Edit tour

Windows Analysis Report
https://lx-cancer-star-mail.qiye.163.com/api/j/re?c=https%3A%2F%2Flx-virgo-star-mail.qiye.163.com%2Funsubscribe_en.html%3Fhost%3Dlx-virgo-star-mail.qiye.163.com%26sign%3DV2.ajzqPKmIuPSUtjI49cnckmTYmpRUMxctJi1hQWQQ4r48hQ4SYIdCZ53u_UJD9Kwudt4_TGR-q8QGlNW2lifYow30Lmqfrm9BtpqSiq7XoI_i4CfXEdDCXLiubh9D0QG

Overview

General Information

Sample URL:	https://lx-cancer-star-mail.qiye.163.com/api/j/re?c=https%3A%2F%2Flx-virgo-star-mail.qiye.163.com%2Funsubscribe_en.html%3Fhost%3Dlx-virgo-star-mail.qiye.163.com%26sign%3DV2.ajzqPKmIuPSUtjI49cnckmTYmpR
Analysis ID:	1544795
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Stores files to the Windows start menu directory

URL contains potential PII (phishing indication)

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6088 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 2800 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1912,i,17293050707104362883,3219657520128468775,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 6672 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://lx-cancer-star-mail.qiye.163.com/api/j/re?c=https%3A%2F%2Flx-virgo-star-mail.qiye.163.com%2Funsubscribe_en.html%3Fhost%3Dlx-virgo-star-mail.qiye.163.com%26sign%3DV2.ajzqPKmIuPSUtjI49cnckmTYmpRUMxctJi1hQWQQ4r48hQ4SYIdCZ53u_UJD9Kwudt4_TGR-q8QGlNW2lifYow30Lmqfrm9BtpqSiq7XoI_i4CfXEdDCXLiubh9D0QGWClQ_SIVh_Vc9mJbQ0YXk8sjzfFvPZxfrLiol5Ij2fJA%26from%3Dfelix@mexxwin.com" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://lx-cancer-star-mail.qiye.163.com/api/j/re?c=https%3A%2F%2Flx-virgo-star-mail.qiye.163.com%2Funsubscribe_en.html%3Fhost%3Dlx-virgo-star-mail.qiye.163.com%26sign%3DV2.ajzqPKmIuPSUtjI49cnckmTYmpRUMxctJi1hQWQQ4r48hQ4SYIdCZ53u_UJD9Kwudt4_TGR-q8QGlNW2lifYow30Lmqfrm9BtpqSiq7XoI_i4CfXEdDCXLiubh9D0QGWClQ_SIVh_Vc9mJbQ0YXk8sjzfFvPZxfrLiol5Ij2fJA%26from%3Dfelix@mexxwin.com

Sample URL: PII: https%3A%2F%2Flx-virgo-star-mail.qiye.163.com%2Funsubscribe_en.html%3Fhost%3Dlx-virgo-star-mail.qiye.163.com%26sign%3DV2.ajzqPKmIuPSUtjI49cnckmTYmpRUMxctJi1hQWQQ4r48hQ4SYIdCZ53u_UJD9Kwudt4_TGR-q8QGlNW2lifYow30Lmqfrm9BtpqSiq7XoI_i4CfXEdDCXLiubh9D0QGWClQ_SIVh_Vc9mJbQ0YXk8sjzfFvPZxfrLiol5Ij2fJA%26from%3Dfelix@mexxwin.com

Source: https://lx-virgo-star-mail.qiye.163.com/unsubscribe_en.html?host=lx-virgo-star-mail.qiye.163.com&sign=V2.ajzqPKmIuPSUtjI49cnckmTYmpRUMxctJi1hQWQQ4r48hQ4SYIdCZ53u_UJD9Kwudt4_TGR-q8QGlNW2lifYow30Lmqfrm9BtpqSiq7XoI_i4CfXEdDCXLiubh9D0QGWClQ_SIVh_Vc9mJbQ0YXk8sjzfFvPZxfrLiol5Ij2fJA&from=felix@mexxwin.com&origin=https%3A%2F%2Flx-virgo-star-mail.qiye.163.com%2Funsubscribe_en.html%3Fhost%3Dlx-virgo-star-mail.qiye.163.com%26sign%3DV2.ajzqPKmIuPSUtjI49cnckmTYmpRUMxctJi1hQWQQ4r48hQ4SYIdCZ53u_UJD9Kwudt4_TGR-q8QGlNW2lifYow30Lmqfrm9BtpqSiq7XoI_i4CfXEdDCXLiubh9D0QGWClQ_SIVh_Vc9mJbQ0YXk8sjzfFvPZxfrLiol5Ij2fJA%26from%3Dfelix%40mexxwin.com	HTTP Parser: No favicon
Source: https://lx-virgo-star-mail.qiye.163.com/unsubscribe_en.html?host=lx-virgo-star-mail.qiye.163.com&sign=V2.ajzqPKmIuPSUtjI49cnckmTYmpRUMxctJi1hQWQQ4r48hQ4SYIdCZ53u_UJD9Kwudt4_TGR-q8QGlNW2lifYow30Lmqfrm9BtpqSiq7XoI_i4CfXEdDCXLiubh9D0QGWClQ_SIVh_Vc9mJbQ0YXk8sjzfFvPZxfrLiol5Ij2fJA&from=felix@mexxwin.com&origin=https%3A%2F%2Flx-virgo-star-mail.qiye.163.com%2Funsubscribe_en.html%3Fhost%3Dlx-virgo-star-mail.qiye.163.com%26sign%3DV2.ajzqPKmIuPSUtjI49cnckmTYmpRUMxctJi1hQWQQ4r48hQ4SYIdCZ53u_UJD9Kwudt4_TGR-q8QGlNW2lifYow30Lmqfrm9BtpqSiq7XoI_i4CfXEdDCXLiubh9D0QGWClQ_SIVh_Vc9mJbQ0YXk8sjzfFvPZxfrLiol5Ij2fJA%26from%3Dfelix%40mexxwin.com	HTTP Parser: No favicon

Source: unknown

HTTPS traffic detected: 23.206.229.209:443 -> 192.168.2.9:49725 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.9:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.9:49722 version: TLS 1.2

Source: unknown

HTTPS traffic detected: 23.206.229.209:443 -> 192.168.2.9:49725 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45

Source: global traffic	HTTP traffic detected: GET /api/j/re?c=https%3A%2F%2Flx-virgo-star-mail.qiye.163.com%2Funsubscribe_en.html%3Fhost%3Dlx-virgo-star-mail.qiye.163.com%26sign%3DV2.ajzqPKmIuPSUtjI49cnckmTYmpRUMxctJi1hQWQQ4r48hQ4SYIdCZ53u_UJD9Kwudt4_TGR-q8QGlNW2lifYow30Lmqfrm9BtpqSiq7XoI_i4CfXEdDCXLiubh9D0QGWClQ_SIVh_Vc9mJbQ0YXk8sjzfFvPZxfrLiol5Ij2fJA%26from%3Dfelix@mexxwin.com HTTP/1.1Host: lx-cancer-star-mail.qiye.163.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /unsubscribe_en.html?host=lx-virgo-star-mail.qiye.163.com&sign=V2.ajzqPKmIuPSUtjI49cnckmTYmpRUMxctJi1hQWQQ4r48hQ4SYIdCZ53u_UJD9Kwudt4_TGR-q8QGlNW2lifYow30Lmqfrm9BtpqSiq7XoI_i4CfXEdDCXLiubh9D0QGWClQ_SIVh_Vc9mJbQ0YXk8sjzfFvPZxfrLiol5Ij2fJA&from=felix@mexxwin.com&origin=https%3A%2F%2Flx-virgo-star-mail.qiye.163.com%2Funsubscribe_en.html%3Fhost%3Dlx-virgo-star-mail.qiye.163.com%26sign%3DV2.ajzqPKmIuPSUtjI49cnckmTYmpRUMxctJi1hQWQQ4r48hQ4SYIdCZ53u_UJD9Kwudt4_TGR-q8QGlNW2lifYow30Lmqfrm9BtpqSiq7XoI_i4CfXEdDCXLiubh9D0QGWClQ_SIVh_Vc9mJbQ0YXk8sjzfFvPZxfrLiol5Ij2fJA%26from%3Dfelix%40mexxwin.com HTTP/1.1Host: lx-virgo-star-mail.qiye.163.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: lx-virgo-star-mail.qiye.163.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://lx-virgo-star-mail.qiye.163.com/unsubscribe_en.html?host=lx-virgo-star-mail.qiye.163.com&sign=V2.ajzqPKmIuPSUtjI49cnckmTYmpRUMxctJi1hQWQQ4r48hQ4SYIdCZ53u_UJD9Kwudt4_TGR-q8QGlNW2lifYow30Lmqfrm9BtpqSiq7XoI_i4CfXEdDCXLiubh9D0QGWClQ_SIVh_Vc9mJbQ0YXk8sjzfFvPZxfrLiol5Ij2fJA&from=felix@mexxwin.com&origin=https%3A%2F%2Flx-virgo-star-mail.qiye.163.com%2Funsubscribe_en.html%3Fhost%3Dlx-virgo-star-mail.qiye.163.com%26sign%3DV2.ajzqPKmIuPSUtjI49cnckmTYmpRUMxctJi1hQWQQ4r48hQ4SYIdCZ53u_UJD9Kwudt4_TGR-q8QGlNW2lifYow30Lmqfrm9BtpqSiq7XoI_i4CfXEdDCXLiubh9D0QGWClQ_SIVh_Vc9mJbQ0YXk8sjzfFvPZxfrLiol5Ij2fJA%26from%3Dfelix%40mexxwin.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /api/pub/edm/unsubscribe?sign=V2.ajzqPKmIuPSUtjI49cnckmTYmpRUMxctJi1hQWQQ4r48hQ4SYIdCZ53u_UJD9Kwudt4_TGR-q8QGlNW2lifYow30Lmqfrm9BtpqSiq7XoI_i4CfXEdDCXLiubh9D0QGWClQ_SIVh_Vc9mJbQ0YXk8sjzfFvPZxfrLiol5Ij2fJA HTTP/1.1Host: lx-virgo-star-mail.qiye.163.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://lx-virgo-star-mail.qiye.163.com/unsubscribe_en.html?host=lx-virgo-star-mail.qiye.163.com&sign=V2.ajzqPKmIuPSUtjI49cnckmTYmpRUMxctJi1hQWQQ4r48hQ4SYIdCZ53u_UJD9Kwudt4_TGR-q8QGlNW2lifYow30Lmqfrm9BtpqSiq7XoI_i4CfXEdDCXLiubh9D0QGWClQ_SIVh_Vc9mJbQ0YXk8sjzfFvPZxfrLiol5Ij2fJA&from=felix@mexxwin.com&origin=https%3A%2F%2Flx-virgo-star-mail.qiye.163.com%2Funsubscribe_en.html%3Fhost%3Dlx-virgo-star-mail.qiye.163.com%26sign%3DV2.ajzqPKmIuPSUtjI49cnckmTYmpRUMxctJi1hQWQQ4r48hQ4SYIdCZ53u_UJD9Kwudt4_TGR-q8QGlNW2lifYow30Lmqfrm9BtpqSiq7XoI_i4CfXEdDCXLiubh9D0QGWClQ_SIVh_Vc9mJbQ0YXk8sjzfFvPZxfrLiol5Ij2fJA%26from%3Dfelix%40mexxwin.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/pub/edm/unsubscribe?sign=V2.ajzqPKmIuPSUtjI49cnckmTYmpRUMxctJi1hQWQQ4r48hQ4SYIdCZ53u_UJD9Kwudt4_TGR-q8QGlNW2lifYow30Lmqfrm9BtpqSiq7XoI_i4CfXEdDCXLiubh9D0QGWClQ_SIVh_Vc9mJbQ0YXk8sjzfFvPZxfrLiol5Ij2fJA HTTP/1.1Host: lx-virgo-star-mail.qiye.163.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: lx-cancer-star-mail.qiye.163.com
Source: global traffic	DNS traffic detected: DNS query: lx-virgo-star-mail.qiye.163.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Tue, 29 Oct 2024 17:52:57 GMTContent-Length: 0Connection: close

