wz3w.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                Oct 28, 2024 08:36:03.667853117 CET1.1.1.1192.168.2.60xa3b6No error (0)dpxbp5vi8wz3w.cloudfront.net52.222.214.58A (IP address)IN (0x0001)false
                                Oct 28, 2024 08:36:03.667853117 CET1.1.1.1192.168.2.60xa3b6No error (0)dpxbp5vi8wz3w.cloudfront.net52.222.214.26A (IP address)IN (0x0001)false
                                Oct 28, 2024 08:36:03.667853117 CET1.1.1.1192.168.2.60xa3b6No error (0)dpxbp5vi8wz3w.cloudfront.net52.222.214.124A (IP address)IN (0x0001)false
                                Oct 28, 2024 08:36:03.667853117 CET1.1.1.1192.168.2.60xa3b6No error (0)dpxbp5vi8wz3w.cloudfront.net52.222.214.99A (IP address)IN (0x0001)false
                                Oct 28, 2024 08:36:03.680129051 CET1.1.1.1192.168.2.60xb90bNo error (0)ok6static.oktacdn.comdpxbp5vi8wz3w.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                Oct 28, 2024 08:36:06.124991894 CET1.1.1.1192.168.2.60x41d5No error (0)automationanywhere.okta.comok6-crtrs.tng.okta.comCNAME (Canonical name)IN (0x0001)false
                                Oct 28, 2024 08:36:06.124991894 CET1.1.1.1192.168.2.60x41d5No error (0)ok6-crtrs.tng.okta.comok6-crtrs.oktaedge.okta.comCNAME (Canonical name)IN (0x0001)false
                                Oct 28, 2024 08:36:06.124991894 CET1.1.1.1192.168.2.60x41d5No error (0)ok6-crtrs.oktaedge.okta.comae52e19d4a7095f43.awsglobalaccelerator.comCNAME (Canonical name)IN (0x0001)false
                                Oct 28, 2024 08:36:06.355864048 CET1.1.1.1192.168.2.60x6661No error (0)automationanywhere.okta.comok6-crtrs.tng.okta.comCNAME (Canonical name)IN (0x0001)false
                                Oct 28, 2024 08:36:06.355864048 CET1.1.1.1192.168.2.60x6661No error (0)ok6-crtrs.tng.okta.comok6-crtrs.oktaedge.okta.comCNAME (Canonical name)IN (0x0001)false
                                Oct 28, 2024 08:36:06.355864048 CET1.1.1.1192.168.2.60x6661No error (0)ok6-crtrs.oktaedge.okta.comae52e19d4a7095f43.awsglobalaccelerator.comCNAME (Canonical name)IN (0x0001)false
                                Oct 28, 2024 08:36:06.355864048 CET1.1.1.1192.168.2.60x6661No error (0)ae52e19d4a7095f43.awsglobalaccelerator.com76.223.42.213A (IP address)IN (0x0001)false
                                Oct 28, 2024 08:36:06.355864048 CET1.1.1.1192.168.2.60x6661No error (0)ae52e19d4a7095f43.awsglobalaccelerator.com13.248.165.67A (IP address)IN (0x0001)false
                                Oct 28, 2024 08:36:13.447606087 CET1.1.1.1192.168.2.60x3fe1No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                Oct 28, 2024 08:36:13.447606087 CET1.1.1.1192.168.2.60x3fe1No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                Oct 28, 2024 08:36:14.735183954 CET1.1.1.1192.168.2.60xceacNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                Oct 28, 2024 08:36:14.735183954 CET1.1.1.1192.168.2.60xceacNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                Oct 28, 2024 08:36:52.069540024 CET1.1.1.1192.168.2.60x21d2No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                Oct 28, 2024 08:36:52.069540024 CET1.1.1.1192.168.2.60x21d2No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                Oct 28, 2024 08:37:10.537375927 CET1.1.1.1192.168.2.60xcf15No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                Oct 28, 2024 08:37:10.537375927 CET1.1.1.1192.168.2.60xcf15No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                • ithelpdesk.automationanywhere.com
                                • accounts.zoho.com
                                • otelrules.azureedge.net
                                • automationanywhere.okta.com
                                • https:
                                TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                Oct 28, 2024 08:36:07.004307032 CET76.223.42.213443192.168.2.649773CN=*.okta.com, O="Okta, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=USCN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USMon Feb 12 01:00:00 CET 2024 Wed Apr 14 02:00:00 CEST 2021Sat Mar 15 00:59:59 CET 2025 Mon Apr 14 01:59:59 CEST 2031771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,13-35-5-51-16-27-0-45-65281-23-17513-10-11-65037-43-18,29-23-24,0645d580e25d6fe6fa34fe1950adf9c6b
                                CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=USCN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USWed Apr 14 02:00:00 CEST 2021Mon Apr 14 01:59:59 CEST 2031
                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                0192.168.2.649722204.141.42.1994434996C:\Program Files\Google\Chrome\Application\chrome.exe
                                TimestampBytes transferredDirectionData
                                2024-10-28 07:36:00 UTC724OUTGET /app/itdesk/ui/requests/27746000065200260/details HTTP/1.1
                                Host: ithelpdesk.automationanywhere.com
                                Connection: keep-alive
