Edit tour

Windows Analysis Report
https://link.id.vn/GrONN

Overview

General Information

Sample URL:	https://link.id.vn/GrONN
Analysis ID:	1428563
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

HTML body with high number of large embedded background images detected

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 7000 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://link.id.vn/GrONN MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4212 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1912,i,2914826928353280511,12430040426356834393,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://tieungaovolam.top/lpatanawebroundcbe2/?offer_apis_key=21c1aw9pplLkDDw%20InsideBusiness%2016_04_2024%2019_12_27

HTTP Parser: Total embedded background img size: 754395

Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49714 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108

Source: global traffic	HTTP traffic detected: GET /GrONN HTTP/1.1Host: link.id.vnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /lpatanawebroundcbe2/?offer_apis_key=21c1aw9pplLkDDw%20InsideBusiness%2016_04_2024%2019_12_27 HTTP/1.1Host: tieungaovolam.topConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=sYs12cpdAgMpO2B&MD=V7HTNmUN HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=sYs12cpdAgMpO2B&MD=V7HTNmUN HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: chromecache_57.1.dr	String found in binary or memory: <noscript><img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=274483184077389&ev=PageView&noscript=1"></noscript> equals www.facebook.com (Facebook)
Source: chromecache_57.1.dr	String found in binary or memory: ber die Facebook-Plattform www.facebook.com zugegriffen werden. Facebook ist in keinem Fall f equals www.facebook.com (Facebook)

Source: unknown

DNS traffic detected: queries for: link.id.vn

Source: chromecache_57.1.dr	String found in binary or memory: http://opensource.org/licenses/MIT
Source: chromecache_57.1.dr	String found in binary or memory: https://animate.style/
Source: chromecache_57.1.dr	String found in binary or memory: https://avenidaconsumo.com/about/privacy
Source: chromecache_57.1.dr	String found in binary or memory: https://fontawesome.com
Source: chromecache_57.1.dr	String found in binary or memory: https://fontawesome.com/license/free
Source: chromecache_57.1.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_57.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_57.1.dr	String found in binary or memory: https://singingfiles.com/show.php?l=0&u=2034900&id=49804
Source: chromecache_57.1.dr	String found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-P645S3F

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701

Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49714 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@15/10@6/5

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://link.id.vn/GrONN
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1912,i,2914826928353280511,12430040426356834393,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1912,i,2914826928353280511,12430040426356834393,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://link.id.vn/GrONN	1%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://animate.style/	0%	URL Reputation	safe
https://avenidaconsumo.com/about/privacy	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
tieungaovolam.top	103.200.23.120	true	false	unknown
link.id.vn	101.99.3.118	true	false	unknown
www.google.com	142.250.105.147	true	false	high

Contacted URLs

Name	Malicious	Reputation
https://tieungaovolam.top/lpatanawebroundcbe2/?offer_apis_key=21c1aw9pplLkDDw%20InsideBusiness%2016_04_2024%2019_12_27	false	unknown
https://link.id.vn/GrONN	false	unknown
about:blank	false	low

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://fontawesome.com	chromecache_57.1.dr	false		high
https://github.com/twbs/bootstrap/blob/master/LICENSE)	chromecache_57.1.dr	false		high
https://avenidaconsumo.com/about/privacy	chromecache_57.1.dr	false	0%, Virustotal, Browse	unknown
http://opensource.org/licenses/MIT	chromecache_57.1.dr	false		high
https://animate.style/	chromecache_57.1.dr	false	URL Reputation: safe	unknown
https://getbootstrap.com/)	chromecache_57.1.dr	false		high
https://singingfiles.com/show.php?l=0&u=2034900&id=49804	chromecache_57.1.dr	false		unknown
https://fontawesome.com/license/free	chromecache_57.1.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
103.200.23.120	tieungaovolam.top	Viet Nam	135905	VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVN	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
101.99.3.118	link.id.vn	Viet Nam	38732	CMCTELECOM-AS-VNCMCTelecomInfrastructureCompanyVN	false
142.250.105.147	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1428563
Start date and time:	2024-04-19 08:21:48 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 26s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://link.id.vn/GrONN
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@15/10@6/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 64.233.177.94, 64.233.185.138, 64.233.185.113, 64.233.185.102, 64.233.185.101, 64.233.185.139, 64.233.185.100, 74.125.138.84, 34.104.35.123, 74.125.136.95, 142.250.105.95, 142.251.15.95, 172.217.215.95, 172.253.124.95, 64.233.176.95, 173.194.219.95, 64.233.185.95, 142.250.9.95, 74.125.138.95, 64.233.177.95, 108.177.122.95, 64.233.176.94, 64.233.177.101, 64.233.177.139, 64.233.177.100, 64.233.177.138, 64.233.177.102, 64.233.177.113
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, content-autofill.googleapis.com, slscr.update.microsoft.com, update.googleapis.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 05:22:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.986245490794634
Encrypted:	false
SSDEEP:	48:8XdATk8IHPAidAKZdA1FehwiZUklqehHMy+3:8CPzmMy
MD5:	626FF29364A8DAFDB25625E7A9ACFD80
SHA1:	EF2B7CB4420209168531EFCEFD69E092D2C4C7BF
SHA-256:	635F503DBE6417C919E2C30B5E1FBF0C8C90E245E6C7B8EDD42CCFABA74E6370
SHA-512:	6A5B7EFED3D7134CA7F337F8FBF21D136E2DA8920FB8CE337B1B390ADD48944882091E7173EA3D9FD8300D6ED355BEF0BA11020992C2BB16B1EBF25950C96299
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....y...!...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.2....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.2....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.2....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.2..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.2...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............u~......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 05:22:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.004581062514969
Encrypted:	false
SSDEEP:	48:8YdATk8IHPAidAKZdA1seh/iZUkAQkqehWMy+2:83Pd9QBMy
MD5:	7F3608CF8AFAF5E9490529F5E7A8E753
SHA1:	EA78E8762D1CFCC81AD05EDFA8B25DCC0B803389
SHA-256:	E334FD6F55A8CCF202B92C019E08B2A21309649E650CF0DB7BD567B8652D18DB
SHA-512:	93975B35596E6A4EEBAA3F5CF91BCBE0F42988864DC295B0B331AA7B4CD873DC499E429BA510045EB02C8A32D8A4F46773FF787C51894776E04E423FDD17FFFF
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....}5..!...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.2....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.2....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.2....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.2..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.2...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............u~......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.009335109373197
Encrypted:	false
SSDEEP:	48:8AdATk8AHPAidAKZdA14meh7sFiZUkmgqeh7sgMy+BX:8PPZnqMy
MD5:	658251A32400982021E841624DB904A1
SHA1:	BAFBD5909E56E50025C93A7CFAF02208145AAC7D
SHA-256:	65070B52D7945D7F1E1642E8F318595AB5A7FDA01FD4C1C8F3D282CF2FCC2A7B
SHA-512:	A28CF3F0B4B984E1A71D10366A6791FF6B668F5531625439FF4E8F812DB36827BD3D2551DF9B0443C6060F158C81A2825A1DD925323E27BCD5C17175F9A4553C
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.2....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.2....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.2....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.2..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............u~......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 05:22:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.001002382161717
Encrypted:	false
SSDEEP:	48:8HdATk8IHPAidAKZdA1TehDiZUkwqehyMy+R:8SPuIMy
MD5:	8B1A0B618DE1170F132ADBE16F70F7D9
SHA1:	C9ECCE5C16A90653B6D4696C28D48FE2A99E3A66
SHA-256:	6F1B33148052090CB0860AADECAFCEF1C6D74E74D6DFF69BF1BC88010A9085C1
SHA-512:	D5B81ED3ABF6A5FFC1BEF1E2558EEF674BB317BBBBD4C5161274B67DF11EA75DACCE686CB9D86E61C8F71FB23CDF15CD95784FDEA8EDBCE444B2348FA3EADFD4
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,........!...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.2....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.2....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.2....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.2..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.2...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............u~......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 05:22:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.989338172301008
Encrypted:	false
SSDEEP:	48:8bdATk8IHPAidAKZdA1dehBiZUk1W1qeh0My+C:8mP+9UMy
MD5:	6A55BDEC9E6AF4FEE547C18AC79AA764
SHA1:	5D17E0860C6FB84A3A4CE69785E2BD98658F3DB5
SHA-256:	6EBA198B4590E80E6E9027B5DDBE1F59C9B8AF206A413E890D45F97FE5A9BD98
SHA-512:	5E1240EAEF1E40AB163E5C51634B1257E78B0D41E7EC22258007595D070246525BA15F3064236EB6D402A9F7DCF9D8B58188D511AC93804D18817788442F4A3B
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....O..!...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.2....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.2....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.2....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.2..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.2...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............u~......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 05:22:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.002391413718334
Encrypted:	false
SSDEEP:	48:8XedATk8IHPAidAKZdA1duTeehOuTbbiZUk5OjqehOuTbqMy+yT+:8lP0TfTbxWOvTbqMy7T
MD5:	88B144F8E79A9443B63DB3FF02952C7A
SHA1:	ED9FE475DB509E7B0C6C443DAF6F6464D18C6212
SHA-256:	BBAEB699597BA1E65CF5387960EE8B01F07D2B921B598F8577C6E3C3692EDDCC
SHA-512:	CA4C653C1CDB0CAD08EC68C386AF5D42D9D5FAC27E4C1DA049526DDC9783CD44FF763B6A44F41D4598957631A70A0FA16848E10CEF888A6855385DCC157769EB
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....}..!...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.2....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.2....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.2....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.2..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.2...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............u~......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 56

