Edit tour

Windows Analysis Report
https://donate.donaldjtrump.com/lets-keep-fighting

Overview

General Information

Sample URL:	https://donate.donaldjtrump.com/lets-keep-fighting
Analysis ID:	1538306
Tags:	urlscan
Infos:

Errors URL not reachable

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2532 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6896 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1920,i,3885684567850903955,934621954762953863,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3780 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://donate.donaldjtrump.com/lets-keep-fighting" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49718 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45

Source: global traffic	HTTP traffic detected: GET /lets-keep-fighting HTTP/1.1Host: donate.donaldjtrump.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /lets-keep-fighting HTTP/1.1Host: donate.donaldjtrump.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /lets-keep-fighting HTTP/1.1Host: donate.donaldjtrump.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /lets-keep-fighting HTTP/1.1Host: donate.donaldjtrump.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: donate.donaldjtrump.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49718 version: TLS 1.2

Source: classification engine

Classification label: unknown0.win@19/6@4/4

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1920,i,3885684567850903955,934621954762953863,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://donate.donaldjtrump.com/lets-keep-fighting"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1920,i,3885684567850903955,934621954762953863,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
domains.anedot.com	104.18.237.197	true	false	unknown
www.google.com	142.250.185.196	true	false	unknown
donate.donaldjtrump.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://donate.donaldjtrump.com/lets-keep-fighting	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.18.237.197	domains.anedot.com	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.196	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.8

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1538306
Start date and time:	2024-10-21 00:12:46 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 14s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://donate.donaldjtrump.com/lets-keep-fighting
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	UNKNOWN
Classification:	unknown0.win@19/6@4/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	URL browsing timeout or error

Errors

URL not reachable

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 64.233.167.84, 142.250.185.206, 142.250.184.195, 34.104.35.123, 172.202.163.200, 2.19.126.137, 2.19.126.163
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, download.windowsupdate.com.edgesuite.net, clients2.google.com, edgedl.me.gvt1.com, sls.update.microsoft.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://donate.donaldjtrump.com/lets-keep-fighting