                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                sec-ch-ua-mobile: ?0
                                sec-ch-ua-platform: "Windows"
                                Upgrade-Insecure-Requests: 1
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Sec-Fetch-Site: none
                                Sec-Fetch-Mode: navigate
                                Sec-Fetch-User: ?1
                                Sec-Fetch-Dest: document
                                Accept-Encoding: gzip, deflate, br
                                Accept-Language: en-US,en;q=0.9
                                2024-10-28 07:36:00 UTC739INHTTP/1.1 302
                                Server: ZGS
                                Date: Mon, 28 Oct 2024 07:36:00 GMT
                                Content-Length: 0
                                Connection: close
                                Set-Cookie: zalb_6bc9ae5955=8ffc757add8670d4be8660e2f5588b6e; Path=/; Secure; HttpOnly
                                X-Content-Type-Options: nosniff
                                Set-Cookie: sdpcscook=86188593-62bd-491c-b54e-1f56c1bcc4e6;path=/;SameSite=None;Secure;priority=high
                                Set-Cookie: _zcsr_tmp=86188593-62bd-491c-b54e-1f56c1bcc4e6;path=/;SameSite=Strict;Secure;priority=high
                                Cache-Control: private,no-cache,no-store,max-age=0,must-revalidate
                                Pragma: no-cache
                                Expires: Thu, 01 Jan 1970 00:00:00 GMT
                                Location: https://ithelpdesk.automationanywhere.com/Login.jsp?serviceurl=%2Fapp%2Fitdesk%2Fui%2Frequests%2F27746000065200260%2Fdetails
                                Strict-Transport-Security: max-age=63072000


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                1192.168.2.649721204.141.42.1994434996C:\Program Files\Google\Chrome\Application\chrome.exe
                                TimestampBytes transferredDirectionData
                                2024-10-28 07:36:00 UTC912OUTGET /Login.jsp?serviceurl=%2Fapp%2Fitdesk%2Fui%2Frequests%2F27746000065200260%2Fdetails HTTP/1.1
                                Host: ithelpdesk.automationanywhere.com
                                Connection: keep-alive
                                Upgrade-Insecure-Requests: 1
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Sec-Fetch-Site: none
                                Sec-Fetch-Mode: navigate
                                Sec-Fetch-User: ?1
                                Sec-Fetch-Dest: document
                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                sec-ch-ua-mobile: ?0
                                sec-ch-ua-platform: "Windows"
                                Accept-Encoding: gzip, deflate, br
                                Accept-Language: en-US,en;q=0.9
                                Cookie: zalb_6bc9ae5955=8ffc757add8670d4be8660e2f5588b6e; sdpcscook=86188593-62bd-491c-b54e-1f56c1bcc4e6; _zcsr_tmp=86188593-62bd-491c-b54e-1f56c1bcc4e6
                                2024-10-28 07:36:01 UTC632INHTTP/1.1 302
                                Server: ZGS
                                Date: Mon, 28 Oct 2024 07:36:00 GMT
                                Content-Type: text/html;charset=UTF-8
                                Content-Length: 0
                                Connection: close
                                X-Content-Type-Options: nosniff
                                X-Frame-Options: SAMEORIGIN
                                X-SDPOD-Version: 1955
                                Set-Cookie: JSESSIONID=F8BC5B6FDA87BACB0319D4DFAB00ABE2; Path=/; Secure; HttpOnly
                                LOGIN_PAGE_URL: /HomePage.do
                                Location: https://accounts.zoho.com/samlauthrequest/630778920?serviceurl=https%3A%2F%2Fithelpdesk.automationanywhere.com%2Fapp%2Fitdesk%2Fui%2Frequests%2F27746000065200260%2Fdetails&servicename=SDPOnDemand&portal_id=630778920&hide_signup=false
                                Strict-Transport-Security: max-age=63072000


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                2192.168.2.649725204.141.42.1004434996C:\Program Files\Google\Chrome\Application\chrome.exe
                                TimestampBytes transferredDirectionData
                                2024-10-28 07:36:01 UTC867OUTGET /samlauthrequest/630778920?serviceurl=https%3A%2F%2Fithelpdesk.automationanywhere.com%2Fapp%2Fitdesk%2Fui%2Frequests%2F27746000065200260%2Fdetails&servicename=SDPOnDemand&portal_id=630778920&hide_signup=false HTTP/1.1
                                Host: accounts.zoho.com
                                Connection: keep-alive
                                Upgrade-Insecure-Requests: 1
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Sec-Fetch-Site: none
                                Sec-Fetch-Mode: navigate
                                Sec-Fetch-User: ?1
                                Sec-Fetch-Dest: document
                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                sec-ch-ua-mobile: ?0