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.9:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.9:49722 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@16/8@8/6

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1912,i,17293050707104362883,3219657520128468775,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://lx-cancer-star-mail.qiye.163.com/api/j/re?c=https%3A%2F%2Flx-virgo-star-mail.qiye.163.com%2Funsubscribe_en.html%3Fhost%3Dlx-virgo-star-mail.qiye.163.com%26sign%3DV2.ajzqPKmIuPSUtjI49cnckmTYmpRUMxctJi1hQWQQ4r48hQ4SYIdCZ53u_UJD9Kwudt4_TGR-q8QGlNW2lifYow30Lmqfrm9BtpqSiq7XoI_i4CfXEdDCXLiubh9D0QGWClQ_SIVh_Vc9mJbQ0YXk8sjzfFvPZxfrLiol5Ij2fJA%26from%3Dfelix@mexxwin.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1912,i,17293050707104362883,3219657520128468775,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Name	IP	Active	Malicious	Reputation
www.google.com	142.250.185.100	true	false	unknown
lx-virgo-star-mail.qiye.163.com	8.210.226.45	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown
lx-cancer-star-mail.qiye.163.com	8.218.107.249	true	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://lx-cancer-star-mail.qiye.163.com/api/j/re?c=https%3A%2F%2Flx-virgo-star-mail.qiye.163.com%2Funsubscribe_en.html%3Fhost%3Dlx-virgo-star-mail.qiye.163.com%26sign%3DV2.ajzqPKmIuPSUtjI49cnckmTYmpRUMxctJi1hQWQQ4r48hQ4SYIdCZ53u_UJD9Kwudt4_TGR-q8QGlNW2lifYow30Lmqfrm9BtpqSiq7XoI_i4CfXEdDCXLiubh9D0QGWClQ_SIVh_Vc9mJbQ0YXk8sjzfFvPZxfrLiol5Ij2fJA%26from%3Dfelix@mexxwin.com	false	unknown
https://lx-virgo-star-mail.qiye.163.com/api/pub/edm/unsubscribe?sign=V2.ajzqPKmIuPSUtjI49cnckmTYmpRUMxctJi1hQWQQ4r48hQ4SYIdCZ53u_UJD9Kwudt4_TGR-q8QGlNW2lifYow30Lmqfrm9BtpqSiq7XoI_i4CfXEdDCXLiubh9D0QGWClQ_SIVh_Vc9mJbQ0YXk8sjzfFvPZxfrLiol5Ij2fJA	false	unknown
https://lx-virgo-star-mail.qiye.163.com/unsubscribe_en.html?host=lx-virgo-star-mail.qiye.163.com&sign=V2.ajzqPKmIuPSUtjI49cnckmTYmpRUMxctJi1hQWQQ4r48hQ4SYIdCZ53u_UJD9Kwudt4_TGR-q8QGlNW2lifYow30Lmqfrm9BtpqSiq7XoI_i4CfXEdDCXLiubh9D0QGWClQ_SIVh_Vc9mJbQ0YXk8sjzfFvPZxfrLiol5Ij2fJA&from=felix@mexxwin.com&origin=https%3A%2F%2Flx-virgo-star-mail.qiye.163.com%2Funsubscribe_en.html%3Fhost%3Dlx-virgo-star-mail.qiye.163.com%26sign%3DV2.ajzqPKmIuPSUtjI49cnckmTYmpRUMxctJi1hQWQQ4r48hQ4SYIdCZ53u_UJD9Kwudt4_TGR-q8QGlNW2lifYow30Lmqfrm9BtpqSiq7XoI_i4CfXEdDCXLiubh9D0QGWClQ_SIVh_Vc9mJbQ0YXk8sjzfFvPZxfrLiol5Ij2fJA%26from%3Dfelix%40mexxwin.com	false	unknown
https://lx-virgo-star-mail.qiye.163.com/favicon.ico	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
8.210.226.45	lx-virgo-star-mail.qiye.163.com	Singapore	45102	CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	false
8.218.107.249	lx-cancer-star-mail.qiye.163.com	Singapore	45102	CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	false
142.250.185.100	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.17
192.168.2.9

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1544795
Start date and time:	2024-10-29 18:51:48 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 23s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://lx-cancer-star-mail.qiye.163.com/api/j/re?c=https%3A%2F%2Flx-virgo-star-mail.qiye.163.com%2Funsubscribe_en.html%3Fhost%3Dlx-virgo-star-mail.qiye.163.com%26sign%3DV2.ajzqPKmIuPSUtjI49cnckmTYmpRUMxctJi1hQWQQ4r48hQ4SYIdCZ53u_UJD9Kwudt4_TGR-q8QGlNW2lifYow30Lmqfrm9BtpqSiq7XoI_i4CfXEdDCXLiubh9D0QGWClQ_SIVh_Vc9mJbQ0YXk8sjzfFvPZxfrLiol5Ij2fJA%26from%3Dfelix@mexxwin.com
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@16/8@8/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.67, 142.250.186.142, 142.250.110.84, 34.104.35.123, 142.250.185.202, 142.250.186.106, 142.250.185.74, 142.250.184.234, 142.250.181.234, 216.58.206.74, 142.250.185.106, 142.250.185.170, 216.58.206.42, 142.250.185.138, 172.217.18.106, 142.250.185.234, 142.250.186.42, 172.217.16.202, 172.217.23.106, 142.250.186.170, 52.149.20.212, 192.229.221.95, 13.95.31.18, 20.3.187.198, 172.202.163.200, 142.250.186.67, 4.245.163.56
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://lx-cancer-star-mail.qiye.163.com/api/j/re?c=https%3A%2F%2Flx-virgo-star-mail.qiye.163.com%2Funsubscribe_en.html%3Fhost%3Dlx-virgo-star-mail.qiye.163.com%26sign%3DV2.ajzqPKmIuPSUtjI49cnckmTYmpRUMxctJi1hQWQQ4r48hQ4SYIdCZ53u_UJD9Kwudt4_TGR-q8QGlNW2lifYow30Lmqfrm9BtpqSiq7XoI_i4CfXEdDCXLiubh9D0QGWClQ_SIVh_Vc9mJbQ0YXk8sjzfFvPZxfrLiol5Ij2fJA%26from%3Dfelix@mexxwin.com

