Edit tour

Windows Analysis Report
https://hkgroup.com.pk/msul3o/?login=melissa.meng%40safrangroup.com

Overview

General Information

Sample URL:	https://hkgroup.com.pk/msul3o/?login=melissa.meng%40safrangroup.com
Analysis ID:	1431107
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5552 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5052 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2572 --field-trial-handle=2212,i,7302645180456654908,8517556159455942905,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6392 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://hkgroup.com.pk/msul3o/?login=melissa.meng%40safrangroup.com" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://hkgroup.com.pk/msul3o/?login=melissa.meng%40safrangroup.com

HTTP Parser: <input type="password" .../> found

Source: unknown	HTTPS traffic detected: 23.3.84.131:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.3.84.131:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.32:443 -> 192.168.2.4:49751 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /msul3o/?login=melissa.meng%40safrangroup.com HTTP/1.1Host: hkgroup.com.pkConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /msul3o/header.png HTTP/1.1Host: hkgroup.com.pkConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hkgroup.com.pk/msul3o/?login=melissa.meng%40safrangroup.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ab863fc5c76aee3711ece59a60c9ce7d
Source: global traffic	HTTP traffic detected: GET /msul3o/frt.png HTTP/1.1Host: hkgroup.com.pkConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hkgroup.com.pk/msul3o/?login=melissa.meng%40safrangroup.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ab863fc5c76aee3711ece59a60c9ce7d
Source: global traffic	HTTP traffic detected: GET /sslvpn/js/login.js?q=e90a8f3ceec57386af119bfb1620ac2e HTTP/1.1Host: hkgroup.com.pkConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hkgroup.com.pk/msul3o/?login=melissa.meng%40safrangroup.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ab863fc5c76aee3711ece59a60c9ce7d
Source: global traffic	HTTP traffic detected: GET /remote/fgt_lang?lang=en HTTP/1.1Host: hkgroup.com.pkConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hkgroup.com.pk/msul3o/?login=melissa.meng%40safrangroup.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ab863fc5c76aee3711ece59a60c9ce7d
Source: global traffic	HTTP traffic detected: GET /msul3o/lato-regular.woff2 HTTP/1.1Host: hkgroup.com.pkConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://hkgroup.com.pksec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://hkgroup.com.pk/msul3o/?login=melissa.meng%40safrangroup.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ab863fc5c76aee3711ece59a60c9ce7d
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /msul3o/header.png HTTP/1.1Host: hkgroup.com.pkConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ab863fc5c76aee3711ece59a60c9ce7d
Source: global traffic	HTTP traffic detected: GET /msul3o/frt.png HTTP/1.1Host: hkgroup.com.pkConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ab863fc5c76aee3711ece59a60c9ce7d
Source: global traffic	HTTP traffic detected: GET /msul3o/icon.png HTTP/1.1Host: hkgroup.com.pkConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hkgroup.com.pk/msul3o/?login=melissa.meng%40safrangroup.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ab863fc5c76aee3711ece59a60c9ce7d
Source: global traffic	HTTP traffic detected: GET /msul3o/icon.png HTTP/1.1Host: hkgroup.com.pkConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ab863fc5c76aee3711ece59a60c9ce7d

Source: global traffic	DNS traffic detected: DNS query: hkgroup.com.pk
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Wed, 24 Apr 2024 13:36:39 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Wed, 24 Apr 2024 13:36:39 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.3.84.131:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.3.84.131:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.32:443 -> 192.168.2.4:49751 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@16/13@6/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2572 --field-trial-handle=2212,i,7302645180456654908,8517556159455942905,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://hkgroup.com.pk/msul3o/?login=melissa.meng%40safrangroup.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2572 --field-trial-handle=2212,i,7302645180456654908,8517556159455942905,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://hkgroup.com.pk/msul3o/?login=melissa.meng%40safrangroup.com	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://hkgroup.com.pk/msul3o/icon.png	0%	Avira URL Cloud	safe
https://hkgroup.com.pk/sslvpn/js/login.js?q=e90a8f3ceec57386af119bfb1620ac2e	0%	Avira URL Cloud	safe
https://hkgroup.com.pk/msul3o/frt.png	0%	Avira URL Cloud	safe
https://hkgroup.com.pk/remote/fgt_lang?lang=en	0%	Avira URL Cloud	safe
https://hkgroup.com.pk/msul3o/header.png	0%	Avira URL Cloud	safe
https://hkgroup.com.pk/msul3o/lato-regular.woff2	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false	unknown
hkgroup.com.pk	64.31.43.186	true	false	unknown
www.google.com	142.250.101.99	true	false	high
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://hkgroup.com.pk/msul3o/frt.png	false	Avira URL Cloud: safe	unknown
https://hkgroup.com.pk/remote/fgt_lang?lang=en	false	Avira URL Cloud: safe	unknown
https://hkgroup.com.pk/msul3o/header.png	false	Avira URL Cloud: safe	unknown
https://hkgroup.com.pk/sslvpn/js/login.js?q=e90a8f3ceec57386af119bfb1620ac2e	false	Avira URL Cloud: safe	unknown
https://hkgroup.com.pk/msul3o/?login=melissa.meng%40safrangroup.com	false		unknown
https://hkgroup.com.pk/msul3o/icon.png	false	Avira URL Cloud: safe	unknown
https://hkgroup.com.pk/msul3o/lato-regular.woff2	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.101.99	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
64.31.43.186	hkgroup.com.pk	United States	46475	LIMESTONENETWORKSUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1431107
Start date and time:	2024-04-24 15:35:44 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 17s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://hkgroup.com.pk/msul3o/?login=melissa.meng%40safrangroup.com
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@16/13@6/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.251.2.139, 142.251.2.100, 142.251.2.138, 142.251.2.101, 142.251.2.113, 142.251.2.102, 142.251.2.84, 142.251.2.94, 34.104.35.123, 74.125.137.95, 142.251.2.95, 20.12.23.50, 199.232.214.172, 192.229.211.108, 20.3.187.198
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 42

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 212 x 221, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	11424
Entropy (8bit):	7.969675063295564
Encrypted:	false
SSDEEP:	192:I8cqN24UzR7u7q4Z0KxDTECVr1Y0Sd1EQNIzgH0NaF2eRewTdCc6/EBMwqN:rcqN24+um4Z0KVlB94iQNI7aQtqdMw8
MD5:	0D112DB825594B41C9ADB467F155AA3E
SHA1:	64F66C4AE996EA2DABB9E58A095C0A4490CC4597
SHA-256:	93A361D637D58F675457CB19C497F8419A17F01978F0E1FB7C3610207A774925
SHA-512:	1F7A477A6401B0F78C6030F28B90A07221876779B4221B0881B29FA35B45E573586527D74B8B87AB3C75E571881CCAEC8B8FCE3AA8A699B6FADB7197B074C0A6
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...............\.....sBIT....\|.d.....tEXtSoftware.gnome-screenshot...>...0iTXtCreation Time........ 23 ... 2024 18:53:39.!... .IDATx..yxSU..Y..i.}_.B[.@[J..V..Ed....EA.QTtF....:... ....n.. k...(m.^J..I.6...#....Mr....<>...$.{..y...2......Z`.{...3A.E .....@#DP....A..4B.E .....@#DP....A..4B.E .....@#DP....A..4B.E .....@#DP....A..4B.E....).=\.c.R.@AC;.}w...y..J0uc........J..!..~..y..gj..`.rkd...v.ZU:.~..C.5.Qi..nQ.......%....tz...'...r.,h......J#..4w^#.N...RTJ....mjdUHq.........*P.(..\|q.:..da.....l8W.K.mp.#....@..UR%NW.`R..B=.x}...~.......)....b.@.D...n....e.........x..(.Y...xT02.........d<.Gp.G..qa.&U"....p.Q.....x.b..+v...JV.G.....6cl.'D\|.U..k."&-.E..v..aAJ .....k...O.xdd.~.o.....X_7.....8K...!-...V.A..t8s....lL....2..\|s..<..^....~.....\|1'.K...A...W.b.q.......V..v..=..v...n.+...F...f!=.....@.......M.......cBl2V....>...c.7.k....ll.k.....0).8.m<W..{K....l..o.qZ.......:..Y..Q^8.l$F....\|..eM........(..5..<..<.,.., ..$...@..d....s....

Chrome Cache Entry: 43

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 681 x 69, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	5395
Entropy (8bit):	7.899130731680747
Encrypted:	false
SSDEEP:	96:D9/RcRH1yAyhmwXIN9k8PZ8uOr7DU5NknoLNyqe/2vPYtj6BeINnzfvlsOLzBBsS:Dk1yAJJR8uE7mNknENyqesYtjEeWzHbx
MD5:	E7BD50D17161DBC5671A69C1EDA9B6C0
SHA1:	6D53D0426B4D325463EE03F701489611B4A31466
SHA-256:	149D89398FBD882AD50FC084C9FB58246F84AA81B3D2E3334BE5EEC4AFFEA95C
SHA-512:	85388F08592DD92B29163C14C5DD053C0F536FE7DEA0595CF2133D7C4EFA075918885561DA17CB306D326314CACEFDF0B67E80EBBD53B5C1F17B71FF43DC3736
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......E.....i?......sBIT....\|.d.....tEXtSoftware.gnome-screenshot...>...0iTXtCreation Time........ 23 ... 2024 19:04:40.N.....iIDATx...}t.....w.4I.IhH[.)..<.....!.... zq...d>.n...1=.l...9.......v.....<wC.v.P.g.PD ..P.>.i.&i..?.yl.~mR}......!.....\|.....o......(...=."""".@.R....(.0H%"""... .....R..T""""J9.R....(.0H%"""..#..7T.%..-C.J.....YRdI..I.-.C-O.kl....f....'L6'.,#.l....W.v.l...:....M.).R..T.V`UA6..21_..B...5....y....4uZ.d.D.U..;.q..&.....(...q.@e...5.@............+f..nF..~\|.9.Q.EDDD4.$......{....\..dB.K..a'.j5.X......i.5.C"""".(....%"..[.U..S1.)..e3j.k..9.......$..I..!....p.L...L6\2...o.....EiP.%P.%...).!K&.J.A.L..\..\..<....2.....(-.K....h......D..<.k..v3.:-8.5....8.y. J...9...d`q..k.j^6.QD..(.NDDDD..wu..k..b...R...h..+gz.q.%...cq.p.s.';..f.kJ..k.p.^..B../P..:\..""""....Rm.Q.....C#.}..g....X.,..^?........t\|.X..V..:_..3.......w....,.WR..Pz.#...n....m.......Q...R.}.>.$u...".a.......q..v.D.'..}.)'O....A*.... .r.o .j\|.h....

Chrome Cache Entry: 44

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 212 x 221, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	11424
Entropy (8bit):	7.969675063295564
Encrypted:	false
SSDEEP:	192:I8cqN24UzR7u7q4Z0KxDTECVr1Y0Sd1EQNIzgH0NaF2eRewTdCc6/EBMwqN:rcqN24+um4Z0KVlB94iQNI7aQtqdMw8
MD5:	0D112DB825594B41C9ADB467F155AA3E
SHA1:	64F66C4AE996EA2DABB9E58A095C0A4490CC4597
SHA-256:	93A361D637D58F675457CB19C497F8419A17F01978F0E1FB7C3610207A774925
SHA-512:	1F7A477A6401B0F78C6030F28B90A07221876779B4221B0881B29FA35B45E573586527D74B8B87AB3C75E571881CCAEC8B8FCE3AA8A699B6FADB7197B074C0A6
Malicious:	false
Reputation:	low
URL:	https://hkgroup.com.pk/msul3o/frt.png
Preview:	.PNG........IHDR...............\.....sBIT....\|.d.....tEXtSoftware.gnome-screenshot...>...0iTXtCreation Time........ 23 ... 2024 18:53:39.!... .IDATx..yxSU..Y..i.}_.B[.@[J..V..Ed....EA.QTtF....:... ....n.. k...(m.^J..I.6...#....Mr....<>...$.{..y...2......Z`.{...3A.E .....@#DP....A..4B.E .....@#DP....A..4B.E .....@#DP....A..4B.E .....@#DP....A..4B.E....).=\.c.R.@AC;.}w...y..J0uc........J..!..~..y..gj..`.rkd...v.ZU:.~..C.5.Qi..nQ.......%....tz...'...r.,h......J#..4w^#.N...RTJ....mjdUHq.........*P.(..\|q.:..da.....l8W.K.mp.#....@..UR%NW.`R..B=.x}...~.......)....b.@.D...n....e.........x..(.Y...xT02.........d<.Gp.G..qa.&U"....p.Q.....x.b..+v...JV.G.....6cl.'D\|.U..k."&-.E..v..aAJ .....k...O.xdd.~.o.....X_7.....8K...!-...V.A..t8s....lL....2..\|s..<..^....~.....\|1'.K...A...W.b.q.......V..v..=..v...n.+...F...f!=.....@.......M.......cBl2V....>...c.7.k....ll.k.....0).8.m<W..{K....l..o.qZ.......:..Y..Q^8.l$F....\|..eM........(..5..<..<.,.., ..$...@..d....s....

