Edit tour

Windows Analysis Report
1513570779.svg

Overview

General Information

Sample name:1513570779.svg
Analysis ID:1647621
MD5:06afa7ff339723165feb610c1a530c46
SHA1:ea1706a8cf0f257ad55dd29bde7b0fb5c89bb14f
SHA256:f2c28cb84714032ebf92bafe4e8341a9f3d1d8aedca7f8831617692e4d1771b5
Infos:

Detection

HTMLPhisher
Score:64
Range:0 - 100
Confidence:100%

Signatures

Antivirus detection for URL or domain
Yara detected HtmlPhish80
AI detected suspicious Javascript
Yara detected JavaScript embedded in SVG
Creates files inside the system directory
Deletes files inside the Windows folder
HTTP GET or POST without a user agent
IP address seen in connection with other malware

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w11x64_office
  • chrome.exe (PID: 7304 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: DBE43C1D0092437B88CFF7BD9ABC336C)
    • chrome.exe (PID: 7500 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1900,i,7674019935859693911,8940468471667833695,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2024 /prefetch:11 MD5: DBE43C1D0092437B88CFF7BD9ABC336C)
  • chrome.exe (PID: 7180 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\1513570779.svg" MD5: DBE43C1D0092437B88CFF7BD9ABC336C)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
1513570779.svgJoeSecurity_JavaScriptembeddedinSVGYara detected JavaScript embedded in SVGJoe Security
    1513570779.svgJoeSecurity_HtmlPhish_80Yara detected HtmlPhish_80Joe Security
      No Sigma rule has matched
      No Suricata rule has matched

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Source: https://cxxziu8prd.moydow.de/favicon.icoAvira URL Cloud: Label: malware