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 16:52:51 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9816429014814294
Encrypted:	false
SSDEEP:	48:8JdmTASPH8NidAKZdA1P4ehwiZUklqehyy+3:868SUHOhy
MD5:	29E891E59D56A00DFF017CA355045BEA
SHA1:	35A0B808351DD439704AE7F196D0B8D475B02062
SHA-256:	C300C4F2A44A928D556D76BF401B954192B7E58887245ED0C971EAF2459BB980
SHA-512:	D63E01344ACF675C3C4015F0DC0E2EA973DEFD492043419E7F27C1BA2F0F5015BF28A8451FDB16544EA007CE925A3DE0369A746A39F9226DE619A8E0231CEC21
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....:;._+....v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.I..PROGRA~1..t......O.I]Y......B...............J.....\...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]Y......L.....................p+j.G.o.o.g.l.e.....T.1.....EW.F..Chrome..>......CW.V]Y......M......................O..C.h.r.o.m.e.....`.1.....EW.F..APPLIC~1..H......CW.V]Y...............................A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.V]Y.............................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........6.#r.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 16:52:51 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.9998567780638083
Encrypted:	false
SSDEEP:	48:8wdmTASPH8NidAKZdA1+4eh/iZUkAQkqehRy+2:8B8SUWF9QMy
MD5:	709590A613190E3581762620ED39FE36
SHA1:	F40E09960A2DC2A13CB01632B266502D89A9BA50
SHA-256:	F65C01325FBA474BE578002A2A003ED592784E0705A9787AF6A3E898B0CBEF36
SHA-512:	298DD3F964ECC8611F76C513592646BCE59D93DEBA1FB4404A148618E6C9541E24BA1B31D16C35F7A237FD7EF0A56EF497477ACB3BD0EB5C534B38302EF794EC
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....<._+....v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.I..PROGRA~1..t......O.I]Y......B...............J.....\...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]Y......L.....................p+j.G.o.o.g.l.e.....T.1.....EW.F..Chrome..>......CW.V]Y......M......................O..C.h.r.o.m.e.....`.1.....EW.F..APPLIC~1..H......CW.V]Y...............................A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.V]Y.............................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........6.#r.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:56:51 2023, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.007813117675333
Encrypted:	false
SSDEEP:	48:8WdmTAVH8NidAKZdA1404eh7sFiZUkmgqeh7szy+BX:838CbIn9y
MD5:	733E2B28C0E9549F3969315CD054FC4E
SHA1:	D3B3ACCDE1F5DEDCAB017D214A91D5C64912C223
SHA-256:	5C234F4955FEE1604C1BBD33D4E512140BB49BE7FDF833A410557E4E298D429A
SHA-512:	61D97C9C050672B07C49E2849B13A1EA473040D7978B317D0EDA725B67FBD319144DFF23AF70298991EF8EA66015F2174CEB330D09E23621E2D704EC5CE3C506
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....<}.i.....v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.I..PROGRA~1..t......O.I]Y......B...............J.....\...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]Y......L.....................p+j.G.o.o.g.l.e.....T.1.....EW.F..Chrome..>......CW.V]Y......M......................O..C.h.r.o.m.e.....`.1.....EW.F..APPLIC~1..H......CW.V]Y...............................A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.VEW.F...........................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........6.#r.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 16:52:51 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9967242712941013
Encrypted:	false
SSDEEP:	48:8qdmTASPH8NidAKZdA1p4ehDiZUkwqehVy+R:8z8SUh5ry
MD5:	BFA1EA0C19ED3ECF98304512EF79297E
SHA1:	E567DDB49E443AAE274B1BA7376D15F18046DAC7
SHA-256:	3F03AA5600DCF790A5570F4CF720CCBEEDC3157DA1F7C50C0833CB7639AFB5B5
SHA-512:	4B4490872D77AA98BC9144CAB275664E57228ABD2F856D5D1B2B7C428D44D423F30DFD52AE33D67621090BDD18451EE9F10525D49D04701B68344B467C5DC4C6
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....._._+....v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.I..PROGRA~1..t......O.I]Y......B...............J.....\...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]Y......L.....................p+j.G.o.o.g.l.e.....T.1.....EW.F..Chrome..>......CW.V]Y......M......................O..C.h.r.o.m.e.....`.1.....EW.F..APPLIC~1..H......CW.V]Y...............................A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.V]Y.............................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........6.#r.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 16:52:51 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.986182100704286
Encrypted:	false
SSDEEP:	48:8pdmTASPH8NidAKZdA1X4ehBiZUk1W1qeh/y+C:8a8SUfb9fy
MD5:	3139C4308625C4470753112D1B3EA3C2
SHA1:	D56403216E632C28DE88B37C769CE30C00C3279E
SHA-256:	B63279406BCC59645DFBF698A6099D753886979DED81A5399B8CDDE3D7744C10
SHA-512:	7CFDD1B1572A53C89B18DDB8939DDBA6AC430B536C167D197551690C072D3CBC0BDE4287234F70862F857FE29E204DA121B4A3449210B8FF226D28D7F1994C8D
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....!._+....v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.I..PROGRA~1..t......O.I]Y......B...............J.....\...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]Y......L.....................p+j.G.o.o.g.l.e.....T.1.....EW.F..Chrome..>......CW.V]Y......M......................O..C.h.r.o.m.e.....`.1.....EW.F..APPLIC~1..H......CW.V]Y...............................A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.V]Y.............................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........6.#r.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 16:52:51 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.994732605901436
Encrypted:	false
SSDEEP:	48:8KdmTASPH8NidAKZdA1duTc4ehOuTbbiZUk5OjqehOuTb9y+yT+:8T8SUoTcJTbxWOvTb9y7T
MD5:	CE487F8CFC5639681166E20A0910ED47
SHA1:	29683FF3BA8E2165ACE64B9F0F7FB19639A949B5
SHA-256:	898DFDC87B6F60FBBCD45F81CF2AC54780FF09B1C58F23C0D20969203D09975A
SHA-512:	DEB062486E9F0C4284ED30EE2B3C26664586CFA521564D65406DCC0F512A8E1CE72CE91840CD75BA39134D38D960A2C4AE9F3C41E17B4ED71579E79FB872DBA0
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......._+....v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.I..PROGRA~1..t......O.I]Y......B...............J.....\...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]Y......L.....................p+j.G.o.o.g.l.e.....T.1.....EW.F..Chrome..>......CW.V]Y......M......................O..C.h.r.o.m.e.....`.1.....EW.F..APPLIC~1..H......CW.V]Y...............................A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.V]Y.............................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........6.#r.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.625
Encrypted:	false
SSDEEP:	3:HFn:l
MD5:	418FBC40DEEBD999D02A91F3BC9850B9
SHA1:	A04AB7C83CB2CDF175711BF34C27A0C32F801DC2
SHA-256:	E85E233CE28065F9DE8A6429A42B6BFC4752340EDB2F66AF1B79F1B805549771
SHA-512:	74599CE0567379C67882DCC387D869C2F5340D5F814789A65740C378A85949822118A4C8B842241D297087907CF646271DAB0866E3754291F729C3253185986D
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzQSEAkla8hGrsR2BRIFDWXnCSY=?alt=proto
Preview:	CgkKBw1l5wkmGgA=