Chrome Cache Entry: 45

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	639
Entropy (8bit):	7.332302081447108
Encrypted:	false
SSDEEP:	12:6v/7s6nML5pkkkkkkkkkywVA0B9A+VtF2gsTOjVsup0E0WSbAzhEkPLhYxdfBOL3:hMSYA0B9A+hKOjV1T2t/Efl9
MD5:	9EEDB18DCFD6C52F9B73399109399F86
SHA1:	D73B7B7B82FB2235FA9AFF9A497C0F655F9D685F
SHA-256:	BD6FDD59C0B4E983E89CCEE1CE5A8B92CC0A9300FA67F8186770655337ADBBAF
SHA-512:	3CFACD2D88AAE8F735B90C9D67AABC52317999BD05478E00F7E16232F8AE796E075E0BC17BE05E2FF3E8D3E03D5945FA76117C26D91F96032480376DAE5566E2
Malicious:	false
Reputation:	low
URL:	https://hkgroup.com.pk/msul3o/icon.png
Preview:	.PNG........IHDR... ... .....D.......gAMA......a.....sRGB.........PLTELiq.2".2".2".2".2".2".2".2".2".2".2".2"./..3#...........6'.....[O.B4.......M@.1!....L>.{.<,....qg.h^.~u......:,...VJ.\O...........tRNS.j........V.......IDAT8.S.. .DkE[....^.G......uF......l.....h.a.@ ....w.z.~c..14......L....+...G.0.ZJ.M.Z.Z3q........e~.N...s^.......8!..U..=...E1.pK.u.Nt...L.....^..J.x.D;.P4.!..HL..$./6..^o..j.....G.U....&DO1......'.....i}(..n\|.B.[..W...K....X..Y..Y..h9.i..w<....L.@..~..G..r}..{.}W.?<.?)&)....WzTXtRaw profile type iptc..x.....qV((.O..I.R..#..c..#.K.... D.4.d.#.T ...........H.J.....t.B5.....IEND.B`.

Chrome Cache Entry: 46

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 681 x 69, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	5395
Entropy (8bit):	7.899130731680747
Encrypted:	false
SSDEEP:	96:D9/RcRH1yAyhmwXIN9k8PZ8uOr7DU5NknoLNyqe/2vPYtj6BeINnzfvlsOLzBBsS:Dk1yAJJR8uE7mNknENyqesYtjEeWzHbx
MD5:	E7BD50D17161DBC5671A69C1EDA9B6C0
SHA1:	6D53D0426B4D325463EE03F701489611B4A31466
SHA-256:	149D89398FBD882AD50FC084C9FB58246F84AA81B3D2E3334BE5EEC4AFFEA95C
SHA-512:	85388F08592DD92B29163C14C5DD053C0F536FE7DEA0595CF2133D7C4EFA075918885561DA17CB306D326314CACEFDF0B67E80EBBD53B5C1F17B71FF43DC3736
Malicious:	false
Reputation:	low
URL:	https://hkgroup.com.pk/msul3o/header.png
Preview:	.PNG........IHDR.......E.....i?......sBIT....\|.d.....tEXtSoftware.gnome-screenshot...>...0iTXtCreation Time........ 23 ... 2024 19:04:40.N.....iIDATx...}t.....w.4I.IhH[.)..<.....!.... zq...d>.n...1=.l...9.......v.....<wC.v.P.g.PD ..P.>.i.&i..?.yl.~mR}......!.....\|.....o......(...=."""".@.R....(.0H%"""... .....R..T""""J9.R....(.0H%"""..#..7T.%..-C.J.....YRdI..I.-.C-O.kl....f....'L6'.,#.l....W.v.l...:....M.).R..T.V`UA6..21_..B...5....y....4uZ.d.D.U..;.q..&.....(...q.@e...5.@............+f..nF..~\|.9.Q.EDDD4.$......{....\..dB.K..a'.j5.X......i.5.C"""".(....%"..[.U..S1.)..e3j.k..9.......$..I..!....p.L...L6\2...o.....EiP.%P.%...).!K&.J.A.L..\..\..<....2.....(-.K....h......D..<.k..v3.:-8.5....8.y. J...9...d`q..k.j^6.QD..(.NDDDD..wu..k..b...R...h..+gz.q.%...cq.p.s.';..f.kJ..k.p.^..B../P..:\..""""....Rm.Q.....C#.}..g....X.,..^?........t\|.X..V..:_..3.......w....,.WR..Pz.#...n....m.......Q...R.}.>.$u...".a.......q..v.D.'..}.)'O....A*.... .r.o .j\|.h....

Chrome Cache Entry: 47

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 27892, version 1.6816
Category:	downloaded
Size (bytes):	27892
Entropy (8bit):	7.9599908501132015
Encrypted:	false
SSDEEP:	768:ZgbcCtQlbiALpQzMa3pcAGxL6d8XjZzFUPxoz:ZNfONIL6qX1zCE
MD5:	F7FF2A6FF8699952646B5592DE084DFA
SHA1:	A63534A9FE94054BCFA4E96457871452AD9AB44D
SHA-256:	2EE055921E5460E768980DA0E441063D23F4320EA15E232A4F77FFCBE5B4F74F
SHA-512:	969FD6DA748F5B6BC7BE9A91CE37F1E457388ADC46153C01C249527E145D5EC08497C9EBAA451AF5D44C89BE35572B029F809134695DC4C3F607EE3CDBC95F67
Malicious:	false
Reputation:	low
URL:	https://hkgroup.com.pk/msul3o/lato-regular.woff2
Preview:	wOF2......l.......a ..l...........................`.p.`..d....e.....T....6.$..N......p.. ..x..e.K[.O.....;...6.5..An#.G.9#z"...]. .7.y....b....nU.K.................$'.0..j7S{...'.IY.K()U.......}..~30..Lu...a.8).P..<.1..1M@6[Y..(...d.2......-...t.~opdfzvNn.'..8.VX..0.(...cr.b..'..KHv.c..w..9..fl.r.."....ELy.n.@......ox.p%.nFZ..n.rr....lc.\|.SXm....{...L.]....D~.C....(.\|.$.2...~...7...m..sn.p.E...\..g..p.k...?.k....#"...............S.H......W...9.6N".X.xd.~..D].3...9.......?.?...../..C.. ...=....._.s.../l.(.....-..c..QM.Yr.......A#..<..~h"VM.-.C"...}L.`n.I%7.1b.6.......c.rD...*(.(. F..K..e.1.....U}...@B.I;..A......S4..`...d.{..s..Q..[....8.:.Q0..~.A..=...d.e.$e..Lc.N!.[.v7.......Zv.7...PmT9.P}.KS......Q....P!'Y..B>.0.T.4.C...sE2.I..=@...]{M:N.....$..+..W.../..'.$WP.D2...P. c......q.....)._...80..7.9..?!"c......>.....56i..!.....]Cu%...].(.....o9Rf...........9S:K.n_/.Z..2 J.e..R....M.&.LQ.6....Egg....W;..pB...8...:h..S.I6W.V?.....RVK...@.m

Chrome Cache Entry: 48

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	76
Entropy (8bit):	4.54792278349572
Encrypted:	false
SSDEEP:	3:xPWoyoSioSLOPliGCnSnqT9SX0lR:xPWoFSiPL0liGCSooX0lR
MD5:	DD727A12498610725B821DCF2554E086
SHA1:	6EE77B3BA1D023B92BEEB811A3A2FB17900DC407
SHA-256:	D2EB9A543A50F63171357B5A939CD06FDB2C231B0A3E4E3FCCA9489CEEBC1B90
SHA-512:	8E7C2A456E1E0420AA74C9B9839CA80668B4B0E7674A5FEEAF551B00DDF74376F59E416E980D7783C9621FD13FB115C11F49667B3AE686A43482E7E272F5F8FF
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISMwmuhXaRAxumrRIFDeeNQA4SBQ2c_AIfEgUNd_YMjhIFDSN2qYISBQ38evO6EgUNF9zaTQ==?alt=proto
Preview:	CjYKBw3njUAOGgAKBw2c/AIfGgAKBw139gyOGgAKBw0jdqmCGgAKBw38evO6GgAKBw0X3NpNGgA=

Chrome Cache Entry: 49

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	639
Entropy (8bit):	7.332302081447108
Encrypted:	false
SSDEEP:	12:6v/7s6nML5pkkkkkkkkkywVA0B9A+VtF2gsTOjVsup0E0WSbAzhEkPLhYxdfBOL3:hMSYA0B9A+hKOjV1T2t/Efl9
MD5:	9EEDB18DCFD6C52F9B73399109399F86
SHA1:	D73B7B7B82FB2235FA9AFF9A497C0F655F9D685F
SHA-256:	BD6FDD59C0B4E983E89CCEE1CE5A8B92CC0A9300FA67F8186770655337ADBBAF
SHA-512:	3CFACD2D88AAE8F735B90C9D67AABC52317999BD05478E00F7E16232F8AE796E075E0BC17BE05E2FF3E8D3E03D5945FA76117C26D91F96032480376DAE5566E2
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR... ... .....D.......gAMA......a.....sRGB.........PLTELiq.2".2".2".2".2".2".2".2".2".2".2".2"./..3#...........6'.....[O.B4.......M@.1!....L>.{.<,....qg.h^.~u......:,...VJ.\O...........tRNS.j........V.......IDAT8.S.. .DkE[....^.G......uF......l.....h.a.@ ....w.z.~c..14......L....+...G.0.ZJ.M.Z.Z3q........e~.N...s^.......8!..U..=...E1.pK.u.Nt...L.....^..J.x.D;.P4.!..HL..$./6..^o..j.....G.U....&DO1......'.....i}(..n\|.B.[..W...K....X..Y..Y..h9.i..w<....L.@..~..G..r}..{.}W.?<.?)&)....WzTXtRaw profile type iptc..x.....qV((.O..I.R..#..c..#.K.... D.4.d.#.T ...........H.J.....t.B5.....IEND.B`.