      Phishing

      barindex
      Source: Yara matchFile source: 1513570779.svg, type: SAMPLE
      Source: 0.1..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: data:application/ecmascript;base64,dHJ5IHsKICAgIGZ... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The `duruwo` function appears to be decoding a heavily encoded string, which could be used to redirect the user to a malicious website or execute arbitrary code. Additionally, the script attempts to modify the DOM by setting the `href` and `style.display` properties of an element, which could be part of a phishing or malware attack. Overall, this script demonstrates a high level of suspicious activity and should be treated with caution.
      Source: Yara matchFile source: 1513570779.svg, type: SAMPLE
      Source: https://cxxziu8prd.moydow.de/D5qmCsYRa4AyKq1MHAdqCZWDCKqVGosJvmtaXK0aZAuNJ0GSOaIWHHnt6uSolXqRVZyirTfT1p0ulLBg9ic4WC1nHRwfK6GJWwbVrSnPMcocZ7BjMcNJGSZGkDKfnEnMMt7k7qHQt60y1Tgx3rFkNaT0oxsHX7uwzzXa0mWOi3nn6MWgF0ZnP8NwepxfytbTijysheCr/DhYxXgJevvewAViTS56m5AEibJHNBEpkcypO689njZtk0pEDCNSo8kEojcK70yR7MZXEM9LDKQD22J93PKVoZMLuerENrfsgMTj86n49jiOu4GyD5BwRnPoHfYztT5Cqibv9LrsbAZ333dR0pOUmBf32ABtqHzjMBc2znFknWSW9beCn1qszwWN5h7lyct3lToMyCs0j/samantha.hemingway@evolutionmining.com.auHTTP Parser: No favicon
      Source: unknownHTTPS traffic detected: 142.250.176.196:443 -> 192.168.2.24:60838 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.176.196:443 -> 192.168.2.24:60838 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.13.170:443 -> 192.168.2.24:60844 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.24:60845 version: TLS 1.2
      Source: global trafficHTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application%2Fx-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=c498711f02654edca8a715ca6e1cb4d4-dc31da17-845c-4cca-84e5-547d05dad708-6945&upload-time=1742871123063&w=0&anoncknm=al_app_anon&NoResponseBody=true HTTP/1.1Accept-Encoding: gzip, deflateContent-Length: 3656Content-Type: application/json; charset=UTF-8Host: browser.events.data.msn.cnConnection: Keep-AliveCache-Control: no-cache
      Source: Joe Sandbox ViewIP Address: 104.21.13.170 104.21.13.170
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
      Source: unknownTCP traffic detected without corresponding DNS query: 23.203.176.221
      Source: unknownTCP traffic detected without corresponding DNS query: 23.203.176.221
      Source: unknownTCP traffic detected without corresponding DNS query: 23.203.176.221
      Source: unknownTCP traffic detected without corresponding DNS query: 208.89.73.31
      Source: unknownTCP traffic detected without corresponding DNS query: 208.89.73.31
      Source: unknownTCP traffic detected without corresponding DNS query: 208.89.73.31
      Source: unknownTCP traffic detected without corresponding DNS query: 23.219.36.143
      Source: unknownTCP traffic detected without corresponding DNS query: 23.219.36.143
      Source: unknownTCP traffic detected without corresponding DNS query: 23.219.36.143
      Source: unknownTCP traffic detected without corresponding DNS query: 23.219.36.143
      Source: unknownTCP traffic detected without corresponding DNS query: 23.219.36.143
      Source: unknownTCP traffic detected without corresponding DNS query: 23.219.36.143
      Source: unknownTCP traffic detected without corresponding DNS query: 184.31.69.3
      Source: unknownTCP traffic detected without corresponding DNS query: 184.31.69.3
      Source: unknownTCP traffic detected without corresponding DNS query: 184.31.69.3
      Source: unknownTCP traffic detected without corresponding DNS query: 184.31.69.3
      Source: unknownTCP traffic detected without corresponding DNS query: 184.31.69.3
      Source: unknownTCP traffic detected without corresponding DNS query: 184.31.69.3
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /D5qmCsYRa4AyKq1MHAdqCZWDCKqVGosJvmtaXK0aZAuNJ0GSOaIWHHnt6uSolXqRVZyirTfT1p0ulLBg9ic4WC1nHRwfK6GJWwbVrSnPMcocZ7BjMcNJGSZGkDKfnEnMMt7k7qHQt60y1Tgx3rFkNaT0oxsHX7uwzzXa0mWOi3nn6MWgF0ZnP8NwepxfytbTijysheCr/DhYxXgJevvewAViTS56m5AEibJHNBEpkcypO689njZtk0pEDCNSo8kEojcK70yR7MZXEM9LDKQD22J93PKVoZMLuerENrfsgMTj86n49jiOu4GyD5BwRnPoHfYztT5Cqibv9LrsbAZ333dR0pOUmBf32ABtqHzjMBc2znFknWSW9beCn1qszwWN5h7lyct3lToMyCs0j/samantha.hemingway@evolutionmining.com.au HTTP/1.1Host: cxxziu8prd.moydow.deConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: cxxziu8prd.moydow.deConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cxxziu8prd.moydow.de/D5qmCsYRa4AyKq1MHAdqCZWDCKqVGosJvmtaXK0aZAuNJ0GSOaIWHHnt6uSolXqRVZyirTfT1p0ulLBg9ic4WC1nHRwfK6GJWwbVrSnPMcocZ7BjMcNJGSZGkDKfnEnMMt7k7qHQt60y1Tgx3rFkNaT0oxsHX7uwzzXa0mWOi3nn6MWgF0ZnP8NwepxfytbTijysheCr/DhYxXgJevvewAViTS56m5AEibJHNBEpkcypO689njZtk0pEDCNSo8kEojcK70yR7MZXEM9LDKQD22J93PKVoZMLuerENrfsgMTj86n49jiOu4GyD5BwRnPoHfYztT5Cqibv9LrsbAZ333dR0pOUmBf32ABtqHzjMBc2znFknWSW9beCn1qszwWN5h7lyct3lToMyCs0j/samantha.hemingway@evolutionmining.com.auAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficDNS traffic detected: DNS query: browser.events.data.msn.cn
      Source: global trafficDNS traffic detected: DNS query: www.google.com
      Source: global trafficDNS traffic detected: DNS query: cxxziu8prd.moydow.de
      Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