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.625
Encrypted:	false
SSDEEP:	3:HfTORnYn:qRnY
MD5:	9B5719B531993D7EEF5EB4C692F2238C
SHA1:	9C9A21624C975F0741B743348DE85A09FDA7E669
SHA-256:	27008C4818CC0695B1496B0E8026DDFB7999C7FA066F78C61A76AF0FFECEF4BF
SHA-512:	39CC9DC2E4DACFA6D1D7E23759ED7FB13C3111992BCA5DAA97CE1ADB37205056118FC1105D85E38B8E902A2F8CD68656AD36D53642DE60368E054BE86942BBA8
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAkn8nlQUilJCxIFDVALr7A=?alt=proto
Preview:	CgkKBw1QC6+wGgA=

Chrome Cache Entry: 57

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (58373)
Category:	downloaded
Size (bytes):	1251850
Entropy (8bit):	6.068234298881708
Encrypted:	false
SSDEEP:	24576:h9AEPd71sejxej4PW8SI1ji4GS3EaAYsSYwcqF7OMqfuLNCDDQt:3selesPb7exSYwcqE5mZCfQt
MD5:	A50844D74E530F46433F94ECA3D7C899
SHA1:	AF958BCA36089D98B229B412A6D680CAB6161AE1
SHA-256:	1DCB494245C0E2F3E6CC117AE33181EDA6CE424B209FA79EA011D6BDB1D9AFEF
SHA-512:	71A1E5AA35119D8F4709141BA04C32F31C2CF82484D29C60B7CF1081B71B0E656E642410E26FB3D402D06D48EC29C9177521F09AFDB3678EC0024F08B1815D8B
Malicious:	false
Reputation:	low
URL:	https://tieungaovolam.top/lpatanawebroundcbe2/?offer_apis_key=21c1aw9pplLkDDw%20InsideBusiness%2016_04_2024%2019_12_27
Preview:	<!DOCTYPE html> <html lang=de class=translated-ltr style>.<meta charset=utf-8>.<meta http-equiv=X-UA-Compatible content="IE=edge">.<meta name=viewport content="width=device-width, initial-scale=1">.<meta name=theme-color content=#ea0e63>.<title>Consumption Avenue: </title>.<style>/!. Bootstrap v4.3.1 (https://getbootstrap.com/). * Copyright 2011-2019 The Bootstrap Authors. * Copyright 2011-2019 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */:root{--blue:#007bff;--indigo:#6610f2;--purple:#6f42c1;--pink:#e83e8c;--red:#dc3545;--orange:#fd7e14;--yellow:#ffc107;--green:#28a745;--teal:#20c997;--cyan:#17a2b8;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#007bff;--secondary:#6c757d;--success:#28a745;--info:#17a2b8;--warning:#ffc107;--danger:#dc3545;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:-apple-system,BlinkMacS