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 29, 2024 18:52:40.359924078 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:40.446186066 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:40.447093964 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:40.447107077 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:40.447120905 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:40.447165966 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:40.447206974 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:40.447206020 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:40.447206974 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:40.447272062 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:40.447283983 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:40.447319984 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:40.447861910 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:40.447916031 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:40.448344946 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:40.448394060 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:40.449568987 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:40.451097012 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:40.451210022 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:40.452080965 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:40.452114105 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:40.452538967 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:40.458120108 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:40.458131075 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:40.458138943 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:40.458148956 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:40.458158970 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:40.592063904 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:40.592113018 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:40.592123032 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:40.592164993 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:40.592216969 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:40.592261076 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:40.592547894 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:40.593672037 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:40.593734026 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:40.596236944 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:40.596470118 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:40.597115040 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:40.597444057 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:40.597529888 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:40.601480961 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:40.601824999 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:40.602389097 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:40.602694035 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:40.603014946 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:40.822725058 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:40.822832108 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:40.822844982 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:40.822855949 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:40.822909117 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:40.822937965 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:40.822941065 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:40.823601961 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:40.823662043 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:40.826807976 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:40.826868057 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:40.827373981 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:40.827589989 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:40.827733040 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:40.832427979 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:40.834609985 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:40.955882072 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:40.955945015 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:40.956012011 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:40.956018925 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:40.956516027 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:40.956536055 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:40.956574917 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:40.956660032 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:40.956712961 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:40.956875086 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:40.959379911 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:40.959609032 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:40.960400105 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:40.960642099 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:40.960882902 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:40.964818954 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:40.964926004 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:40.965861082 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:40.965922117 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:40.966145992 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.086153030 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.086173058 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.086256027 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.086627007 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.088553905 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.088599920 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.088608980 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.088655949 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.088702917 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.089406013 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.089999914 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.091056108 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.091234922 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.092063904 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.092466116 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.095477104 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.096339941 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.096472025 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.097367048 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.098185062 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.219822884 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.220623970 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.220700026 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.220923901 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.222218990 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.222307920 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.222367048 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.222714901 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.223305941 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.223541975 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.223609924 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.225091934 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.225642920 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.225719929 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.228022099 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.228661060 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.230607986 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.231235027 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.349349022 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.349878073 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.349968910 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.351506948 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.351778030 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.351820946 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.352760077 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.352780104 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.352829933 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.352855921 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.353002071 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.354011059 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.354855061 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.355282068 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.358114958 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.361376047 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.479492903 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.479521990 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.479598045 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.479711056 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.482172966 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.482188940 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.482239008 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.482357979 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.482430935 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.482533932 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.482577085 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.484806061 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.485608101 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.486038923 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.486474037 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.487627983 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.490097046 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.490957975 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.491544008 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.491808891 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.624911070 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.624984026 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.624994993 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.625051975 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.625386953 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.625437975 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.625906944 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.626506090 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.626565933 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.630682945 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.630743980 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.631794930 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.632492065 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.634073973 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.637991905 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.640639067 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.672446966 CET	49676	443	192.168.2.9	23.206.229.209
Oct 29, 2024 18:52:41.672457933 CET	49675	443	192.168.2.9	23.206.229.209
Oct 29, 2024 18:52:41.764616966 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.764636993 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.764666080 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.764695883 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.765037060 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.765089035 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.765307903 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.768929958 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.769022942 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.769908905 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.770010948 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.770487070 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.774449110 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.775249958 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.775279999 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.775852919 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.896189928 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.896733046 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.896784067 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.896822929 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.897488117 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.897557974 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.897655964 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.897666931 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.897720098 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.900796890 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.900876999 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.901737928 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.901926994 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.902241945 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:41.906259060 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.906883001 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.907316923 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.907367945 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.907788038 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:41.922408104 CET	49674	443	192.168.2.9	23.206.229.209
Oct 29, 2024 18:52:42.028139114 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.028393030 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.028453112 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.029028893 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.029638052 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.029679060 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.029696941 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.029697895 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.029742002 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.029902935 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.030827045 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.032038927 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.032694101 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.033025026 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.033435106 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.036372900 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.037410975 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.038027048 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.038613081 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.038978100 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.158744097 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.160228014 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.160290956 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.160485029 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.160988092 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.160998106 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.161053896 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.161115885 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.161159039 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.161223888 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.163331032 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.163558960 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.164115906 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.164223909 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.167485952 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.170101881 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.170435905 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.170742989 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.289470911 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.292496920 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.296238899 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.296323061 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.296363115 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.296431065 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.296505928 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.296545982 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.297051907 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.297122002 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.298212051 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.299629927 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.299900055 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.300209999 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.300318956 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.305321932 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.305520058 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.305896044 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.419246912 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.422319889 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.426353931 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.427871943 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.427906990 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.427970886 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.428448915 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.428508043 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.428654909 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.428709030 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.429137945 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.431094885 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.431493044 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.432142973 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.457001925 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.516215086 CET	49677	443	192.168.2.9	20.189.173.11
Oct 29, 2024 18:52:42.579778910 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.579937935 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.579952002 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.580024958 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.580311060 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.580368042 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.580372095 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.580673933 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.580724955 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.583631039 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.583656073 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.584302902 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.584681988 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.585093975 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.589032888 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.589617014 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.590024948 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.590511084 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.710495949 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.710849047 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.710921049 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.711061001 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.711455107 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.711514950 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.711874962 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.712141037 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.712193012 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.715993881 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.716830969 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.717699051 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.718415022 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.718883038 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.721489906 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.722297907 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.723105907 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.724031925 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.724241018 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.842742920 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.845221996 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.846651077 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.846663952 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.846674919 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.846750975 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.846807003 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.846822023 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.846832991 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.846873999 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.850451946 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.851624966 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.851766109 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.852375984 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.853132010 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.856385946 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.857414961 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.858037949 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.858663082 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.973933935 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.976648092 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.977392912 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.979446888 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.981796026 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.981806993 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.981817007 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.981829882 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.981874943 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.981899977 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.983129978 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.984067917 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.984163046 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.985002995 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:42.986032963 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.990612984 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.990735054 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:42.992043972 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.104533911 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.107511997 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.107554913 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:43.107700109 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:43.109615088 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:43.111968994 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.112016916 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:43.112154961 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.112165928 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.112220049 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:43.114517927 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.114566088 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:43.114685059 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.114718914 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:43.115010023 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:43.116079092 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.117295980 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:43.121287107 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.121611118 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.123033047 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.235743046 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.236304045 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.236386061 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:43.239257097 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:43.239404917 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:43.242399931 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.242465973 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:43.242484093 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.242542028 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:43.244297028 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.244491100 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.244548082 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:43.244868040 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:43.244988918 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.244997978 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.246747017 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:43.247082949 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:43.250583887 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.252115011 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.252551079 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.366126060 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.366378069 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.366386890 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.366453886 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:43.369369984 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:43.369440079 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:43.372342110 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.373023987 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.373095036 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:43.373800039 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.374650002 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:43.374941111 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.375083923 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:43.375391006 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.376640081 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:43.380199909 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.380740881 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.382034063 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.603101969 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.603183031 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.603262901 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:43.603657007 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.604667902 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.604680061 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.604751110 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:43.607256889 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:43.607331991 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:43.608140945 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:43.608280897 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:43.608644962 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:43.613990068 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.614001036 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.616447926 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.616460085 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.616468906 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.719352007 CET	49673	443	192.168.2.9	204.79.197.203