      Source: unknownHTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application%2Fx-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=c498711f02654edca8a715ca6e1cb4d4-dc31da17-845c-4cca-84e5-547d05dad708-6945&upload-time=1742871123063&w=0&anoncknm=al_app_anon&NoResponseBody=true HTTP/1.1Accept-Encoding: gzip, deflateContent-Length: 3656Content-Type: application/json; charset=UTF-8Host: browser.events.data.msn.cnConnection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 25 Mar 2025 02:52:17 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeLast-Modified: Sun, 09 Mar 2025 09:49:27 GMTcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qz96Z6tjNcPuyuRVMDhJPUEfwZFDR3PHJvvjxITSKw4F6B%2BH927Zk1M1tKNh6BzTkM6%2FHN9B4YJ%2BUBzvAESwVZWykks7fZNiM8L7RdK6ttMtMMlri3ytM7Vm4SdSjEXLs%2FjPgsw0SQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 925b1c801c9c5e67-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=97070&min_rtt=97013&rtt_var=20550&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2818&recv_bytes=1693&delivery_rate=38337&cwnd=218&unsent_bytes=0&cid=208cf8f6c667a764&ts=334&x=0"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 25 Mar 2025 02:52:18 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeLast-Modified: Sun, 09 Mar 2025 09:49:27 GMTCache-Control: max-age=14400CF-Cache-Status: MISSReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lnBtCsllJCGPsQGkXAdsbop3F6dN%2BdaGtRIiMr9mVJ7vsuZmAEEwV%2BCOZiy1H6tYe8TGk4qa89C3Cgt9PfALcqiTyGU8qe7ADsrzd7gY95HkS6aZZK6KKtlCJUEk1%2BlwU9ppvacLsw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 925b1c847a331839-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=96702&min_rtt=96617&rtt_var=20511&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2818&recv_bytes=1640&delivery_rate=38452&cwnd=212&unsent_bytes=0&cid=0ecd412ca9c57d57&ts=336&x=0"
      Source: chromecache_48.1.drString found in binary or memory: http://hwsrv-1278837.hostwindsdns.com/
      Source: unknownNetwork traffic detected: HTTP traffic on port 60825 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 60846 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60818
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60817
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60838
      Source: unknownNetwork traffic detected: HTTP traffic on port 60821 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 60817 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 60838 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60859
      Source: unknownNetwork traffic detected: HTTP traffic on port 60867 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 60844 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60857
      Source: unknownNetwork traffic detected: HTTP traffic on port 60847 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 60826 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60828
      Source: unknownNetwork traffic detected: HTTP traffic on port 60818 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 60857 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 60859 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 60860 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60860
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60826
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60847
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60825
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60846
      Source: unknownNetwork traffic detected: HTTP traffic on port 60828 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 60845 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60845
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60867
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60844
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60821
      Source: unknownHTTPS traffic detected: 142.250.176.196:443 -> 192.168.2.24:60838 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.176.196:443 -> 192.168.2.24:60838 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.13.170:443 -> 192.168.2.24:60844 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.24:60845 version: TLS 1.2
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir7304_1925727679Jump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir7304_1925727679Jump to behavior
      Source: classification engineClassification label: mal64.phis.winSVG@24/4@9/5
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1900,i,7674019935859693911,8940468471667833695,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2024 /prefetch:11
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\1513570779.svg"
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1900,i,7674019935859693911,8940468471667833695,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2024 /prefetch:11Jump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: Window RecorderWindow detected: More than 3 window changes detected
      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
      Browser Extensions
      1
      Process Injection
      1
      Masquerading
      OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
      Encrypted Channel
      Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
      Process Injection
      LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
      Non-Application Layer Protocol
      Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
      File Deletion
      Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
      Application Layer Protocol
      Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
      Ingress Tool Transfer
      Traffic DuplicationData Destruction
      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1647621 Sample: 1513570779.svg Startdate: 25/03/2025 Architecture: WINDOWS Score: 64 15 onedscolprdwus16.westus.cloudapp.azure.com 2->15 17 global.asimov.events.data.trafficmanager.net 2->17 19 browser.events.data.msn.cn 2->19 31 Antivirus detection for URL or domain 2->31 33 Yara detected HtmlPhish80 2->33 35 AI detected suspicious Javascript 2->35 37 Yara detected JavaScript embedded in SVG 2->37 7 chrome.exe 2 2->7         started        10 chrome.exe 2->10         started        signatures3 process4 dnsIp5 21 192.168.2.24, 137, 138, 443 unknown unknown 7->21 23 192.168.2.4 unknown unknown 7->23 12 chrome.exe 7->12         started        process6 dnsIp7 25 www.google.com 142.250.176.196, 443, 60838, 60857 GOOGLEUS United States 12->25 27 a.nel.cloudflare.com 35.190.80.1, 443, 60845, 60847 GOOGLEUS United States 12->27 29 cxxziu8prd.moydow.de 104.21.13.170, 443, 60844, 60846 CLOUDFLARENETUS United States 12->29