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 20 21:13:47 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9839197948566034
Encrypted:	false
SSDEEP:	48:8GC0d8TAclHIidAKZdA1oehwiZUklqehZy+3:8LjHROy
MD5:	AC5C95CFAD01272467E8B1CE4DBA26E1
SHA1:	7F07E7C22C2554E437163A631719812BB7A17360
SHA-256:	9C5D141A643F71422CE3C0D3732EE43A895E8658DE4CDA8E0E4E6EC4A965E68F
SHA-512:	0C743749AEC2BFF54C5149552F417E5DF1E646C9F604A1A87E7446E55C0305A1BA5A349906136D272EE49EE97BE20D2D79DA503ADF040E5BB86B2372B5EBA702
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....R.U=#..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.ITY......B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VTY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VTY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VTY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VTY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............p%\|.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 20 21:13:47 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.996604644480196
Encrypted:	false
SSDEEP:	48:8JC0d8TAclHIidAKZdA1leh/iZUkAQkqeh+y+2:8UjHD9Q3y
MD5:	B1880C029473022E7F1E27AEAE201150
SHA1:	B636D3EDE514ABD161892D76F297FEB67079DCDF
SHA-256:	BA9A0EDB6EC65EBC79780A144E6D885152CC404CB751979293A01BDDE4D883B4
SHA-512:	154F1F4DC21AC0B16854BFEB4A1E87AEAEEA6AEFEE39E9CBC03756495CD9A83766944A6CB82157495890E4FDC105C12BD24F69544C92661B67B461EDCD58626B
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......nU=#..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.ITY......B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VTY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VTY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VTY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VTY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............p%\|.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:00:51 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.009083696898837
Encrypted:	false
SSDEEP:	48:8h0d8TAcbHIidAKZdA14t5eh7sFiZUkmgqeh7ssy+BX:8hjHpnSy
MD5:	A17960302F7D6D1E33DD4BE426F9438B
SHA1:	04380C43ABC6F7517D59A5371F758F7719D1B516
SHA-256:	439649F4D707F0C113722F7025CDE66F0F7D27F1C7EC3C4256CC88A65F0A53BD
SHA-512:	F1F074C6C77A025CF253112675BE513954F3235D5AB603DD554192634A224D313063B8CE7828CF69DCF0B773A665C0A346F73AC33A19EC394FD9B078CA983C9F
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....C..b...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.ITY......B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VTY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VTY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VTY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VEW.@...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............p%\|.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 20 21:13:47 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.995837947222426
Encrypted:	false
SSDEEP:	48:8iC0d8TAclHIidAKZdA16ehDiZUkwqehKy+R:8HjHwEy
MD5:	28DE92A2057037C146FAA81B8585EFD4
SHA1:	5563F466E392D3C971203ECE666DFB21EEE7D767
SHA-256:	724C909BE439ED7492105AFA89E7744D63CBDE8B821602293365C985EFEE4833
SHA-512:	B60C0CBB8EB0898B69B49897BD01B7EB3B9930C762811739D6DCCF7F44B62CBDB67196E686239963D6DC0E683C8607BB31B1DC959446582FDA273B662E541F6A
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......gU=#..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.ITY......B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VTY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VTY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VTY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VTY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............p%\|.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 20 21:13:47 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.985994105521226
Encrypted:	false
SSDEEP:	48:82C0d8TAclHIidAKZdA1UehBiZUk1W1qehgy+C:87jHw9Ay
MD5:	4D93A942D348A4E5EA91CF7FDCD9EBD8
SHA1:	7C8E4B7B50B3DEE348C71F2D679F853967773528
SHA-256:	0250F2FD94C8109BDF8F7CAFC660AF88FFDE8BE3E682882B9755E47909ECD4D9
SHA-512:	582EB36649F51DF675ED68423D644B15CADDC3A384FEDBB36A32BB8939141CEA252F44A6D619E723F4314CEFFD8978509408F407B697BB8303EF4922068A4C4F
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....#yU=#..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.ITY......B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VTY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VTY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VTY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VTY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............p%\|.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 20 21:13:46 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9972599699031357
Encrypted:	false
SSDEEP:	48:8jC0d8TAclHIidAKZdA1duTrehOuTbbiZUk5OjqehOuTbSy+yT+:8+jHdTYTbxWOvTbSy7T
MD5:	819CE4453BE3270AD61DD169B758D77F
SHA1:	616340B36841E2D4A7DF32EF0D974650BE9AFCAF
SHA-256:	917A502B2391EBF30E8C1A4BAA0810FF0E75F6A823FBCAAF1B337B4E3BEFAB25
SHA-512:	ECABD9826884E6F23BEF4C3B164D2C05FE2B3FE8F00A9327A111F021CF8C96187E2B88AF5D03E2220FC16AB56C2F6DA43A089BAB527590E1E65E88FCEECC8A25
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......]U=#..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.ITY......B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VTY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VTY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VTY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VTY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............p%\|.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 21, 2024 00:13:36.179269075 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.179338932 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.179510117 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:36.180754900 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.181128025 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.181194067 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:36.181917906 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.183464050 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:36.183914900 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:36.184325933 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:36.184945107 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:36.185229063 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:36.188846111 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.188981056 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.189616919 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.190063953 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.190068007 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.342036009 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.342168093 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.342341900 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.342365026 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:36.342412949 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.342789888 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.342844963 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:36.343769073 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.343844891 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:36.345741987 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:36.346290112 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:36.346718073 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:36.347313881 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:36.347410917 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:36.350636959 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.351113081 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.351689100 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.352372885 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.352391005 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.505465031 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.505642891 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.505738974 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:36.507210970 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.507411957 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.507468939 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:36.508275032 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.508339882 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.508390903 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:36.508521080 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.509504080 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:36.510154963 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:36.510478020 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:36.511507034 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:36.511805058 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:36.514434099 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.515019894 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.515228987 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.516357899 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.516642094 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.630669117 CEST	49676	443	192.168.2.8	52.182.143.211