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 19, 2024 08:22:18.510694027 CEST	49701	443	192.168.2.16	101.99.3.118
Apr 19, 2024 08:22:18.510719061 CEST	443	49701	101.99.3.118	192.168.2.16
Apr 19, 2024 08:22:18.510807037 CEST	49701	443	192.168.2.16	101.99.3.118
Apr 19, 2024 08:22:18.511018991 CEST	49701	443	192.168.2.16	101.99.3.118
Apr 19, 2024 08:22:18.511033058 CEST	443	49701	101.99.3.118	192.168.2.16
Apr 19, 2024 08:22:18.511411905 CEST	49702	443	192.168.2.16	101.99.3.118
Apr 19, 2024 08:22:18.511468887 CEST	443	49702	101.99.3.118	192.168.2.16
Apr 19, 2024 08:22:18.511543036 CEST	49702	443	192.168.2.16	101.99.3.118
Apr 19, 2024 08:22:18.511725903 CEST	49702	443	192.168.2.16	101.99.3.118
Apr 19, 2024 08:22:18.511756897 CEST	443	49702	101.99.3.118	192.168.2.16
Apr 19, 2024 08:22:19.271570921 CEST	443	49701	101.99.3.118	192.168.2.16
Apr 19, 2024 08:22:19.271950006 CEST	49701	443	192.168.2.16	101.99.3.118
Apr 19, 2024 08:22:19.271964073 CEST	443	49701	101.99.3.118	192.168.2.16
Apr 19, 2024 08:22:19.273616076 CEST	443	49701	101.99.3.118	192.168.2.16
Apr 19, 2024 08:22:19.273714066 CEST	49701	443	192.168.2.16	101.99.3.118
Apr 19, 2024 08:22:19.274467945 CEST	49701	443	192.168.2.16	101.99.3.118
Apr 19, 2024 08:22:19.274558067 CEST	443	49701	101.99.3.118	192.168.2.16
Apr 19, 2024 08:22:19.274645090 CEST	49701	443	192.168.2.16	101.99.3.118
Apr 19, 2024 08:22:19.274652958 CEST	443	49701	101.99.3.118	192.168.2.16
Apr 19, 2024 08:22:19.278893948 CEST	443	49702	101.99.3.118	192.168.2.16
Apr 19, 2024 08:22:19.279167891 CEST	49702	443	192.168.2.16	101.99.3.118
Apr 19, 2024 08:22:19.279205084 CEST	443	49702	101.99.3.118	192.168.2.16
Apr 19, 2024 08:22:19.280675888 CEST	443	49702	101.99.3.118	192.168.2.16
Apr 19, 2024 08:22:19.280756950 CEST	49702	443	192.168.2.16	101.99.3.118
Apr 19, 2024 08:22:19.281393051 CEST	49702	443	192.168.2.16	101.99.3.118
Apr 19, 2024 08:22:19.281522036 CEST	443	49702	101.99.3.118	192.168.2.16
Apr 19, 2024 08:22:19.316720963 CEST	49701	443	192.168.2.16	101.99.3.118
Apr 19, 2024 08:22:19.332704067 CEST	49702	443	192.168.2.16	101.99.3.118
Apr 19, 2024 08:22:19.332739115 CEST	443	49702	101.99.3.118	192.168.2.16
Apr 19, 2024 08:22:19.380822897 CEST	49702	443	192.168.2.16	101.99.3.118
Apr 19, 2024 08:22:20.127674103 CEST	443	49701	101.99.3.118	192.168.2.16
Apr 19, 2024 08:22:20.127770901 CEST	443	49701	101.99.3.118	192.168.2.16
Apr 19, 2024 08:22:20.127847910 CEST	49701	443	192.168.2.16	101.99.3.118
Apr 19, 2024 08:22:20.129952908 CEST	49701	443	192.168.2.16	101.99.3.118
Apr 19, 2024 08:22:20.129965067 CEST	443	49701	101.99.3.118	192.168.2.16
Apr 19, 2024 08:22:21.103199959 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:21.103230953 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:21.103312969 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:21.103527069 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:21.103535891 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:21.219248056 CEST	49673	443	192.168.2.16	204.79.197.203
Apr 19, 2024 08:22:21.522027016 CEST	49673	443	192.168.2.16	204.79.197.203
Apr 19, 2024 08:22:22.127896070 CEST	49673	443	192.168.2.16	204.79.197.203
Apr 19, 2024 08:22:22.291184902 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:22.291495085 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:22.291506052 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:22.293087006 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:22.293170929 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:22.294285059 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:22.294369936 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:22.294476986 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:22.294482946 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:22.336028099 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:22.441440105 CEST	49705	443	192.168.2.16	142.250.105.147
Apr 19, 2024 08:22:22.441464901 CEST	443	49705	142.250.105.147	192.168.2.16
Apr 19, 2024 08:22:22.441551924 CEST	49705	443	192.168.2.16	142.250.105.147
Apr 19, 2024 08:22:22.441771030 CEST	49705	443	192.168.2.16	142.250.105.147
Apr 19, 2024 08:22:22.441782951 CEST	443	49705	142.250.105.147	192.168.2.16
Apr 19, 2024 08:22:22.662031889 CEST	443	49705	142.250.105.147	192.168.2.16
Apr 19, 2024 08:22:22.662336111 CEST	49705	443	192.168.2.16	142.250.105.147
Apr 19, 2024 08:22:22.662352085 CEST	443	49705	142.250.105.147	192.168.2.16
Apr 19, 2024 08:22:22.663788080 CEST	443	49705	142.250.105.147	192.168.2.16
Apr 19, 2024 08:22:22.663865089 CEST	49705	443	192.168.2.16	142.250.105.147
Apr 19, 2024 08:22:22.664911032 CEST	49705	443	192.168.2.16	142.250.105.147
Apr 19, 2024 08:22:22.665003061 CEST	443	49705	142.250.105.147	192.168.2.16
Apr 19, 2024 08:22:22.717655897 CEST	49705	443	192.168.2.16	142.250.105.147
Apr 19, 2024 08:22:22.717675924 CEST	443	49705	142.250.105.147	192.168.2.16
Apr 19, 2024 08:22:22.764866114 CEST	49705	443	192.168.2.16	142.250.105.147
Apr 19, 2024 08:22:23.096728086 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:23.144737005 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:23.329631090 CEST	49673	443	192.168.2.16	204.79.197.203
Apr 19, 2024 08:22:23.478610992 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:23.478624105 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:23.478698015 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:23.478753090 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:23.478792906 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:23.478828907 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:23.478838921 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:23.478878975 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:23.478921890 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:23.882647038 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:23.882666111 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:23.882688999 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:23.882750988 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:23.882765055 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:23.882808924 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:23.882850885 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:23.882924080 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:23.882944107 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:23.883090973 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:23.883148909 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:23.883233070 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:24.280038118 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:24.280055046 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:24.280150890 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:24.280175924 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:24.280189037 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:24.280240059 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:24.280334949 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:24.280355930 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:24.280400038 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:24.280405045 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:24.280431032 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:24.280469894 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:24.280608892 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:24.280627012 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:24.280683041 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:24.280688047 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:24.280718088 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:24.280740023 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:24.661984921 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:24.661998987 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:24.662048101 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:24.662082911 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:24.662092924 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:24.662153959 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:24.662455082 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:24.662478924 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:24.662534952 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:24.662543058 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:24.662553072 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:24.662602901 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:24.663000107 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:24.663036108 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:24.663068056 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:24.663074970 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:24.663100958 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:24.663124084 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:24.663419008 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:24.663439989 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:24.663497925 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:24.663503885 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:24.663547039 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:24.663779020 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:24.663799047 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:24.663856983 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:24.663861990 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:24.663892984 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:24.663930893 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:24.664278030 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:24.664297104 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:24.664355993 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:24.664361000 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:24.664405107 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:24.664633989 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:24.664654016 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:24.664721012 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:24.664726973 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:24.664777994 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.066416025 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.066441059 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.066636086 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.066643953 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.066761017 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.066775084 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.066780090 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.066812038 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.066845894 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.066850901 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.066899061 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.067332983 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.067353964 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.067423105 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.067430019 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.067487001 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.067825079 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.067848921 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.067914963 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.067919970 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.067980051 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.068538904 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.068557978 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.068627119 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.068633080 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.068675041 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.069154978 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.069174051 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.069236994 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.069242001 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.069274902 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.069304943 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.069803953 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.069823980 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.069871902 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.069875956 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.069925070 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.070415974 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.070440054 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.070503950 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.070508957 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.070583105 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.462064028 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.462095022 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.462188005 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.462196112 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.462256908 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.462960958 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.463001966 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.463051081 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.463057041 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.463095903 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.463124037 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.463921070 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.463939905 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.464015007 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.464020967 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.464067936 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.464907885 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.464926958 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.464992046 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.464998007 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.465054035 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.465800047 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.465817928 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.465888977 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.465893984 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.465953112 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.466701984 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.466721058 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.466784000 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.466794968 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.466849089 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.467700005 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.467715025 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.467788935 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.467792988 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.467844963 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.468589067 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.468602896 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.468679905 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.468683004 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.468729019 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.469592094 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.469604969 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.469672918 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.469676971 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.469719887 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.740607977 CEST	49673	443	192.168.2.16	204.79.197.203
Apr 19, 2024 08:22:25.844199896 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.844223022 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.844311953 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.844321966 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.844522953 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.845164061 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.845177889 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.845278025 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.845280886 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.845352888 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.846232891 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.846250057 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.846345901 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.846349955 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.846404076 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.847250938 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.847265959 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.847346067 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.847349882 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.847395897 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.848191023 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.848205090 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.848272085 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.848275900 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.848330021 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.849201918 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.849217892 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.849293947 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.849298954 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.849337101 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.850270033 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.850286007 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.850358009 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.850362062 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.850409031 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.851449966 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.851464033 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.851541042 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:25.851545095 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:25.851605892 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:26.250807047 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.250818014 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.250906944 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.250961065 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:26.250969887 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.251008034 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:26.251034021 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:26.251594067 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.251616955 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.251677036 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:26.251681089 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.251717091 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:26.252475977 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.252490997 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.252589941 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:26.252593994 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.252644062 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:26.253671885 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.253688097 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.253751040 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:26.253756046 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.253814936 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:26.254781008 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.254796028 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.254863977 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:26.254868031 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.254910946 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:26.255750895 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.255768061 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.255836964 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:26.255841017 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.255916119 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:26.256678104 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.256692886 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.256761074 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:26.256764889 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.256830931 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:26.257817984 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.257833958 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.257905960 