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 24, 2024 15:36:27.211880922 CEST	49678	443	192.168.2.4	104.46.162.224
Apr 24, 2024 15:36:27.789958954 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 24, 2024 15:36:36.083165884 CEST	49735	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:36.083245993 CEST	443	49735	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:36.083448887 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:36.083491087 CEST	49735	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:36.083503008 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:36.083813906 CEST	49735	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:36.083833933 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:36.083851099 CEST	443	49735	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:36.084078074 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:36.084096909 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:36.516979933 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:36.517296076 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:36.517330885 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:36.518223047 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:36.518287897 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:36.519496918 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:36.519558907 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:36.519706011 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:36.519716024 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:36.527101040 CEST	443	49735	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:36.527337074 CEST	49735	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:36.527363062 CEST	443	49735	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:36.529048920 CEST	443	49735	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:36.529119015 CEST	49735	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:36.530240059 CEST	49735	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:36.530328989 CEST	443	49735	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:36.572160959 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:36.572181940 CEST	49735	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:36.572240114 CEST	443	49735	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:36.619061947 CEST	49735	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.017932892 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.059493065 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.059520960 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.108045101 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.227855921 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.227869987 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.227941036 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.227956057 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.228008032 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.228035927 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.228049994 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.228049994 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.228059053 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.228070974 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.228091955 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.228238106 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.228247881 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.228286028 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.228290081 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.228305101 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.228336096 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.228341103 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.228363037 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.272885084 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.399516106 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 24, 2024 15:36:37.438076019 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.438090086 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.438142061 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.438150883 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.438174963 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.438199043 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.438208103 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.438256979 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.438465118 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.438488007 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.438523054 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.438529015 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.438543081 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.438555956 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.438577890 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.438599110 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.438637972 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.438769102 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.438817978 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.438828945 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.438841105 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.438870907 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.492963076 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.648597002 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.648617029 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.648660898 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.648674011 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.648705006 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.648720980 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.648745060 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.649023056 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.649045944 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.649086952 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.649095058 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.649116993 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.649135113 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.649497986 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.649518013 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.649597883 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.649605036 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.649642944 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.649924040 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.649946928 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.649983883 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.649991035 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.650017023 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.650034904 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.650307894 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.650326967 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.650368929 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.650376081 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.650398016 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.650418043 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.650732994 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.650753975 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.650785923 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.650791883 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.650815964 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.650832891 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.763968945 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.860588074 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.860615015 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.860671043 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.860685110 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.860706091 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.860721111 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.861048937 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.861069918 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.861113071 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.861120939 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.861145973 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.861171007 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.861684084 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.861702919 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.861745119 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.861751080 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.861794949 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.862095118 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.862116098 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.862149000 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.862158060 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.862184048 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.862210035 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.862524986 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.862545013 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.862582922 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.862590075 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.862602949 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.862623930 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.862900972 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.862921000 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.862957954 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.862965107 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.862991095 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.863003969 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.863158941 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.863325119 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.863344908 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.863379002 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.863385916 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.863415956 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.863435984 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.863751888 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.863771915 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.863806009 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.863812923 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.863848925 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.863866091 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.864136934 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.864155054 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.864187002 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.864193916 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.864221096 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.864239931 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.864244938 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.864546061 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.864571095 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.864600897 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.864609003 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.864639997 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.864928007 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.864947081 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.864998102 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.865008116 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.865022898 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.865286112 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.865310907 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.865338087 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.865346909 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:37.865375042 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:37.913425922 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.068032026 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.068057060 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.068121910 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.068140984 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.068197012 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.070919037 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.070939064 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.070992947 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.071001053 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.071041107 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.074963093 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.074982882 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.075025082 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.075032949 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.075074911 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.075285912 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.075305939 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.075344086 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.075351000 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.075378895 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.075397968 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.075762987 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.075783968 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.075830936 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.075839043 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.075866938 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.075892925 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.075898886 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.075921059 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.075947046 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.075975895 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.075984001 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.076011896 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.076297998 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.076318026 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.076354027 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.076364994 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.076387882 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.076580048 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.076621056 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.076647043 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.076675892 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.076683044 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.076705933 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.077035904 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.077060938 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.077085018 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.077095032 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.077122927 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.077353954 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.077372074 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.077406883 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.077418089 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.077430964 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.077666998 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.077688932 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.077723980 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.077733040 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.077754974 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.078485012 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.078505993 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.078545094 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.078557014 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.078579903 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.078670025 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.078695059 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.078722000 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.078728914 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.078752041 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.078957081 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.078975916 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.079010963 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.079032898 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.079046011 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.079277992 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.079301119 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.079333067 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.079340935 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.079361916 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.079927921 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.079951048 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.079982996 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.079989910 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.080018044 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.080404043 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.080425978 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.080465078 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.080472946 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.080506086 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.080696106 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.080714941 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.080743074 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.080750942 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.080775976 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.081197023 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.081219912 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.081255913 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.081264019 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.081283092 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.081681967 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.081701040 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.081729889 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.081739902 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.081759930 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.081909895 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.081931114 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.081962109 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.081969976 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.081999063 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.082602024 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.082619905 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.082667112 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.082675934 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.082705975 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.082937956 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.082961082 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.082992077 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.082998991 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.083030939 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.083811045 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.083828926 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.083858967 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.083868027 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.083899975 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.084062099 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.115288019 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.115308046 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.115360975 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.115370989 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.115401983 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.162971973 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.268016100 CEST	49739	443	192.168.2.4	142.250.101.99
Apr 24, 2024 15:36:38.268115997 CEST	443	49739	142.250.101.99	192.168.2.4
Apr 24, 2024 15:36:38.268197060 CEST	49739	443	192.168.2.4	142.250.101.99
Apr 24, 2024 15:36:38.268651962 CEST	49739	443	192.168.2.4	142.250.101.99
Apr 24, 2024 15:36:38.268686056 CEST	443	49739	142.250.101.99	192.168.2.4
Apr 24, 2024 15:36:38.278192043 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.278217077 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.278301954 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.278320074 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.278362036 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.280240059 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.280258894 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.280308008 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.280317068 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.280359983 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.280745029 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.280766010 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.280798912 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.280807018 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.280832052 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.280852079 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.281116009 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.281133890 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.281182051 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.281188965 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.281224966 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.284750938 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.284778118 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.284837008 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.284842968 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.284878016 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.284897089 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.285167933 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.285197020 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.285244942 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.285254002 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.285280943 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.285305977 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.285408020 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.285427094 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.285456896 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.285470963 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.285494089 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.285507917 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.285684109 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.285703897 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.285748005 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.285753965 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.285780907 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.285794020 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.286015034 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.286035061 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.286077023 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.286083937 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.286098957 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.286118984 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.286423922 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.286442041 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.286483049 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.286489964 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.286515951 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.286534071 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.286794901 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.286818981 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.286863089 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.286870003 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.286892891 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.286905050 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.286925077 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.287118912 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.287139893 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.287178040 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.287184954 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.287219048 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.287240982 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.287422895 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.287442923 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.287483931 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.287489891 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.287514925 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.287538052 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.287861109 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.287919044 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.288203001 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.288220882 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.288260937 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.288268089 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.288294077 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.288316965 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.288465023 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.288516998 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.288522959 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.288537979 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.288568020 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.288569927 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.288614035 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.290709972 CEST	49736	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.290725946 CEST	443	49736	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.638008118 CEST	443	49739	142.250.101.99	192.168.2.4
Apr 24, 2024 15:36:38.638279915 CEST	49739	443	192.168.2.4	142.250.101.99
Apr 24, 2024 15:36:38.638336897 CEST	443	49739	142.250.101.99	192.168.2.4
Apr 24, 2024 15:36:38.639909983 CEST	443	49739	142.250.101.99	192.168.2.4
Apr 24, 2024 15:36:38.639980078 CEST	49739	443	192.168.2.4	142.250.101.99