Oct 29, 2024 18:52:43.736929893 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.736944914 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.736965895 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.737025023 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:43.737780094 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.737792015 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.737847090 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.737854004 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:43.737893105 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:43.738308907 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.744153023 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:43.745383024 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:43.745490074 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:43.746006012 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:43.746213913 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:43.752561092 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.753463984 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.753474951 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.753484011 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.754501104 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.873902082 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.874610901 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.874624014 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.874710083 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:43.875140905 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.875196934 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:43.875322104 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.876308918 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:43.876354933 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:43.984361887 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:43.986301899 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:43.988588095 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:43.990326881 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:43.991764069 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:44.281786919 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:44.338083982 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:44.338099003 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:44.338210106 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:44.338219881 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:44.338227034 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:44.338238001 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:44.470793009 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:44.470812082 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:44.470824003 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:44.470837116 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:44.470873117 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:44.470927000 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:44.477591038 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:44.478866100 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:44.480958939 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:44.481764078 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:44.483110905 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:44.483114004 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:44.486046076 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:44.486946106 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:44.487308979 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:44.488548994 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:44.605132103 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:44.607357025 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:44.608288050 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:44.608681917 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:44.608990908 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:44.609074116 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:44.610557079 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:44.617063046 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:44.620918989 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:44.621392965 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:44.622526884 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:44.623226881 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:44.624834061 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:44.626256943 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:44.627063990 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:44.629137993 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:44.630265951 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:44.745078087 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:44.747715950 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:44.747771025 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:44.748287916 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:44.749984026 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:44.750005007 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:44.750148058 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:44.750268936 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:44.751383066 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:44.755402088 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:44.755806923 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:44.813008070 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:44.876782894 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:44.876828909 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:44.876854897 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:44.876920938 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:45.585447073 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:45.590853930 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:45.670078993 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:45.673793077 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:45.675471067 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:45.676079988 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:45.679131985 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:45.681385994 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:45.694128990 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:45.699450970 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:45.716099024 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:45.720571041 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:45.767654896 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:45.802493095 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:45.802506924 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:45.802577019 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:45.802582026 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:45.803183079 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:45.803239107 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:45.824657917 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:45.847951889 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:45.848012924 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:48.317694902 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:48.319145918 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:48.321471930 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:48.322537899 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:48.323302031 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:48.323426962 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:48.324847937 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:48.327104092 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:48.327951908 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:48.329298019 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:48.464407921 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:48.464422941 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:48.464435101 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:48.464492083 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:48.464657068 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:48.464715004 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:48.473316908 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:48.475605011 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:48.476871967 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:48.477087021 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:48.477958918 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:48.478866100 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:48.480997086 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:48.482487917 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:48.482527971 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:48.483505964 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:48.601211071 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:48.603086948 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:48.603138924 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:48.604562998 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:48.604617119 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:48.604661942 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:48.604836941 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:48.605065107 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:48.605101109 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:48.653987885 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:48.659353971 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:48.678103924 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:48.683530092 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:48.728651047 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:48.734568119 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:48.747612953 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:48.753099918 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:48.780236959 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:48.801527023 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:48.805159092 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:48.805211067 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:48.847680092 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:48.856894970 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:48.856961966 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:48.896390915 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:48.928481102 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:48.928533077 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:49.068703890 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:49.074024916 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:49.103491068 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:49.103957891 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:49.107398987 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:49.108994961 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:49.109473944 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:49.112859011 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:49.120187044 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:49.125593901 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:49.195651054 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:49.195664883 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:49.195718050 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:49.215452909 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:49.220875025 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:49.230547905 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:49.230598927 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:49.230665922 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:49.230891943 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:49.235730886 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:49.235797882 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:49.235831976 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:49.247050047 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:49.247124910 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:49.342199087 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:49.551506996 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:49.716442108 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:49.720932007 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:49.721735954 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:49.724014044 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:49.725234032 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:49.726643085 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:49.729463100 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:49.771572113 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:49.849942923 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:49.849961042 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:49.849972010 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:49.850033045 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:49.850264072 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:49.850321054 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:49.850795984 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:49.853319883 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:49.853399992 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:49.853486061 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:49.854845047 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:49.855701923 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:49.856446028 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:49.858866930 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:49.858968973 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:49.860369921 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:49.861315012 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:49.864078045 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:49.980472088 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:49.980592012 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:49.980633974 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:49.980644941 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:49.980660915 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:49.980688095 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:49.981025934 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:49.982045889 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:49.982121944 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:49.982151985 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:49.983258963 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:49.983309984 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:49.983325958 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:49.983367920 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:49.983516932 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:49.984548092 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:49.985466003 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:49.985495090 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:49.985552073 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:49.985604048 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:49.985920906 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:49.986146927 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:49.988312006 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:49.989947081 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:49.990827084 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:49.991261005 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:49.991607904 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:49.993768930 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:50.111335039 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:50.113850117 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:50.113930941 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:50.114330053 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:50.115325928 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:50.115398884 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:50.115427017 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:50.115503073 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:50.115909100 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:50.116424084 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:50.116758108 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:50.116843939 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:50.117969036 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:50.118005991 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:50.119927883 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:50.120184898 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:50.122148991 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:50.123466969 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:50.125644922 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:50.242784023 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:50.243849993 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:50.243979931 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:50.245537996 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:50.245814085 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:50.245866060 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:50.245942116 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:50.246965885 CET	443	49706	13.107.246.45	192.168.2.9
Oct 29, 2024 18:52:50.247024059 CET	49706	443	192.168.2.9	13.107.246.45
Oct 29, 2024 18:52:51.365490913 CET	49676	443	192.168.2.9	23.206.229.209
Oct 29, 2024 18:52:51.365510941 CET	49675	443	192.168.2.9	23.206.229.209
Oct 29, 2024 18:52:51.455640078 CET	49712	443	192.168.2.9	8.218.107.249
Oct 29, 2024 18:52:51.455703974 CET	443	49712	8.218.107.249	192.168.2.9
Oct 29, 2024 18:52:51.456109047 CET	49712	443	192.168.2.9	8.218.107.249
Oct 29, 2024 18:52:51.457134962 CET	49713	443	192.168.2.9	8.218.107.249
Oct 29, 2024 18:52:51.457171917 CET	443	49713	8.218.107.249	192.168.2.9
Oct 29, 2024 18:52:51.457264900 CET	49713	443	192.168.2.9	8.218.107.249
Oct 29, 2024 18:52:51.457642078 CET	49713	443	192.168.2.9	8.218.107.249
Oct 29, 2024 18:52:51.457657099 CET	443	49713	8.218.107.249	192.168.2.9
Oct 29, 2024 18:52:51.457896948 CET	49712	443	192.168.2.9	8.218.107.249
Oct 29, 2024 18:52:51.457916021 CET	443	49712	8.218.107.249	192.168.2.9
Oct 29, 2024 18:52:51.568551064 CET	49674	443	192.168.2.9	23.206.229.209
Oct 29, 2024 18:52:52.116755009 CET	49677	443	192.168.2.9	20.189.173.11
Oct 29, 2024 18:52:52.777779102 CET	443	49713	8.218.107.249	192.168.2.9
Oct 29, 2024 18:52:52.778306007 CET	49713	443	192.168.2.9	8.218.107.249
Oct 29, 2024 18:52:52.778322935 CET	443	49713	8.218.107.249	192.168.2.9
Oct 29, 2024 18:52:52.779145002 CET	443	49712	8.218.107.249	192.168.2.9
Oct 29, 2024 18:52:52.779417992 CET	443	49713	8.218.107.249	192.168.2.9
Oct 29, 2024 18:52:52.779480934 CET	49713	443	192.168.2.9	8.218.107.249
Oct 29, 2024 18:52:52.779551029 CET	49712	443	192.168.2.9	8.218.107.249
Oct 29, 2024 18:52:52.779568911 CET	443	49712	8.218.107.249	192.168.2.9
Oct 29, 2024 18:52:52.780777931 CET	49713	443	192.168.2.9	8.218.107.249
Oct 29, 2024 18:52:52.780847073 CET	443	49713	8.218.107.249	192.168.2.9
Oct 29, 2024 18:52:52.781105042 CET	49713	443	192.168.2.9	8.218.107.249
Oct 29, 2024 18:52:52.783124924 CET	443	49712	8.218.107.249	192.168.2.9
Oct 29, 2024 18:52:52.783230066 CET	49712	443	192.168.2.9	8.218.107.249
Oct 29, 2024 18:52:52.784595013 CET	49712	443	192.168.2.9	8.218.107.249
Oct 29, 2024 18:52:52.784766912 CET	443	49712	8.218.107.249	192.168.2.9
Oct 29, 2024 18:52:52.823338032 CET	443	49713	8.218.107.249	192.168.2.9
Oct 29, 2024 18:52:52.835498095 CET	49713	443	192.168.2.9	8.218.107.249
Oct 29, 2024 18:52:52.835505009 CET	443	49713	8.218.107.249	192.168.2.9
Oct 29, 2024 18:52:52.835540056 CET	49712	443	192.168.2.9	8.218.107.249
Oct 29, 2024 18:52:52.835551977 CET	443	49712	8.218.107.249	192.168.2.9
Oct 29, 2024 18:52:52.886604071 CET	49713	443	192.168.2.9	8.218.107.249
Oct 29, 2024 18:52:52.886756897 CET	49712	443	192.168.2.9	8.218.107.249
Oct 29, 2024 18:52:53.250900984 CET	443	49713	8.218.107.249	192.168.2.9
Oct 29, 2024 18:52:53.250989914 CET	443	49713	8.218.107.249	192.168.2.9
Oct 29, 2024 18:52:53.251044035 CET	49713	443	192.168.2.9	8.218.107.249
Oct 29, 2024 18:52:53.280056953 CET	49713	443	192.168.2.9	8.218.107.249
Oct 29, 2024 18:52:53.280072927 CET	443	49713	8.218.107.249	192.168.2.9
Oct 29, 2024 18:52:53.393161058 CET	443	49705	23.206.229.209	192.168.2.9
Oct 29, 2024 18:52:53.393256903 CET	49705	443	192.168.2.9	23.206.229.209
Oct 29, 2024 18:52:53.525331020 CET	49716	443	192.168.2.9	8.210.226.45
Oct 29, 2024 18:52:53.525392056 CET	443	49716	8.210.226.45	192.168.2.9
Oct 29, 2024 18:52:53.525454044 CET	49716	443	192.168.2.9	8.210.226.45
Oct 29, 2024 18:52:53.526094913 CET	49716	443	192.168.2.9	8.210.226.45
Oct 29, 2024 18:52:53.526113033 CET	443	49716	8.210.226.45	192.168.2.9
Oct 29, 2024 18:52:54.152590990 CET	49717	443	192.168.2.9	142.250.185.100
Oct 29, 2024 18:52:54.152623892 CET	443	49717	142.250.185.100	192.168.2.9
Oct 29, 2024 18:52:54.152707100 CET	49717	443	192.168.2.9	142.250.185.100
Oct 29, 2024 18:52:54.153579950 CET	49717	443	192.168.2.9	142.250.185.100
Oct 29, 2024 18:52:54.153594971 CET	443	49717	142.250.185.100	192.168.2.9
Oct 29, 2024 18:52:54.857840061 CET	443	49716	8.210.226.45	192.168.2.9
Oct 29, 2024 18:52:54.870543957 CET	49716	443	192.168.2.9	8.210.226.45
Oct 29, 2024 18:52:54.870565891 CET	443	49716	8.210.226.45	192.168.2.9
Oct 29, 2024 18:52:54.871723890 CET	443	49716	8.210.226.45	192.168.2.9
Oct 29, 2024 18:52:54.871800900 CET	49716	443	192.168.2.9	8.210.226.45
Oct 29, 2024 18:52:54.876650095 CET	49716	443	192.168.2.9	8.210.226.45
Oct 29, 2024 18:52:54.876733065 CET	443	49716	8.210.226.45	192.168.2.9
Oct 29, 2024 18:52:54.884504080 CET	49716	443	192.168.2.9	8.210.226.45
Oct 29, 2024 18:52:54.884515047 CET	443	49716	8.210.226.45	192.168.2.9
Oct 29, 2024 18:52:54.929928064 CET	49716	443	192.168.2.9	8.210.226.45
Oct 29, 2024 18:52:55.028753996 CET	443	49717	142.250.185.100	192.168.2.9
Oct 29, 2024 18:52:55.049395084 CET	49717	443	192.168.2.9	142.250.185.100
Oct 29, 2024 18:52:55.049402952 CET	443	49717	142.250.185.100	192.168.2.9
Oct 29, 2024 18:52:55.053411961 CET	443	49717	142.250.185.100	192.168.2.9
Oct 29, 2024 18:52:55.053503036 CET	49717	443	192.168.2.9	142.250.185.100
Oct 29, 2024 18:52:55.085943937 CET	49717	443	192.168.2.9	142.250.185.100
Oct 29, 2024 18:52:55.086215019 CET	443	49717	142.250.185.100	192.168.2.9
Oct 29, 2024 18:52:55.129276991 CET	49717	443	192.168.2.9	142.250.185.100
Oct 29, 2024 18:52:55.129288912 CET	443	49717	142.250.185.100	192.168.2.9
Oct 29, 2024 18:52:55.172524929 CET	49718	443	192.168.2.9	184.28.90.27
Oct 29, 2024 18:52:55.172576904 CET	443	49718	184.28.90.27	192.168.2.9
Oct 29, 2024 18:52:55.172816992 CET	49718	443	192.168.2.9	184.28.90.27
Oct 29, 2024 18:52:55.175154924 CET	49718	443	192.168.2.9	184.28.90.27
Oct 29, 2024 18:52:55.175194979 CET	443	49718	184.28.90.27	192.168.2.9
Oct 29, 2024 18:52:55.176790953 CET	49717	443	192.168.2.9	142.250.185.100
Oct 29, 2024 18:52:55.308842897 CET	443	49716	8.210.226.45	192.168.2.9
Oct 29, 2024 18:52:55.308870077 CET	443	49716	8.210.226.45	192.168.2.9
Oct 29, 2024 18:52:55.308876991 CET	443	49716	8.210.226.45	192.168.2.9
Oct 29, 2024 18:52:55.308906078 CET	443	49716	8.210.226.45	192.168.2.9
Oct 29, 2024 18:52:55.308950901 CET	49716	443	192.168.2.9	8.210.226.45
Oct 29, 2024 18:52:55.308954000 CET	443	49716	8.210.226.45	192.168.2.9
Oct 29, 2024 18:52:55.309005976 CET	49716	443	192.168.2.9	8.210.226.45
Oct 29, 2024 18:52:55.309017897 CET	49716	443	192.168.2.9	8.210.226.45
Oct 29, 2024 18:52:55.309998989 CET	49716	443	192.168.2.9	8.210.226.45
Oct 29, 2024 18:52:55.310024023 CET	443	49716	8.210.226.45	192.168.2.9
Oct 29, 2024 18:52:55.765109062 CET	49719	443	192.168.2.9	8.210.226.45
Oct 29, 2024 18:52:55.765150070 CET	443	49719	8.210.226.45	192.168.2.9
Oct 29, 2024 18:52:55.765208006 CET	49719	443	192.168.2.9	8.210.226.45
Oct 29, 2024 18:52:55.765873909 CET	49719	443	192.168.2.9	8.210.226.45
Oct 29, 2024 18:52:55.765888929 CET	443	49719	8.210.226.45	192.168.2.9
Oct 29, 2024 18:52:56.023755074 CET	443	49718	184.28.90.27	192.168.2.9
Oct 29, 2024 18:52:56.023852110 CET	49718	443	192.168.2.9	184.28.90.27
Oct 29, 2024 18:52:56.029639006 CET	49718	443	192.168.2.9	184.28.90.27
Oct 29, 2024 18:52:56.029649019 CET	443	49718	184.28.90.27	192.168.2.9
Oct 29, 2024 18:52:56.030083895 CET	443	49718	184.28.90.27	192.168.2.9
Oct 29, 2024 18:52:56.081254005 CET	49718	443	192.168.2.9	184.28.90.27
Oct 29, 2024 18:52:56.278271914 CET	49718	443	192.168.2.9	184.28.90.27
Oct 29, 2024 18:52:56.319328070 CET	443	49718	184.28.90.27	192.168.2.9
Oct 29, 2024 18:52:56.522363901 CET	443	49718	184.28.90.27	192.168.2.9
Oct 29, 2024 18:52:56.522439957 CET	443	49718	184.28.90.27	192.168.2.9
Oct 29, 2024 18:52:56.522491932 CET	49718	443	192.168.2.9	184.28.90.27
Oct 29, 2024 18:52:56.541594028 CET	49718	443	192.168.2.9	184.28.90.27
Oct 29, 2024 18:52:56.541616917 CET	443	49718	184.28.90.27	192.168.2.9
Oct 29, 2024 18:52:56.848994017 CET	49722	443	192.168.2.9	184.28.90.27
Oct 29, 2024 18:52:56.849011898 CET	443	49722	184.28.90.27	192.168.2.9
Oct 29, 2024 18:52:56.849081993 CET	49722	443	192.168.2.9	184.28.90.27
Oct 29, 2024 18:52:56.849483013 CET	49722	443	192.168.2.9	184.28.90.27
Oct 29, 2024 18:52:56.849497080 CET	443	49722	184.28.90.27	192.168.2.9
Oct 29, 2024 18:52:57.101155996 CET	443	49719	8.210.226.45	192.168.2.9
Oct 29, 2024 18:52:57.101403952 CET	49719	443	192.168.2.9	8.210.226.45
Oct 29, 2024 18:52:57.101414919 CET	443	49719	8.210.226.45	192.168.2.9
Oct 29, 2024 18:52:57.101767063 CET	443	49719	8.210.226.45	192.168.2.9
Oct 29, 2024 18:52:57.102232933 CET	49719	443	192.168.2.9	8.210.226.45
Oct 29, 2024 18:52:57.102293968 CET	443	49719	8.210.226.45	192.168.2.9
Oct 29, 2024 18:52:57.102430105 CET	49719	443	192.168.2.9	8.210.226.45
Oct 29, 2024 18:52:57.143320084 CET	443	49719	8.210.226.45	192.168.2.9
Oct 29, 2024 18:52:57.480779886 CET	443	49719	8.210.226.45	192.168.2.9
Oct 29, 2024 18:52:57.480861902 CET	443	49719	8.210.226.45	192.168.2.9
Oct 29, 2024 18:52:57.480911016 CET	49719	443	192.168.2.9	8.210.226.45
Oct 29, 2024 18:52:57.481328964 CET	49719	443	192.168.2.9	8.210.226.45
Oct 29, 2024 18:52:57.481343031 CET	443	49719	8.210.226.45	192.168.2.9
Oct 29, 2024 18:52:57.706063986 CET	443	49722	184.28.90.27	192.168.2.9
Oct 29, 2024 18:52:57.706150055 CET	49722	443	192.168.2.9	184.28.90.27
Oct 29, 2024 18:52:57.743046045 CET	49722	443	192.168.2.9	184.28.90.27
Oct 29, 2024 18:52:57.743062019 CET	443	49722	184.28.90.27	192.168.2.9
Oct 29, 2024 18:52:57.743998051 CET	443	49722	184.28.90.27	192.168.2.9
Oct 29, 2024 18:52:57.759022951 CET	49722	443	192.168.2.9	184.28.90.27
Oct 29, 2024 18:52:57.799323082 CET	443	49722	184.28.90.27	192.168.2.9
Oct 29, 2024 18:52:58.001741886 CET	443	49722	184.28.90.27	192.168.2.9
Oct 29, 2024 18:52:58.001895905 CET	443	49722	184.28.90.27	192.168.2.9
Oct 29, 2024 18:52:58.001955032 CET	49722	443	192.168.2.9	184.28.90.27
Oct 29, 2024 18:52:58.008109093 CET	49722	443	192.168.2.9	184.28.90.27
Oct 29, 2024 18:52:58.008127928 CET	443	49722	184.28.90.27	192.168.2.9
Oct 29, 2024 18:52:58.008141041 CET	49722	443	192.168.2.9	184.28.90.27
Oct 29, 2024 18:52:58.008147001 CET	443	49722	184.28.90.27	192.168.2.9
Oct 29, 2024 18:53:04.420512915 CET	49705	443	192.168.2.9	23.206.229.209
Oct 29, 2024 18:53:04.420985937 CET	49705	443	192.168.2.9	23.206.229.209
Oct 29, 2024 18:53:04.425966024 CET	49725	443	192.168.2.9	23.206.229.209
Oct 29, 2024 18:53:04.426017046 CET	443	49725	23.206.229.209	192.168.2.9
Oct 29, 2024 18:53:04.426095009 CET	49725	443	192.168.2.9	23.206.229.209
Oct 29, 2024 18:53:04.426141977 CET	443	49705	23.206.229.209	192.168.2.9
Oct 29, 2024 18:53:04.426328897 CET	443	49705	23.206.229.209	192.168.2.9
Oct 29, 2024 18:53:04.471661091 CET	49725	443	192.168.2.9	23.206.229.209
Oct 29, 2024 18:53:04.471699953 CET	443	49725	23.206.229.209	192.168.2.9
Oct 29, 2024 18:53:05.002232075 CET	443	49717	142.250.185.100	192.168.2.9
Oct 29, 2024 18:53:05.002384901 CET	443	49717	142.250.185.100	192.168.2.9
Oct 29, 2024 18:53:05.002515078 CET	49717	443	192.168.2.9	142.250.185.100
Oct 29, 2024 18:53:05.135158062 CET	443	49725	23.206.229.209	192.168.2.9
Oct 29, 2024 18:53:05.135251999 CET	49725	443	192.168.2.9	23.206.229.209
Oct 29, 2024 18:53:05.896188974 CET	49717	443	192.168.2.9	142.250.185.100
Oct 29, 2024 18:53:05.896231890 CET	443	49717	142.250.185.100	192.168.2.9
Oct 29, 2024 18:53:11.915210009 CET	49726	443	192.168.2.9	8.210.226.45
Oct 29, 2024 18:53:11.915246010 CET	443	49726	8.210.226.45	192.168.2.9
Oct 29, 2024 18:53:11.915343046 CET	49726	443	192.168.2.9	8.210.226.45
Oct 29, 2024 18:53:11.916516066 CET	49726	443	192.168.2.9	8.210.226.45
Oct 29, 2024 18:53:11.916534901 CET	443	49726	8.210.226.45	192.168.2.9
Oct 29, 2024 18:53:13.457285881 CET	443	49726	8.210.226.45	192.168.2.9
Oct 29, 2024 18:53:13.457654953 CET	49726	443	192.168.2.9	8.210.226.45
Oct 29, 2024 18:53:13.457683086 CET	443	49726	8.210.226.45	192.168.2.9
Oct 29, 2024 18:53:13.458039999 CET	443	49726	8.210.226.45	192.168.2.9
Oct 29, 2024 18:53:13.458560944 CET	49726	443	192.168.2.9	8.210.226.45
Oct 29, 2024 18:53:13.458630085 CET	443	49726	8.210.226.45	192.168.2.9
Oct 29, 2024 18:53:13.458771944 CET	49726	443	192.168.2.9	8.210.226.45
Oct 29, 2024 18:53:13.503334045 CET	443	49726	8.210.226.45	192.168.2.9
Oct 29, 2024 18:53:14.630750895 CET	443	49726	8.210.226.45	192.168.2.9
Oct 29, 2024 18:53:14.630871058 CET	443	49726	8.210.226.45	192.168.2.9
Oct 29, 2024 18:53:14.630939960 CET	49726	443	192.168.2.9	8.210.226.45
Oct 29, 2024 18:53:14.631891966 CET	49726	443	192.168.2.9	8.210.226.45
Oct 29, 2024 18:53:14.631906986 CET	443	49726	8.210.226.45	192.168.2.9
Oct 29, 2024 18:53:15.053117990 CET	49727	443	192.168.2.9	8.210.226.45
Oct 29, 2024 18:53:15.053200960 CET	443	49727	8.210.226.45	192.168.2.9
Oct 29, 2024 18:53:15.053304911 CET	49727	443	192.168.2.9	8.210.226.45
Oct 29, 2024 18:53:15.053764105 CET	49727	443	192.168.2.9	8.210.226.45
Oct 29, 2024 18:53:15.053802967 CET	443	49727	8.210.226.45	192.168.2.9
Oct 29, 2024 18:53:16.328058958 CET	443	49727	8.210.226.45	192.168.2.9
Oct 29, 2024 18:53:16.337743044 CET	49727	443	192.168.2.9	8.210.226.45
Oct 29, 2024 18:53:16.337776899 CET	443	49727	8.210.226.45	192.168.2.9
Oct 29, 2024 18:53:16.340607882 CET	443	49727	8.210.226.45	192.168.2.9
Oct 29, 2024 18:53:16.340673923 CET	49727	443	192.168.2.9	8.210.226.45
Oct 29, 2024 18:53:16.341137886 CET	49727	443	192.168.2.9	8.210.226.45
Oct 29, 2024 18:53:16.341226101 CET	443	49727	8.210.226.45	192.168.2.9
Oct 29, 2024 18:53:16.341412067 CET	49727	443	192.168.2.9	8.210.226.45
Oct 29, 2024 18:53:16.341418982 CET	443	49727	8.210.226.45	192.168.2.9
Oct 29, 2024 18:53:16.392935991 CET	49727	443	192.168.2.9	8.210.226.45
Oct 29, 2024 18:53:16.721746922 CET	443	49727	8.210.226.45	192.168.2.9
Oct 29, 2024 18:53:16.721831083 CET	443	49727	8.210.226.45	192.168.2.9
Oct 29, 2024 18:53:16.722073078 CET	49727	443	192.168.2.9	8.210.226.45
Oct 29, 2024 18:53:16.722390890 CET	49727	443	192.168.2.9	8.210.226.45
Oct 29, 2024 18:53:16.722414970 CET	443	49727	8.210.226.45	192.168.2.9
Oct 29, 2024 18:53:24.291217089 CET	443	49725	23.206.229.209	192.168.2.9
Oct 29, 2024 18:53:24.291465044 CET	49725	443	192.168.2.9	23.206.229.209
Oct 29, 2024 18:53:32.895163059 CET	49704	80	192.168.2.9	199.232.210.172
Oct 29, 2024 18:53:32.901305914 CET	80	49704	199.232.210.172	192.168.2.9
Oct 29, 2024 18:53:32.901372910 CET	49704	80	192.168.2.9	199.232.210.172
Oct 29, 2024 18:53:37.846194983 CET	49712	443	192.168.2.9	8.218.107.249
Oct 29, 2024 18:53:37.846210957 CET	443	49712	8.218.107.249	192.168.2.9
Oct 29, 2024 18:53:52.322935104 CET	443	49712	8.218.107.249	192.168.2.9
Oct 29, 2024 18:53:52.323041916 CET	443	49712	8.218.107.249	192.168.2.9
Oct 29, 2024 18:53:52.323184967 CET	49712	443	192.168.2.9	8.218.107.249
Oct 29, 2024 18:53:53.897228956 CET	49712	443	192.168.2.9	8.218.107.249
Oct 29, 2024 18:53:53.897245884 CET	443	49712	8.218.107.249	192.168.2.9
Oct 29, 2024 18:53:54.191818953 CET	49730	443	192.168.2.9	142.250.185.100
Oct 29, 2024 18:53:54.191889048 CET	443	49730	142.250.185.100	192.168.2.9
Oct 29, 2024 18:53:54.191971064 CET	49730	443	192.168.2.9	142.250.185.100
Oct 29, 2024 18:53:54.192184925 CET	49730	443	192.168.2.9	142.250.185.100
Oct 29, 2024 18:53:54.192203045 CET	443	49730	142.250.185.100	192.168.2.9
Oct 29, 2024 18:53:55.083841085 CET	443	49730	142.250.185.100	192.168.2.9
Oct 29, 2024 18:53:55.084223986 CET	49730	443	192.168.2.9	142.250.185.100
Oct 29, 2024 18:53:55.084258080 CET	443	49730	142.250.185.100	192.168.2.9
Oct 29, 2024 18:53:55.084589958 CET	443	49730	142.250.185.100	192.168.2.9
Oct 29, 2024 18:53:55.084908962 CET	49730	443	192.168.2.9	142.250.185.100
Oct 29, 2024 18:53:55.084981918 CET	443	49730	142.250.185.100	192.168.2.9
Oct 29, 2024 18:53:55.127795935 CET	49730	443	192.168.2.9	142.250.185.100
Oct 29, 2024 18:54:05.158437014 CET	443	49730	142.250.185.100	192.168.2.9
Oct 29, 2024 18:54:05.158507109 CET	443	49730	142.250.185.100	192.168.2.9
Oct 29, 2024 18:54:05.158696890 CET	49730	443	192.168.2.9	142.250.185.100
Oct 29, 2024 18:54:05.897218943 CET	49730	443	192.168.2.9	142.250.185.100
Oct 29, 2024 18:54:05.897247076 CET	443	49730	142.250.185.100	192.168.2.9