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:26.257909060 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.257957935 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:26.258933067 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.258949995 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.259001017 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:26.259005070 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.259063005 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:26.259637117 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.259651899 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.259726048 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:26.259731054 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.259784937 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:26.630302906 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.630315065 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.630393982 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.630419970 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:26.630428076 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.630490065 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:26.630886078 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.630899906 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.630971909 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:26.630975962 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.631016016 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:26.631699085 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.631711960 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.631788969 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:26.631793022 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.631836891 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:26.632620096 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.632638931 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.632718086 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:26.632721901 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.632776022 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:26.633291006 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.633305073 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.633421898 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:26.633424997 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.633469105 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:26.633925915 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.633940935 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.634028912 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:26.634032011 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.634074926 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:26.634594917 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.634610891 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.634676933 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:26.634680986 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.634720087 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:26.635490894 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.635504961 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.635622025 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:26.635626078 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.635662079 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:26.636322021 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.636336088 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.636416912 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:26.636421919 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:26.636456966 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:27.002062082 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.002074003 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.002125978 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.002266884 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:27.002266884 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:27.002278090 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.002336025 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:27.002443075 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.002459049 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.002527952 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:27.002533913 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.002588034 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:27.003196001 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.003210068 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.003278017 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:27.003282070 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.003329992 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:27.003732920 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.003746986 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.003813982 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:27.003818035 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.003864050 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:27.004780054 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.004795074 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.004863977 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:27.004868031 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.004919052 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:27.006534100 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.006577969 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.006661892 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:27.006669044 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.006720066 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:27.007086992 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.007103920 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.007131100 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.007180929 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:27.007184029 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.007216930 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:27.007386923 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.007405996 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.007446051 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:27.007450104 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.007488966 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:27.007514954 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:27.007863045 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.007880926 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.007952929 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:27.007956982 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.007992983 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:27.008733034 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.008748055 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.008815050 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:27.008821964 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.008877039 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:27.009584904 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.009603977 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.009671926 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:27.009675980 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.009715080 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:27.395900011 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.395922899 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.396050930 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:27.396059990 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.396114111 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:27.396511078 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.396526098 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.396603107 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:27.396608114 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.396658897 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:27.396971941 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.396984100 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.397039890 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:27.397043943 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.397088051 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:27.398305893 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.398320913 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.398403883 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:27.398407936 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.398490906 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:27.398825884 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.398842096 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.398909092 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:27.398912907 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.398957014 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:27.400412083 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.400425911 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.400510073 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:27.400515079 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.400590897 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:27.400918961 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.400933027 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.400994062 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:27.400998116 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.401038885 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:27.401509047 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.401525021 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.401614904 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:27.401618958 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.401664972 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:27.401690960 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.401745081 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:27.401748896 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.401779890 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.401793003 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:27.401834011 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:27.402056932 CEST	49704	443	192.168.2.16	103.200.23.120
Apr 19, 2024 08:22:27.402070045 CEST	443	49704	103.200.23.120	192.168.2.16
Apr 19, 2024 08:22:27.624674082 CEST	49709	443	192.168.2.16	23.63.206.91
Apr 19, 2024 08:22:27.624771118 CEST	443	49709	23.63.206.91	192.168.2.16
Apr 19, 2024 08:22:27.624881983 CEST	49709	443	192.168.2.16	23.63.206.91
Apr 19, 2024 08:22:27.627458096 CEST	49709	443	192.168.2.16	23.63.206.91
Apr 19, 2024 08:22:27.627491951 CEST	443	49709	23.63.206.91	192.168.2.16
Apr 19, 2024 08:22:27.846584082 CEST	443	49709	23.63.206.91	192.168.2.16
Apr 19, 2024 08:22:27.846718073 CEST	49709	443	192.168.2.16	23.63.206.91
Apr 19, 2024 08:22:27.886213064 CEST	49709	443	192.168.2.16	23.63.206.91
Apr 19, 2024 08:22:27.886231899 CEST	443	49709	23.63.206.91	192.168.2.16
Apr 19, 2024 08:22:27.886625051 CEST	443	49709	23.63.206.91	192.168.2.16
Apr 19, 2024 08:22:27.940660954 CEST	49709	443	192.168.2.16	23.63.206.91
Apr 19, 2024 08:22:27.944171906 CEST	49709	443	192.168.2.16	23.63.206.91
Apr 19, 2024 08:22:27.988157988 CEST	443	49709	23.63.206.91	192.168.2.16
Apr 19, 2024 08:22:28.049490929 CEST	443	49709	23.63.206.91	192.168.2.16
Apr 19, 2024 08:22:28.049556017 CEST	443	49709	23.63.206.91	192.168.2.16
Apr 19, 2024 08:22:28.049626112 CEST	49709	443	192.168.2.16	23.63.206.91
Apr 19, 2024 08:22:28.049779892 CEST	49709	443	192.168.2.16	23.63.206.91
Apr 19, 2024 08:22:28.049810886 CEST	443	49709	23.63.206.91	192.168.2.16
Apr 19, 2024 08:22:28.049841881 CEST	49709	443	192.168.2.16	23.63.206.91
Apr 19, 2024 08:22:28.049859047 CEST	443	49709	23.63.206.91	192.168.2.16
Apr 19, 2024 08:22:28.088881016 CEST	49711	443	192.168.2.16	23.63.206.91
Apr 19, 2024 08:22:28.088918924 CEST	443	49711	23.63.206.91	192.168.2.16
Apr 19, 2024 08:22:28.089044094 CEST	49711	443	192.168.2.16	23.63.206.91
Apr 19, 2024 08:22:28.089396000 CEST	49711	443	192.168.2.16	23.63.206.91
Apr 19, 2024 08:22:28.089407921 CEST	443	49711	23.63.206.91	192.168.2.16
Apr 19, 2024 08:22:28.303607941 CEST	443	49711	23.63.206.91	192.168.2.16
Apr 19, 2024 08:22:28.303709030 CEST	49711	443	192.168.2.16	23.63.206.91
Apr 19, 2024 08:22:28.306255102 CEST	49711	443	192.168.2.16	23.63.206.91
Apr 19, 2024 08:22:28.306278944 CEST	443	49711	23.63.206.91	192.168.2.16
Apr 19, 2024 08:22:28.306643009 CEST	443	49711	23.63.206.91	192.168.2.16
Apr 19, 2024 08:22:28.308263063 CEST	49711	443	192.168.2.16	23.63.206.91
Apr 19, 2024 08:22:28.352134943 CEST	443	49711	23.63.206.91	192.168.2.16
Apr 19, 2024 08:22:28.510113955 CEST	443	49711	23.63.206.91	192.168.2.16
Apr 19, 2024 08:22:28.510160923 CEST	443	49711	23.63.206.91	192.168.2.16
Apr 19, 2024 08:22:28.510498047 CEST	49711	443	192.168.2.16	23.63.206.91
Apr 19, 2024 08:22:28.515362978 CEST	49711	443	192.168.2.16	23.63.206.91
Apr 19, 2024 08:22:28.515393019 CEST	443	49711	23.63.206.91	192.168.2.16
Apr 19, 2024 08:22:28.515405893 CEST	49711	443	192.168.2.16	23.63.206.91
Apr 19, 2024 08:22:28.515414000 CEST	443	49711	23.63.206.91	192.168.2.16
Apr 19, 2024 08:22:29.377358913 CEST	49678	443	192.168.2.16	20.189.173.10
Apr 19, 2024 08:22:29.678769112 CEST	49678	443	192.168.2.16	20.189.173.10
Apr 19, 2024 08:22:30.293651104 CEST	49678	443	192.168.2.16	20.189.173.10
Apr 19, 2024 08:22:30.541388035 CEST	49673	443	192.168.2.16	204.79.197.203
Apr 19, 2024 08:22:30.826598883 CEST	49713	443	192.168.2.16	20.12.23.50
Apr 19, 2024 08:22:30.826679945 CEST	443	49713	20.12.23.50	192.168.2.16
Apr 19, 2024 08:22:30.826790094 CEST	49713	443	192.168.2.16	20.12.23.50
Apr 19, 2024 08:22:30.828282118 CEST	49713	443	192.168.2.16	20.12.23.50
Apr 19, 2024 08:22:30.828316927 CEST	443	49713	20.12.23.50	192.168.2.16
Apr 19, 2024 08:22:31.217855930 CEST	443	49713	20.12.23.50	192.168.2.16
Apr 19, 2024 08:22:31.218059063 CEST	49713	443	192.168.2.16	20.12.23.50
Apr 19, 2024 08:22:31.221738100 CEST	49713	443	192.168.2.16	20.12.23.50
Apr 19, 2024 08:22:31.221765995 CEST	443	49713	20.12.23.50	192.168.2.16
Apr 19, 2024 08:22:31.221996069 CEST	443	49713	20.12.23.50	192.168.2.16
Apr 19, 2024 08:22:31.277684927 CEST	49713	443	192.168.2.16	20.12.23.50
Apr 19, 2024 08:22:31.296988964 CEST	49713	443	192.168.2.16	20.12.23.50
Apr 19, 2024 08:22:31.344163895 CEST	443	49713	20.12.23.50	192.168.2.16
Apr 19, 2024 08:22:31.499593019 CEST	49678	443	192.168.2.16	20.189.173.10
Apr 19, 2024 08:22:31.564551115 CEST	443	49713	20.12.23.50	192.168.2.16
Apr 19, 2024 08:22:31.564572096 CEST	443	49713	20.12.23.50	192.168.2.16
Apr 19, 2024 08:22:31.564578056 CEST	443	49713	20.12.23.50	192.168.2.16
Apr 19, 2024 08:22:31.564646959 CEST	443	49713	20.12.23.50	192.168.2.16
Apr 19, 2024 08:22:31.564692020 CEST	443	49713	20.12.23.50	192.168.2.16
Apr 19, 2024 08:22:31.564713001 CEST	443	49713	20.12.23.50	192.168.2.16
Apr 19, 2024 08:22:31.564738035 CEST	49713	443	192.168.2.16	20.12.23.50
Apr 19, 2024 08:22:31.564738035 CEST	49713	443	192.168.2.16	20.12.23.50
Apr 19, 2024 08:22:31.564774036 CEST	443	49713	20.12.23.50	192.168.2.16
Apr 19, 2024 08:22:31.564795017 CEST	443	49713	20.12.23.50	192.168.2.16
Apr 19, 2024 08:22:31.564830065 CEST	49713	443	192.168.2.16	20.12.23.50
Apr 19, 2024 08:22:31.564831018 CEST	49713	443	192.168.2.16	20.12.23.50
Apr 19, 2024 08:22:31.564853907 CEST	49713	443	192.168.2.16	20.12.23.50
Apr 19, 2024 08:22:31.564866066 CEST	443	49713	20.12.23.50	192.168.2.16
Apr 19, 2024 08:22:31.564891100 CEST	443	49713	20.12.23.50	192.168.2.16
Apr 19, 2024 08:22:31.564963102 CEST	49713	443	192.168.2.16	20.12.23.50
Apr 19, 2024 08:22:31.580079079 CEST	49713	443	192.168.2.16	20.12.23.50
Apr 19, 2024 08:22:31.580128908 CEST	443	49713	20.12.23.50	192.168.2.16
Apr 19, 2024 08:22:31.580169916 CEST	49713	443	192.168.2.16	20.12.23.50
Apr 19, 2024 08:22:31.580183983 CEST	443	49713	20.12.23.50	192.168.2.16
Apr 19, 2024 08:22:32.656635046 CEST	443	49705	142.250.105.147	192.168.2.16
Apr 19, 2024 08:22:32.656718016 CEST	443	49705	142.250.105.147	192.168.2.16
Apr 19, 2024 08:22:32.656898975 CEST	49705	443	192.168.2.16	142.250.105.147
Apr 19, 2024 08:22:33.716370106 CEST	49705	443	192.168.2.16	142.250.105.147
Apr 19, 2024 08:22:33.716403961 CEST	443	49705	142.250.105.147	192.168.2.16
Apr 19, 2024 08:22:33.842740059 CEST	49680	80	192.168.2.16	192.229.211.108
Apr 19, 2024 08:22:33.905558109 CEST	49678	443	192.168.2.16	20.189.173.10
Apr 19, 2024 08:22:34.145570993 CEST	49680	80	192.168.2.16	192.229.211.108
Apr 19, 2024 08:22:34.753570080 CEST	49680	80	192.168.2.16	192.229.211.108
Apr 19, 2024 08:22:35.968592882 CEST	49680	80	192.168.2.16	192.229.211.108
Apr 19, 2024 08:22:38.379569054 CEST	49680	80	192.168.2.16	192.229.211.108
Apr 19, 2024 08:22:38.714581013 CEST	49678	443	192.168.2.16	20.189.173.10
Apr 19, 2024 08:22:40.150551081 CEST	49673	443	192.168.2.16	204.79.197.203
Apr 19, 2024 08:22:43.186690092 CEST	49680	80	192.168.2.16	192.229.211.108
Apr 19, 2024 08:22:48.321594954 CEST	49678	443	192.168.2.16	20.189.173.10
Apr 19, 2024 08:22:52.793586969 CEST	49680	80	192.168.2.16	192.229.211.108
Apr 19, 2024 08:23:04.345647097 CEST	49702	443	192.168.2.16	101.99.3.118
Apr 19, 2024 08:23:04.345701933 CEST	443	49702	101.99.3.118	192.168.2.16
Apr 19, 2024 08:23:06.437843084 CEST	49696	80	192.168.2.16	199.232.210.172
Apr 19, 2024 08:23:06.542206049 CEST	80	49696	199.232.210.172	192.168.2.16
Apr 19, 2024 08:23:06.542270899 CEST	80	49696	199.232.210.172	192.168.2.16
Apr 19, 2024 08:23:06.542510033 CEST	49696	80	192.168.2.16	199.232.210.172
Apr 19, 2024 08:23:07.967858076 CEST	49714	443	192.168.2.16	20.12.23.50
Apr 19, 2024 08:23:07.967896938 CEST	443	49714	20.12.23.50	192.168.2.16
Apr 19, 2024 08:23:07.968003988 CEST	49714	443	192.168.2.16	20.12.23.50
Apr 19, 2024 08:23:07.968434095 CEST	49714	443	192.168.2.16	20.12.23.50
Apr 19, 2024 08:23:07.968451023 CEST	443	49714	20.12.23.50	192.168.2.16
Apr 19, 2024 08:23:08.350394964 CEST	443	49714	20.12.23.50	192.168.2.16
Apr 19, 2024 08:23:08.350492001 CEST	49714	443	192.168.2.16	20.12.23.50
Apr 19, 2024 08:23:08.352330923 CEST	49714	443	192.168.2.16	20.12.23.50
Apr 19, 2024 08:23:08.352359056 CEST	443	49714	20.12.23.50	192.168.2.16
Apr 19, 2024 08:23:08.352691889 CEST	443	49714	20.12.23.50	192.168.2.16
Apr 19, 2024 08:23:08.354598045 CEST	49714	443	192.168.2.16	20.12.23.50
Apr 19, 2024 08:23:08.400121927 CEST	443	49714	20.12.23.50	192.168.2.16
Apr 19, 2024 08:23:08.705064058 CEST	443	49714	20.12.23.50	192.168.2.16
Apr 19, 2024 08:23:08.705091953 CEST	443	49714	20.12.23.50	192.168.2.16
Apr 19, 2024 08:23:08.705111027 CEST	443	49714	20.12.23.50	192.168.2.16
Apr 19, 2024 08:23:08.705213070 CEST	49714	443	192.168.2.16	20.12.23.50
Apr 19, 2024 08:23:08.705250978 CEST	443	49714	20.12.23.50	192.168.2.16
Apr 19, 2024 08:23:08.705282927 CEST	443	49714	20.12.23.50	192.168.2.16
Apr 19, 2024 08:23:08.705358028 CEST	49714	443	192.168.2.16	20.12.23.50
Apr 19, 2024 08:23:08.708079100 CEST	49714	443	192.168.2.16	20.12.23.50
Apr 19, 2024 08:23:08.708096027 CEST	443	49714	20.12.23.50	192.168.2.16
Apr 19, 2024 08:23:08.708115101 CEST	49714	443	192.168.2.16	20.12.23.50
Apr 19, 2024 08:23:08.708122015 CEST	443	49714	20.12.23.50	192.168.2.16
Apr 19, 2024 08:23:19.718955994 CEST	49702	443	192.168.2.16	101.99.3.118
Apr 19, 2024 08:23:19.719326019 CEST	443	49702	101.99.3.118	192.168.2.16
Apr 19, 2024 08:23:19.719450951 CEST	49702	443	192.168.2.16	101.99.3.118
Apr 19, 2024 08:23:22.388880014 CEST	49716	443	192.168.2.16	142.250.105.147
Apr 19, 2024 08:23:22.388966084 CEST	443	49716	142.250.105.147	192.168.2.16
Apr 19, 2024 08:23:22.389089108 CEST	49716	443	192.168.2.16	142.250.105.147
Apr 19, 2024 08:23:22.389434099 CEST	49716	443	192.168.2.16	142.250.105.147
Apr 19, 2024 08:23:22.389471054 CEST	443	49716	142.250.105.147	192.168.2.16
Apr 19, 2024 08:23:22.608814955 CEST	443	49716	142.250.105.147	192.168.2.16
Apr 19, 2024 08:23:22.609225035 CEST	49716	443	192.168.2.16	142.250.105.147
Apr 19, 2024 08:23:22.609267950 CEST	443	49716	142.250.105.147	192.168.2.16
Apr 19, 2024 08:23:22.610364914 CEST	443	49716	142.250.105.147	192.168.2.16
Apr 19, 2024 08:23:22.610795021 CEST	49716	443	192.168.2.16	142.250.105.147
Apr 19, 2024 08:23:22.610882044 CEST	443	49716	142.250.105.147	192.168.2.16
Apr 19, 2024 08:23:22.659449100 CEST	49716	443	192.168.2.16	142.250.105.147
Apr 19, 2024 08:23:23.026542902 CEST	49688	443	192.168.2.16	13.107.21.200
Apr 19, 2024 08:23:32.670840025 CEST	443	49716	142.250.105.147	192.168.2.16
Apr 19, 2024 08:23:32.670979023 CEST	443	49716	142.250.105.147	192.168.2.16
Apr 19, 2024 08:23:32.671040058 CEST	49716	443	192.168.2.16	142.250.105.147
Apr 19, 2024 08:23:33.718301058 CEST	49716	443	192.168.2.16	142.250.105.147
Apr 19, 2024 08:23:33.718329906 CEST	443	49716	142.250.105.147	192.168.2.16