Apr 24, 2024 15:36:38.767642021 CEST	49740	443	192.168.2.4	23.3.84.131
Apr 24, 2024 15:36:38.767690897 CEST	443	49740	23.3.84.131	192.168.2.4
Apr 24, 2024 15:36:38.767808914 CEST	49740	443	192.168.2.4	23.3.84.131
Apr 24, 2024 15:36:38.781404972 CEST	49739	443	192.168.2.4	142.250.101.99
Apr 24, 2024 15:36:38.781667948 CEST	443	49739	142.250.101.99	192.168.2.4
Apr 24, 2024 15:36:38.823709011 CEST	49739	443	192.168.2.4	142.250.101.99
Apr 24, 2024 15:36:38.823741913 CEST	443	49739	142.250.101.99	192.168.2.4
Apr 24, 2024 15:36:38.841995001 CEST	49735	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.842961073 CEST	49741	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.843027115 CEST	443	49741	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.843115091 CEST	49741	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.843542099 CEST	49742	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.843559027 CEST	443	49742	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.843635082 CEST	49742	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.844304085 CEST	49741	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.844336987 CEST	443	49741	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.844666958 CEST	49743	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.844765902 CEST	443	49743	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.844835997 CEST	49743	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.845113039 CEST	49742	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.845130920 CEST	443	49742	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.845427990 CEST	49743	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:38.845474958 CEST	443	49743	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:38.847556114 CEST	49740	443	192.168.2.4	23.3.84.131
Apr 24, 2024 15:36:38.847568989 CEST	443	49740	23.3.84.131	192.168.2.4
Apr 24, 2024 15:36:38.867599010 CEST	49739	443	192.168.2.4	142.250.101.99
Apr 24, 2024 15:36:38.888117075 CEST	443	49735	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.057526112 CEST	443	49735	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.057914019 CEST	443	49735	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.057934999 CEST	443	49735	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.057990074 CEST	49735	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:39.058032990 CEST	443	49735	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.058060884 CEST	49735	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:39.058080912 CEST	443	49735	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.058258057 CEST	49735	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:39.111829996 CEST	49735	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:39.111862898 CEST	443	49735	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.141802073 CEST	49744	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:39.141863108 CEST	443	49744	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.141952991 CEST	49744	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:39.142657995 CEST	49744	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:39.142689943 CEST	443	49744	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.193641901 CEST	443	49740	23.3.84.131	192.168.2.4
Apr 24, 2024 15:36:39.193747044 CEST	49740	443	192.168.2.4	23.3.84.131
Apr 24, 2024 15:36:39.200937986 CEST	49740	443	192.168.2.4	23.3.84.131
Apr 24, 2024 15:36:39.200967073 CEST	443	49740	23.3.84.131	192.168.2.4
Apr 24, 2024 15:36:39.201394081 CEST	443	49740	23.3.84.131	192.168.2.4
Apr 24, 2024 15:36:39.241833925 CEST	49740	443	192.168.2.4	23.3.84.131
Apr 24, 2024 15:36:39.279838085 CEST	443	49741	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.280201912 CEST	49741	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:39.280245066 CEST	443	49741	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.281194925 CEST	443	49741	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.281414986 CEST	443	49743	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.281797886 CEST	49741	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:39.281914949 CEST	443	49742	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.281943083 CEST	443	49741	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.281968117 CEST	49741	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:39.282500982 CEST	49742	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:39.282546043 CEST	443	49742	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.282799006 CEST	49743	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:39.282828093 CEST	443	49743	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.283109903 CEST	443	49742	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.283747911 CEST	49742	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:39.283838987 CEST	443	49742	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.283957005 CEST	49742	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:39.284281969 CEST	443	49743	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.284358025 CEST	49743	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:39.284801960 CEST	49743	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:39.284883976 CEST	443	49743	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.285027027 CEST	49743	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:39.285043001 CEST	443	49743	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.307672977 CEST	49740	443	192.168.2.4	23.3.84.131
Apr 24, 2024 15:36:39.324141026 CEST	443	49742	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.328116894 CEST	443	49741	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.334741116 CEST	49741	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:39.334762096 CEST	49742	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:39.334764957 CEST	49743	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:39.348134995 CEST	443	49740	23.3.84.131	192.168.2.4
Apr 24, 2024 15:36:39.486582994 CEST	49745	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:39.486655951 CEST	443	49745	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.486795902 CEST	49745	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:39.487234116 CEST	49745	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:39.487267017 CEST	443	49745	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.518922091 CEST	443	49740	23.3.84.131	192.168.2.4
Apr 24, 2024 15:36:39.519021034 CEST	443	49740	23.3.84.131	192.168.2.4
Apr 24, 2024 15:36:39.519083023 CEST	49740	443	192.168.2.4	23.3.84.131
Apr 24, 2024 15:36:39.519359112 CEST	49740	443	192.168.2.4	23.3.84.131
Apr 24, 2024 15:36:39.519381046 CEST	443	49740	23.3.84.131	192.168.2.4
Apr 24, 2024 15:36:39.519417048 CEST	49740	443	192.168.2.4	23.3.84.131
Apr 24, 2024 15:36:39.519433022 CEST	443	49740	23.3.84.131	192.168.2.4
Apr 24, 2024 15:36:39.563668013 CEST	49746	443	192.168.2.4	23.3.84.131
Apr 24, 2024 15:36:39.563721895 CEST	443	49746	23.3.84.131	192.168.2.4
Apr 24, 2024 15:36:39.563983917 CEST	49746	443	192.168.2.4	23.3.84.131
Apr 24, 2024 15:36:39.564415932 CEST	49746	443	192.168.2.4	23.3.84.131
Apr 24, 2024 15:36:39.564443111 CEST	443	49746	23.3.84.131	192.168.2.4
Apr 24, 2024 15:36:39.572374105 CEST	443	49744	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.572647095 CEST	49744	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:39.572663069 CEST	443	49744	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.576368093 CEST	443	49744	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.576442003 CEST	49744	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:39.577299118 CEST	49744	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:39.577470064 CEST	443	49744	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.577631950 CEST	49744	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:39.577645063 CEST	443	49744	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.617522955 CEST	49744	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:39.737456083 CEST	443	49741	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.737824917 CEST	443	49741	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.737847090 CEST	443	49741	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.737864017 CEST	443	49741	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.737898111 CEST	443	49741	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.737919092 CEST	49741	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:39.737966061 CEST	443	49741	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.738002062 CEST	49741	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:39.738002062 CEST	49741	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:39.738035917 CEST	443	49741	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.739420891 CEST	443	49742	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.739511967 CEST	49741	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:39.739615917 CEST	443	49743	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.739886045 CEST	443	49742	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.739940882 CEST	49742	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:39.740124941 CEST	443	49743	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.740226984 CEST	49743	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:39.814039946 CEST	49743	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:39.814071894 CEST	443	49743	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.827167034 CEST	49742	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:39.827192068 CEST	443	49742	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.853898048 CEST	49741	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:39.853945017 CEST	443	49741	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.868702888 CEST	49747	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:39.868791103 CEST	443	49747	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.868863106 CEST	49747	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:39.870196104 CEST	49747	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:39.870232105 CEST	443	49747	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.892134905 CEST	443	49746	23.3.84.131	192.168.2.4
Apr 24, 2024 15:36:39.892226934 CEST	49746	443	192.168.2.4	23.3.84.131
Apr 24, 2024 15:36:39.893693924 CEST	49746	443	192.168.2.4	23.3.84.131
Apr 24, 2024 15:36:39.893717051 CEST	443	49746	23.3.84.131	192.168.2.4
Apr 24, 2024 15:36:39.893954039 CEST	443	49746	23.3.84.131	192.168.2.4
Apr 24, 2024 15:36:39.895159006 CEST	49746	443	192.168.2.4	23.3.84.131
Apr 24, 2024 15:36:39.911753893 CEST	443	49745	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.911967039 CEST	49745	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:39.911988020 CEST	443	49745	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.913460016 CEST	443	49745	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.913546085 CEST	49745	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:39.913908005 CEST	49745	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:39.913995981 CEST	443	49745	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.914027929 CEST	49745	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:39.936139107 CEST	443	49746	23.3.84.131	192.168.2.4
Apr 24, 2024 15:36:39.960118055 CEST	443	49745	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:39.966932058 CEST	49745	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:39.966948032 CEST	443	49745	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:40.015193939 CEST	49745	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:40.044413090 CEST	443	49744	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:40.097085953 CEST	49744	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:40.097127914 CEST	443	49744	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:40.144728899 CEST	49744	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:40.219146013 CEST	443	49746	23.3.84.131	192.168.2.4
Apr 24, 2024 15:36:40.219253063 CEST	443	49746	23.3.84.131	192.168.2.4
Apr 24, 2024 15:36:40.219311953 CEST	49746	443	192.168.2.4	23.3.84.131
Apr 24, 2024 15:36:40.220057964 CEST	49746	443	192.168.2.4	23.3.84.131
Apr 24, 2024 15:36:40.220094919 CEST	443	49746	23.3.84.131	192.168.2.4
Apr 24, 2024 15:36:40.220139027 CEST	49746	443	192.168.2.4	23.3.84.131
Apr 24, 2024 15:36:40.220155001 CEST	443	49746	23.3.84.131	192.168.2.4
Apr 24, 2024 15:36:40.254139900 CEST	443	49744	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:40.254167080 CEST	443	49744	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:40.254201889 CEST	443	49744	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:40.254215002 CEST	49744	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:40.254223108 CEST	443	49744	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:40.254240036 CEST	443	49744	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:40.254252911 CEST	49744	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:40.254276991 CEST	443	49744	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:40.254302979 CEST	49744	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:40.254302979 CEST	49744	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:40.254626989 CEST	443	49744	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:40.254667044 CEST	443	49744	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:40.254683971 CEST	443	49744	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:40.254688978 CEST	49744	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:40.254708052 CEST	443	49744	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:40.254731894 CEST	49744	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:40.254731894 CEST	49744	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:40.254756927 CEST	49744	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:40.254806042 CEST	443	49744	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:40.254906893 CEST	49744	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:40.254926920 CEST	443	49744	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:40.254946947 CEST	49744	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:40.299432039 CEST	443	49747	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:40.299683094 CEST	49747	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:40.299745083 CEST	443	49747	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:40.302978039 CEST	443	49747	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:40.303047895 CEST	49747	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:40.303381920 CEST	49747	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:40.303469896 CEST	443	49747	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:40.303548098 CEST	49747	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:40.303565979 CEST	443	49747	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:40.335628033 CEST	49749	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:40.335654974 CEST	443	49749	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:40.335745096 CEST	49749	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:40.338264942 CEST	49749	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:40.338279009 CEST	443	49749	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:40.346025944 CEST	49747	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:40.370095015 CEST	443	49745	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:40.370279074 CEST	443	49745	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:40.370289087 CEST	443	49745	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:40.370337009 CEST	49745	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:40.370351076 CEST	443	49745	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:40.370462894 CEST	49745	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:40.371604919 CEST	49745	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:40.371618986 CEST	443	49745	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:40.946304083 CEST	443	49747	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:40.946815014 CEST	443	49747	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:40.946837902 CEST	443	49747	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:40.946871042 CEST	443	49747	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:40.946887970 CEST	49747	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:40.946960926 CEST	443	49747	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:40.946999073 CEST	49747	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:40.947009087 CEST	443	49747	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:40.947104931 CEST	49747	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:40.953478098 CEST	443	49749	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:40.963016987 CEST	49749	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:40.963027000 CEST	443	49749	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:40.964330912 CEST	443	49749	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:40.964891911 CEST	49749	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:40.965060949 CEST	443	49749	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:40.965286016 CEST	49749	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:40.979322910 CEST	49747	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:40.979355097 CEST	443	49747	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:41.008120060 CEST	443	49749	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:41.371452093 CEST	443	49749	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:41.371640921 CEST	443	49749	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:41.371706963 CEST	49749	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:41.435933113 CEST	49749	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:41.435961008 CEST	443	49749	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:41.835736990 CEST	49750	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:41.835835934 CEST	443	49750	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:41.835923910 CEST	49750	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:41.836688995 CEST	49750	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:41.836725950 CEST	443	49750	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:42.266069889 CEST	443	49750	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:42.316431999 CEST	49750	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:42.332945108 CEST	49750	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:42.332974911 CEST	443	49750	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:42.334311962 CEST	443	49750	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:42.334641933 CEST	49750	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:42.334815979 CEST	49750	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:42.334821939 CEST	443	49750	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:42.376144886 CEST	443	49750	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:42.378961086 CEST	49750	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:42.724775076 CEST	443	49750	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:42.724935055 CEST	443	49750	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:42.724992037 CEST	49750	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:42.726227045 CEST	49750	443	192.168.2.4	64.31.43.186
Apr 24, 2024 15:36:42.726283073 CEST	443	49750	64.31.43.186	192.168.2.4
Apr 24, 2024 15:36:48.421789885 CEST	49672	443	192.168.2.4	173.222.162.32
Apr 24, 2024 15:36:48.421789885 CEST	49672	443	192.168.2.4	173.222.162.32
Apr 24, 2024 15:36:48.421883106 CEST	443	49672	173.222.162.32	192.168.2.4
Apr 24, 2024 15:36:48.421915054 CEST	443	49672	173.222.162.32	192.168.2.4
Apr 24, 2024 15:36:48.421947956 CEST	49672	443	192.168.2.4	173.222.162.32
Apr 24, 2024 15:36:48.421979904 CEST	443	49672	173.222.162.32	192.168.2.4
Apr 24, 2024 15:36:48.424185038 CEST	49751	443	192.168.2.4	173.222.162.32
Apr 24, 2024 15:36:48.424282074 CEST	443	49751	173.222.162.32	192.168.2.4
Apr 24, 2024 15:36:48.428447962 CEST	49751	443	192.168.2.4	173.222.162.32
Apr 24, 2024 15:36:48.428613901 CEST	49751	443	192.168.2.4	173.222.162.32
Apr 24, 2024 15:36:48.428652048 CEST	443	49751	173.222.162.32	192.168.2.4
Apr 24, 2024 15:36:48.635667086 CEST	443	49739	142.250.101.99	192.168.2.4
Apr 24, 2024 15:36:48.635724068 CEST	443	49739	142.250.101.99	192.168.2.4
Apr 24, 2024 15:36:48.635865927 CEST	49739	443	192.168.2.4	142.250.101.99
Apr 24, 2024 15:36:48.797122002 CEST	443	49751	173.222.162.32	192.168.2.4
Apr 24, 2024 15:36:48.797288895 CEST	49751	443	192.168.2.4	173.222.162.32
Apr 24, 2024 15:36:50.306783915 CEST	49739	443	192.168.2.4	142.250.101.99
Apr 24, 2024 15:36:50.306850910 CEST	443	49739	142.250.101.99	192.168.2.4
Apr 24, 2024 15:37:07.951108932 CEST	443	49751	173.222.162.32	192.168.2.4
Apr 24, 2024 15:37:07.951194048 CEST	49751	443	192.168.2.4	173.222.162.32
Apr 24, 2024 15:37:38.157974958 CEST	49760	443	192.168.2.4	142.250.101.99
Apr 24, 2024 15:37:38.158008099 CEST	443	49760	142.250.101.99	192.168.2.4
Apr 24, 2024 15:37:38.158062935 CEST	49760	443	192.168.2.4	142.250.101.99
Apr 24, 2024 15:37:38.158890009 CEST	49760	443	192.168.2.4	142.250.101.99
Apr 24, 2024 15:37:38.158902884 CEST	443	49760	142.250.101.99	192.168.2.4
Apr 24, 2024 15:37:38.536307096 CEST	443	49760	142.250.101.99	192.168.2.4
Apr 24, 2024 15:37:38.544660091 CEST	49760	443	192.168.2.4	142.250.101.99
Apr 24, 2024 15:37:38.544678926 CEST	443	49760	142.250.101.99	192.168.2.4
Apr 24, 2024 15:37:38.545017004 CEST	443	49760	142.250.101.99	192.168.2.4
Apr 24, 2024 15:37:38.548929930 CEST	49760	443	192.168.2.4	142.250.101.99
Apr 24, 2024 15:37:38.548995018 CEST	443	49760	142.250.101.99	192.168.2.4
Apr 24, 2024 15:37:38.601984024 CEST	49760	443	192.168.2.4	142.250.101.99
Apr 24, 2024 15:37:46.164088964 CEST	49723	80	192.168.2.4	199.232.210.172
Apr 24, 2024 15:37:46.164527893 CEST	49724	80	192.168.2.4	199.232.210.172
Apr 24, 2024 15:37:46.324079037 CEST	80	49724	199.232.210.172	192.168.2.4
Apr 24, 2024 15:37:46.324172020 CEST	80	49724	199.232.210.172	192.168.2.4
Apr 24, 2024 15:37:46.324208975 CEST	80	49723	199.232.210.172	192.168.2.4
Apr 24, 2024 15:37:46.324244022 CEST	80	49723	199.232.210.172	192.168.2.4
Apr 24, 2024 15:37:46.324290991 CEST	49723	80	192.168.2.4	199.232.210.172
Apr 24, 2024 15:37:46.324418068 CEST	49724	80	192.168.2.4	199.232.210.172
Apr 24, 2024 15:37:48.603301048 CEST	443	49760	142.250.101.99	192.168.2.4
Apr 24, 2024 15:37:48.603477001 CEST	443	49760	142.250.101.99	192.168.2.4
Apr 24, 2024 15:37:48.603557110 CEST	49760	443	192.168.2.4	142.250.101.99
Apr 24, 2024 15:37:50.306408882 CEST	49760	443	192.168.2.4	142.250.101.99
Apr 24, 2024 15:37:50.306437969 CEST	443	49760	142.250.101.99	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 24, 2024 15:36:34.289117098 CEST	53	55594	1.1.1.1	192.168.2.4
Apr 24, 2024 15:36:34.298623085 CEST	53	58188	1.1.1.1	192.168.2.4
Apr 24, 2024 15:36:35.354224920 CEST	53	52190	1.1.1.1	192.168.2.4
Apr 24, 2024 15:36:35.725907087 CEST	50051	53	192.168.2.4	1.1.1.1
Apr 24, 2024 15:36:35.726489067 CEST	56567	53	192.168.2.4	1.1.1.1
Apr 24, 2024 15:36:36.082214117 CEST	53	50051	1.1.1.1	192.168.2.4
Apr 24, 2024 15:36:36.082237005 CEST	53	56567	1.1.1.1	192.168.2.4
Apr 24, 2024 15:36:38.111892939 CEST	62069	53	192.168.2.4	1.1.1.1
Apr 24, 2024 15:36:38.112622023 CEST	54429	53	192.168.2.4	1.1.1.1
Apr 24, 2024 15:36:38.265711069 CEST	53	62069	1.1.1.1	192.168.2.4
Apr 24, 2024 15:36:38.266072035 CEST	53	54429	1.1.1.1	192.168.2.4
Apr 24, 2024 15:36:39.331203938 CEST	53596	53	192.168.2.4	1.1.1.1
Apr 24, 2024 15:36:39.331608057 CEST	61729	53	192.168.2.4	1.1.1.1
Apr 24, 2024 15:36:39.485284090 CEST	53	53596	1.1.1.1	192.168.2.4
Apr 24, 2024 15:36:39.485476971 CEST	53	61729	1.1.1.1	192.168.2.4
Apr 24, 2024 15:36:40.006417990 CEST	53	54697	1.1.1.1	192.168.2.4
Apr 24, 2024 15:36:53.459676981 CEST	53	62165	1.1.1.1	192.168.2.4
Apr 24, 2024 15:36:57.742539883 CEST	138	138	192.168.2.4	192.168.2.255
Apr 24, 2024 15:37:12.552583933 CEST	53	58285	1.1.1.1	192.168.2.4
Apr 24, 2024 15:37:33.946238995 CEST	53	49642	1.1.1.1	192.168.2.4
Apr 24, 2024 15:37:35.632985115 CEST	53	60945	1.1.1.1	192.168.2.4
Apr 24, 2024 15:38:01.569550037 CEST	53	51419	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 24, 2024 15:36:35.725907087 CEST	192.168.2.4	1.1.1.1	0x958e	Standard query (0)	hkgroup.com.pk	A (IP address)	IN (0x0001)	false
Apr 24, 2024 15:36:35.726489067 CEST	192.168.2.4	1.1.1.1	0x866f	Standard query (0)	hkgroup.com.pk	65	IN (0x0001)	false
Apr 24, 2024 15:36:38.111892939 CEST	192.168.2.4	1.1.1.1	0xcdeb	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 15:36:38.112622023 CEST	192.168.2.4	1.1.1.1	0xe00d	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 24, 2024 15:36:39.331203938 CEST	192.168.2.4	1.1.1.1	0x67b1	Standard query (0)	hkgroup.com.pk	A (IP address)	IN (0x0001)	false
Apr 24, 2024 15:36:39.331608057 CEST	192.168.2.4	1.1.1.1	0xb876	Standard query (0)	hkgroup.com.pk	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 24, 2024 15:36:36.082214117 CEST	1.1.1.1	192.168.2.4	0x958e	No error (0)	hkgroup.com.pk		64.31.43.186	A (IP address)	IN (0x0001)	false
Apr 24, 2024 15:36:38.265711069 CEST	1.1.1.1	192.168.2.4	0xcdeb	No error (0)	www.google.com		142.250.101.99	A (IP address)	IN (0x0001)	false
Apr 24, 2024 15:36:38.265711069 CEST	1.1.1.1	192.168.2.4	0xcdeb	No error (0)	www.google.com		142.250.101.104	A (IP address)	IN (0x0001)	false
Apr 24, 2024 15:36:38.265711069 CEST	1.1.1.1	192.168.2.4	0xcdeb	No error (0)	www.google.com		142.250.101.105	A (IP address)	IN (0x0001)	false
Apr 24, 2024 15:36:38.265711069 CEST	1.1.1.1	192.168.2.4	0xcdeb	No error (0)	www.google.com		142.250.101.103	A (IP address)	IN (0x0001)	false
Apr 24, 2024 15:36:38.265711069 CEST	1.1.1.1	192.168.2.4	0xcdeb	No error (0)	www.google.com		142.250.101.147	A (IP address)	IN (0x0001)	false
Apr 24, 2024 15:36:38.265711069 CEST	1.1.1.1	192.168.2.4	0xcdeb	No error (0)	www.google.com		142.250.101.106	A (IP address)	IN (0x0001)	false
Apr 24, 2024 15:36:38.266072035 CEST	1.1.1.1	192.168.2.4	0xe00d	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 24, 2024 15:36:39.485284090 CEST	1.1.1.1	192.168.2.4	0x67b1	No error (0)	hkgroup.com.pk		64.31.43.186	A (IP address)	IN (0x0001)	false
Apr 24, 2024 15:36:49.002206087 CEST	1.1.1.1	192.168.2.4	0xef85	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Apr 24, 2024 15:36:49.002206087 CEST	1.1.1.1	192.168.2.4	0xef85	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Apr 24, 2024 15:36:51.355026960 CEST	1.1.1.1	192.168.2.4	0x8ac2	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 15:36:51.355026960 CEST	1.1.1.1	192.168.2.4	0x8ac2	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 24, 2024 15:37:04.524899960 CEST	1.1.1.1	192.168.2.4	0xa5e4	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 15:37:04.524899960 CEST	1.1.1.1	192.168.2.4	0xa5e4	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 24, 2024 15:37:27.631217957 CEST	1.1.1.1	192.168.2.4	0xdcf4	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 15:37:27.631217957 CEST	1.1.1.1	192.168.2.4	0xdcf4	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 24, 2024 15:37:46.986711025 CEST	1.1.1.1	192.168.2.4	0xcc6d	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 15:37:46.986711025 CEST	1.1.1.1	192.168.2.4	0xcc6d	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