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand
      No Antivirus matches
      No Antivirus matches
      No Antivirus matches
      No Antivirus matches
      SourceDetectionScannerLabelLink
      https://cxxziu8prd.moydow.de/favicon.ico100%Avira URL Cloudmalware
      http://hwsrv-1278837.hostwindsdns.com/0%Avira URL Cloudsafe

      Download Network PCAP: filteredfull

      NameIPActiveMaliciousAntivirus DetectionReputation
      a.nel.cloudflare.com
      35.190.80.1
      truefalse
        high
        cxxziu8prd.moydow.de
        104.21.13.170
        truefalse
          unknown
          www.google.com
          142.250.176.196
          truefalse
            high
            onedscolprdwus16.westus.cloudapp.azure.com
            20.189.173.23
            truefalse
              high
              browser.events.data.msn.cn
              unknown
              unknownfalse
                high
                NameMaliciousAntivirus DetectionReputation
                https://browser.events.data.msn.cn/OneCollector/1.0?cors=true&content-type=application%2Fx-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=c498711f02654edca8a715ca6e1cb4d4-dc31da17-845c-4cca-84e5-547d05dad708-6945&upload-time=1742871123063&w=0&anoncknm=al_app_anon&NoResponseBody=truefalse
                  high
                  https://cxxziu8prd.moydow.de/favicon.icofalse
                  • Avira URL Cloud: malware
                  unknown
                  https://a.nel.cloudflare.com/report/v4?s=lnBtCsllJCGPsQGkXAdsbop3F6dN%2BdaGtRIiMr9mVJ7vsuZmAEEwV%2BCOZiy1H6tYe8TGk4qa89C3Cgt9PfALcqiTyGU8qe7ADsrzd7gY95HkS6aZZK6KKtlCJUEk1%2BlwU9ppvacLsw%3D%3Dfalse
                    high
                    https://cxxziu8prd.moydow.de/D5qmCsYRa4AyKq1MHAdqCZWDCKqVGosJvmtaXK0aZAuNJ0GSOaIWHHnt6uSolXqRVZyirTfT1p0ulLBg9ic4WC1nHRwfK6GJWwbVrSnPMcocZ7BjMcNJGSZGkDKfnEnMMt7k7qHQt60y1Tgx3rFkNaT0oxsHX7uwzzXa0mWOi3nn6MWgF0ZnP8NwepxfytbTijysheCr/DhYxXgJevvewAViTS56m5AEibJHNBEpkcypO689njZtk0pEDCNSo8kEojcK70yR7MZXEM9LDKQD22J93PKVoZMLuerENrfsgMTj86n49jiOu4GyD5BwRnPoHfYztT5Cqibv9LrsbAZ333dR0pOUmBf32ABtqHzjMBc2znFknWSW9beCn1qszwWN5h7lyct3lToMyCs0j/samantha.hemingway@evolutionmining.com.aufalse
                      unknown
                      https://a.nel.cloudflare.com/report/v4?s=qz96Z6tjNcPuyuRVMDhJPUEfwZFDR3PHJvvjxITSKw4F6B%2BH927Zk1M1tKNh6BzTkM6%2FHN9B4YJ%2BUBzvAESwVZWykks7fZNiM8L7RdK6ttMtMMlri3ytM7Vm4SdSjEXLs%2FjPgsw0SQ%3D%3Dfalse
                        high
                        NameSourceMaliciousAntivirus DetectionReputation
                        http://hwsrv-1278837.hostwindsdns.com/chromecache_48.1.drfalse
                        • Avira URL Cloud: safe
                        unknown
                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs
                        IPDomainCountryFlagASNASN NameMalicious
                        142.250.176.196
                        www.google.comUnited States
                        15169GOOGLEUSfalse
                        104.21.13.170
                        cxxziu8prd.moydow.deUnited States
                        13335CLOUDFLARENETUSfalse
                        35.190.80.1
                        a.nel.cloudflare.comUnited States
                        15169GOOGLEUSfalse
                        IP
                        192.168.2.4
                        192.168.2.24
                        Joe Sandbox version:42.0.0 Malachite
                        Analysis ID:1647621
                        Start date and time:2025-03-25 03:51:11 +01:00
                        Joe Sandbox product:CloudBasic
                        Overall analysis duration:0h 5m 13s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09
                        Number of analysed new started processes analysed:16
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • EGA enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Sample name:1513570779.svg
                        Detection:MAL
                        Classification:mal64.phis.winSVG@24/4@9/5
                        Cookbook Comments:
                        • Found application associated with file extension: .svg
                        • Exclude process from analysis (whitelisted): SystemSettingsBroker.exe, SIHClient.exe, appidcertstorecheck.exe, conhost.exe, svchost.exe
                        • Excluded IPs from analysis (whitelisted): 199.232.210.172, 142.251.40.227, 142.251.40.206, 142.250.65.238, 64.233.180.84, 142.250.176.206, 142.250.65.206, 142.250.81.238, 142.251.35.174, 142.251.41.10, 142.250.65.234, 142.250.72.106, 142.251.40.234, 142.250.80.106, 142.250.65.170, 142.250.64.74, 142.250.176.202, 142.251.40.202, 142.251.32.106, 142.250.80.74, 142.250.65.202, 142.250.81.234, 142.251.40.170, 142.250.64.106, 142.250.80.42, 142.251.40.238, 142.250.80.99, 142.251.40.99, 142.251.32.110, 142.250.80.110, 172.217.165.142, 172.202.163.200
                        • Excluded domains from analysis (whitelisted): clients1.google.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, www.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com, c.pki.goog
                        • Not all processes where analyzed, report is missing behavior information
                        • Report size getting too big, too many NtOpenFile calls found.
                        No simulations
                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        104.21.13.170https://jjwnqc57oa.moydow.de/OurwTNnCrV6tWwLFmIi6r01G2wh3iXEPBcvLfaU4bI3dINoKYDsy8DPip8eUPK818NHnY7W260XuQXgUMWNf9wvBwK2UzrLtF7P3ei3aqnS4BV80Y9bO7FmA7mCD3MY9B4cYlwgEzQmQ6MHvuqx1ZrBwwaRC237A6GjmKC57pnsMK8Dmx4dJQyz6eoCHXRnwaWkrv0eY/0LMlDHhmtYT07OntFIMX71Hf2EPAEm5dCQv96aB0YBqTPsS2EGdF7HRHIqWbdQKTe6KvQof0sVGuJnfwXYfBDdWn5TpG9hgyZrpVIWAvuHZRDoMWSumcdJOgNJO44QXHUf10mTao958pd0iHLCinIRVQVKp8VGxwtZWlZ3zb9JyGoTEIvEaLLLTqmZc4PxGsMAEALOfW/john.walker@gmail.comGet hashmaliciousUnknownBrowse
                          6650304952_.svgGet hashmaliciousHTMLPhisherBrowse
                            6650304952_.svgGet hashmaliciousHTMLPhisherBrowse
                              6650304952_.svgGet hashmaliciousHTMLPhisherBrowse
                                message__0XSkcQEiS5ehXOfhSk9JKw_geopod_ismtpd_30_.emlGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                  https://vwj9ymusjv9xeh65cf602u2rmsnkbyf2u7lxtnawlaim1gvceu.moydow.de/5417971987/6327230191/#bnBkL3NmdW9mZGJvYnlmdUFob2p0Ymlkc3ZxJTBsU3RkM0cwdnMvbmJmeXN1VGZ1ekMvezJsdWZxUFhXV0wyNVRmOXZqWkk5eUZbbXJie04xTTZIREp2cGN5dTlRMzplOFZkVEQwMDt0cXV1aQ==Get hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                    e8iuAWz9pB.exeGet hashmaliciousGlupteba, Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                      Ux0uyPZABV.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine, zgRATBrowse
                                        g2nXBEjfVF.exeGet hashmaliciousGlupteba, Mars Stealer, Stealc, VidarBrowse
                                          SecuriteInfo.com.Win32.TrojanX-gen.1033.1898.exeGet hashmaliciousAmadey, Mars Stealer, PureLog Stealer, RisePro Stealer, SmokeLoader, Stealc, VidarBrowse
                                            No context
                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            CLOUDFLARENETUShttps://jainiklifesciences.com/proposalsGet hashmaliciousHTMLPhisherBrowse
                                            • 104.19.229.21
                                            https://jainiklifesciences.com/proposalsGet hashmaliciousUnknownBrowse