Oct 21, 2024 00:13:36.687694073 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.687923908 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.688002110 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:36.691160917 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:36.696104050 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.707262039 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.707525015 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.707631111 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:36.710164070 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:36.710264921 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:36.715390921 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.716322899 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.716512918 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.716608047 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:36.717251062 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.718722105 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:36.718969107 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:36.723848104 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.847738028 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.851990938 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:36.871913910 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.872217894 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.872231007 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.872284889 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:36.875179052 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:36.875300884 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:36.876771927 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.876873970 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:36.878880978 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:36.879127979 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.880387068 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:36.881273985 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:36.886123896 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.020025015 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.024136066 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:37.037201881 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.037424088 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.037488937 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:37.039153099 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.039942980 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:37.041004896 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:37.041263103 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.041332960 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:37.043169022 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:37.045838118 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.048327923 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.050303936 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:37.097336054 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.182718992 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.185863972 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:37.191049099 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.196302891 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.197423935 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.197503090 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:37.199498892 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:37.199641943 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:37.204595089 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.208012104 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.210191965 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:37.210833073 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.210905075 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:37.212872028 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:37.218395948 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.342734098 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.347106934 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:37.358522892 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.358735085 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.358792067 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:37.358858109 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.361196995 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:37.361459970 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:37.366637945 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.366699934 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.369026899 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:37.369857073 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.372248888 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:37.377278090 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.541306973 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.541435957 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.541498899 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:37.541954994 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.542201996 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.542249918 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:37.542455912 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.544619083 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.544689894 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:37.545274019 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:37.545473099 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:37.546215057 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:37.546772957 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:37.547483921 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:37.550318003 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.551683903 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.593456984 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.702950001 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.703097105 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.703171968 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:37.703576088 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.703713894 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.703756094 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:37.705143929 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.705790043 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.705940008 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:37.707178116 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:37.707415104 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:37.708326101 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:37.709119081 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:37.709428072 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:37.712054968 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.712446928 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.713145971 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.713992119 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.714209080 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.911950111 CEST	49671	443	192.168.2.8	204.79.197.203
Oct 21, 2024 00:13:37.954909086 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.955061913 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.955144882 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:37.955452919 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.955703020 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.955761909 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:37.955869913 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.956188917 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.956237078 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:37.959148884 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:37.959517956 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:37.959671974 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:37.960274935 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:37.960628986 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:37.965759993 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.965894938 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.966242075 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.966831923 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:37.966860056 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:38.118609905 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:38.118895054 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:38.118930101 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:38.118995905 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:38.119581938 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:38.119649887 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:38.119853020 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:38.120496988 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:38.120558023 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:38.122659922 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:38.122834921 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:38.123769045 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:38.124053955 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:38.124181032 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:38.129035950 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:38.129239082 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:38.130145073 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:38.130695105 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:38.130723953 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:38.224417925 CEST	49677	80	192.168.2.8	192.229.211.108