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 19, 2024 08:22:17.578980923 CEST	63709	53	192.168.2.16	1.1.1.1
Apr 19, 2024 08:22:17.579477072 CEST	58053	53	192.168.2.16	1.1.1.1
Apr 19, 2024 08:22:17.675640106 CEST	53	59683	1.1.1.1	192.168.2.16
Apr 19, 2024 08:22:17.720263004 CEST	53	52994	1.1.1.1	192.168.2.16
Apr 19, 2024 08:22:18.313215971 CEST	53	52011	1.1.1.1	192.168.2.16
Apr 19, 2024 08:22:18.504410982 CEST	53	63709	1.1.1.1	192.168.2.16
Apr 19, 2024 08:22:18.510221958 CEST	53	58053	1.1.1.1	192.168.2.16
Apr 19, 2024 08:22:20.131511927 CEST	63467	53	192.168.2.16	1.1.1.1
Apr 19, 2024 08:22:20.131838083 CEST	60310	53	192.168.2.16	1.1.1.1
Apr 19, 2024 08:22:20.467945099 CEST	53	60310	1.1.1.1	192.168.2.16
Apr 19, 2024 08:22:21.102258921 CEST	53	63467	1.1.1.1	192.168.2.16
Apr 19, 2024 08:22:22.335983992 CEST	50893	53	192.168.2.16	1.1.1.1
Apr 19, 2024 08:22:22.336277008 CEST	56242	53	192.168.2.16	1.1.1.1
Apr 19, 2024 08:22:22.440213919 CEST	53	50893	1.1.1.1	192.168.2.16
Apr 19, 2024 08:22:22.440408945 CEST	53	56242	1.1.1.1	192.168.2.16
Apr 19, 2024 08:22:27.706712008 CEST	53	54655	1.1.1.1	192.168.2.16
Apr 19, 2024 08:22:35.227437973 CEST	53	53907	1.1.1.1	192.168.2.16
Apr 19, 2024 08:22:54.131728888 CEST	53	58290	1.1.1.1	192.168.2.16
Apr 19, 2024 08:23:16.979351044 CEST	53	56773	1.1.1.1	192.168.2.16
Apr 19, 2024 08:23:17.588293076 CEST	53	59773	1.1.1.1	192.168.2.16
Apr 19, 2024 08:23:25.550220966 CEST	138	138	192.168.2.16	192.168.2.255
Apr 19, 2024 08:23:45.289375067 CEST	53	59089	1.1.1.1	192.168.2.16