                                            • 104.19.230.21
                                            https://jainiklifesciences.com/proposalsGet hashmaliciousHTMLPhisherBrowse
                                            • 104.19.230.21
                                            https://jainiklifesciences.com/proposalsGet hashmaliciousUnknownBrowse
                                            • 104.19.230.21
                                            rShippingDocumentsCopies.exeGet hashmaliciousFormBookBrowse
                                            • 104.21.75.153
                                            https://url.us.m.mimecastprotect.com/s/nZZ9Crkg3MtnDD2GHzh7U48vkg?domain=orangeconnection.orgGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                            • 104.17.25.14
                                            SWIFT MT103.Pdf.exeGet hashmaliciousFormBookBrowse
                                            • 104.21.96.1
                                            https://sallybarmescounsellor.co.uk/pad4.pdfGet hashmaliciousInvisible JS, Tycoon2FABrowse
                                            • 104.21.112.1
                                            P.O.exeGet hashmaliciousFormBookBrowse
                                            • 104.21.112.1
                                            http://nicholsoncop.com/Get hashmaliciousInvisible JS, Tycoon2FABrowse
                                            • 172.67.194.216
                                            No context
                                            No context
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:HTML document, ASCII text
                                            Category:downloaded
                                            Size (bytes):1465
                                            Entropy (8bit):5.213319658132415
                                            Encrypted:false
                                            SSDEEP:24:hM0mIh5f0ARJsUYMD5zt7lODbdYO517l0jzRlw+w+w2w/fVE28QMU6d/iG80TV:lmIbf0A8UYMbQnr+zbH1TSi8MUsf
                                            MD5:0644CF2088F5C5358F47F6BCDBB41AD9
                                            SHA1:A08446D8D08464D3C9E240DD218F3C9475A1DC01
                                            SHA-256:163B55065C83DABC5EF88ABB0521B0BAF14B354BF0CE55B4A363568114A41183
                                            SHA-512:CE602AE36CC139CCAC71AE2C6344D5556E6CA7ED3093B88EA47A58AD77BE673D5EB6D3523892708410478629D8C094802621A5B8673D85193C930E6DE1B99CED
                                            Malicious:false
                                            Reputation:low
                                            URL:https://cxxziu8prd.moydow.de/favicon.ico
                                            Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">.<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head>. <title>404 &mdash; Not Found</title>. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>. <meta name="description" content="Sorry, page not found"/>. <style type="text/css">. body {font-size:14px; color:#777777; font-family:arial; text-align:center;}. h1 {font-size:180px; color:#99A7AF; margin: 70px 0 0 0;}. h2 {color: #DE6C5D; font-family: arial; font-size: 20px; font-weight: bold; letter-spacing: -1px; margin: -3px 0 39px;}. p {width:320px; text-align:center; margin-left:auto;margin-right:auto; margin-top: 30px }. div {width:320px; text-align:center; margin-left:auto;margin-right:auto;}. a:link {color: #34536A;}. a:visited {color: #34536A;}. a:active {color: #34536A;}. a:hover {color: #34536A;}. </style>.</h
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:HTML document, ASCII text
                                            Category:downloaded
                                            Size (bytes):1465
                                            Entropy (8bit):5.213319658132415
                                            Encrypted:false
                                            SSDEEP:24:hM0mIh5f0ARJsUYMD5zt7lODbdYO517l0jzRlw+w+w2w/fVE28QMU6d/iG80TV:lmIbf0A8UYMbQnr+zbH1TSi8MUsf
                                            MD5:0644CF2088F5C5358F47F6BCDBB41AD9
                                            SHA1:A08446D8D08464D3C9E240DD218F3C9475A1DC01
                                            SHA-256:163B55065C83DABC5EF88ABB0521B0BAF14B354BF0CE55B4A363568114A41183
                                            SHA-512:CE602AE36CC139CCAC71AE2C6344D5556E6CA7ED3093B88EA47A58AD77BE673D5EB6D3523892708410478629D8C094802621A5B8673D85193C930E6DE1B99CED
                                            Malicious:false
                                            Reputation:low
                                            URL:https://cxxziu8prd.moydow.de/D5qmCsYRa4AyKq1MHAdqCZWDCKqVGosJvmtaXK0aZAuNJ0GSOaIWHHnt6uSolXqRVZyirTfT1p0ulLBg9ic4WC1nHRwfK6GJWwbVrSnPMcocZ7BjMcNJGSZGkDKfnEnMMt7k7qHQt60y1Tgx3rFkNaT0oxsHX7uwzzXa0mWOi3nn6MWgF0ZnP8NwepxfytbTijysheCr/DhYxXgJevvewAViTS56m5AEibJHNBEpkcypO689njZtk0pEDCNSo8kEojcK70yR7MZXEM9LDKQD22J93PKVoZMLuerENrfsgMTj86n49jiOu4GyD5BwRnPoHfYztT5Cqibv9LrsbAZ333dR0pOUmBf32ABtqHzjMBc2znFknWSW9beCn1qszwWN5h7lyct3lToMyCs0j/samantha.hemingway@evolutionmining.com.au
                                            Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">.<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head>. <title>404 &mdash; Not Found</title>. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>. <meta name="description" content="Sorry, page not found"/>. <style type="text/css">. body {font-size:14px; color:#777777; font-family:arial; text-align:center;}. h1 {font-size:180px; color:#99A7AF; margin: 70px 0 0 0;}. h2 {color: #DE6C5D; font-family: arial; font-size: 20px; font-weight: bold; letter-spacing: -1px; margin: -3px 0 39px;}. p {width:320px; text-align:center; margin-left:auto;margin-right:auto; margin-top: 30px }. div {width:320px; text-align:center; margin-left:auto;margin-right:auto;}. a:link {color: #34536A;}. a:visited {color: #34536A;}. a:active {color: #34536A;}. a:hover {color: #34536A;}. </style>.</h
                                            File type:HTML document, ASCII text, with very long lines (3399)
                                            Entropy (8bit):5.641109808890761
                                            TrID:
                                              File name:1513570779.svg
                                              File size:4'174 bytes
                                              MD5:06afa7ff339723165feb610c1a530c46
                                              SHA1:ea1706a8cf0f257ad55dd29bde7b0fb5c89bb14f
                                              SHA256:f2c28cb84714032ebf92bafe4e8341a9f3d1d8aedca7f8831617692e4d1771b5
                                              SHA512:9bb90dcf75075ecc34cd4f5b8560beac0f896dabff41a7f633ade229838793d7a6573cafaa3b96faa2cd176b96e9722653caba2c3aff7bb26e09fed4726c32eb
                                              SSDEEP:96:A451Zh5qEvErGOkjWcIbOnSdUwJhHNdpIzFxo15u:AkewErGOMWHOUUwHb6Fv
                                              TLSH:DF8123604C9F4E2C037441C3ECDD10CACB59E7D73A81E78DB68EAAF4A76652654CB4C9
                                              File Content Preview: The explorer composed a beautiful painting in the desert. -->.<svg xmlns="http://www.w3.org/2000/svg" width="100%" height="100%">. The child painted a curious thought while sailing across the seas. -->. <foreignObject width="100%" heig
                                              Icon Hash:173149cccc490307