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 29, 2024 18:52:49.457191944 CET	53	64885	1.1.1.1	192.168.2.9
Oct 29, 2024 18:52:49.468103886 CET	53	55631	1.1.1.1	192.168.2.9
Oct 29, 2024 18:52:51.140592098 CET	53	54803	1.1.1.1	192.168.2.9
Oct 29, 2024 18:52:51.243959904 CET	49671	53	192.168.2.9	1.1.1.1
Oct 29, 2024 18:52:51.244874001 CET	60986	53	192.168.2.9	1.1.1.1
Oct 29, 2024 18:52:51.416953087 CET	53	49671	1.1.1.1	192.168.2.9
Oct 29, 2024 18:52:51.451220989 CET	53	60986	1.1.1.1	192.168.2.9
Oct 29, 2024 18:52:53.282913923 CET	54225	53	192.168.2.9	1.1.1.1
Oct 29, 2024 18:52:53.283451080 CET	57477	53	192.168.2.9	1.1.1.1
Oct 29, 2024 18:52:53.485785007 CET	53	57477	1.1.1.1	192.168.2.9
Oct 29, 2024 18:52:53.519824028 CET	53	54225	1.1.1.1	192.168.2.9
Oct 29, 2024 18:52:54.141199112 CET	50298	53	192.168.2.9	1.1.1.1
Oct 29, 2024 18:52:54.142877102 CET	58853	53	192.168.2.9	1.1.1.1
Oct 29, 2024 18:52:54.149734974 CET	53	50298	1.1.1.1	192.168.2.9
Oct 29, 2024 18:52:54.150722980 CET	53	58853	1.1.1.1	192.168.2.9
Oct 29, 2024 18:52:55.772952080 CET	53	63587	1.1.1.1	192.168.2.9
Oct 29, 2024 18:53:08.137057066 CET	53	55076	1.1.1.1	192.168.2.9
Oct 29, 2024 18:53:14.665854931 CET	62563	53	192.168.2.9	1.1.1.1
Oct 29, 2024 18:53:14.666383028 CET	55461	53	192.168.2.9	1.1.1.1
Oct 29, 2024 18:53:15.025290966 CET	53	55461	1.1.1.1	192.168.2.9
Oct 29, 2024 18:53:15.025499105 CET	53	62563	1.1.1.1	192.168.2.9
Oct 29, 2024 18:53:27.075784922 CET	53	64483	1.1.1.1	192.168.2.9
Oct 29, 2024 18:53:32.609257936 CET	138	138	192.168.2.9	192.168.2.255
Oct 29, 2024 18:53:49.297517061 CET	53	63877	1.1.1.1	192.168.2.9
Oct 29, 2024 18:53:49.559173107 CET	53	54539	1.1.1.1	192.168.2.9