Oct 21, 2024 00:13:38.286803007 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:38.287003994 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:38.287111998 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:38.288767099 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:38.288978100 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:38.289040089 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:38.290293932 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:38.292440891 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:38.292534113 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:38.292809010 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:38.293277025 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:38.297620058 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:38.298976898 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:38.299432039 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:38.865633011 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:38.865829945 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:38.865897894 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:38.865953922 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:38.867564917 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:38.867646933 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:38.870176077 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:38.870218039 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:38.870383978 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:38.872580051 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:38.874464989 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:38.874644995 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:38.874701023 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:38.876606941 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:38.876671076 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:38.877243042 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:38.877495050 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:38.879081964 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:38.883291960 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:38.883805990 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.031342983 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.031565905 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.031622887 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.031641960 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:39.035345078 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:39.036089897 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:39.036659956 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.036720991 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:39.038461924 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.038525105 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:39.038801908 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.038816929 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.038872004 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:39.038955927 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:39.041378021 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:39.041536093 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:39.041660070 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.042208910 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.045017958 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.047875881 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.047890902 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.194497108 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.194514036 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.194562912 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:39.197554111 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:39.199907064 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.200918913 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.200990915 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:39.202099085 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:39.202337980 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.202393055 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:39.202558994 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.202609062 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:39.202785969 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:39.203294992 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.204060078 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.204487085 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:39.204839945 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:39.209059954 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.209167004 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.210798025 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.211239100 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.355765104 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.358444929 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:39.360260010 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.360320091 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:39.360457897 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.360501051 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:39.360560894 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.362415075 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.362474918 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:39.362802982 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.362849951 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:39.362946033 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.362986088 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:39.365446091 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.367432117 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:39.367906094 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:39.368201017 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:39.368514061 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:39.375231028 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.375953913 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.376720905 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.518862963 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.519002914 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.519016027 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.519062042 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:39.526757002 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:39.529576063 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.529633999 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:39.529798031 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.529839993 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:39.530517101 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.530565977 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:39.530714989 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.530755997 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:39.530947924 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.530987024 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:39.531831980 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.531878948 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:39.532058954 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.533683062 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.536606073 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:39.543530941 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.583713055 CEST	49673	443	192.168.2.8	23.206.229.226
Oct 21, 2024 00:13:39.597991943 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:39.599143028 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:39.600339890 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:39.605072975 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.606132984 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.607219934 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.686595917 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.696718931 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.699310064 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:39.727262974 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:39.727344036 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:39.734117031 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.757432938 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.757961035 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.758028030 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:39.758469105 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.763936996 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:39.764833927 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:39.771238089 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.889441013 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.889549971 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.889636040 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:39.896239042 CEST	49672	443	192.168.2.8	23.206.229.226
Oct 21, 2024 00:13:39.923324108 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.923784018 CEST	443	49703	13.107.246.45	192.168.2.8
Oct 21, 2024 00:13:39.923881054 CEST	49703	443	192.168.2.8	13.107.246.45
Oct 21, 2024 00:13:46.372201920 CEST	49676	443	192.168.2.8	52.182.143.211
Oct 21, 2024 00:13:47.026377916 CEST	49710	443	192.168.2.8	104.18.237.197
Oct 21, 2024 00:13:47.026429892 CEST	443	49710	104.18.237.197	192.168.2.8
Oct 21, 2024 00:13:47.026503086 CEST	49710	443	192.168.2.8	104.18.237.197
Oct 21, 2024 00:13:47.026866913 CEST	49711	443	192.168.2.8	104.18.237.197
Oct 21, 2024 00:13:47.026916981 CEST	443	49711	104.18.237.197	192.168.2.8
Oct 21, 2024 00:13:47.026962042 CEST	49711	443	192.168.2.8	104.18.237.197
Oct 21, 2024 00:13:47.028037071 CEST	49711	443	192.168.2.8	104.18.237.197
Oct 21, 2024 00:13:47.028053045 CEST	443	49711	104.18.237.197	192.168.2.8
Oct 21, 2024 00:13:47.028389931 CEST	49710	443	192.168.2.8	104.18.237.197
Oct 21, 2024 00:13:47.028402090 CEST	443	49710	104.18.237.197	192.168.2.8
Oct 21, 2024 00:13:47.784611940 CEST	443	49711	104.18.237.197	192.168.2.8
Oct 21, 2024 00:13:47.786351919 CEST	443	49710	104.18.237.197	192.168.2.8
Oct 21, 2024 00:13:47.788433075 CEST	49711	443	192.168.2.8	104.18.237.197
Oct 21, 2024 00:13:47.788469076 CEST	443	49711	104.18.237.197	192.168.2.8
Oct 21, 2024 00:13:47.788537025 CEST	49710	443	192.168.2.8	104.18.237.197
Oct 21, 2024 00:13:47.788548946 CEST	443	49710	104.18.237.197	192.168.2.8
Oct 21, 2024 00:13:47.789447069 CEST	443	49711	104.18.237.197	192.168.2.8
Oct 21, 2024 00:13:47.789488077 CEST	443	49710	104.18.237.197	192.168.2.8
Oct 21, 2024 00:13:47.789501905 CEST	49711	443	192.168.2.8	104.18.237.197
Oct 21, 2024 00:13:47.789563894 CEST	49710	443	192.168.2.8	104.18.237.197
Oct 21, 2024 00:13:47.797278881 CEST	49710	443	192.168.2.8	104.18.237.197
Oct 21, 2024 00:13:47.797395945 CEST	443	49710	104.18.237.197	192.168.2.8
Oct 21, 2024 00:13:47.797559023 CEST	49711	443	192.168.2.8	104.18.237.197
Oct 21, 2024 00:13:47.797661066 CEST	443	49711	104.18.237.197	192.168.2.8
Oct 21, 2024 00:13:47.798095942 CEST	49710	443	192.168.2.8	104.18.237.197
Oct 21, 2024 00:13:47.798103094 CEST	443	49710	104.18.237.197	192.168.2.8
Oct 21, 2024 00:13:47.841093063 CEST	49711	443	192.168.2.8	104.18.237.197