                                              Download Network PCAP: filteredfull

                                              • Total Packets: 124
                                              • 443 (HTTPS)
                                              • 80 (HTTP)
                                              • 53 (DNS)
                                              TimestampSource PortDest PortSource IPDest IP
                                              Mar 25, 2025 03:52:03.728663921 CET60828443192.168.2.2420.189.173.23
                                              Mar 25, 2025 03:52:03.728710890 CET4436082820.189.173.23192.168.2.24
                                              Mar 25, 2025 03:52:03.728830099 CET60828443192.168.2.2420.189.173.23
                                              Mar 25, 2025 03:52:03.731106997 CET60828443192.168.2.2420.189.173.23
                                              Mar 25, 2025 03:52:03.731127024 CET4436082820.189.173.23192.168.2.24
                                              Mar 25, 2025 03:52:04.254158020 CET4436082820.189.173.23192.168.2.24
                                              Mar 25, 2025 03:52:04.254329920 CET60828443192.168.2.2420.189.173.23
                                              Mar 25, 2025 03:52:04.266537905 CET60828443192.168.2.2420.189.173.23
                                              Mar 25, 2025 03:52:04.266556025 CET4436082820.189.173.23192.168.2.24
                                              Mar 25, 2025 03:52:04.268853903 CET4436082820.189.173.23192.168.2.24
                                              Mar 25, 2025 03:52:04.268953085 CET60828443192.168.2.2420.189.173.23
                                              Mar 25, 2025 03:52:04.274266958 CET60828443192.168.2.2420.189.173.23
                                              Mar 25, 2025 03:52:04.274370909 CET4436082820.189.173.23192.168.2.24
                                              Mar 25, 2025 03:52:04.274429083 CET60828443192.168.2.2420.189.173.23
                                              Mar 25, 2025 03:52:04.274451971 CET4436082820.189.173.23192.168.2.24
                                              Mar 25, 2025 03:52:04.274497032 CET60828443192.168.2.2420.189.173.23
                                              Mar 25, 2025 03:52:04.274677992 CET60828443192.168.2.2420.189.173.23
                                              Mar 25, 2025 03:52:04.274801016 CET60828443192.168.2.2420.189.173.23
                                              Mar 25, 2025 03:52:04.274840117 CET4436082820.189.173.23192.168.2.24
                                              Mar 25, 2025 03:52:04.276237011 CET60828443192.168.2.2420.189.173.23
                                              Mar 25, 2025 03:52:04.276299953 CET4436082820.189.173.23192.168.2.24
                                              Mar 25, 2025 03:52:04.276364088 CET60828443192.168.2.2420.189.173.23
                                              Mar 25, 2025 03:52:15.767205954 CET60838443192.168.2.24142.250.176.196
                                              Mar 25, 2025 03:52:15.767236948 CET44360838142.250.176.196192.168.2.24
                                              Mar 25, 2025 03:52:15.767328978 CET60838443192.168.2.24142.250.176.196
                                              Mar 25, 2025 03:52:15.767762899 CET60838443192.168.2.24142.250.176.196
                                              Mar 25, 2025 03:52:15.767774105 CET44360838142.250.176.196192.168.2.24
                                              Mar 25, 2025 03:52:15.961306095 CET44360838142.250.176.196192.168.2.24
                                              Mar 25, 2025 03:52:15.961422920 CET60838443192.168.2.24142.250.176.196
                                              Mar 25, 2025 03:52:15.962733030 CET60838443192.168.2.24142.250.176.196
                                              Mar 25, 2025 03:52:15.962743998 CET44360838142.250.176.196192.168.2.24
                                              Mar 25, 2025 03:52:15.962979078 CET44360838142.250.176.196192.168.2.24
                                              Mar 25, 2025 03:52:16.010215998 CET60838443192.168.2.24142.250.176.196
                                              Mar 25, 2025 03:52:16.907763004 CET60844443192.168.2.24104.21.13.170
                                              Mar 25, 2025 03:52:16.907793999 CET44360844104.21.13.170192.168.2.24
                                              Mar 25, 2025 03:52:16.907994032 CET60844443192.168.2.24104.21.13.170
                                              Mar 25, 2025 03:52:16.908236980 CET60844443192.168.2.24104.21.13.170
                                              Mar 25, 2025 03:52:16.908246994 CET44360844104.21.13.170192.168.2.24
                                              Mar 25, 2025 03:52:17.115549088 CET44360844104.21.13.170192.168.2.24
                                              Mar 25, 2025 03:52:17.115696907 CET60844443192.168.2.24104.21.13.170
                                              Mar 25, 2025 03:52:17.116941929 CET60844443192.168.2.24104.21.13.170
                                              Mar 25, 2025 03:52:17.116945982 CET44360844104.21.13.170192.168.2.24
                                              Mar 25, 2025 03:52:17.117160082 CET44360844104.21.13.170192.168.2.24
                                              Mar 25, 2025 03:52:17.119373083 CET60844443192.168.2.24104.21.13.170
                                              Mar 25, 2025 03:52:17.164313078 CET44360844104.21.13.170192.168.2.24
                                              Mar 25, 2025 03:52:17.436999083 CET44360844104.21.13.170192.168.2.24
                                              Mar 25, 2025 03:52:17.437040091 CET44360844104.21.13.170192.168.2.24
                                              Mar 25, 2025 03:52:17.437114000 CET44360844104.21.13.170192.168.2.24
                                              Mar 25, 2025 03:52:17.437226057 CET60844443192.168.2.24104.21.13.170
                                              Mar 25, 2025 03:52:17.437226057 CET60844443192.168.2.24104.21.13.170
                                              Mar 25, 2025 03:52:17.440325975 CET60844443192.168.2.24104.21.13.170
                                              Mar 25, 2025 03:52:17.440346956 CET44360844104.21.13.170192.168.2.24
                                              Mar 25, 2025 03:52:17.551871061 CET60845443192.168.2.2435.190.80.1
                                              Mar 25, 2025 03:52:17.551918983 CET4436084535.190.80.1192.168.2.24