                                sec-ch-ua-platform: "Windows"
                                Accept-Encoding: gzip, deflate, br
                                Accept-Language: en-US,en;q=0.9
                                2024-10-28 07:36:02 UTC1693INHTTP/1.1 302
                                Server: ZGS
                                Date: Mon, 28 Oct 2024 07:36:01 GMT
                                Content-Type: text/html;charset=UTF-8
                                Content-Length: 0
                                Connection: close
                                Set-Cookie: zalb_e188bc05fe=4d6e62173a764ac5410d1192f41034cd; Path=/; Secure; HttpOnly
                                X-Content-Type-Options: nosniff
                                Set-Cookie: iamcsr=13e44fc8-fa5c-4a38-87c8-82d3a6e07f00;path=/;SameSite=None;Secure;priority=high
                                Set-Cookie: _zcsr_tmp=13e44fc8-fa5c-4a38-87c8-82d3a6e07f00;path=/;SameSite=Strict;Secure;priority=high
                                Cache-Control: private,no-cache,no-store,max-age=0,must-revalidate
                                Pragma: no-cache
                                Expires: Thu, 01 Jan 1970 00:00:00 GMT
                                X-Frame-Options: SAMEORIGIN
                                P3P: CP="CAO PSA OUR"
                                Set-Cookie: _scp_tmp=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:01 GMT; Path=/; Secure; SameSite=None
                                Location: https://automationanywhere.okta.com/app/automationanywhere_ithelpdesk_1/exk3ez7zehmk8x48s2p7/sso/saml?SAMLRequest=fVLLbtswEPwVgXdLpCxbFmEZUGMUNZC2Ruz2kIvBSKuKsESqXMpx%2FPWlmCYwkMd1Zndmdsgliq7teTHYRt3B3wHQBueuVcg9kZPBKK4FSuRKdIDclnxXfL%2FlcUh5b7TVpW5JsFnn5JCy2Yxm85omGU2qmi4qqJL5dJY9sCSrU8bSKWWUkuA3GJRa5cSJuF3EATYKrVDWQTROJoxO4sWepnw655SFWRLfk%2BCrNiX4oDmpRYswrm4FojzBK7L9H%2BmLVJVUfz7P%2F%2FA8hPzbfr%2BdbH%2Fu9iQoEMFYl%2B5GKxw6MDswJ1nCr7vbnDTW9sijSJSlHpTF8KIbHZa6i8a2DGDvliASg9WdGEWEenpswMA4Q4K1a1cqT1xpvR3WRyu8quj7d%2FiDtA20fQV4PLAIzscpXNILNN1xcU4WGPdphKh9JF%2FISVZgfrjrc3Lv8pLVcqS4791cvfbnZYmXYsjq5epldCX0rNrz0Wiz3upWlk9B0bb68caAsM7cmgH8M7pzPvZiIfOIrCa1H%2BXQCdkWVeX6RRc%2BeuvzCl7%2F49U%2F&RelayState=aHR0cHM6Ly9pdGhlbHBkZXNrLmF1dG9tYXRpb25hbnl3aGVyZS5jb20vYXBwL2l0ZGVzay91aS9yZXF1ZXN0cy8yNzc0NjAwMDA2NTIwMDI2MC9kZXRhaWxzX19JQU1fX1NEUE9uRGVtYW5kX19JQU1fX19fSUFNX19mYWxzZV9fSUFNX18%3D
                                Strict-Transport-Security: max-age=63072000


                                Session IDSource IPSource PortDestination IPDestination Port
                                3192.168.2.64973013.107.246.60443
                                TimestampBytes transferredDirectionData
                                2024-10-28 07:36:03 UTC195OUTGET /rules/other-Win32-v19.bundle HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-10-28 07:36:03 UTC568INHTTP/1.1 200 OK
                                Date: Mon, 28 Oct 2024 07:36:03 GMT
                                Content-Type: text/plain
                                Content-Length: 218853
                                Connection: close
                                Vary: Accept-Encoding
                                Vary: Accept-Encoding
                                Vary: Accept-Encoding
                                Vary: Accept-Encoding
                                Cache-Control: public
                                Last-Modified: Sun, 27 Oct 2024 10:35:44 GMT
                                ETag: "0x8DCF6731CF80310"
                                x-ms-request-id: 89d6c6b8-201e-0033-2798-28b167000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241028T073603Z-15b8d89586fdmfsg1u7xrpfws000000008y0000000005qyf
                                x-fd-int-roxy-purgeid: 0
                                X-Cache-Info: L2_T2
                                X-Cache: TCP_REMOTE_HIT
                                Accept-Ranges: bytes
                                2024-10-28 07:36:03 UTC15816INData Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20
                                Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
                                2024-10-28 07:36:03 UTC16384INData Raw: 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20
                                Data Ascii: <L> <S T="1" F="0" /> </L> <R> <V V="400" T="I32" /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L>
                                2024-10-28 07:36:03 UTC16384INData Raw: 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 33 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 20 20 3c 53 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 53 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 38 32 30 76 33 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36
                                Data Ascii: > <S T="3" /> </T> <ST> <S T="1" /> </ST></R><$!#>10820v3+<?xml version="1.0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-776