hkgroup.com.pk

https:

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49736	64.31.43.186	443	5052	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 13:36:36 UTC	701	OUT	GET /msul3o/?login=melissa.meng%40safrangroup.com HTTP/1.1 Host: hkgroup.com.pk Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 13:36:37 UTC	522	IN	HTTP/1.1 200 OK Connection: close set-cookie: PHPSESSID=ab863fc5c76aee3711ece59a60c9ce7d; path=/; secure expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache content-type: text/html; charset=UTF-8 transfer-encoding: chunked date: Wed, 24 Apr 2024 13:36:36 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-04-24 13:36:37 UTC	846	IN	Data Raw: 31 30 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 63 6c 61 73 73 3d 22 6d 61 69 6e 2d 61 70 70 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 38 3b 20 49 45 3d 45 44 47 45 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 Data Ascii: 10000<!DOCTYPE html><html lang="en" class="main-app"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=8; IE=EDGE"> <meta name="viewport" content="width=device-width, initial-scale=1"> <me
2024-04-24 13:36:37 UTC	14994	IN	Data Raw: 61 6e 74 7d 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 7d 2e 6d 61 69 6e 2d 61 70 70 20 62 6f 64 79 7b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 2e 66 6c 65 78 2d 72 6f 77 2d 63 65 6e 74 65 72 65 64 7b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 2d 6f 2d 62 6f 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 Data Ascii: ant}}body{margin:0}.main-app body{overflow:hidden}.flex-row-centered{display:-webkit-box;display:-moz-box;display:-webkit-flex;display:-ms-flexbox;display:box;display:flex;-webkit-box-align:center;-moz-box-align:center;-o-box-align:center;-ms-flex-align:c
2024-04-24 13:36:37 UTC	16384	IN	Data Raw: 69 6e 67 3a 2e 32 65 6d 20 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 2e 31 65 6d 7d 2e 6d 75 74 61 62 6c 65 20 2e 72 6f 77 20 2e 72 6f 77 2d 63 65 6c 6c 20 2e 63 6f 6c 6f 72 2d 6c 61 62 65 6c 73 20 2e 72 65 64 2d 64 61 72 6b 65 72 2c 2e 6d 75 74 61 62 6c 65 2d 63 6f 6c 6c 65 63 74 69 6f 6e 2d 74 6f 6f 6c 74 69 70 20 2e 63 6f 6c 6c 65 63 74 69 6f 6e 2d 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 63 6f 6c 6f 72 2d 6c 61 62 65 6c 73 20 2e 72 65 64 2d 64 61 72 6b 65 72 2c 2e 6d 75 74 61 62 6c 65 2d 63 6f 6c 75 6d 6e 2d 73 65 74 74 69 6e 67 73 20 2e 66 69 6c 74 65 72 2d 73 75 67 67 65 73 74 69 6f 6e 2d 76 61 6c 75 65 20 2e 63 6f 6c 6f 72 2d 6c 61 62 65 6c 73 20 2e 72 65 64 2d 64 61 72 6b 65 72 2c 74 64 20 2e 63 6f 6c 6f 72 2d 6c 61 62 65 6c 73 20 2e 72 65 64 2d 64 Data Ascii: ing:.2em .4em;margin:.1em}.mutable .row .row-cell .color-labels .red-darker,.mutable-collection-tooltip .collection-entry-content .color-labels .red-darker,.mutable-column-settings .filter-suggestion-value .color-labels .red-darker,td .color-labels .red-d
2024-04-24 13:36:37 UTC	16384	IN	Data Raw: 3a 6e 6f 6e 65 7d 66 2d 69 63 6f 6e 2e 66 74 6e 74 2d 67 63 70 2d 6f 2d 6e 6f 2d 62 6f 72 64 65 72 3a 62 65 66 6f 72 65 2c 73 76 67 2e 66 2d 69 63 6f 6e 2e 66 74 6e 74 2d 67 63 70 2d 6f 2d 6e 6f 2d 62 6f 72 64 65 72 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 27 5c 45 41 37 32 27 3b 6f 70 61 63 69 74 79 3a 31 3b 2d 6d 73 2d 66 69 6c 74 65 72 3a 6e 6f 6e 65 3b 66 69 6c 74 65 72 3a 6e 6f 6e 65 7d 66 2d 69 63 6f 6e 2e 66 74 6e 74 2d 67 63 70 2d 6f 3a 62 65 66 6f 72 65 2c 73 76 67 2e 66 2d 69 63 6f 6e 2e 66 74 6e 74 2d 67 63 70 2d 6f 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 27 5c 45 41 37 33 27 3b 6f 70 61 63 69 74 79 3a 31 3b 2d 6d 73 2d 66 69 6c 74 65 72 3a 6e 6f 6e 65 3b 66 69 6c 74 65 72 3a 6e 6f 6e 65 7d 66 2d 69 63 6f 6e 2e 66 74 6e 74 2d 67 Data Ascii: :none}f-icon.ftnt-gcp-o-no-border:before,svg.f-icon.ftnt-gcp-o-no-border:before{content:'\EA72';opacity:1;-ms-filter:none;filter:none}f-icon.ftnt-gcp-o:before,svg.f-icon.ftnt-gcp-o:before{content:'\EA73';opacity:1;-ms-filter:none;filter:none}f-icon.ftnt-g
2024-04-24 13:36:37 UTC	16384	IN	Data Raw: 66 69 6c 74 65 72 3a 6e 6f 6e 65 3b 66 69 6c 74 65 72 3a 6e 6f 6e 65 7d 66 2d 69 63 6f 6e 2e 66 61 2d 61 6e 67 6c 65 2d 64 6f 75 62 6c 65 2d 72 69 67 68 74 3a 62 65 66 6f 72 65 2c 73 76 67 2e 66 2d 69 63 6f 6e 2e 66 61 2d 61 6e 67 6c 65 2d 64 6f 75 62 6c 65 2d 72 69 67 68 74 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 27 5c 45 41 31 34 27 3b 6f 70 61 63 69 74 79 3a 31 3b 2d 6d 73 2d 66 69 6c 74 65 72 3a 6e 6f 6e 65 3b 66 69 6c 74 65 72 3a 6e 6f 6e 65 7d 66 2d 69 63 6f 6e 2e 66 61 2d 61 6e 67 6c 65 2d 64 6f 75 62 6c 65 2d 75 70 3a 62 65 66 6f 72 65 2c 73 76 67 2e 66 2d 69 63 6f 6e 2e 66 61 2d 61 6e 67 6c 65 2d 64 6f 75 62 6c 65 2d 75 70 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 27 5c 45 41 31 35 27 3b 6f 70 61 63 69 74 79 3a 31 3b 2d 6d 73 2d 66 Data Ascii: filter:none;filter:none}f-icon.fa-angle-double-right:before,svg.f-icon.fa-angle-double-right:before{content:'\EA14';opacity:1;-ms-filter:none;filter:none}f-icon.fa-angle-double-up:before,svg.f-icon.fa-angle-double-up:before{content:'\EA15';opacity:1;-ms-f
2024-04-24 13:36:37 UTC	553	IN	Data Raw: 6c 74 65 72 3a 6e 6f 6e 65 3b 66 69 6c 74 65 72 3a 6e 6f 6e 65 7d 66 2d 69 63 6f 6e 2e 66 61 2d 63 6f 6d 6d 65 6e 74 2d 6f 3a 62 65 66 6f 72 65 2c 73 76 67 2e 66 2d 69 63 6f 6e 2e 66 61 2d 63 6f 6d 6d 65 6e 74 2d 6f 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 27 5c 45 41 41 34 27 3b 6f 70 61 63 69 74 79 3a 31 3b 2d 6d 73 2d 66 69 6c 74 65 72 3a 6e 6f 6e 65 3b 66 69 6c 74 65 72 3a 6e 6f 6e 65 7d 66 2d 69 63 6f 6e 2e 66 61 2d 63 6f 6d 6d 65 6e 74 3a 62 65 66 6f 72 65 2c 73 76 67 2e 66 2d 69 63 6f 6e 2e 66 61 2d 63 6f 6d 6d 65 6e 74 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 27 5c 45 41 41 35 27 3b 6f 70 61 63 69 74 79 3a 31 3b 2d 6d 73 2d 66 69 6c 74 65 72 3a 6e 6f 6e 65 3b 66 69 6c 74 65 72 3a 6e 6f 6e 65 7d 66 2d 69 63 6f 6e 2e 66 61 2d 63 6f 6d Data Ascii: lter:none;filter:none}f-icon.fa-comment-o:before,svg.f-icon.fa-comment-o:before{content:'\EAA4';opacity:1;-ms-filter:none;filter:none}f-icon.fa-comment:before,svg.f-icon.fa-comment:before{content:'\EAA5';opacity:1;-ms-filter:none;filter:none}f-icon.fa-com
2024-04-24 13:36:37 UTC	1368	IN	Data Raw: 31 30 30 30 30 0d 0a 70 61 63 69 74 79 3a 31 3b 2d 6d 73 2d 66 69 6c 74 65 72 3a 6e 6f 6e 65 3b 66 69 6c 74 65 72 3a 6e 6f 6e 65 7d 66 2d 69 63 6f 6e 2e 66 61 2d 63 6f 6d 6d 65 6e 74 73 3a 62 65 66 6f 72 65 2c 73 76 67 2e 66 2d 69 63 6f 6e 2e 66 61 2d 63 6f 6d 6d 65 6e 74 73 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 27 5c 45 41 41 39 27 3b 6f 70 61 63 69 74 79 3a 31 3b 2d 6d 73 2d 66 69 6c 74 65 72 3a 6e 6f 6e 65 3b 66 69 6c 74 65 72 3a 6e 6f 6e 65 7d 66 2d 69 63 6f 6e 2e 66 61 2d 63 6f 6d 70 61 73 73 3a 62 65 66 6f 72 65 2c 73 76 67 2e 66 2d 69 63 6f 6e 2e 66 61 2d 63 6f 6d 70 61 73 73 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 27 5c 45 41 41 41 27 3b 6f 70 61 63 69 74 79 3a 31 3b 2d 6d 73 2d 66 69 6c 74 65 72 3a 6e 6f 6e 65 3b 66 69 6c 74 65 Data Ascii: 10000pacity:1;-ms-filter:none;filter:none}f-icon.fa-comments:before,svg.f-icon.fa-comments:before{content:'\EAA9';opacity:1;-ms-filter:none;filter:none}f-icon.fa-compass:before,svg.f-icon.fa-compass:before{content:'\EAAA';opacity:1;-ms-filter:none;filte
2024-04-24 13:36:37 UTC	14994	IN	Data Raw: 2d 6d 73 2d 66 69 6c 74 65 72 3a 6e 6f 6e 65 3b 66 69 6c 74 65 72 3a 6e 6f 6e 65 7d 66 2d 69 63 6f 6e 2e 66 61 2d 63 75 62 65 3a 62 65 66 6f 72 65 2c 73 76 67 2e 66 2d 69 63 6f 6e 2e 66 61 2d 63 75 62 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 27 5c 45 41 42 35 27 3b 6f 70 61 63 69 74 79 3a 31 3b 2d 6d 73 2d 66 69 6c 74 65 72 3a 6e 6f 6e 65 3b 66 69 6c 74 65 72 3a 6e 6f 6e 65 7d 66 2d 69 63 6f 6e 2e 66 61 2d 63 75 62 65 73 3a 62 65 66 6f 72 65 2c 73 76 67 2e 66 2d 69 63 6f 6e 2e 66 61 2d 63 75 62 65 73 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 27 5c 45 41 42 36 27 3b 6f 70 61 63 69 74 79 3a 31 3b 2d 6d 73 2d 66 69 6c 74 65 72 3a 6e 6f 6e 65 3b 66 69 6c 74 65 72 3a 6e 6f 6e 65 7d 66 2d 69 63 6f 6e 2e 66 61 2d 63 75 74 3a 62 65 66 6f 72 65 2c Data Ascii: -ms-filter:none;filter:none}f-icon.fa-cube:before,svg.f-icon.fa-cube:before{content:'\EAB5';opacity:1;-ms-filter:none;filter:none}f-icon.fa-cubes:before,svg.f-icon.fa-cubes:before{content:'\EAB6';opacity:1;-ms-filter:none;filter:none}f-icon.fa-cut:before,