                                              Mar 25, 2025 03:52:17.551979065 CET60845443192.168.2.2435.190.80.1
                                              Mar 25, 2025 03:52:17.552722931 CET60845443192.168.2.2435.190.80.1
                                              Mar 25, 2025 03:52:17.552733898 CET4436084535.190.80.1192.168.2.24
                                              Mar 25, 2025 03:52:17.610816956 CET60846443192.168.2.24104.21.13.170
                                              Mar 25, 2025 03:52:17.610872984 CET44360846104.21.13.170192.168.2.24
                                              Mar 25, 2025 03:52:17.610960007 CET60846443192.168.2.24104.21.13.170
                                              Mar 25, 2025 03:52:17.611357927 CET60846443192.168.2.24104.21.13.170
                                              Mar 25, 2025 03:52:17.611376047 CET44360846104.21.13.170192.168.2.24
                                              Mar 25, 2025 03:52:17.739835024 CET4436084535.190.80.1192.168.2.24
                                              Mar 25, 2025 03:52:17.739897013 CET60845443192.168.2.2435.190.80.1
                                              Mar 25, 2025 03:52:17.765163898 CET60845443192.168.2.2435.190.80.1
                                              Mar 25, 2025 03:52:17.765202999 CET4436084535.190.80.1192.168.2.24
                                              Mar 25, 2025 03:52:17.765466928 CET4436084535.190.80.1192.168.2.24
                                              Mar 25, 2025 03:52:17.766102076 CET60845443192.168.2.2435.190.80.1
                                              Mar 25, 2025 03:52:17.812325001 CET4436084535.190.80.1192.168.2.24
                                              Mar 25, 2025 03:52:17.813015938 CET44360846104.21.13.170192.168.2.24
                                              Mar 25, 2025 03:52:17.813925028 CET60846443192.168.2.24104.21.13.170
                                              Mar 25, 2025 03:52:17.813939095 CET44360846104.21.13.170192.168.2.24
                                              Mar 25, 2025 03:52:17.814502001 CET60846443192.168.2.24104.21.13.170
                                              Mar 25, 2025 03:52:17.814508915 CET44360846104.21.13.170192.168.2.24
                                              Mar 25, 2025 03:52:17.945297956 CET4436084535.190.80.1192.168.2.24
                                              Mar 25, 2025 03:52:17.945369959 CET4436084535.190.80.1192.168.2.24
                                              Mar 25, 2025 03:52:17.945420027 CET60845443192.168.2.2435.190.80.1
                                              Mar 25, 2025 03:52:17.948904037 CET60845443192.168.2.2435.190.80.1
                                              Mar 25, 2025 03:52:17.948930025 CET4436084535.190.80.1192.168.2.24
                                              Mar 25, 2025 03:52:17.949891090 CET60847443192.168.2.2435.190.80.1
                                              Mar 25, 2025 03:52:17.949928045 CET4436084735.190.80.1192.168.2.24
                                              Mar 25, 2025 03:52:17.950001001 CET60847443192.168.2.2435.190.80.1
                                              Mar 25, 2025 03:52:17.950140953 CET60847443192.168.2.2435.190.80.1
                                              Mar 25, 2025 03:52:17.950153112 CET4436084735.190.80.1192.168.2.24
                                              Mar 25, 2025 03:52:18.134262085 CET4436084735.190.80.1192.168.2.24
                                              Mar 25, 2025 03:52:18.137485027 CET60847443192.168.2.2435.190.80.1
                                              Mar 25, 2025 03:52:18.137499094 CET4436084735.190.80.1192.168.2.24
                                              Mar 25, 2025 03:52:18.140686989 CET60847443192.168.2.2435.190.80.1
                                              Mar 25, 2025 03:52:18.140692949 CET4436084735.190.80.1192.168.2.24
                                              Mar 25, 2025 03:52:18.142187119 CET44360846104.21.13.170192.168.2.24
                                              Mar 25, 2025 03:52:18.142234087 CET44360846104.21.13.170192.168.2.24
                                              Mar 25, 2025 03:52:18.142287016 CET60846443192.168.2.24104.21.13.170
                                              Mar 25, 2025 03:52:18.142302036 CET44360846104.21.13.170192.168.2.24
                                              Mar 25, 2025 03:52:18.142366886 CET44360846104.21.13.170192.168.2.24
                                              Mar 25, 2025 03:52:18.142417908 CET60846443192.168.2.24104.21.13.170
                                              Mar 25, 2025 03:52:18.169084072 CET60846443192.168.2.24104.21.13.170
                                              Mar 25, 2025 03:52:18.169115067 CET44360846104.21.13.170192.168.2.24
                                              Mar 25, 2025 03:52:18.346885920 CET4436084735.190.80.1192.168.2.24
                                              Mar 25, 2025 03:52:18.346937895 CET4436084735.190.80.1192.168.2.24
                                              Mar 25, 2025 03:52:18.346998930 CET60847443192.168.2.2435.190.80.1
                                              Mar 25, 2025 03:52:18.347446918 CET60847443192.168.2.2435.190.80.1
                                              Mar 25, 2025 03:52:18.347487926 CET4436084735.190.80.1192.168.2.24
                                              Mar 25, 2025 03:52:23.026024103 CET60817443192.168.2.242.19.122.66
                                              Mar 25, 2025 03:52:23.026139021 CET60817443192.168.2.242.19.122.66
                                              Mar 25, 2025 03:52:23.026170015 CET60817443192.168.2.242.19.122.66
                                              Mar 25, 2025 03:52:23.193572044 CET443608172.19.122.66192.168.2.24
                                              Mar 25, 2025 03:52:23.194010019 CET443608172.19.122.66192.168.2.24
                                              Mar 25, 2025 03:52:23.194025040 CET443608172.19.122.66192.168.2.24
                                              Mar 25, 2025 03:52:23.441596985 CET443608172.19.122.66192.168.2.24
                                              Mar 25, 2025 03:52:23.441673040 CET60817443192.168.2.242.19.122.66
                                              Mar 25, 2025 03:52:23.480377913 CET443608172.19.122.66192.168.2.24
                                              Mar 25, 2025 03:52:23.480396032 CET443608172.19.122.66192.168.2.24
                                              Mar 25, 2025 03:52:23.480542898 CET60817443192.168.2.242.19.122.66