                                2024-10-28 07:36:03 UTC16384INData Raw: 22 4d 61 78 45 76 65 6e 74 73 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 36 34 22 20 49 3d 22 38 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 45 76 65 6e 74 73 5f 41 76 67 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 41 76 65 72 61 67 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e
                                Data Ascii: "MaxEvents" /> </C> <C T="U64" I="8" O="false" N="Events_Avg"> <S T="2" F="Average" /> </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Coun
                                2024-10-28 07:36:03 UTC16384INData Raw: 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54
                                Data Ascii: /F> </S> <C T="U32" I="0" O="false" N="Count_CreateCard_ValidPersona_False"> <C> <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T
                                2024-10-28 07:36:04 UTC16384INData Raw: 65 72 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 39 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20
                                Data Ascii: er_Null_Count"> <C> <S T="31" /> </C> </C> <C T="U32" I="19" O="false" N="Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C>
                                2024-10-28 07:36:04 UTC16384INData Raw: 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c
                                Data Ascii: <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <
                                2024-10-28 07:36:04 UTC16384INData Raw: 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f
                                Data Ascii: /> </L> <R> <V V="0" T="I32" /> </R> </O> </F> </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O
                                2024-10-28 07:36:04 UTC16384INData Raw: 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20
                                Data Ascii: "false" T="B" /> </R> </O> </F> <F T="6"> <O T="AND"> <L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" />
                                2024-10-28 07:36:04 UTC16384INData Raw: 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20
                                Data Ascii: </O> </F> <F T="6"> <O T="EQ"> <L> <S T="2" F="HttpStatus" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                4192.168.2.64972813.248.165.674434996C:\Program Files\Google\Chrome\Application\chrome.exe
                                TimestampBytes transferredDirectionData
                                2024-10-28 07:36:03 UTC1520OUTGET /app/automationanywhere_ithelpdesk_1/exk3ez7zehmk8x48s2p7/sso/saml?SAMLRequest=fVLLbtswEPwVgXdLpCxbFmEZUGMUNZC2Ruz2kIvBSKuKsESqXMpx%2FPWlmCYwkMd1Zndmdsgliq7teTHYRt3B3wHQBueuVcg9kZPBKK4FSuRKdIDclnxXfL%2FlcUh5b7TVpW5JsFnn5JCy2Yxm85omGU2qmi4qqJL5dJY9sCSrU8bSKWWUkuA3GJRa5cSJuF3EATYKrVDWQTROJoxO4sWepnw655SFWRLfk%2BCrNiX4oDmpRYswrm4FojzBK7L9H%2BmLVJVUfz7P%2F%2FA8hPzbfr%2BdbH%2Fu9iQoEMFYl%2B5GKxw6MDswJ1nCr7vbnDTW9sijSJSlHpTF8KIbHZa6i8a2DGDvliASg9WdGEWEenpswMA4Q4K1a1cqT1xpvR3WRyu8quj7d%2FiDtA20fQV4PLAIzscpXNILNN1xcU4WGPdphKh9JF%2FISVZgfrjrc3Lv8pLVcqS4791cvfbnZYmXYsjq5epldCX0rNrz0Wiz3upWlk9B0bb68caAsM7cmgH8M7pzPvZiIfOIrCa1H%2BXQCdkWVeX6RRc%2BeuvzCl7%2F49U%2F&RelayState=aHR0cHM6Ly9pdGhlbHBkZXNrLmF1dG9tYXRpb25hbnl3aGVyZS5jb20vYXBwL2l0ZGVzay91aS9yZXF1ZXN0cy8yNzc0NjAwMDA2NTIwMDI2MC9kZXRhaWxzX19JQU1fX1NEUE9uRGVtYW5kX19JQU1fX19fSUFNX19mYWxzZV9fSUFNX18%3D HTTP/1.1
                                Host: automationanywhere.okta.com
                                Connection: keep-alive
                                Upgrade-Insecure-Requests: 1
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Sec-Fetch-Site: none
                                Sec-Fetch-Mode: navigate
                                Sec-Fetch-User: ?1
                                Sec-Fetch-Dest: document
                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                sec-ch-ua-mobile: ?0
                                sec-ch-ua-platform: "Windows"
                                Accept-Encoding: gzip, deflate, br
                                Accept-Language: en-US,en;q=0.9
                                2024-10-28 07:36:03 UTC4500INHTTP/1.1 200 OK
                                Date: Mon, 28 Oct 2024 07:36:03 GMT
                                Content-Type: text/html;charset=utf-8
                                Transfer-Encoding: chunked
                                Connection: close
                                Server: nginx
                                Vary: Accept-Encoding
                                x-okta-request-id: 1ea47a46299eb49e80102ec2ba436b4a
                                x-xss-protection: 0
                                p3p: CP="HONK"
                                set-cookie: xids="";Version=1;Path=/;Max-Age=0
                                content-security-policy-report-only: default-src 'self' automationanywhere.okta.com *.oktacdn.com; connect-src 'self' automationanywhere.okta.com automationanywhere-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com automationanywhere.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'nonce-Rqo9lD4yMtv0fwPL91bCzw' 'unsafe-eval' 'self' 'report-sample' automationanywhe [TRUNCATED]