2024-04-24 13:36:37 UTC	16384	IN	Data Raw: 6f 6e 65 7d 66 2d 69 63 6f 6e 2e 66 61 2d 68 61 6e 64 2d 70 65 61 63 65 2d 6f 3a 62 65 66 6f 72 65 2c 73 76 67 2e 66 2d 69 63 6f 6e 2e 66 61 2d 68 61 6e 64 2d 70 65 61 63 65 2d 6f 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 27 5c 45 42 33 42 27 3b 6f 70 61 63 69 74 79 3a 31 3b 2d 6d 73 2d 66 69 6c 74 65 72 3a 6e 6f 6e 65 3b 66 69 6c 74 65 72 3a 6e 6f 6e 65 7d 66 2d 69 63 6f 6e 2e 66 61 2d 68 61 6e 64 2d 70 6f 69 6e 74 65 72 2d 6f 3a 62 65 66 6f 72 65 2c 73 76 67 2e 66 2d 69 63 6f 6e 2e 66 61 2d 68 61 6e 64 2d 70 6f 69 6e 74 65 72 2d 6f 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 27 5c 45 42 33 43 27 3b 6f 70 61 63 69 74 79 3a 31 3b 2d 6d 73 2d 66 69 6c 74 65 72 3a 6e 6f 6e 65 3b 66 69 6c 74 65 72 3a 6e 6f 6e 65 7d 66 2d 69 63 6f 6e 2e 66 61 2d 68 Data Ascii: one}f-icon.fa-hand-peace-o:before,svg.f-icon.fa-hand-peace-o:before{content:'\EB3B';opacity:1;-ms-filter:none;filter:none}f-icon.fa-hand-pointer-o:before,svg.f-icon.fa-hand-pointer-o:before{content:'\EB3C';opacity:1;-ms-filter:none;filter:none}f-icon.fa-h
2024-04-24 13:36:37 UTC	16384	IN	Data Raw: 3a 6e 6f 6e 65 7d 66 2d 69 63 6f 6e 2e 66 61 2d 70 6c 75 73 2d 73 71 75 61 72 65 2d 6f 3a 62 65 66 6f 72 65 2c 73 76 67 2e 66 2d 69 63 6f 6e 2e 66 61 2d 70 6c 75 73 2d 73 71 75 61 72 65 2d 6f 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 27 5c 45 42 43 45 27 3b 6f 70 61 63 69 74 79 3a 31 3b 2d 6d 73 2d 66 69 6c 74 65 72 3a 6e 6f 6e 65 3b 66 69 6c 74 65 72 3a 6e 6f 6e 65 7d 66 2d 69 63 6f 6e 2e 66 61 2d 70 6c 75 73 2d 73 71 75 61 72 65 3a 62 65 66 6f 72 65 2c 73 76 67 2e 66 2d 69 63 6f 6e 2e 66 61 2d 70 6c 75 73 2d 73 71 75 61 72 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 27 5c 45 42 43 46 27 3b 6f 70 61 63 69 74 79 3a 31 3b 2d 6d 73 2d 66 69 6c 74 65 72 3a 6e 6f 6e 65 3b 66 69 6c 74 65 72 3a 6e 6f 6e 65 7d 66 2d 69 63 6f 6e 2e 66 61 2d 70 6c 75 Data Ascii: :none}f-icon.fa-plus-square-o:before,svg.f-icon.fa-plus-square-o:before{content:'\EBCE';opacity:1;-ms-filter:none;filter:none}f-icon.fa-plus-square:before,svg.f-icon.fa-plus-square:before{content:'\EBCF';opacity:1;-ms-filter:none;filter:none}f-icon.fa-plu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49735	64.31.43.186	443	5052	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 13:36:38 UTC	686	OUT	GET /msul3o/header.png HTTP/1.1 Host: hkgroup.com.pk Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://hkgroup.com.pk/msul3o/?login=melissa.meng%40safrangroup.com Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=ab863fc5c76aee3711ece59a60c9ce7d
2024-04-24 13:36:39 UTC	466	IN	HTTP/1.1 200 OK Connection: close cache-control: public, max-age=604800 expires: Wed, 01 May 2024 13:36:38 GMT content-type: image/png last-modified: Tue, 23 Apr 2024 18:19:07 GMT accept-ranges: bytes content-length: 5395 date: Wed, 24 Apr 2024 13:36:38 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-04-24 13:36:39 UTC	902	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 a9 00 00 00 45 08 06 00 00 00 69 3f 7f 17 00 00 00 04 73 42 49 54 08 08 08 08 7c 08 64 88 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 67 6e 6f 6d 65 2d 73 63 72 65 65 6e 73 68 6f 74 ef 03 bf 3e 00 00 00 30 69 54 58 74 43 72 65 61 74 69 6f 6e 20 54 69 6d 65 00 00 00 00 00 d0 90 d1 9e d1 82 20 32 33 20 d0 ba d1 80 d0 b0 20 32 30 32 34 20 31 39 3a 30 34 3a 34 30 0e 4e b3 13 00 00 14 69 49 44 41 54 78 9c ed dd 7d 74 d3 f5 bd 07 f0 77 93 34 49 d3 b4 49 68 48 5b a0 29 a5 8f 3c b4 05 84 a1 d2 21 0f a3 f7 aa 20 7a 71 0c f5 0e 64 3e ec 6e 97 ed ee a8 9c 31 3d ee 6c de e9 d9 39 9c ed ce c9 d9 dc ee 76 11 af e8 e6 ec 3c 77 43 d9 8a 76 ea 50 14 67 b1 50 44 20 a5 b4 50 9a 3e d0 a6 69 9a 26 69 d2 de 3f d2 Data Ascii: PNGIHDREi?sBIT\|dtEXtSoftwaregnome-screenshot>0iTXtCreation Time 23 2024 19:04:40NiIDATx}tw4IIhH[)<! zqd>n1=l9v<wCvPgPD P>i&i?
2024-04-24 13:36:39 UTC	4493	IN	Data Raw: 2c 0e 57 52 03 d4 50 7a ad 23 f8 dd e9 6e 9c ed 99 18 97 6d c4 95 c4 11 11 11 11 11 51 b4 e2 0e 52 87 7d 02 3e 99 24 75 ab 91 e4 92 89 22 ab 61 ce a4 12 11 11 11 cd 08 71 07 a9 76 d7 44 c0 27 13 c7 7d 9b 29 27 4f 9f 18 9b 9d 41 2a 11 11 11 d1 8c 20 c8 72 bf 6f 20 98 6a 7c 03 68 e6 a4 12 11 11 11 cd 0c 71 17 4e 0d fb b4 72 52 a4 c7 bf 05 6a 86 44 84 ef dc 58 80 87 6a 0a 82 b6 52 75 b8 c6 d0 70 b1 1f 7b ff da 82 b3 3d f1 ed 16 25 f7 49 45 18 66 4e 2a 11 11 11 d1 8c 90 50 75 bf 2f b1 28 0d ae d1 d8 5a 3c 2d cb cf c2 2b 77 2d c6 bc 30 5b aa 4a c5 69 f8 e7 d2 59 b8 51 af c2 3f 3d d7 84 c6 ab 83 31 8f 53 26 f1 9d 49 65 0b 2a 22 22 22 a2 99 20 fe e5 fe 80 a6 f8 72 49 6c b7 92 8a d3 50 77 f7 44 80 ea 1a 1d c3 47 1d 83 78 e7 92 09 ef 5c 32 e1 a3 8e 41 6f d0 9b 2d Data Ascii: ,WRPz#nmQR}>$u"aqvD'})'OA* ro j\|hqNrRjDXjRup{=%IEfNPu/(Z<-+w-0[JiYQ?=1S&Ie""" rIlPwDGx\2Ao-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49741	64.31.43.186	443	5052	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 13:36:39 UTC	683	OUT	GET /msul3o/frt.png HTTP/1.1 Host: hkgroup.com.pk Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://hkgroup.com.pk/msul3o/?login=melissa.meng%40safrangroup.com Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=ab863fc5c76aee3711ece59a60c9ce7d
2024-04-24 13:36:39 UTC	467	IN	HTTP/1.1 200 OK Connection: close cache-control: public, max-age=604800 expires: Wed, 01 May 2024 13:36:39 GMT content-type: image/png last-modified: Tue, 23 Apr 2024 18:19:05 GMT accept-ranges: bytes content-length: 11424 date: Wed, 24 Apr 2024 13:36:39 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-04-24 13:36:39 UTC	901	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 d4 00 00 00 dd 08 06 00 00 00 c3 d1 5c d0 00 00 00 04 73 42 49 54 08 08 08 08 7c 08 64 88 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 67 6e 6f 6d 65 2d 73 63 72 65 65 6e 73 68 6f 74 ef 03 bf 3e 00 00 00 30 69 54 58 74 43 72 65 61 74 69 6f 6e 20 54 69 6d 65 00 00 00 00 00 d0 90 d1 9e d1 82 20 32 33 20 d0 ba d1 80 d0 b0 20 32 30 32 34 20 31 38 3a 35 33 3a 33 39 cb 93 21 0d 00 00 20 00 49 44 41 54 78 9c ed 9d 79 78 53 55 fa c7 bf 59 9a b4 69 d2 7d 5f e8 42 5b ba 40 5b 4a d9 ca 56 14 14 45 64 d3 11 c1 85 45 41 d4 51 54 74 46 1d 15 fd e9 8c 3a a3 e2 e8 20 02 0a a3 0e 6e c8 a2 80 20 6b d9 a1 b4 14 28 6d e9 5e 4a 17 da b4 49 9b 36 fb f2 fb 23 b4 b4 a5 cb 4d 72 93 dc a4 e7 f3 3c 3e 08 dc e5 24 f4 7b Data Ascii: PNGIHDR\sBIT\|dtEXtSoftwaregnome-screenshot>0iTXtCreation Time 23 2024 18:53:39! IDATxyxSUYi}_B[@[JVEdEAQTtF: n k(m^JI6#Mr<>${
2024-04-24 13:36:39 UTC	10523	IN	Data Raw: d2 38 f3 6d 3c 57 83 d5 7b 4b f1 e4 e8 10 6c 98 17 6f 93 71 5a 02 11 94 03 f3 f5 f9 3a ac dc 59 84 c9 51 5e 38 b0 6c 24 46 86 88 00 00 7c 0e 0b 65 4d 0a 0c f3 17 e0 db 87 12 11 28 e4 81 cf 35 2e df 84 3c 0e 84 3c e6 2c a7 d8 2c 20 c2 cb b8 24 f4 15 b8 40 fc c6 64 14 8b e5 88 f5 73 03 80 ce 80 86 eb cd f1 2b 34 7a 7c 77 a1 1e f7 27 fa 21 50 c8 b3 cf a0 fb 81 2c f9 1c 88 35 07 2b f0 4b 7e 03 5e 9e 1c 81 c7 d2 82 70 ae ba 15 63 d7 9d 87 8f 1b 17 8d 6f 4c 06 9b 65 7c 4f 89 f3 13 80 c5 1a f8 7a 8e c2 d5 46 39 58 2c 20 ce 4f 80 4f 4f 56 63 d5 ee 12 04 09 79 b8 fe ea 04 70 d8 cc fa a0 24 ca c7 60 f6 14 35 e1 91 1f af a0 5e a6 06 00 d4 b4 aa 90 7f a3 1d 3f 5f be 01 00 18 1d e6 81 0d 73 e3 51 fa 72 46 67 c0 60 98 bf 73 89 09 30 7e a6 38 3f 01 00 a0 b4 49 01 00 78 Data Ascii: 8m<W{KloqZ:YQ^8l$F\|eM(5.<<,, $@ds+4z\|w'!P,5+K~^pcoLe\|OzF9X, OOOVcyp$`5^?_sQrFg`s0~8?Ix