Oct 21, 2024 00:13:47.841128111 CEST	443	49711	104.18.237.197	192.168.2.8
Oct 21, 2024 00:13:47.841140032 CEST	49710	443	192.168.2.8	104.18.237.197
Oct 21, 2024 00:13:47.889672995 CEST	49711	443	192.168.2.8	104.18.237.197
Oct 21, 2024 00:13:48.125101089 CEST	443	49710	104.18.237.197	192.168.2.8
Oct 21, 2024 00:13:48.125165939 CEST	443	49710	104.18.237.197	192.168.2.8
Oct 21, 2024 00:13:48.125262976 CEST	49710	443	192.168.2.8	104.18.237.197
Oct 21, 2024 00:13:48.130058050 CEST	49710	443	192.168.2.8	104.18.237.197
Oct 21, 2024 00:13:48.130076885 CEST	443	49710	104.18.237.197	192.168.2.8
Oct 21, 2024 00:13:48.856544971 CEST	49677	80	192.168.2.8	192.229.211.108
Oct 21, 2024 00:13:49.162919998 CEST	49714	443	192.168.2.8	104.18.237.197
Oct 21, 2024 00:13:49.162961960 CEST	443	49714	104.18.237.197	192.168.2.8
Oct 21, 2024 00:13:49.163335085 CEST	49714	443	192.168.2.8	104.18.237.197
Oct 21, 2024 00:13:49.163845062 CEST	49714	443	192.168.2.8	104.18.237.197
Oct 21, 2024 00:13:49.163853884 CEST	443	49714	104.18.237.197	192.168.2.8
Oct 21, 2024 00:13:49.169364929 CEST	49711	443	192.168.2.8	104.18.237.197
Oct 21, 2024 00:13:49.190363884 CEST	49673	443	192.168.2.8	23.206.229.226
Oct 21, 2024 00:13:49.211410999 CEST	443	49711	104.18.237.197	192.168.2.8
Oct 21, 2024 00:13:49.460056067 CEST	443	49711	104.18.237.197	192.168.2.8
Oct 21, 2024 00:13:49.460119009 CEST	443	49711	104.18.237.197	192.168.2.8
Oct 21, 2024 00:13:49.460194111 CEST	49711	443	192.168.2.8	104.18.237.197
Oct 21, 2024 00:13:49.461209059 CEST	49711	443	192.168.2.8	104.18.237.197
Oct 21, 2024 00:13:49.461232901 CEST	443	49711	104.18.237.197	192.168.2.8
Oct 21, 2024 00:13:49.498542070 CEST	49672	443	192.168.2.8	23.206.229.226
Oct 21, 2024 00:13:49.868777990 CEST	49715	443	192.168.2.8	142.250.185.196
Oct 21, 2024 00:13:49.868833065 CEST	443	49715	142.250.185.196	192.168.2.8
Oct 21, 2024 00:13:49.868884087 CEST	49715	443	192.168.2.8	142.250.185.196
Oct 21, 2024 00:13:49.869085073 CEST	49715	443	192.168.2.8	142.250.185.196
Oct 21, 2024 00:13:49.869102955 CEST	443	49715	142.250.185.196	192.168.2.8
Oct 21, 2024 00:13:49.929194927 CEST	443	49714	104.18.237.197	192.168.2.8
Oct 21, 2024 00:13:49.929857969 CEST	49714	443	192.168.2.8	104.18.237.197
Oct 21, 2024 00:13:49.929879904 CEST	443	49714	104.18.237.197	192.168.2.8
Oct 21, 2024 00:13:49.930186987 CEST	443	49714	104.18.237.197	192.168.2.8
Oct 21, 2024 00:13:49.930748940 CEST	49714	443	192.168.2.8	104.18.237.197
Oct 21, 2024 00:13:49.930799961 CEST	443	49714	104.18.237.197	192.168.2.8
Oct 21, 2024 00:13:49.931077957 CEST	49714	443	192.168.2.8	104.18.237.197
Oct 21, 2024 00:13:49.975394964 CEST	443	49714	104.18.237.197	192.168.2.8
Oct 21, 2024 00:13:50.217833042 CEST	49716	443	192.168.2.8	184.28.90.27
Oct 21, 2024 00:13:50.217861891 CEST	443	49716	184.28.90.27	192.168.2.8
Oct 21, 2024 00:13:50.217941999 CEST	49716	443	192.168.2.8	184.28.90.27
Oct 21, 2024 00:13:50.219952106 CEST	49716	443	192.168.2.8	184.28.90.27
Oct 21, 2024 00:13:50.219959974 CEST	443	49716	184.28.90.27	192.168.2.8
Oct 21, 2024 00:13:50.270204067 CEST	443	49714	104.18.237.197	192.168.2.8
Oct 21, 2024 00:13:50.270263910 CEST	443	49714	104.18.237.197	192.168.2.8
Oct 21, 2024 00:13:50.270302057 CEST	49714	443	192.168.2.8	104.18.237.197
Oct 21, 2024 00:13:50.275357008 CEST	49714	443	192.168.2.8	104.18.237.197
Oct 21, 2024 00:13:50.275372982 CEST	443	49714	104.18.237.197	192.168.2.8
Oct 21, 2024 00:13:50.946482897 CEST	443	49715	142.250.185.196	192.168.2.8
Oct 21, 2024 00:13:50.946738005 CEST	49715	443	192.168.2.8	142.250.185.196
Oct 21, 2024 00:13:50.946782112 CEST	443	49715	142.250.185.196	192.168.2.8
Oct 21, 2024 00:13:50.948045969 CEST	443	49715	142.250.185.196	192.168.2.8
Oct 21, 2024 00:13:50.948112011 CEST	49715	443	192.168.2.8	142.250.185.196
Oct 21, 2024 00:13:50.949981928 CEST	49715	443	192.168.2.8	142.250.185.196
Oct 21, 2024 00:13:50.950067043 CEST	443	49715	142.250.185.196	192.168.2.8
Oct 21, 2024 00:13:50.997299910 CEST	49715	443	192.168.2.8	142.250.185.196
Oct 21, 2024 00:13:50.997317076 CEST	443	49715	142.250.185.196	192.168.2.8
Oct 21, 2024 00:13:51.044162035 CEST	49715	443	192.168.2.8	142.250.185.196
Oct 21, 2024 00:13:51.283780098 CEST	443	49716	184.28.90.27	192.168.2.8
Oct 21, 2024 00:13:51.283853054 CEST	49716	443	192.168.2.8	184.28.90.27
Oct 21, 2024 00:13:51.286452055 CEST	49716	443	192.168.2.8	184.28.90.27
Oct 21, 2024 00:13:51.286463976 CEST	443	49716	184.28.90.27	192.168.2.8
Oct 21, 2024 00:13:51.286818981 CEST	443	49716	184.28.90.27	192.168.2.8
Oct 21, 2024 00:13:51.326009035 CEST	49716	443	192.168.2.8	184.28.90.27
Oct 21, 2024 00:13:51.371398926 CEST	443	49716	184.28.90.27	192.168.2.8
Oct 21, 2024 00:13:51.373367071 CEST	443	49704	23.206.229.226	192.168.2.8
Oct 21, 2024 00:13:51.373517036 CEST	49704	443	192.168.2.8	23.206.229.226
Oct 21, 2024 00:13:51.627238989 CEST	443	49716	184.28.90.27	192.168.2.8
Oct 21, 2024 00:13:51.627465963 CEST	443	49716	184.28.90.27	192.168.2.8
Oct 21, 2024 00:13:51.627569914 CEST	49716	443	192.168.2.8	184.28.90.27
Oct 21, 2024 00:13:51.627639055 CEST	49716	443	192.168.2.8	184.28.90.27
Oct 21, 2024 00:13:51.627650976 CEST	443	49716	184.28.90.27	192.168.2.8
Oct 21, 2024 00:13:51.627670050 CEST	49716	443	192.168.2.8	184.28.90.27
Oct 21, 2024 00:13:51.627676010 CEST	443	49716	184.28.90.27	192.168.2.8
Oct 21, 2024 00:13:51.658926964 CEST	49717	443	192.168.2.8	184.28.90.27
Oct 21, 2024 00:13:51.658973932 CEST	443	49717	184.28.90.27	192.168.2.8
Oct 21, 2024 00:13:51.659087896 CEST	49717	443	192.168.2.8	184.28.90.27
Oct 21, 2024 00:13:51.659380913 CEST	49717	443	192.168.2.8	184.28.90.27
Oct 21, 2024 00:13:51.659399033 CEST	443	49717	184.28.90.27	192.168.2.8
Oct 21, 2024 00:13:52.711030006 CEST	443	49717	184.28.90.27	192.168.2.8
Oct 21, 2024 00:13:52.711096048 CEST	49717	443	192.168.2.8	184.28.90.27
Oct 21, 2024 00:13:52.712451935 CEST	49717	443	192.168.2.8	184.28.90.27
Oct 21, 2024 00:13:52.712460995 CEST	443	49717	184.28.90.27	192.168.2.8
Oct 21, 2024 00:13:52.712701082 CEST	443	49717	184.28.90.27	192.168.2.8
Oct 21, 2024 00:13:52.713767052 CEST	49717	443	192.168.2.8	184.28.90.27
Oct 21, 2024 00:13:52.755419970 CEST	443	49717	184.28.90.27	192.168.2.8
Oct 21, 2024 00:13:53.014409065 CEST	443	49717	184.28.90.27	192.168.2.8
Oct 21, 2024 00:13:53.014468908 CEST	443	49717	184.28.90.27	192.168.2.8
Oct 21, 2024 00:13:53.014553070 CEST	49717	443	192.168.2.8	184.28.90.27
Oct 21, 2024 00:13:53.014708042 CEST	49717	443	192.168.2.8	184.28.90.27
Oct 21, 2024 00:13:53.014718056 CEST	443	49717	184.28.90.27	192.168.2.8
Oct 21, 2024 00:13:53.064145088 CEST	49718	443	192.168.2.8	184.28.90.27
Oct 21, 2024 00:13:53.064193964 CEST	443	49718	184.28.90.27	192.168.2.8
Oct 21, 2024 00:13:53.064274073 CEST	49718	443	192.168.2.8	184.28.90.27
Oct 21, 2024 00:13:53.064554930 CEST	49718	443	192.168.2.8	184.28.90.27
Oct 21, 2024 00:13:53.064567089 CEST	443	49718	184.28.90.27	192.168.2.8
Oct 21, 2024 00:13:54.109745026 CEST	443	49718	184.28.90.27	192.168.2.8
Oct 21, 2024 00:13:54.109838009 CEST	49718	443	192.168.2.8	184.28.90.27
Oct 21, 2024 00:13:54.111552000 CEST	49718	443	192.168.2.8	184.28.90.27
Oct 21, 2024 00:13:54.111579895 CEST	443	49718	184.28.90.27	192.168.2.8
Oct 21, 2024 00:13:54.111993074 CEST	443	49718	184.28.90.27	192.168.2.8
Oct 21, 2024 00:13:54.114950895 CEST	49718	443	192.168.2.8	184.28.90.27
Oct 21, 2024 00:13:54.155420065 CEST	443	49718	184.28.90.27	192.168.2.8
Oct 21, 2024 00:13:54.417650938 CEST	443	49718	184.28.90.27	192.168.2.8
Oct 21, 2024 00:13:54.417723894 CEST	443	49718	184.28.90.27	192.168.2.8
Oct 21, 2024 00:13:54.417799950 CEST	49718	443	192.168.2.8	184.28.90.27
Oct 21, 2024 00:13:54.434910059 CEST	49718	443	192.168.2.8	184.28.90.27
Oct 21, 2024 00:13:54.434946060 CEST	443	49718	184.28.90.27	192.168.2.8
Oct 21, 2024 00:13:55.579596996 CEST	49719	443	192.168.2.8	104.18.237.197
Oct 21, 2024 00:13:55.579644918 CEST	443	49719	104.18.237.197	192.168.2.8
Oct 21, 2024 00:13:55.579905033 CEST	49719	443	192.168.2.8	104.18.237.197
Oct 21, 2024 00:13:55.580235004 CEST	49719	443	192.168.2.8	104.18.237.197
Oct 21, 2024 00:13:55.580250025 CEST	443	49719	104.18.237.197	192.168.2.8
Oct 21, 2024 00:13:55.598140955 CEST	49720	443	192.168.2.8	104.18.237.197
Oct 21, 2024 00:13:55.598179102 CEST	443	49720	104.18.237.197	192.168.2.8
Oct 21, 2024 00:13:55.598265886 CEST	49720	443	192.168.2.8	104.18.237.197
Oct 21, 2024 00:13:55.599069118 CEST	49720	443	192.168.2.8	104.18.237.197
Oct 21, 2024 00:13:55.599077940 CEST	443	49720	104.18.237.197	192.168.2.8
Oct 21, 2024 00:13:56.346720934 CEST	443	49719	104.18.237.197	192.168.2.8
Oct 21, 2024 00:13:56.347160101 CEST	49719	443	192.168.2.8	104.18.237.197
Oct 21, 2024 00:13:56.347184896 CEST	443	49719	104.18.237.197	192.168.2.8
Oct 21, 2024 00:13:56.347511053 CEST	443	49719	104.18.237.197	192.168.2.8
Oct 21, 2024 00:13:56.348526955 CEST	49719	443	192.168.2.8	104.18.237.197
Oct 21, 2024 00:13:56.348597050 CEST	443	49719	104.18.237.197	192.168.2.8
Oct 21, 2024 00:13:56.348898888 CEST	49719	443	192.168.2.8	104.18.237.197
Oct 21, 2024 00:13:56.356843948 CEST	443	49720	104.18.237.197	192.168.2.8
Oct 21, 2024 00:13:56.357203960 CEST	49720	443	192.168.2.8	104.18.237.197
Oct 21, 2024 00:13:56.357214928 CEST	443	49720	104.18.237.197	192.168.2.8
Oct 21, 2024 00:13:56.357542038 CEST	443	49720	104.18.237.197	192.168.2.8
Oct 21, 2024 00:13:56.358557940 CEST	49720	443	192.168.2.8	104.18.237.197
Oct 21, 2024 00:13:56.358628035 CEST	443	49720	104.18.237.197	192.168.2.8
Oct 21, 2024 00:13:56.391412020 CEST	443	49719	104.18.237.197	192.168.2.8
Oct 21, 2024 00:13:56.405498981 CEST	49720	443	192.168.2.8	104.18.237.197
Oct 21, 2024 00:13:56.641006947 CEST	443	49719	104.18.237.197	192.168.2.8
Oct 21, 2024 00:13:56.641077995 CEST	443	49719	104.18.237.197	192.168.2.8
Oct 21, 2024 00:13:56.641151905 CEST	49719	443	192.168.2.8	104.18.237.197
Oct 21, 2024 00:13:56.759038925 CEST	49719	443	192.168.2.8	104.18.237.197
Oct 21, 2024 00:13:56.759076118 CEST	443	49719	104.18.237.197	192.168.2.8
Oct 21, 2024 00:14:00.945970058 CEST	443	49715	142.250.185.196	192.168.2.8
Oct 21, 2024 00:14:00.946042061 CEST	443	49715	142.250.185.196	192.168.2.8
Oct 21, 2024 00:14:00.946147919 CEST	49715	443	192.168.2.8	142.250.185.196
Oct 21, 2024 00:14:01.813385963 CEST	49715	443	192.168.2.8	142.250.185.196
Oct 21, 2024 00:14:01.813416958 CEST	443	49715	142.250.185.196	192.168.2.8