                                content-security-policy: default-src 'self' automationanywhere.okta.com *.oktacdn.com; connect-src 'self' automationanywhere.okta.com automationanywhere-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com automationanywhere.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' 'report-sample' automationanywhere.okta.com *.oktacdn.com; style-src 'unsaf [TRUNCATED]
                                x-rate-limit-limit: 750
                                x-rate-limit-remaining: 749
                                x-rate-limit-reset: 1730101023
                                referrer-policy: strict-origin-when-cross-origin
                                accept-ch: Sec-CH-UA-Platform-Version
                                cache-control: no-cache, no-store
                                pragma: no-cache
                                expires: 0
                                set-cookie: sid="";Version=1;Path=/;Max-Age=0
                                set-cookie: autolaunch_triggered=""; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/
                                set-cookie: activate_ca_modal_triggered=""; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/
                                set-cookie: JSESSIONID=FDA37EE175411A44AC964E71264A30E0; Path=/; Secure; HttpOnly
                                set-cookie: t=""; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/
                                set-cookie: DT=DI1xilJgciFQtiXvrCZ_ut5jw;Version=1;Path=/;Max-Age=63072000;Secure;Expires=Wed, 28 Oct 2026 07:36:03 GMT;HttpOnly;SameSite=None
                                x-frame-options: SAMEORIGIN
                                x-content-type-options: nosniff
                                x-ua-compatible: IE=edge
                                content-language: en
                                Strict-Transport-Security: max-age=315360000; includeSubDomains
                                X-Robots-Tag: noindex,nofollow
                                2024-10-28 07:36:03 UTC11881INData Raw: 32 65 36 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 63 6c 61 73 73 3d 22 6c 74 2d 69 65 31 30 20 6c 74 2d 69 65 39 20 6c 74 2d 69 65 38 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 63 6c 61 73 73 3d 22 6c 74 2d 69 65 31 30 20 6c 74 2d 69 65 39 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 39 5d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 63 6c 61 73 73 3d 22 6c 74 2d 69 65 31 30 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 39 5d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c
                                Data Ascii: 2e61<!DOCTYPE html>...[if IE 7]><html lang="en" class="lt-ie10 lt-ie9 lt-ie8"><![endif]-->...[if IE 8]><html lang="en" class="lt-ie10 lt-ie9"> <![endif]-->...[if IE 9]><html lang="en" class="lt-ie10"><![endif]-->...[if gt IE 9]><html lang="en"><
                                2024-10-28 07:36:03 UTC16384INData Raw: 34 35 35 31 0d 0a 4e 64 6b 64 43 68 53 38 47 69 74 49 79 52 5a 39 58 34 6e 39 35 6a 65 4c 6f 4f 37 35 6d 30 4b 57 6a 52 71 5a 34 38 51 37 56 35 4e 50 37 35 6c 41 77 6d 5f 66 4a 70 70 7a 34 64 69 5f 35 7a 4f 77 70 32 41 55 5a 66 39 57 52 56 78 58 70 39 4f 35 45 68 6e 67 6c 47 61 61 49 4d 52 75 39 5c 78 32 44 63 6f 72 64 62 31 53 6a 65 47 53 51 49 71 62 5a 4f 34 49 5a 67 35 63 4a 6e 47 41 48 6c 74 76 36 56 45 75 46 55 55 4c 4a 71 6b 56 53 47 77 45 70 31 49 52 46 4c 73 30 35 54 4b 71 71 6b 69 4d 38 69 6b 71 54 33 76 5f 6d 72 4d 65 47 45 70 4b 49 35 42 65 66 32 69 70 57 6a 6e 68 6c 48 75 42 4a 30 71 59 4d 51 66 4b 4e 5a 57 37 50 77 62 66 54 46 75 70 53 39 39 6f 79 39 35 72 4c 65 65 61 49 34 34 73 37 62 45 54 31 39 79 36 31 6a 6c 69 45 55 39 5f 7a 4f 4c 4f 35
                                Data Ascii: 4551NdkdChS8GitIyRZ9X4n95jeLoO75m0KWjRqZ48Q7V5NP75lAwm_fJppz4di_5zOwp2AUZf9WRVxXp9O5EhnglGaaIMRu9\x2Dcordb1SjeGSQIqbZO4IZg5cJnGAHltv6VEuFUULJqkVSGwEp1IRFLs05TKqqkiM8ikqT3v_mrMeGEpKI5Bef2ipWjnhlHuBJ0qYMQfKNZW7PwbfTFupS99oy95rLeeaI44s7bET19y61jliEU9_zOLO5
                                2024-10-28 07:36:03 UTC1369INData Raw: 74 74 70 73 3f 3a 5c 2f 5c 2f 2f 69 3b 0a 20 20 20 20 72 65 74 75 72 6e 20 70 61 74 2e 74 65 73 74 28 75 72 69 29 3b 0a 20 20 7d 0a 0a 20 20 76 61 72 20 75 6e 73 75 70 70 6f 72 74 65 64 43 6f 6e 74 61 69 6e 65 72 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 6f 6b 74 61 2d 73 69 67 6e 2d 69 6e 27 29 3b 0a 0a 20 20 76 61 72 20 66 61 69 6c 49 66 43 6f 6f 6b 69 65 73 44 69 73 61 62 6c 65 64 20 3d 20 74 72 75 65 3b 0a 20 20 0a 0a 20 20 2f 2f 20 4f 6c 64 20 76 65 72 73 69 6f 6e 73 20 6f 66 20 57 65 62 42 72 6f 77 73 65 72 20 43 6f 6e 74 72 6f 6c 73 20 28 73 70 65 63 69 66 69 63 61 6c 6c 79 2c 20 4f 6e 65 44 72 69 76 65 29 20 72 65 6e 64 65 72 20 69 6e 20 49 45 37 20 62 72 6f 77 73 65 72 0a 20 20 2f 2f 20 6d 6f 64 65 2c 20
                                Data Ascii: ttps?:\/\//i; return pat.test(uri); } var unsupportedContainer = document.getElementById('okta-sign-in'); var failIfCookiesDisabled = true; // Old versions of WebBrowser Controls (specifically, OneDrive) render in IE7 browser // mode,