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49742	64.31.43.186	443	5052	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 13:36:39 UTC	662	OUT	GET /sslvpn/js/login.js?q=e90a8f3ceec57386af119bfb1620ac2e HTTP/1.1 Host: hkgroup.com.pk Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://hkgroup.com.pk/msul3o/?login=melissa.meng%40safrangroup.com Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=ab863fc5c76aee3711ece59a60c9ce7d
2024-04-24 13:36:39 UTC	416	IN	HTTP/1.1 404 Not Found Connection: close cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache content-type: text/html content-length: 1251 date: Wed, 24 Apr 2024 13:36:39 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-04-24 13:36:39 UTC	952	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
2024-04-24 13:36:39 UTC	299	IN	Data Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20 Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49743	64.31.43.186	443	5052	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 13:36:39 UTC	632	OUT	GET /remote/fgt_lang?lang=en HTTP/1.1 Host: hkgroup.com.pk Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://hkgroup.com.pk/msul3o/?login=melissa.meng%40safrangroup.com Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=ab863fc5c76aee3711ece59a60c9ce7d
2024-04-24 13:36:39 UTC	416	IN	HTTP/1.1 404 Not Found Connection: close cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache content-type: text/html content-length: 1251 date: Wed, 24 Apr 2024 13:36:39 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-04-24 13:36:39 UTC	952	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
2024-04-24 13:36:39 UTC	299	IN	Data Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20 Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49740	23.3.84.131	443

Timestamp	Bytes transferred	Direction	Data
2024-04-24 13:36:39 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-24 13:36:39 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (sac/2518) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=235586 Date: Wed, 24 Apr 2024 13:36:39 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49744	64.31.43.186	443	5052	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 13:36:39 UTC	661	OUT	GET /msul3o/lato-regular.woff2 HTTP/1.1 Host: hkgroup.com.pk Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://hkgroup.com.pk sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://hkgroup.com.pk/msul3o/?login=melissa.meng%40safrangroup.com Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=ab863fc5c76aee3711ece59a60c9ce7d
2024-04-24 13:36:40 UTC	468	IN	HTTP/1.1 200 OK Connection: close cache-control: public, max-age=604800 expires: Wed, 01 May 2024 13:36:39 GMT content-type: font/woff2 last-modified: Tue, 23 Apr 2024 18:19:01 GMT accept-ranges: bytes content-length: 27892 date: Wed, 24 Apr 2024 13:36:39 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-04-24 13:36:40 UTC	900	IN	Data Raw: 77 4f 46 32 00 01 00 00 00 00 6c f4 00 11 00 00 00 01 61 20 00 00 6c 92 00 01 1a a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1b a7 60 1c 70 06 60 00 81 64 08 2e 09 8d 65 11 0c 0a 83 a6 54 83 8a 03 01 36 02 24 03 87 4e 13 81 ca 10 0b 83 70 00 04 20 05 82 78 07 85 65 0c 4b 5b b5 4f b1 98 f8 df dc 3b bf 83 82 36 17 35 07 0d 41 6e 23 80 47 bd 39 23 7a 22 cf 03 ca b6 5d a9 20 9d 37 c9 79 b2 15 8d b6 62 ba b9 13 e4 6e 55 c0 4b c4 b0 d9 ff ff ff ff ff ff ff ff ff ff ff ff ff ff dd 24 27 d2 30 92 16 6a 37 53 7b 99 9a 91 27 c8 49 59 c9 4b 28 29 55 d9 d4 d0 f5 a0 a0 17 7d 05 d9 94 7e 33 30 d0 8b 2a d3 4c 75 12 06 dd a1 61 8c 38 29 c5 92 50 92 db bc 3c 8a 31 8c db 31 4d 40 36 5b 59 f9 03 28 c8 c8 de 64 9c 32 d2 9c a9 dc e3 f6 c8 2d 1a a8 ee 74 b4 Data Ascii: wOF2la l`p`d.eT6$Np xeK[O;65An#G9#z"] 7ybnUK$'0j7S{'IYK()U}~30*Lua8)P<11M@6[Y(d2-t
2024-04-24 13:36:40 UTC	14994	IN	Data Raw: 66 86 12 94 f9 ef 0f 10 00 05 f0 1f 39 53 3a 4b eb 6e 5f 2f f2 5a b0 02 32 20 4a b2 65 84 03 52 18 da 14 ed 4d 9a 26 d3 bb 4c 51 e5 ab 36 f0 ff cd d7 8c 45 67 67 b6 b8 cc 1b 57 3b e0 94 70 42 ca d5 aa fb 38 f2 95 ba 82 ae 3a 68 ed 7f 53 07 49 36 57 c1 56 3f 96 ff 86 d9 f6 52 56 4b dd c0 bb 40 0c 6d c5 00 b1 b5 7b 71 de a4 72 69 ea c0 c6 d8 18 d7 94 54 cc 51 49 b2 93 02 0d 52 d7 69 16 88 0f 5f f7 c2 b8 d1 e9 1c b6 25 0b f2 d6 df 99 3f 18 6a cb a1 ce 4a a6 24 3b 8a 03 45 77 ff df 01 17 cd dd 57 44 32 24 de db 10 f8 09 ec 4c 23 b5 56 1b f0 c6 4b 90 63 a8 1e 31 d0 80 00 08 06 a1 61 5b ff cd 10 82 21 34 01 8a 5c d4 79 fd cb fc 35 19 96 0a 9a e4 a0 c6 78 e7 8c eb d1 b5 82 d7 4e 82 87 ff c3 7d 63 d2 58 40 63 1f 6f 83 24 92 66 b7 c9 6d cd 9e 45 1e 68 a0 f5 c7 fd Data Ascii: f9S:Kn_/Z2 JeRM&LQ6EggW;pB8:hSI6WV?RVK@m{qriTQIRi_%?jJ$;EwWD2$L#VKc1a[!4\y5xN}cX@co$fmEh
2024-04-24 13:36:40 UTC	11998	IN	Data Raw: cb 09 67 fa f7 70 ae 3b f6 c7 dd 3c 78 81 65 e4 8e 0b 3a cf c0 85 bf 2c d0 71 9b 42 c4 e5 40 a6 de 9a a5 e7 38 1d 21 ed d3 c3 6b 37 37 d0 43 37 dd ec 82 22 29 c5 c6 f4 39 ea a7 19 bd e3 21 39 b6 8c 22 9e c5 71 15 29 45 61 ed ae 43 a2 5f 88 f4 d7 79 bd 74 ac f6 69 bb 59 2d da 3a 89 2c c3 41 c9 c6 67 51 86 83 c6 21 95 a6 9d 7a bc 4c 9a 49 c3 57 7a 7e f9 34 65 4d 92 b9 66 17 0b a7 6b 74 b7 c8 3a 0d 22 85 8a 72 dd 4a d5 25 a5 df be bd 75 22 5c 05 53 6d 10 ad 59 d2 7e 59 07 b1 9d c2 0e 84 5c b6 0f e4 b6 36 73 3b 68 b7 da f3 ed d2 3d 4b 39 d5 94 45 8f ae 1f 98 44 1c a0 1c 5b ab ab f5 b3 42 24 bf 4c 4a eb 59 5f 97 b6 d9 9a cf f2 5f 48 0e 7e ba e3 0f 24 fb 95 98 fe 3d cf 75 29 9f dd 77 64 3e b6 f6 03 33 48 19 00 11 b7 70 0f 51 82 08 51 f3 55 ef f4 d8 81 b4 ba 68 Data Ascii: gp;<xe:,qB@8!k77C7")9!9"q)EaC_ytiY-:,AgQ!zLIWz~4eMfkt:"rJ%u"\SmY~Y\6s;h=K9ED[B$LJY__H~$=u)wd>3HpQQUh