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 21, 2024 00:13:45.628051043 CEST	53	55849	1.1.1.1	192.168.2.8
Oct 21, 2024 00:13:45.628197908 CEST	53	50022	1.1.1.1	192.168.2.8
Oct 21, 2024 00:13:46.987685919 CEST	59671	53	192.168.2.8	1.1.1.1
Oct 21, 2024 00:13:46.988128901 CEST	59180	53	192.168.2.8	1.1.1.1
Oct 21, 2024 00:13:47.000648022 CEST	53	59671	1.1.1.1	192.168.2.8
Oct 21, 2024 00:13:47.001210928 CEST	53	59180	1.1.1.1	192.168.2.8
Oct 21, 2024 00:13:47.449950933 CEST	53	50841	1.1.1.1	192.168.2.8
Oct 21, 2024 00:13:49.849590063 CEST	55757	53	192.168.2.8	1.1.1.1
Oct 21, 2024 00:13:49.852643967 CEST	64684	53	192.168.2.8	1.1.1.1
Oct 21, 2024 00:13:49.858704090 CEST	53	55757	1.1.1.1	192.168.2.8
Oct 21, 2024 00:13:49.862212896 CEST	53	64684	1.1.1.1	192.168.2.8
Oct 21, 2024 00:14:04.413717031 CEST	53	60973	1.1.1.1	192.168.2.8