                                2024-10-28 07:36:03 UTC5INData Raw: 30 0d 0a 0d 0a
                                Data Ascii: 0


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                5192.168.2.64973413.248.165.674434996C:\Program Files\Google\Chrome\Application\chrome.exe
                                TimestampBytes transferredDirectionData
                                2024-10-28 07:36:04 UTC1684OUTGET /api/internal/brand/theme/style-sheet?touch-point=SIGN_IN_PAGE&v=abc4780733b2999dc5536ea4bf18a7237d32beafe91e2f7611b8af3ecb8ae0d0dfb208992a3b1ecefd0c0f9333f4b59d HTTP/1.1
                                Host: automationanywhere.okta.com
                                Connection: keep-alive
                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                sec-ch-ua-platform-version: "10.0.0"
                                sec-ch-ua-mobile: ?0
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                sec-ch-ua-platform: "Windows"
                                Accept: text/css,*/*;q=0.1
                                Sec-Fetch-Site: same-origin
                                Sec-Fetch-Mode: no-cors
                                Sec-Fetch-Dest: style
                                Referer: https://automationanywhere.okta.com/app/automationanywhere_ithelpdesk_1/exk3ez7zehmk8x48s2p7/sso/saml?SAMLRequest=fVLLbtswEPwVgXdLpCxbFmEZUGMUNZC2Ruz2kIvBSKuKsESqXMpx%2FPWlmCYwkMd1Zndmdsgliq7teTHYRt3B3wHQBueuVcg9kZPBKK4FSuRKdIDclnxXfL%2FlcUh5b7TVpW5JsFnn5JCy2Yxm85omGU2qmi4qqJL5dJY9sCSrU8bSKWWUkuA3GJRa5cSJuF3EATYKrVDWQTROJoxO4sWepnw655SFWRLfk%2BCrNiX4oDmpRYswrm4FojzBK7L9H%2BmLVJVUfz7P%2F%2FA8hPzbfr%2BdbH%2Fu9iQoEMFYl%2B5GKxw6MDswJ1nCr7vbnDTW9sijSJSlHpTF8KIbHZa6i8a2DGDvliASg9WdGEWEenpswMA4Q4K1a1cqT1xpvR3WRyu8quj7d%2FiDtA20fQV4PLAIzscpXNILNN1xcU4WGPdphKh9JF%2FISVZgfrjrc3Lv8pLVcqS4791cvfbnZYmXYsjq5epldCX0rNrz0Wiz3upWlk9B0bb68caAsM7cmgH8M7pzPvZiIfOIrCa1H%2BXQCdkWVeX6RRc%2BeuvzCl7%2F49U%2F&RelayState=aHR0cHM6Ly9pdGhlbHBkZXNrLmF1dG9tYXRpb25hbnl3aGVyZS5jb20vYXBwL2l0ZGVzay91aS9yZXF1ZXN0cy8yNzc0NjAwMDA2NTIwMDI2MC9kZXRhaWxzX19JQU1fX1NEUE9uRGVtYW5kX19JQU1fX19fSUFNX19mYWxzZV9fSUFNX18%3D
                                Accept-Encoding: gzip, deflate, br
                                Accept-Language: en-US,en;q=0.9
                                Cookie: JSESSIONID=FDA37EE175411A44AC964E71264A30E0; DT=DI1xilJgciFQtiXvrCZ_ut5jw
                                2024-10-28 07:36:04 UTC2555INHTTP/1.1 200 OK
                                Date: Mon, 28 Oct 2024 07:36:04 GMT
                                Content-Type: text/css
                                Content-Length: 556
                                Connection: close
                                Server: nginx
                                Vary: Accept-Encoding
                                x-okta-request-id: 0f94120e90f7366212150bd47fcc2ca5
                                x-xss-protection: 0
                                p3p: CP="HONK"
                                set-cookie: sid="";Version=1;Path=/;Max-Age=0
                                set-cookie: xids="";Version=1;Path=/;Max-Age=0
                                set-cookie: autolaunch_triggered=""; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/
                                set-cookie: activate_ca_modal_triggered=""; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/
                                content-security-policy: default-src 'self' automationanywhere.okta.com *.oktacdn.com; connect-src 'self' automationanywhere.okta.com automationanywhere-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com automationanywhere.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' 'report-sample' automationanywhere.okta.com *.oktacdn.com; style-src 'unsaf [TRUNCATED]
                                x-rate-limit-limit: 2400
                                x-rate-limit-remaining: 2394
                                x-rate-limit-reset: 1730100971
                                set-cookie: JSESSIONID=A7CDE4AA7CA38E344464BACCD7A20BB9; Path=/; Secure; HttpOnly
                                referrer-policy: strict-origin-when-cross-origin
                                accept-ch: Sec-CH-UA-Platform-Version
                                cache-control: max-age=31536000, must-revalidate
                                expires: Tue, 28 Oct 2025 07:36:04 GMT
                                x-content-type-options: nosniff
                                Strict-Transport-Security: max-age=315360000; includeSubDomains
                                2024-10-28 07:36:04 UTC556INData Raw: 2e 74 62 2d 2d 62 61 63 6b 67 72 6f 75 6e 64 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 65 62 65 62 65 64 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 7d 0a 2e 74 62 2d 2d 62 75 74 74 6f 6e 2c 0a 2e 62 75 74 74 6f 6e 2d 70 72 69 6d 61 72 79 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 31 36 36 32 64 64 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 31 36 36 32 64 64 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 7d 0a 2e 74 62 2d 2d 62 75 74 74 6f 6e 3a 68 6f 76 65 72 2c 0a 2e 62 75 74 74 6f 6e 2d 70 72 69 6d 61 72 79 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                Data Ascii: .tb--background { background-color: #ebebed !important;}.tb--button,.button-primary { background: #1662dd !important; border-color: #1662dd !important; color: #ffffff !important;}.tb--button:hover,.button-primary:hover {