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49746	23.3.84.131	443

Timestamp	Bytes transferred	Direction	Data
2024-04-24 13:36:39 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-24 13:36:40 UTC	531	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0Fz4RYwAAAACZW8dCTzveR7lI76J6Z2l5U0pDRURHRTA1MTgAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=235572 Date: Wed, 24 Apr 2024 13:36:40 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-24 13:36:40 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49745	64.31.43.186	443	5052	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 13:36:39 UTC	407	OUT	GET /msul3o/header.png HTTP/1.1 Host: hkgroup.com.pk Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=ab863fc5c76aee3711ece59a60c9ce7d
2024-04-24 13:36:40 UTC	466	IN	HTTP/1.1 200 OK Connection: close cache-control: public, max-age=604800 expires: Wed, 01 May 2024 13:36:40 GMT content-type: image/png last-modified: Tue, 23 Apr 2024 18:19:07 GMT accept-ranges: bytes content-length: 5395 date: Wed, 24 Apr 2024 13:36:40 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-04-24 13:36:40 UTC	902	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 a9 00 00 00 45 08 06 00 00 00 69 3f 7f 17 00 00 00 04 73 42 49 54 08 08 08 08 7c 08 64 88 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 67 6e 6f 6d 65 2d 73 63 72 65 65 6e 73 68 6f 74 ef 03 bf 3e 00 00 00 30 69 54 58 74 43 72 65 61 74 69 6f 6e 20 54 69 6d 65 00 00 00 00 00 d0 90 d1 9e d1 82 20 32 33 20 d0 ba d1 80 d0 b0 20 32 30 32 34 20 31 39 3a 30 34 3a 34 30 0e 4e b3 13 00 00 14 69 49 44 41 54 78 9c ed dd 7d 74 d3 f5 bd 07 f0 77 93 34 49 d3 b4 49 68 48 5b a0 29 a5 8f 3c b4 05 84 a1 d2 21 0f a3 f7 aa 20 7a 71 0c f5 0e 64 3e ec 6e 97 ed ee a8 9c 31 3d ee 6c de e9 d9 39 9c ed ce c9 d9 dc ee 76 11 af e8 e6 ec 3c 77 43 d9 8a 76 ea 50 14 67 b1 50 44 20 a5 b4 50 9a 3e d0 a6 69 9a 26 69 d2 de 3f d2 Data Ascii: PNGIHDREi?sBIT\|dtEXtSoftwaregnome-screenshot>0iTXtCreation Time 23 2024 19:04:40NiIDATx}tw4IIhH[)<! zqd>n1=l9v<wCvPgPD P>i&i?
2024-04-24 13:36:40 UTC	4493	IN	Data Raw: 2c 0e 57 52 03 d4 50 7a ad 23 f8 dd e9 6e 9c ed 99 18 97 6d c4 95 c4 11 11 11 11 11 51 b4 e2 0e 52 87 7d 02 3e 99 24 75 ab 91 e4 92 89 22 ab 61 ce a4 12 11 11 11 cd 08 71 07 a9 76 d7 44 c0 27 13 c7 7d 9b 29 27 4f 9f 18 9b 9d 41 2a 11 11 11 d1 8c 20 c8 72 bf 6f 20 98 6a 7c 03 68 e6 a4 12 11 11 11 cd 0c 71 17 4e 0d fb b4 72 52 a4 c7 bf 05 6a 86 44 84 ef dc 58 80 87 6a 0a 82 b6 52 75 b8 c6 d0 70 b1 1f 7b ff da 82 b3 3d f1 ed 16 25 f7 49 45 18 66 4e 2a 11 11 11 d1 8c 90 50 75 bf 2f b1 28 0d ae d1 d8 5a 3c 2d cb cf c2 2b 77 2d c6 bc 30 5b aa 4a c5 69 f8 e7 d2 59 b8 51 af c2 3f 3d d7 84 c6 ab 83 31 8f 53 26 f1 9d 49 65 0b 2a 22 22 22 a2 99 20 fe e5 fe 80 a6 f8 72 49 6c b7 92 8a d3 50 77 f7 44 80 ea 1a 1d c3 47 1d 83 78 e7 92 09 ef 5c 32 e1 a3 8e 41 6f d0 9b 2d Data Ascii: ,WRPz#nmQR}>$u"aqvD'})'OA* ro j\|hqNrRjDXjRup{=%IEfNPu/(Z<-+w-0[JiYQ?=1S&Ie""" rIlPwDGx\2Ao-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49747	64.31.43.186	443	5052	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 13:36:40 UTC	404	OUT	GET /msul3o/frt.png HTTP/1.1 Host: hkgroup.com.pk Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=ab863fc5c76aee3711ece59a60c9ce7d
2024-04-24 13:36:40 UTC	467	IN	HTTP/1.1 200 OK Connection: close cache-control: public, max-age=604800 expires: Wed, 01 May 2024 13:36:40 GMT content-type: image/png last-modified: Tue, 23 Apr 2024 18:19:05 GMT accept-ranges: bytes content-length: 11424 date: Wed, 24 Apr 2024 13:36:40 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-04-24 13:36:40 UTC	901	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 d4 00 00 00 dd 08 06 00 00 00 c3 d1 5c d0 00 00 00 04 73 42 49 54 08 08 08 08 7c 08 64 88 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 67 6e 6f 6d 65 2d 73 63 72 65 65 6e 73 68 6f 74 ef 03 bf 3e 00 00 00 30 69 54 58 74 43 72 65 61 74 69 6f 6e 20 54 69 6d 65 00 00 00 00 00 d0 90 d1 9e d1 82 20 32 33 20 d0 ba d1 80 d0 b0 20 32 30 32 34 20 31 38 3a 35 33 3a 33 39 cb 93 21 0d 00 00 20 00 49 44 41 54 78 9c ed 9d 79 78 53 55 fa c7 bf 59 9a b4 69 d2 7d 5f e8 42 5b ba 40 5b 4a d9 ca 56 14 14 45 64 d3 11 c1 85 45 41 d4 51 54 74 46 1d 15 fd e9 8c 3a a3 e2 e8 20 02 0a a3 0e 6e c8 a2 80 20 6b d9 a1 b4 14 28 6d e9 5e 4a 17 da b4 49 9b 36 fb f2 fb 23 b4 b4 a5 cb 4d 72 93 dc a4 e7 f3 3c 3e 08 dc e5 24 f4 7b Data Ascii: PNGIHDR\sBIT\|dtEXtSoftwaregnome-screenshot>0iTXtCreation Time 23 2024 18:53:39! IDATxyxSUYi}_B[@[JVEdEAQTtF: n k(m^JI6#Mr<>${
2024-04-24 13:36:40 UTC	10523	IN	Data Raw: d2 38 f3 6d 3c 57 83 d5 7b 4b f1 e4 e8 10 6c 98 17 6f 93 71 5a 02 11 94 03 f3 f5 f9 3a ac dc 59 84 c9 51 5e 38 b0 6c 24 46 86 88 00 00 7c 0e 0b 65 4d 0a 0c f3 17 e0 db 87 12 11 28 e4 81 cf 35 2e df 84 3c 0e 84 3c e6 2c a7 d8 2c 20 c2 cb b8 24 f4 15 b8 40 fc c6 64 14 8b e5 88 f5 73 03 80 ce 80 86 eb cd f1 2b 34 7a 7c 77 a1 1e f7 27 fa 21 50 c8 b3 cf a0 fb 81 2c f9 1c 88 35 07 2b f0 4b 7e 03 5e 9e 1c 81 c7 d2 82 70 ae ba 15 63 d7 9d 87 8f 1b 17 8d 6f 4c 06 9b 65 7c 4f 89 f3 13 80 c5 1a f8 7a 8e c2 d5 46 39 58 2c 20 ce 4f 80 4f 4f 56 63 d5 ee 12 04 09 79 b8 fe ea 04 70 d8 cc fa a0 24 ca c7 60 f6 14 35 e1 91 1f af a0 5e a6 06 00 d4 b4 aa 90 7f a3 1d 3f 5f be 01 00 18 1d e6 81 0d 73 e3 51 fa 72 46 67 c0 60 98 bf 73 89 09 30 7e a6 38 3f 01 00 a0 b4 49 01 00 78 Data Ascii: 8m<W{KloqZ:YQ^8l$F\|eM(5.<<,, $@ds+4z\|w'!P,5+K~^pcoLe\|OzF9X, OOOVcyp$`5^?_sQrFg`s0~8?Ix

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49749	64.31.43.186	443	5052	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 13:36:40 UTC	684	OUT	GET /msul3o/icon.png HTTP/1.1 Host: hkgroup.com.pk Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://hkgroup.com.pk/msul3o/?login=melissa.meng%40safrangroup.com Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=ab863fc5c76aee3711ece59a60c9ce7d
2024-04-24 13:36:41 UTC	465	IN	HTTP/1.1 200 OK Connection: close cache-control: public, max-age=604800 expires: Wed, 01 May 2024 13:36:41 GMT content-type: image/png last-modified: Tue, 23 Apr 2024 18:19:02 GMT accept-ranges: bytes content-length: 639 date: Wed, 24 Apr 2024 13:36:41 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-04-24 13:36:41 UTC	639	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 03 00 00 00 44 a4 8a c6 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 87 50 4c 54 45 4c 69 71 d5 32 22 d5 32 22 d5 32 22 d5 32 22 d5 32 22 d5 32 22 d5 32 22 d5 32 22 d5 32 22 d5 32 22 d5 32 22 d5 32 22 d5 2f 1f d5 33 23 f5 f6 f6 f6 f9 fa e7 9c 95 f3 eb ea d6 36 27 ec bb b7 f6 f8 f8 dc 5b 4f d8 42 34 ef ce cb f6 fb fb d9 4d 40 d5 31 21 f2 e4 e2 d9 4c 3e e3 84 7b d6 3c 2c f1 e1 df e0 71 67 de 68 5e e2 7e 75 f0 d6 d4 ec bd b9 e4 8f 88 d6 3a 2c e9 ac a7 ec bc b8 db 56 4a dc 5c 4f f4 ee ee ea e2 1e e1 00 00 00 0c 74 52 4e 53 00 6a 88 a7 f9 1c d9 0d bb f0 a2 56 d4 88 90 a6 00 00 01 1b 49 44 41 54 38 cb 8d 53 e9 d2 83 20 0c 44 6b 45 5b 10 Data Ascii: PNGIHDR DgAMAasRGBPLTELiq2"2"2"2"2"2"2"2"2"2"2"2"/3#6'[OB4M@1!L>{<,qgh^~u:,VJ\OtRNSjVIDAT8S DkE[

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49750	64.31.43.186	443	5052	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 13:36:42 UTC	405	OUT	GET /msul3o/icon.png HTTP/1.1 Host: hkgroup.com.pk Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=ab863fc5c76aee3711ece59a60c9ce7d
2024-04-24 13:36:42 UTC	465	IN	HTTP/1.1 200 OK Connection: close cache-control: public, max-age=604800 expires: Wed, 01 May 2024 13:36:42 GMT content-type: image/png last-modified: Tue, 23 Apr 2024 18:19:02 GMT accept-ranges: bytes content-length: 639 date: Wed, 24 Apr 2024 13:36:42 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-04-24 13:36:42 UTC	639	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 03 00 00 00 44 a4 8a c6 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 87 50 4c 54 45 4c 69 71 d5 32 22 d5 32 22 d5 32 22 d5 32 22 d5 32 22 d5 32 22 d5 32 22 d5 32 22 d5 32 22 d5 32 22 d5 32 22 d5 32 22 d5 2f 1f d5 33 23 f5 f6 f6 f6 f9 fa e7 9c 95 f3 eb ea d6 36 27 ec bb b7 f6 f8 f8 dc 5b 4f d8 42 34 ef ce cb f6 fb fb d9 4d 40 d5 31 21 f2 e4 e2 d9 4c 3e e3 84 7b d6 3c 2c f1 e1 df e0 71 67 de 68 5e e2 7e 75 f0 d6 d4 ec bd b9 e4 8f 88 d6 3a 2c e9 ac a7 ec bc b8 db 56 4a dc 5c 4f f4 ee ee ea e2 1e e1 00 00 00 0c 74 52 4e 53 00 6a 88 a7 f9 1c d9 0d bb f0 a2 56 d4 88 90 a6 00 00 01 1b 49 44 41 54 38 cb 8d 53 e9 d2 83 20 0c 44 6b 45 5b 10 Data Ascii: PNGIHDR DgAMAasRGBPLTELiq2"2"2"2"2"2"2"2"2"2"2"2"/3#6'[OB4M@1!L>{<,qgh^~u:,VJ\OtRNSjVIDAT8S DkE[

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 5552, Parent PID: 3720

General

Target ID:	0
Start time:	15:36:29
Start date:	24/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 5052, Parent PID: 5552

General

Target ID:	2
Start time:	15:36:32
Start date:	24/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2572 --field-trial-handle=2212,i,7302645180456654908,8517556159455942905,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6392, Parent PID: 3720

General

Target ID:	3
Start time:	15:36:34
Start date:	24/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://hkgroup.com.pk/msul3o/?login=melissa.meng%40safrangroup.com"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://hkgroup.com.pk/msul3o/?login=melissa.meng%40safrangroup.com

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 42

Chrome Cache Entry: 43

Chrome Cache Entry: 44

Chrome Cache Entry: 45

Chrome Cache Entry: 46

Chrome Cache Entry: 47

Chrome Cache Entry: 48

Chrome Cache Entry: 49

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5552, Parent PID: 3720

General

Chronological Activities

Analysis Process: chrome.exePID: 5052, Parent PID: 5552

General

Chronological Activities

Analysis Process: chrome.exePID: 6392, Parent PID: 3720

General

Windows Analysis Report
https://hkgroup.com.pk/msul3o/?login=melissa.meng%40safrangroup.com