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 29, 2024 18:52:51.243959904 CET	192.168.2.9	1.1.1.1	0x2c4b	Standard query (0)	lx-cancer-star-mail.qiye.163.com	A (IP address)	IN (0x0001)	false
Oct 29, 2024 18:52:51.244874001 CET	192.168.2.9	1.1.1.1	0x7aa7	Standard query (0)	lx-cancer-star-mail.qiye.163.com	65	IN (0x0001)	false
Oct 29, 2024 18:52:53.282913923 CET	192.168.2.9	1.1.1.1	0xcedd	Standard query (0)	lx-virgo-star-mail.qiye.163.com	A (IP address)	IN (0x0001)	false
Oct 29, 2024 18:52:53.283451080 CET	192.168.2.9	1.1.1.1	0xd7b4	Standard query (0)	lx-virgo-star-mail.qiye.163.com	65	IN (0x0001)	false
Oct 29, 2024 18:52:54.141199112 CET	192.168.2.9	1.1.1.1	0x819b	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 29, 2024 18:52:54.142877102 CET	192.168.2.9	1.1.1.1	0x3db9	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 29, 2024 18:53:14.665854931 CET	192.168.2.9	1.1.1.1	0xd71c	Standard query (0)	lx-virgo-star-mail.qiye.163.com	A (IP address)	IN (0x0001)	false
Oct 29, 2024 18:53:14.666383028 CET	192.168.2.9	1.1.1.1	0x9f5	Standard query (0)	lx-virgo-star-mail.qiye.163.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 29, 2024 18:52:51.416953087 CET	1.1.1.1	192.168.2.9	0x2c4b	No error (0)	lx-cancer-star-mail.qiye.163.com		8.218.107.249	A (IP address)	IN (0x0001)	false
Oct 29, 2024 18:52:53.519824028 CET	1.1.1.1	192.168.2.9	0xcedd	No error (0)	lx-virgo-star-mail.qiye.163.com		8.210.226.45	A (IP address)	IN (0x0001)	false
Oct 29, 2024 18:52:54.149734974 CET	1.1.1.1	192.168.2.9	0x819b	No error (0)	www.google.com		142.250.185.100	A (IP address)	IN (0x0001)	false
Oct 29, 2024 18:52:54.150722980 CET	1.1.1.1	192.168.2.9	0x3db9	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 29, 2024 18:53:02.594027996 CET	1.1.1.1	192.168.2.9	0x2dd4	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 29, 2024 18:53:02.594027996 CET	1.1.1.1	192.168.2.9	0x2dd4	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Oct 29, 2024 18:53:15.025499105 CET	1.1.1.1	192.168.2.9	0xd71c	No error (0)	lx-virgo-star-mail.qiye.163.com		8.210.226.45	A (IP address)	IN (0x0001)	false
Oct 29, 2024 18:53:16.576567888 CET	1.1.1.1	192.168.2.9	0xc0c6	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 29, 2024 18:53:16.576567888 CET	1.1.1.1	192.168.2.9	0xc0c6	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