                                Session IDSource IPSource PortDestination IPDestination Port
                                6192.168.2.64975313.107.246.60443
                                TimestampBytes transferredDirectionData
                                2024-10-28 07:36:05 UTC192OUTGET /rules/rule120609v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-10-28 07:36:06 UTC470INHTTP/1.1 200 OK
                                Date: Mon, 28 Oct 2024 07:36:05 GMT
                                Content-Type: text/xml
                                Content-Length: 408
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                                ETag: "0x8DC582BB56D3AFB"
                                x-ms-request-id: 11ae3112-301e-005d-596b-27e448000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241028T073605Z-16849878b78qf2gleqhwczd21s000000050g000000000swz
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-10-28 07:36:06 UTC408INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                7192.168.2.64976613.248.165.674434996C:\Program Files\Google\Chrome\Application\chrome.exe
                                TimestampBytes transferredDirectionData
                                2024-10-28 07:36:05 UTC1581OUTGET /favicon.ico HTTP/1.1
                                Host: automationanywhere.okta.com
                                Connection: keep-alive
                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                sec-ch-ua-platform-version: "10.0.0"
                                sec-ch-ua-mobile: ?0
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                sec-ch-ua-platform: "Windows"
                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                Sec-Fetch-Site: same-origin
                                Sec-Fetch-Mode: no-cors
                                Sec-Fetch-Dest: image
                                Referer: https://automationanywhere.okta.com/app/automationanywhere_ithelpdesk_1/exk3ez7zehmk8x48s2p7/sso/saml?SAMLRequest=fVLLbtswEPwVgXdLpCxbFmEZUGMUNZC2Ruz2kIvBSKuKsESqXMpx%2FPWlmCYwkMd1Zndmdsgliq7teTHYRt3B3wHQBueuVcg9kZPBKK4FSuRKdIDclnxXfL%2FlcUh5b7TVpW5JsFnn5JCy2Yxm85omGU2qmi4qqJL5dJY9sCSrU8bSKWWUkuA3GJRa5cSJuF3EATYKrVDWQTROJoxO4sWepnw655SFWRLfk%2BCrNiX4oDmpRYswrm4FojzBK7L9H%2BmLVJVUfz7P%2F%2FA8hPzbfr%2BdbH%2Fu9iQoEMFYl%2B5GKxw6MDswJ1nCr7vbnDTW9sijSJSlHpTF8KIbHZa6i8a2DGDvliASg9WdGEWEenpswMA4Q4K1a1cqT1xpvR3WRyu8quj7d%2FiDtA20fQV4PLAIzscpXNILNN1xcU4WGPdphKh9JF%2FISVZgfrjrc3Lv8pLVcqS4791cvfbnZYmXYsjq5epldCX0rNrz0Wiz3upWlk9B0bb68caAsM7cmgH8M7pzPvZiIfOIrCa1H%2BXQCdkWVeX6RRc%2BeuvzCl7%2F49U%2F&RelayState=aHR0cHM6Ly9pdGhlbHBkZXNrLmF1dG9tYXRpb25hbnl3aGVyZS5jb20vYXBwL2l0ZGVzay91aS9yZXF1ZXN0cy8yNzc0NjAwMDA2NTIwMDI2MC9kZXRhaWxzX19JQU1fX1NEUE9uRGVtYW5kX19JQU1fX19fSUFNX19mYWxzZV9fSUFNX18%3D
                                Accept-Encoding: gzip, deflate, br
                                Accept-Language: en-US,en;q=0.9
                                Cookie: DT=DI1xilJgciFQtiXvrCZ_ut5jw; JSESSIONID=A7CDE4AA7CA38E344464BACCD7A20BB9
                                2024-10-28 07:36:06 UTC368INHTTP/1.1 200 OK
                                Date: Mon, 28 Oct 2024 07:36:06 GMT
                                Content-Type: image/x-icon
                                Content-Length: 5430
                                Connection: close
                                Server: nginx
                                accept-ranges: bytes
                                etag: W/"5430-1729274500000"
                                last-modified: Fri, 18 Oct 2024 18:01:40 GMT
                                x-content-type-options: nosniff
                                Strict-Transport-Security: max-age=315360000; includeSubDomains
                                X-Robots-Tag: noindex,nofollow
                                2024-10-28 07:36:06 UTC5430INData Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 13 0b 00 00 13 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 79 29 00 00 79 29 00 0a 79 29 00 4c 7a 29 00 a9 7a 29 00 df 7a 29 00 fb 7a 29 00 fb 7a 29 00 df 7a 29 00 a8 79 28 00 56 78 29 00 0b 78 29 00 00 00 00 00 00 00 00 00 00 7a 2b 00 00 79 29 00 00 79 29 00 1c 79 29 00 99 7a 29 00 ec 7a 29 00 ff 7a 29 00 ff 7a 29 00 ff 7a 29 00 ff 7a 29 00 ff 7a 29 00 ff 7a 29 00 ee 79 29 00 95 79 29 00 1d 79 29 00 00 7a 2b 00 00 7a 2a 00 00 7a 2a 00 1e 7a 29 00 b0 7a 29 00 fe 7a 29 00 ff 7a 29 00 ff 7a 29 00 ff 7a 29 00 ff 7a 29 00 ff 7a 29 00 ff 7a 29 00 ff 7a 29 00 ff 7a
                                Data Ascii: h& ( y)y)y)Lz)z)z)z)z)z)y(Vx)x)z+y)y)y)z)z)z)z)z)z)z)z)y)y)y)z+z*z*z)z)z)z)z)z)z)z)z)z)z


                                Session IDSource IPSource PortDestination IPDestination Port