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 21, 2024 00:13:46.987685919 CEST	192.168.2.8	1.1.1.1	0x5639	Standard query (0)	donate.donaldjtrump.com	A (IP address)	IN (0x0001)	false
Oct 21, 2024 00:13:46.988128901 CEST	192.168.2.8	1.1.1.1	0xd4c	Standard query (0)	donate.donaldjtrump.com	65	IN (0x0001)	false
Oct 21, 2024 00:13:49.849590063 CEST	192.168.2.8	1.1.1.1	0x758e	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 21, 2024 00:13:49.852643967 CEST	192.168.2.8	1.1.1.1	0xa167	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 21, 2024 00:13:47.000648022 CEST	1.1.1.1	192.168.2.8	0x5639	No error (0)	donate.donaldjtrump.com	domains.anedot.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 21, 2024 00:13:47.000648022 CEST	1.1.1.1	192.168.2.8	0x5639	No error (0)	domains.anedot.com		104.18.237.197	A (IP address)	IN (0x0001)	false
Oct 21, 2024 00:13:47.000648022 CEST	1.1.1.1	192.168.2.8	0x5639	No error (0)	domains.anedot.com		104.18.238.197	A (IP address)	IN (0x0001)	false
Oct 21, 2024 00:13:47.000648022 CEST	1.1.1.1	192.168.2.8	0x5639	No error (0)	domains.anedot.com		104.18.239.197	A (IP address)	IN (0x0001)	false
Oct 21, 2024 00:13:47.000648022 CEST	1.1.1.1	192.168.2.8	0x5639	No error (0)	domains.anedot.com		104.18.240.197	A (IP address)	IN (0x0001)	false
Oct 21, 2024 00:13:47.000648022 CEST	1.1.1.1	192.168.2.8	0x5639	No error (0)	domains.anedot.com		104.18.241.197	A (IP address)	IN (0x0001)	false
Oct 21, 2024 00:13:47.001210928 CEST	1.1.1.1	192.168.2.8	0xd4c	No error (0)	donate.donaldjtrump.com	domains.anedot.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 21, 2024 00:13:47.001210928 CEST	1.1.1.1	192.168.2.8	0xd4c	No error (0)	domains.anedot.com			65	IN (0x0001)	false
Oct 21, 2024 00:13:49.858704090 CEST	1.1.1.1	192.168.2.8	0x758e	No error (0)	www.google.com		142.250.185.196	A (IP address)	IN (0x0001)	false
Oct 21, 2024 00:13:49.862212896 CEST	1.1.1.1	192.168.2.8	0xa167	No error (0)	www.google.com			65	IN (0x0001)	false