lx-cancer-star-mail.qiye.163.com

lx-virgo-star-mail.qiye.163.com

https:

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.9	49713	8.218.107.249	443	2800	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 17:52:52 UTC	1005	OUT	GET /api/j/re?c=https%3A%2F%2Flx-virgo-star-mail.qiye.163.com%2Funsubscribe_en.html%3Fhost%3Dlx-virgo-star-mail.qiye.163.com%26sign%3DV2.ajzqPKmIuPSUtjI49cnckmTYmpRUMxctJi1hQWQQ4r48hQ4SYIdCZ53u_UJD9Kwudt4_TGR-q8QGlNW2lifYow30Lmqfrm9BtpqSiq7XoI_i4CfXEdDCXLiubh9D0QGWClQ_SIVh_Vc9mJbQ0YXk8sjzfFvPZxfrLiol5Ij2fJA%26from%3Dfelix@mexxwin.com HTTP/1.1 Host: lx-cancer-star-mail.qiye.163.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-29 17:52:53 UTC	1044	IN	HTTP/1.1 302 Found Server: nginx/1.20.1 Date: Tue, 29 Oct 2024 17:52:53 GMT Content-Length: 0 Connection: close x-content-type-options: nosniff x-xss-protection: 1; mode=block cache-control: no-cache, no-store, max-age=0, must-revalidate pragma: no-cache expires: 0 location: https://lx-virgo-star-mail.qiye.163.com/unsubscribe_en.html?host=lx-virgo-star-mail.qiye.163.com&sign=V2.ajzqPKmIuPSUtjI49cnckmTYmpRUMxctJi1hQWQQ4r48hQ4SYIdCZ53u_UJD9Kwudt4_TGR-q8QGlNW2lifYow30Lmqfrm9BtpqSiq7XoI_i4CfXEdDCXLiubh9D0QGWClQ_SIVh_Vc9mJbQ0YXk8sjzfFvPZxfrLiol5Ij2fJA&from=felix@mexxwin.com&origin=https%3A%2F%2Flx-virgo-star-mail.qiye.163.com%2Funsubscribe_en.html%3Fhost%3Dlx-virgo-star-mail.qiye.163.com%26sign%3DV2.ajzqPKmIuPSUtjI49cnckmTYmpRUMxctJi1hQWQQ4r48hQ4SYIdCZ53u_UJD9Kwudt4_TGR-q8QGlNW2lifYow30Lmqfrm9BtpqSiq7XoI_i4CfXEdDCXLiubh9D0QGWClQ_SIVh_Vc9mJbQ0YXk8sjzfFvPZxfrLiol5Ij2fJA%26from%3Dfelix%40mexxwin.com content-language: en-US x-envoy-upstream-service-time: 2 lingxi-traceid: 16479eebe4730e36555c825f4f1cbff0_n^750873600000^0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.9	49716	8.210.226.45	443	2800	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 17:52:54 UTC	1262	OUT	GET /unsubscribe_en.html?host=lx-virgo-star-mail.qiye.163.com&sign=V2.ajzqPKmIuPSUtjI49cnckmTYmpRUMxctJi1hQWQQ4r48hQ4SYIdCZ53u_UJD9Kwudt4_TGR-q8QGlNW2lifYow30Lmqfrm9BtpqSiq7XoI_i4CfXEdDCXLiubh9D0QGWClQ_SIVh_Vc9mJbQ0YXk8sjzfFvPZxfrLiol5Ij2fJA&from=felix@mexxwin.com&origin=https%3A%2F%2Flx-virgo-star-mail.qiye.163.com%2Funsubscribe_en.html%3Fhost%3Dlx-virgo-star-mail.qiye.163.com%26sign%3DV2.ajzqPKmIuPSUtjI49cnckmTYmpRUMxctJi1hQWQQ4r48hQ4SYIdCZ53u_UJD9Kwudt4_TGR-q8QGlNW2lifYow30Lmqfrm9BtpqSiq7XoI_i4CfXEdDCXLiubh9D0QGWClQ_SIVh_Vc9mJbQ0YXk8sjzfFvPZxfrLiol5Ij2fJA%26from%3Dfelix%40mexxwin.com HTTP/1.1 Host: lx-virgo-star-mail.qiye.163.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-29 17:52:55 UTC	472	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Tue, 29 Oct 2024 17:52:55 GMT Content-Type: text/html Content-Length: 8415 Connection: close last-modified: Tue, 29 Oct 2024 10:07:14 GMT accept-ranges: bytes x-content-type-options: nosniff x-xss-protection: 1; mode=block cache-control: no-cache, no-store, max-age=0, must-revalidate pragma: no-cache expires: 0 x-envoy-upstream-service-time: 5 lingxi-traceid: 6be89a58792543b78fefbe97^1697545956650^1639246586
2024-10-29 17:52:55 UTC	8415	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 61 73 65 20 46 6f 72 65 69 67 6e 20 54 72 61 64 65 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 68 74 6d 6c 2c 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: <!DOCTYPE html><html><head> <meta charset="UTF-8"> <title>Ease Foreign Trade</title> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" /> <style> html, body { margin: 0;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.9	49718	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 17:52:56 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-29 17:52:56 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=68512 Date: Tue, 29 Oct 2024 17:52:56 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.9	49719	8.210.226.45	443	2800	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 17:52:57 UTC	1206	OUT	GET /favicon.ico HTTP/1.1 Host: lx-virgo-star-mail.qiye.163.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://lx-virgo-star-mail.qiye.163.com/unsubscribe_en.html?host=lx-virgo-star-mail.qiye.163.com&sign=V2.ajzqPKmIuPSUtjI49cnckmTYmpRUMxctJi1hQWQQ4r48hQ4SYIdCZ53u_UJD9Kwudt4_TGR-q8QGlNW2lifYow30Lmqfrm9BtpqSiq7XoI_i4CfXEdDCXLiubh9D0QGWClQ_SIVh_Vc9mJbQ0YXk8sjzfFvPZxfrLiol5Ij2fJA&from=felix@mexxwin.com&origin=https%3A%2F%2Flx-virgo-star-mail.qiye.163.com%2Funsubscribe_en.html%3Fhost%3Dlx-virgo-star-mail.qiye.163.com%26sign%3DV2.ajzqPKmIuPSUtjI49cnckmTYmpRUMxctJi1hQWQQ4r48hQ4SYIdCZ53u_UJD9Kwudt4_TGR-q8QGlNW2lifYow30Lmqfrm9BtpqSiq7XoI_i4CfXEdDCXLiubh9D0QGWClQ_SIVh_Vc9mJbQ0YXk8sjzfFvPZxfrLiol5Ij2fJA%26from%3Dfelix%40mexxwin.com Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-29 17:52:57 UTC	123	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Tue, 29 Oct 2024 17:52:57 GMT Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.9	49722	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 17:52:57 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-29 17:52:57 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=68565 Date: Tue, 29 Oct 2024 17:52:57 GMT Content-Length: 55 Connection: close X-CID: 2
2024-10-29 17:52:57 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.9	49726	8.210.226.45	443	2800	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 17:53:13 UTC	1334	OUT	GET /api/pub/edm/unsubscribe?sign=V2.ajzqPKmIuPSUtjI49cnckmTYmpRUMxctJi1hQWQQ4r48hQ4SYIdCZ53u_UJD9Kwudt4_TGR-q8QGlNW2lifYow30Lmqfrm9BtpqSiq7XoI_i4CfXEdDCXLiubh9D0QGWClQ_SIVh_Vc9mJbQ0YXk8sjzfFvPZxfrLiol5Ij2fJA HTTP/1.1 Host: lx-virgo-star-mail.qiye.163.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://lx-virgo-star-mail.qiye.163.com/unsubscribe_en.html?host=lx-virgo-star-mail.qiye.163.com&sign=V2.ajzqPKmIuPSUtjI49cnckmTYmpRUMxctJi1hQWQQ4r48hQ4SYIdCZ53u_UJD9Kwudt4_TGR-q8QGlNW2lifYow30Lmqfrm9BtpqSiq7XoI_i4CfXEdDCXLiubh9D0QGWClQ_SIVh_Vc9mJbQ0YXk8sjzfFvPZxfrLiol5Ij2fJA&from=felix@mexxwin.com&origin=https%3A%2F%2Flx-virgo-star-mail.qiye.163.com%2Funsubscribe_en.html%3Fhost%3Dlx-virgo-star-mail.qiye.163.com%26sign%3DV2.ajzqPKmIuPSUtjI49cnckmTYmpRUMxctJi1hQWQQ4r48hQ4SYIdCZ53u_UJD9Kwudt4_TGR-q8QGlNW2lifYow30Lmqfrm9BtpqSiq7XoI_i4CfXEdDCXLiubh9D0QGWClQ_SIVh_Vc9mJbQ0YXk8sjzfFvPZxfrLiol5Ij2fJA%26from%3Dfelix%40mexxwin.com Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-29 17:53:14 UTC	433	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Tue, 29 Oct 2024 17:53:14 GMT Content-Type: application/json;charset=UTF-8 Transfer-Encoding: chunked Connection: close x-content-type-options: nosniff x-xss-protection: 1; mode=block cache-control: no-cache, no-store, max-age=0, must-revalidate pragma: no-cache expires: 0 x-envoy-upstream-service-time: 798 lingxi-traceid: 25f09107910a47cab1862f0c^1697542394212^1597675875
2024-10-29 17:53:14 UTC	63	IN	Data Raw: 33 34 0d 0a 7b 22 64 61 74 61 22 3a 6e 75 6c 6c 2c 22 73 75 63 63 65 73 73 22 3a 74 72 75 65 2c 22 6d 65 73 73 61 67 65 22 3a 6e 75 6c 6c 2c 22 63 6f 64 65 22 3a 30 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 34{"data":null,"success":true,"message":null,"code":0}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.9	49727	8.210.226.45	443	2800	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 17:53:16 UTC	558	OUT	GET /api/pub/edm/unsubscribe?sign=V2.ajzqPKmIuPSUtjI49cnckmTYmpRUMxctJi1hQWQQ4r48hQ4SYIdCZ53u_UJD9Kwudt4_TGR-q8QGlNW2lifYow30Lmqfrm9BtpqSiq7XoI_i4CfXEdDCXLiubh9D0QGWClQ_SIVh_Vc9mJbQ0YXk8sjzfFvPZxfrLiol5Ij2fJA HTTP/1.1 Host: lx-virgo-star-mail.qiye.163.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-29 17:53:16 UTC	430	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Tue, 29 Oct 2024 17:53:16 GMT Content-Type: application/json;charset=UTF-8 Transfer-Encoding: chunked Connection: close x-content-type-options: nosniff x-xss-protection: 1; mode=block cache-control: no-cache, no-store, max-age=0, must-revalidate pragma: no-cache expires: 0 x-envoy-upstream-service-time: 2 lingxi-traceid: 59be64347f8b454fb6a21730^1697545525241^227134600
2024-10-29 17:53:16 UTC	77	IN	Data Raw: 34 32 0d 0a 7b 22 64 61 74 61 22 3a 22 e6 93 8d e4 bd 9c e8 bf 87 e4 ba 8e e9 a2 91 e7 b9 81 22 2c 22 73 75 63 63 65 73 73 22 3a 74 72 75 65 2c 22 6d 65 73 73 61 67 65 22 3a 22 22 2c 22 63 6f 64 65 22 3a 30 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 42{"data":"","success":true,"message":"","code":0}0

Target ID:	0
Start time:	13:52:45
Start date:	29/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff6b2cb0000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	13:52:48
Start date:	29/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1912,i,17293050707104362883,3219657520128468775,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff6b2cb0000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	13:52:50
Start date:	29/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://lx-cancer-star-mail.qiye.163.com/api/j/re?c=https%3A%2F%2Flx-virgo-star-mail.qiye.163.com%2Funsubscribe_en.html%3Fhost%3Dlx-virgo-star-mail.qiye.163.com%26sign%3DV2.ajzqPKmIuPSUtjI49cnckmTYmpRUMxctJi1hQWQQ4r48hQ4SYIdCZ53u_UJD9Kwudt4_TGR-q8QGlNW2lifYow30Lmqfrm9BtpqSiq7XoI_i4CfXEdDCXLiubh9D0QGWClQ_SIVh_Vc9mJbQ0YXk8sjzfFvPZxfrLiol5Ij2fJA%26from%3Dfelix@mexxwin.com"
Imagebase:	0x7ff6b2cb0000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 59

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 6088, Parent PID: 5324

General

Chronological Activities

Analysis Process: chrome.exePID: 2800, Parent PID: 6088

General

Chronological Activities

Analysis Process: chrome.exePID: 6672, Parent PID: 5324

General