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 19, 2024 08:22:17.578980923 CEST	192.168.2.16	1.1.1.1	0xff75	Standard query (0)	link.id.vn	A (IP address)	IN (0x0001)	false
Apr 19, 2024 08:22:17.579477072 CEST	192.168.2.16	1.1.1.1	0xd3fc	Standard query (0)	link.id.vn	65	IN (0x0001)	false
Apr 19, 2024 08:22:20.131511927 CEST	192.168.2.16	1.1.1.1	0x349b	Standard query (0)	tieungaovolam.top	A (IP address)	IN (0x0001)	false
Apr 19, 2024 08:22:20.131838083 CEST	192.168.2.16	1.1.1.1	0xb0b3	Standard query (0)	tieungaovolam.top	65	IN (0x0001)	false
Apr 19, 2024 08:22:22.335983992 CEST	192.168.2.16	1.1.1.1	0x533f	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 08:22:22.336277008 CEST	192.168.2.16	1.1.1.1	0xff33	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Apr 19, 2024 08:22:18.504410982 CEST	1.1.1.1	192.168.2.16	0xff75	No error (0)	link.id.vn	101.99.3.118	A (IP address)	IN (0x0001)	false
Apr 19, 2024 08:22:21.102258921 CEST	1.1.1.1	192.168.2.16	0x349b	No error (0)	tieungaovolam.top	103.200.23.120	A (IP address)	IN (0x0001)	false
Apr 19, 2024 08:22:22.440213919 CEST	1.1.1.1	192.168.2.16	0x533f	No error (0)	www.google.com	142.250.105.147	A (IP address)	IN (0x0001)	false
Apr 19, 2024 08:22:22.440213919 CEST	1.1.1.1	192.168.2.16	0x533f	No error (0)	www.google.com	142.250.105.104	A (IP address)	IN (0x0001)	false
Apr 19, 2024 08:22:22.440213919 CEST	1.1.1.1	192.168.2.16	0x533f	No error (0)	www.google.com	142.250.105.106	A (IP address)	IN (0x0001)	false
Apr 19, 2024 08:22:22.440213919 CEST	1.1.1.1	192.168.2.16	0x533f	No error (0)	www.google.com	142.250.105.103	A (IP address)	IN (0x0001)	false
Apr 19, 2024 08:22:22.440213919 CEST	1.1.1.1	192.168.2.16	0x533f	No error (0)	www.google.com	142.250.105.105	A (IP address)	IN (0x0001)	false
Apr 19, 2024 08:22:22.440213919 CEST	1.1.1.1	192.168.2.16	0x533f	No error (0)	www.google.com	142.250.105.99	A (IP address)	IN (0x0001)	false
Apr 19, 2024 08:22:22.440408945 CEST	1.1.1.1	192.168.2.16	0xff33	No error (0)	www.google.com		65	IN (0x0001)	false