HTTP Request Dependency Graph

donate.donaldjtrump.com

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.8	49710	104.18.237.197	443	6896	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-20 22:13:47 UTC	684	OUT	GET /lets-keep-fighting HTTP/1.1 Host: donate.donaldjtrump.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.8	49711	104.18.237.197	443	6896	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-20 22:13:49 UTC	710	OUT	GET /lets-keep-fighting HTTP/1.1 Host: donate.donaldjtrump.com Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.8	49714	104.18.237.197	443	6896	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-20 22:13:49 UTC	710	OUT	GET /lets-keep-fighting HTTP/1.1 Host: donate.donaldjtrump.com Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.8	49716	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 22:13:51 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-20 22:13:51 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF70) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=66665 Date: Sun, 20 Oct 2024 22:13:51 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.8	49717	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 22:13:52 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.8	49718	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 22:13:54 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-20 22:13:54 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=66709 Date: Sun, 20 Oct 2024 22:13:54 GMT Content-Length: 55 Connection: close X-CID: 2
2024-10-20 22:13:54 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.8	49719	104.18.237.197	443	6896	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-20 22:13:56 UTC	710	OUT	GET /lets-keep-fighting HTTP/1.1 Host: donate.donaldjtrump.com Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 2532, Parent PID: 1300

General

Target ID:	0
Start time:	18:13:40
Start date:	20/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6896, Parent PID: 2532

General

Target ID:	2
Start time:	18:13:44
Start date:	20/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1920,i,3885684567850903955,934621954762953863,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3780, Parent PID: 1300

General

Target ID:	3
Start time:	18:13:46
Start date:	20/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://donate.donaldjtrump.com/lets-keep-fighting"
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://donate.donaldjtrump.com/lets-keep-fighting

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Errors

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 2532, Parent PID: 1300

General

Chronological Activities

Analysis Process: chrome.exePID: 6896, Parent PID: 2532

General

Chronological Activities

Analysis Process: chrome.exePID: 3780, Parent PID: 1300

General

Chronological Activities

Windows Analysis Report
https://donate.donaldjtrump.com/lets-keep-fighting