                                8192.168.2.64976913.107.246.60443
                                TimestampBytes transferredDirectionData
                                2024-10-28 07:36:05 UTC192OUTGET /rules/rule120614v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-10-28 07:36:06 UTC491INHTTP/1.1 200 OK
                                Date: Mon, 28 Oct 2024 07:36:06 GMT
                                Content-Type: text/xml
                                Content-Length: 467
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT
                                ETag: "0x8DC582BA6C038BC"
                                x-ms-request-id: bebabdad-901e-0029-5d45-28274a000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241028T073605Z-r197bdfb6b47gqdjqh2kwsuz8c000000056g000000001qhu
                                x-fd-int-roxy-purgeid: 0
                                X-Cache-Info: L1_T2
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-10-28 07:36:06 UTC467INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                Session IDSource IPSource PortDestination IPDestination Port
                                9192.168.2.64976013.107.246.60443
                                TimestampBytes transferredDirectionData
                                2024-10-28 07:36:06 UTC192OUTGET /rules/rule120612v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-10-28 07:36:06 UTC470INHTTP/1.1 200 OK
                                Date: Mon, 28 Oct 2024 07:36:06 GMT
                                Content-Type: text/xml
                                Content-Length: 471
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT
                                ETag: "0x8DC582BB10C598B"
                                x-ms-request-id: d919e2dc-e01e-001f-153d-261633000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241028T073606Z-17c5cb586f66g7mvbfuqdb2m3n00000004x000000000129k
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-10-28 07:36:06 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                Session IDSource IPSource PortDestination IPDestination Port
                                10192.168.2.64977013.107.246.60443
                                TimestampBytes transferredDirectionData
                                2024-10-28 07:36:06 UTC192OUTGET /rules/rule120600v4s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-10-28 07:36:06 UTC563INHTTP/1.1 200 OK
                                Date: Mon, 28 Oct 2024 07:36:06 GMT
                                Content-Type: text/xml
                                Content-Length: 2980
                                Connection: close
                                Vary: Accept-Encoding
                                Vary: Accept-Encoding
                                Vary: Accept-Encoding
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT
                                ETag: "0x8DC582BA80D96A1"
                                x-ms-request-id: 1a9c8bfd-301e-0000-1fee-25eecc000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241028T073606Z-15b8d89586fhl2qtatrz3vfkf00000000as0000000002vdt
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-10-28 07:36:06 UTC2980INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"


                                Click to jump to process

                                Click to jump to process

                                Click to jump to process

                                Target ID:0
                                Start time:03:35:53
                                Start date:28/10/2024
                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                                Imagebase:0x7ff684c40000
                                File size:3'242'272 bytes
                                MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:low
                                Has exited:false

                                Target ID:2
                                Start time:03:35:55
                                Start date:28/10/2024
                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 --field-trial-handle=2216,i,14187799758207872673,14442970336596630755,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                Imagebase:0x7ff684c40000
                                File size:3'242'272 bytes
                                MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:low
                                Has exited:false

                                Target ID:3
                                Start time:03:35:57
                                Start date:28/10/2024
                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ithelpdesk.automationanywhere.com/app/itdesk/ui/requests/27746000065200260/details"
                                Imagebase:0x7ff684c40000
                                File size:3'242'272 bytes
                                MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:low
                                Has exited:true

                                No disassembly