HTTP Request Dependency Graph

link.id.vn

tieungaovolam.top

fs.microsoft.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.16	49701	101.99.3.118	443	4212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 06:22:19 UTC	658	OUT	GET /GrONN HTTP/1.1 Host: link.id.vn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 06:22:20 UTC	738	IN	HTTP/1.1 301 Moved Permanently set-cookie: PHPSESSID=blqs7v07dec2231lbbtrko9agp; path=/ expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache set-cookie: short_76=1; expires=Fri, 19-Apr-2024 06:37:19 GMT; Max-Age=900; path=/; HttpOnly location: https://tieungaovolam.top/lpatanawebroundcbe2/?offer_apis_key=21c1aw9pplLkDDw%20InsideBusiness%2016_04_2024%2019_12_27 content-type: text/html; charset=UTF-8 content-length: 0 date: Fri, 19 Apr 2024 06:22:19 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.16	49704	103.200.23.120	443	4212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 06:22:22 UTC	752	OUT	GET /lpatanawebroundcbe2/?offer_apis_key=21c1aw9pplLkDDw%20InsideBusiness%2016_04_2024%2019_12_27 HTTP/1.1 Host: tieungaovolam.top Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 06:22:23 UTC	212	IN	HTTP/1.1 200 OK Connection: close content-type: text/html last-modified: Wed, 17 Apr 2024 15:29:32 GMT accept-ranges: bytes content-length: 1251850 date: Fri, 19 Apr 2024 06:22:22 GMT server: LiteSpeed
2024-04-19 06:22:23 UTC	16384	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 20 3c 68 74 6d 6c 20 6c 61 6e 67 3d 64 65 20 63 6c 61 73 73 3d 74 72 61 6e 73 6c 61 74 65 64 2d 6c 74 72 20 73 74 79 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 74 68 65 6d 65 2d 63 6f 6c 6f 72 20 63 6f 6e 74 65 6e 74 3d 23 65 61 30 65 36 33 3e 0a 3c 74 69 74 6c 65 3e 43 6f 6e 73 75 6d 70 74 69 6f Data Ascii: <!DOCTYPE html> <html lang=de class=translated-ltr style><meta charset=utf-8><meta http-equiv=X-UA-Compatible content="IE=edge"><meta name=viewport content="width=device-width, initial-scale=1"><meta name=theme-color content=#ea0e63><title>Consumptio
2024-04-19 06:22:23 UTC	16384	IN	Data Raw: 78 45 71 75 4d 41 66 5a 62 37 7a 69 51 38 57 4e 53 49 37 6a 4e 62 58 34 58 59 55 38 35 33 39 54 42 53 6c 31 58 56 54 7a 34 41 77 6f 6e 34 47 63 51 52 31 61 54 2f 57 55 31 64 66 68 52 55 67 73 30 39 4c 42 73 2f 46 74 6b 75 63 2b 57 51 46 4d 53 63 65 33 66 53 33 4f 69 63 62 58 47 54 78 4c 44 65 45 6c 72 76 58 62 55 56 64 52 68 36 7a 51 6a 65 6a 57 58 77 48 6c 51 76 6e 6c 34 56 43 33 6b 35 36 51 64 41 79 72 4b 6b 2b 56 52 44 6b 65 32 76 34 68 76 53 6d 35 33 38 4c 69 66 42 6a 79 66 30 53 6d 39 41 45 43 34 36 77 57 44 63 6d 48 65 59 49 75 6d 34 79 38 51 31 4c 51 4a 64 42 72 39 55 36 70 50 51 39 33 42 37 77 71 62 77 64 66 77 6c 49 2b 48 50 75 2b 2f 58 4f 79 30 50 31 66 4c 39 54 70 71 33 52 6e 64 5a 76 32 42 78 33 70 6f 35 68 49 71 78 4b 63 68 61 6d 45 71 33 43 Data Ascii: xEquMAfZb7ziQ8WNSI7jNbX4XYU8539TBSl1XVTz4Awon4GcQR1aT/WU1dfhRUgs09LBs/Ftkuc+WQFMSce3fS3OicbXGTxLDeElrvXbUVdRh6zQjejWXwHlQvnl4VC3k56QdAyrKk+VRDke2v4hvSm538LifBjyf0Sm9AEC46wWDcmHeYIum4y8Q1LQJdBr9U6pPQ93B7wqbwdfwlI+HPu+/XOy0P1fL9Tpq3RndZv2Bx3po5hIqxKchamEq3C
2024-04-19 06:22:23 UTC	16384	IN	Data Raw: 2f 59 70 49 73 35 6c 6b 4c 2f 58 34 43 45 50 51 78 74 52 50 55 66 48 78 4d 65 31 46 35 48 50 56 44 69 5a 38 6d 6d 67 67 57 37 65 49 34 6c 4a 33 56 34 42 53 74 78 6f 45 37 30 75 76 35 6e 68 4a 52 6d 4d 54 36 78 6f 67 67 77 61 42 6b 4e 45 44 59 5a 6a 44 33 73 45 4d 32 6d 71 6c 6d 42 71 6c 77 6e 46 43 52 72 41 72 4b 46 6f 48 6b 75 45 35 64 4f 55 44 72 65 49 70 53 36 73 45 78 43 41 72 6b 52 57 4b 33 64 62 6c 55 64 48 6b 68 4f 58 64 72 43 5a 45 51 4b 77 54 4b 30 6e 6f 4d 48 61 55 55 6f 53 4c 6d 6f 43 6b 53 47 47 76 78 73 6b 46 32 34 74 4d 41 47 31 67 76 4a 74 62 72 37 35 67 71 32 33 36 35 43 4e 73 48 44 68 38 4c 64 7a 4a 6e 53 4d 42 4b 57 45 44 63 66 4e 4b 52 71 72 70 4b 57 56 63 64 76 48 6f 58 39 75 76 71 74 6c 63 68 39 76 46 2f 55 2f 56 72 4a 71 6f 35 5a 73 Data Ascii: /YpIs5lkL/X4CEPQxtRPUfHxMe1F5HPVDiZ8mmggW7eI4lJ3V4BStxoE70uv5nhJRmMT6xoggwaBkNEDYZjD3sEM2mqlmBqlwnFCRrArKFoHkuE5dOUDreIpS6sExCArkRWK3dblUdHkhOXdrCZEQKwTK0noMHaUUoSLmoCkSGGvxskF24tMAG1gvJtbr75gq2365CNsHDh8LdzJnSMBKWEDcfNKRqrpKWVcdvHoX9uvqtlch9vF/U/VrJqo5Zs
2024-04-19 06:22:24 UTC	16384	IN	Data Raw: 71 53 4d 6f 68 4c 51 6b 6d 71 5a 64 52 49 37 4d 6f 4e 72 58 39 41 78 46 57 38 4d 75 74 52 6c 56 78 5a 37 4d 62 62 50 65 73 56 75 63 75 7a 79 2f 32 53 35 74 6c 5a 67 4e 50 75 6e 73 6c 50 30 66 54 49 34 6f 62 31 78 66 4d 73 70 6d 31 39 6e 4f 6c 33 6f 2b 79 53 79 75 36 4b 6c 68 4a 54 44 34 76 54 48 32 6d 78 53 6a 54 47 62 43 6c 31 64 63 78 4b 6a 56 47 6f 4c 6a 39 6d 33 65 31 31 51 74 61 74 66 32 32 6d 50 33 31 4b 6a 62 76 74 79 4b 74 63 31 62 45 73 44 48 35 37 38 66 2f 34 41 56 59 4c 71 35 57 41 78 4e 41 6d 56 41 63 7a 6f 64 53 73 4d 50 44 4a 65 38 68 55 64 73 68 55 55 44 41 67 65 6b 32 34 2f 75 77 74 4f 4b 65 68 45 54 43 75 55 33 34 57 42 42 68 46 66 55 4f 33 5a 52 41 34 65 75 2b 66 59 2f 39 30 54 5a 72 6f 75 6f 78 75 43 4c 42 34 69 6e 42 6b 70 53 63 51 6a Data Ascii: qSMohLQkmqZdRI7MoNrX9AxFW8MutRlVxZ7MbbPesVucuzy/2S5tlZgNPunslP0fTI4ob1xfMspm19nOl3o+ySyu6KlhJTD4vTH2mxSjTGbCl1dcxKjVGoLj9m3e11Qtatf22mP31KjbvtyKtc1bEsDH578f/4AVYLq5WAxNAmVAczodSsMPDJe8hUdshUUDAgek24/uwtOKehETCuU34WBBhFfUO3ZRA4eu+fY/90TZrouoxuCLB4inBkpScQj
2024-04-19 06:22:24 UTC	16384	IN	Data Raw: 67 7a 64 66 2f 45 42 2f 65 37 44 61 58 41 2b 63 37 50 57 30 6c 37 65 37 37 4a 49 58 6d 6f 37 70 75 68 65 74 54 58 49 48 52 32 59 62 48 46 58 46 79 79 4d 45 69 7a 42 57 51 33 6e 43 6f 35 7a 4e 76 70 63 47 30 77 33 53 6d 2b 36 6c 54 5a 31 59 61 62 6f 59 4a 4d 49 76 2b 71 62 70 62 70 70 2b 38 4c 46 6f 77 4d 6c 7a 2f 36 70 4d 50 65 53 77 44 6a 4b 6a 73 4c 53 79 64 4d 55 4b 35 37 4f 52 68 34 62 79 58 31 75 44 67 55 46 4a 34 45 76 78 52 77 31 35 45 6a 33 42 46 53 4e 69 51 6e 70 38 46 67 6f 74 63 71 4b 47 64 42 4a 74 6e 56 4a 56 77 30 53 62 6a 30 4a 4f 49 2f 45 35 59 35 69 56 63 4f 2f 2f 68 6e 61 4e 43 54 39 4b 74 6a 48 57 6e 7a 42 47 6f 47 71 53 44 54 43 39 4b 41 41 63 79 50 6b 76 6c 6a 61 36 46 55 37 41 65 78 79 31 38 70 4d 50 4e 5a 68 71 6b 63 79 33 71 2f 30 Data Ascii: gzdf/EB/e7DaXA+c7PW0l7e77JIXmo7puhetTXIHR2YbHFXFyyMEizBWQ3nCo5zNvpcG0w3Sm+6lTZ1YaboYJMIv+qbpbpp+8LFowMlz/6pMPeSwDjKjsLSydMUK57ORh4byX1uDgUFJ4EvxRw15Ej3BFSNiQnp8FgotcqKGdBJtnVJVw0Sbj0JOI/E5Y5iVcO//hnaNCT9KtjHWnzBGoGqSDTC9KAAcyPkvlja6FU7Aexy18pMPNZhqkcy3q/0
2024-04-19 06:22:24 UTC	16384	IN	Data Raw: 76 57 49 51 67 34 4a 79 65 51 4e 6f 52 48 77 65 69 34 6c 30 63 55 39 49 39 4f 59 4a 4f 35 70 71 77 6c 49 44 41 78 49 63 6a 35 71 64 48 2b 46 2b 63 49 6c 36 42 72 59 30 59 49 51 46 47 75 33 75 72 73 33 4b 6d 79 68 68 51 4e 59 4b 42 54 7a 65 4f 42 30 41 4b 65 30 49 4c 69 68 50 6b 78 54 34 43 42 73 79 53 6a 66 4e 61 53 78 57 64 63 44 33 6b 57 57 59 6e 44 32 55 6e 55 6a 6f 6e 47 76 46 7a 44 46 4b 4e 37 2f 71 67 2f 62 2b 73 62 5a 4b 49 35 33 54 51 78 4f 4f 70 34 32 63 36 77 39 62 50 4b 4f 53 6d 6d 4c 58 58 30 75 6b 50 53 32 46 6d 56 39 33 72 55 51 63 64 46 78 7a 77 30 57 2f 5a 33 7a 6f 71 52 48 71 36 6b 56 32 38 31 42 64 5a 57 66 74 71 6e 44 6a 77 78 54 78 39 47 68 42 2b 6d 77 4c 64 4e 2b 35 64 62 58 55 53 4a 74 76 41 52 57 6c 5a 75 76 75 52 78 4b 53 33 51 2f Data Ascii: vWIQg4JyeQNoRHwei4l0cU9I9OYJO5pqwlIDAxIcj5qdH+F+cIl6BrY0YIQFGu3urs3KmyhhQNYKBTzeOB0AKe0ILihPkxT4CBsySjfNaSxWdcD3kWWYnD2UnUjonGvFzDFKN7/qg/b+sbZKI53TQxOOp42c6w9bPKOSmmLXX0ukPS2FmV93rUQcdFxzw0W/Z3zoqRHq6kV281BdZWftqnDjwxTx9GhB+mwLdN+5dbXUSJtvARWlZuvuRxKS3Q/
2024-04-19 06:22:24 UTC	16384	IN	Data Raw: 58 70 74 4d 62 52 56 45 32 79 69 39 62 54 45 31 7a 37 65 6f 7a 45 4e 46 38 41 35 70 36 72 31 74 38 48 37 38 66 79 59 2f 4d 56 4a 4b 2f 57 74 59 64 6b 79 70 65 55 4c 56 43 6a 2f 63 46 4b 66 7a 4e 71 5a 47 50 43 6f 54 42 74 4c 75 71 79 7a 49 79 75 6a 57 75 6a 76 61 2b 38 36 65 33 6a 44 38 64 66 43 6b 51 6c 52 66 36 54 42 38 4c 79 74 70 70 7a 55 44 45 4f 4e 6c 54 69 48 4b 30 4c 39 56 64 71 54 4e 6c 6f 61 30 77 2b 75 32 74 2b 66 67 48 70 61 68 6e 34 4a 78 66 4b 61 41 61 77 4c 77 77 43 36 5a 4e 67 65 71 47 46 54 67 52 4f 4a 53 42 61 6e 4d 52 34 55 69 35 7a 48 77 44 6c 4a 4a 51 49 59 77 79 61 78 53 59 36 41 49 36 6c 59 49 34 76 41 4e 5a 78 45 45 67 62 43 59 48 4d 69 53 42 32 62 5a 36 75 4b 75 73 4f 45 2b 34 53 4d 55 6c 30 4c 7a 6c 6f 76 38 66 30 44 35 4d 4b 4b Data Ascii: XptMbRVE2yi9bTE1z7eozENF8A5p6r1t8H78fyY/MVJK/WtYdkypeULVCj/cFKfzNqZGPCoTBtLuqyzIyujWujva+86e3jD8dfCkQlRf6TB8LytppzUDEONlTiHK0L9VdqTNloa0w+u2t+fgHpahn4JxfKaAawLwwC6ZNgeqGFTgROJSBanMR4Ui5zHwDlJJQIYwyaxSY6AI6lYI4vANZxEEgbCYHMiSB2bZ6uKusOE+4SMUl0Lzlov8f0D5MKK
2024-04-19 06:22:24 UTC	16384	IN	Data Raw: 6d 4e 50 4b 77 46 36 51 58 6d 32 6c 65 4e 79 5a 47 2f 5a 36 4d 34 57 6a 78 48 4c 32 67 42 4a 53 68 37 6f 67 76 59 4d 52 64 68 48 37 43 6c 6c 5a 52 77 75 64 69 7a 32 64 43 66 64 77 67 6f 36 47 42 2f 77 4d 58 4d 41 77 61 6a 63 51 6e 49 45 70 41 4f 78 67 57 57 4c 2b 4f 75 6e 41 41 52 52 33 73 70 45 38 2b 55 6e 45 7a 4a 48 67 53 4e 48 78 37 43 4a 34 63 72 32 63 4a 34 79 44 47 62 2b 4e 44 78 63 41 43 64 78 35 4a 77 73 58 54 30 51 6c 43 72 55 5a 67 42 6b 41 4d 59 4e 70 6b 39 44 65 68 54 6a 66 44 51 75 76 76 4f 68 6c 4c 41 4a 59 6a 79 4f 57 47 67 53 2f 76 6d 76 4b 55 35 59 37 41 78 31 50 33 7a 75 57 4c 47 6e 7a 58 48 43 62 51 4e 53 72 30 4a 70 57 58 2b 39 49 36 57 75 6c 5a 56 6c 71 6a 6a 54 62 48 64 46 50 64 53 48 6f 46 49 61 72 47 36 33 6c 6c 6b 39 6c 32 75 38 Data Ascii: mNPKwF6QXm2leNyZG/Z6M4WjxHL2gBJSh7ogvYMRdhH7CllZRwudiz2dCfdwgo6GB/wMXMAwajcQnIEpAOxgWWL+OunAARR3spE8+UnEzJHgSNHx7CJ4cr2cJ4yDGb+NDxcACdx5JwsXT0QlCrUZgBkAMYNpk9DehTjfDQuvvOhlLAJYjyOWGgS/vmvKU5Y7Ax1P3zuWLGnzXHCbQNSr0JpWX+9I6WulZVlqjjTbHdFPdSHoFIarG63llk9l2u8
2024-04-19 06:22:24 UTC	1368	IN	Data Raw: 74 38 41 6e 48 6c 4c 34 44 65 46 76 68 47 4b 78 57 4e 64 72 35 39 59 67 78 42 43 47 49 4b 4b 55 4d 78 46 6f 34 6c 38 43 76 38 30 35 43 67 46 72 58 74 34 41 53 41 74 38 66 47 6c 2b 36 45 67 69 76 77 52 50 59 4a 79 46 4c 57 6f 75 43 33 6f 56 46 34 45 59 6d 31 34 48 53 55 47 45 43 4b 71 75 6d 79 33 56 53 48 30 77 32 32 78 59 5a 68 47 58 73 4b 4d 4c 65 72 43 6a 69 44 77 50 4e 6d 47 6e 4d 38 71 62 7a 71 39 56 5a 54 78 4e 31 47 5a 5a 65 6f 55 4f 68 30 52 36 61 75 4d 74 38 6f 48 4c 76 78 4a 47 4c 70 45 62 65 54 63 69 66 72 65 33 57 79 4a 6e 34 79 55 55 30 72 34 4f 38 38 78 54 36 62 2f 45 6d 31 69 74 30 59 32 42 32 52 56 58 79 35 71 6f 49 43 73 42 61 54 37 76 71 79 76 47 44 48 6f 69 4d 37 67 32 49 75 6f 49 4a 4b 52 4f 66 45 4d 79 6c 64 4c 4f 49 51 54 4d 4d 77 74 Data Ascii: t8AnHlL4DeFvhGKxWNdr59YgxBCGIKKUMxFo4l8Cv805CgFrXt4ASAt8fGl+6EgivwRPYJyFLWouC3oVF4EYm14HSUGECKqumy3VSH0w22xYZhGXsKMLerCjiDwPNmGnM8qbzq9VZTxN1GZZeoUOh0R6auMt8oHLvxJGLpEbeTcifre3WyJn4yUU0r4O88xT6b/Em1it0Y2B2RVXy5qoICsBaT7vqyvGDHoiM7g2IuoIJKROfEMyldLOIQTMMwt
2024-04-19 06:22:24 UTC	14994	IN	Data Raw: 79 4b 37 57 42 74 49 59 63 4a 77 53 67 79 64 65 45 38 66 34 49 58 41 47 58 54 54 6f 62 39 47 32 76 54 5a 4e 61 50 53 37 79 4b 69 4e 57 6c 31 4b 33 46 57 4a 35 56 56 63 51 48 42 45 6c 70 73 62 6a 70 62 79 61 76 33 43 6d 56 50 36 74 69 4a 72 75 38 5a 73 59 72 74 33 7a 48 6d 73 75 47 2f 64 6d 61 41 78 65 63 34 30 74 41 4b 62 66 70 43 66 6b 75 39 45 6e 34 4f 77 56 6f 6c 48 62 38 35 4d 4a 57 78 31 75 76 78 63 65 54 75 4d 6c 78 58 39 41 46 4c 65 75 64 75 2b 50 70 35 35 64 4b 71 65 50 73 45 75 61 39 61 6c 31 65 57 4b 75 57 4b 34 33 42 7a 6b 32 74 6c 59 36 49 49 42 37 59 57 78 63 2b 55 76 74 4d 62 6e 59 57 7a 6f 5a 49 72 4e 61 2b 51 42 4d 4a 43 54 33 55 36 74 61 46 47 48 72 37 47 73 76 76 65 46 6b 33 51 36 44 52 7a 51 38 37 67 68 44 73 4f 68 68 45 4c 4d 45 59 32 Data Ascii: yK7WBtIYcJwSgydeE8f4IXAGXTTob9G2vTZNaPS7yKiNWl1K3FWJ5VVcQHBElpsbjpbyav3CmVP6tiJru8ZsYrt3zHmsuG/dmaAxec40tAKbfpCfku9En4OwVolHb85MJWx1uvxceTuMlxX9AFLeudu+Pp55dKqePsEua9al1eWKuWK43Bzk2tlY6IIB7YWxc+UvtMbnYWzoZIrNa+QBMJCT3U6taFGHr7GsvveFk3Q6DRzQ87ghDsOhhELMEY2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.16	49709	23.63.206.91	443

Timestamp	Bytes transferred	Direction	Data
2024-04-19 06:22:27 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-19 06:22:28 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/073D) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=175281 Date: Fri, 19 Apr 2024 06:22:27 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.16	49711	23.63.206.91	443

Timestamp	Bytes transferred	Direction	Data
2024-04-19 06:22:28 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-19 06:22:28 UTC	531	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0rcGnYgAAAAANOnx9vccHTr21ROgX9ESTU0pDRURHRTAzMDkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=175265 Date: Fri, 19 Apr 2024 06:22:28 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-19 06:22:28 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.16	49713	20.12.23.50	443

Timestamp	Bytes transferred	Direction	Data
2024-04-19 06:22:31 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=sYs12cpdAgMpO2B&MD=V7HTNmUN HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-19 06:22:31 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 35336186-84ca-41d0-b6d7-8c9e1675a93f MS-RequestId: 8f466369-9cab-4ffa-91fc-59fad74e28b2 MS-CV: j9RjvYCgf0KvL+JK.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 19 Apr 2024 06:22:30 GMT Connection: close Content-Length: 24490
2024-04-19 06:22:31 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-04-19 06:22:31 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.16	49714	20.12.23.50	443

Timestamp	Bytes transferred	Direction	Data
2024-04-19 06:23:08 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=sYs12cpdAgMpO2B&MD=V7HTNmUN HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-19 06:23:08 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: 5719ec2f-0ab8-4bf1-ac5e-228be3032506 MS-RequestId: 0ee594b9-9000-429a-96ca-c77bdc150692 MS-CV: vLY/8ERSTEW/tALI.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 19 Apr 2024 06:23:07 GMT Connection: close Content-Length: 25457
2024-04-19 06:23:08 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2024-04-19 06:23:08 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 7000, Parent PID: 3432

General

Target ID:	0
Start time:	08:22:15
Start date:	19/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://link.id.vn/GrONN
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 4212, Parent PID: 7000

General

Target ID:	1
Start time:	08:22:15
Start date:	19/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1912,i,2914826928353280511,12430040426356834393,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://link.id.vn/GrONN

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 56

Chrome Cache Entry: 57

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 7000, Parent PID: 3432

General

Chronological Activities

Analysis Process: chrome.exePID: 4212, Parent PID: 7000

General

Chronological Activities

Windows Analysis Report
https://link.id.vn/GrONN