                                              Mar 25, 2025 03:52:23.486706972 CET60817443192.168.2.242.19.122.66
                                              Mar 25, 2025 03:52:23.651647091 CET443608172.19.122.66192.168.2.24
                                              Mar 25, 2025 03:52:23.691634893 CET443608172.19.122.66192.168.2.24
                                              Mar 25, 2025 03:52:23.691816092 CET60817443192.168.2.242.19.122.66
                                              Mar 25, 2025 03:52:23.692418098 CET443608172.19.122.66192.168.2.24
                                              Mar 25, 2025 03:52:23.692471981 CET60817443192.168.2.242.19.122.66
                                              Mar 25, 2025 03:52:23.693259001 CET60817443192.168.2.242.19.122.66
                                              Mar 25, 2025 03:52:23.858804941 CET443608172.19.122.66192.168.2.24
                                              Mar 25, 2025 03:52:23.960494995 CET443608172.19.122.66192.168.2.24
                                              Mar 25, 2025 03:52:23.960652113 CET60817443192.168.2.242.19.122.66
                                              Mar 25, 2025 03:52:23.974195004 CET443608172.19.122.66192.168.2.24
                                              Mar 25, 2025 03:52:23.974272966 CET60817443192.168.2.242.19.122.66
                                              Mar 25, 2025 03:52:26.006078959 CET44360838142.250.176.196192.168.2.24
                                              Mar 25, 2025 03:52:26.006207943 CET44360838142.250.176.196192.168.2.24
                                              Mar 25, 2025 03:52:26.006342888 CET60838443192.168.2.24142.250.176.196
                                              Mar 25, 2025 03:52:27.303198099 CET60838443192.168.2.24142.250.176.196
                                              Mar 25, 2025 03:52:27.303226948 CET44360838142.250.176.196192.168.2.24
                                              Mar 25, 2025 03:52:45.796128988 CET806082023.203.176.221192.168.2.24
                                              Mar 25, 2025 03:52:45.796226978 CET6082080192.168.2.2423.203.176.221
                                              Mar 25, 2025 03:52:45.796264887 CET6082080192.168.2.2423.203.176.221
                                              Mar 25, 2025 03:52:46.102071047 CET6082080192.168.2.2423.203.176.221
                                              Mar 25, 2025 03:52:46.191451073 CET806082023.203.176.221192.168.2.24
                                              Mar 25, 2025 03:52:54.268898010 CET8060819208.89.73.31192.168.2.24
                                              Mar 25, 2025 03:52:54.269023895 CET6081980192.168.2.24208.89.73.31
                                              Mar 25, 2025 03:52:54.269100904 CET6081980192.168.2.24208.89.73.31
                                              Mar 25, 2025 03:52:54.571548939 CET6081980192.168.2.24208.89.73.31
                                              Mar 25, 2025 03:52:54.665515900 CET8060819208.89.73.31192.168.2.24
                                              Mar 25, 2025 03:53:15.731424093 CET60857443192.168.2.24142.250.176.196
                                              Mar 25, 2025 03:53:15.731518030 CET44360857142.250.176.196192.168.2.24
                                              Mar 25, 2025 03:53:15.731606007 CET60857443192.168.2.24142.250.176.196
                                              Mar 25, 2025 03:53:15.731875896 CET60857443192.168.2.24142.250.176.196
                                              Mar 25, 2025 03:53:15.731911898 CET44360857142.250.176.196192.168.2.24
                                              Mar 25, 2025 03:53:15.927942991 CET44360857142.250.176.196192.168.2.24
                                              Mar 25, 2025 03:53:15.928284883 CET60857443192.168.2.24142.250.176.196
                                              Mar 25, 2025 03:53:15.928311110 CET44360857142.250.176.196192.168.2.24
                                              Mar 25, 2025 03:53:17.456861973 CET60859443192.168.2.2435.190.80.1
                                              Mar 25, 2025 03:53:17.456907988 CET4436085935.190.80.1192.168.2.24
                                              Mar 25, 2025 03:53:17.457000971 CET60859443192.168.2.2435.190.80.1
                                              Mar 25, 2025 03:53:17.459916115 CET60859443192.168.2.2435.190.80.1
                                              Mar 25, 2025 03:53:17.459935904 CET4436085935.190.80.1192.168.2.24
                                              Mar 25, 2025 03:53:17.644263029 CET4436085935.190.80.1192.168.2.24
                                              Mar 25, 2025 03:53:17.644510031 CET60859443192.168.2.2435.190.80.1
                                              Mar 25, 2025 03:53:17.644532919 CET4436085935.190.80.1192.168.2.24
                                              Mar 25, 2025 03:53:17.644668102 CET60859443192.168.2.2435.190.80.1
                                              Mar 25, 2025 03:53:17.644674063 CET4436085935.190.80.1192.168.2.24
                                              Mar 25, 2025 03:53:17.856889963 CET4436085935.190.80.1192.168.2.24
                                              Mar 25, 2025 03:53:17.857081890 CET4436085935.190.80.1192.168.2.24
                                              Mar 25, 2025 03:53:17.857187986 CET60859443192.168.2.2435.190.80.1
                                              Mar 25, 2025 03:53:17.857449055 CET60859443192.168.2.2435.190.80.1
                                              Mar 25, 2025 03:53:17.857465029 CET4436085935.190.80.1192.168.2.24
                                              Mar 25, 2025 03:53:17.857474089 CET60859443192.168.2.2435.190.80.1
                                              Mar 25, 2025 03:53:17.857723951 CET60859443192.168.2.2435.190.80.1
                                              Mar 25, 2025 03:53:17.858409882 CET60860443192.168.2.2435.190.80.1
                                              Mar 25, 2025 03:53:17.858453989 CET4436086035.190.80.1192.168.2.24
                                              Mar 25, 2025 03:53:17.858571053 CET60860443192.168.2.2435.190.80.1
                                              Mar 25, 2025 03:53:17.858897924 CET60860443192.168.2.2435.190.80.1
                                              Mar 25, 2025 03:53:17.858912945 CET4436086035.190.80.1192.168.2.24
                                              Mar 25, 2025 03:53:18.042943954 CET4436086035.190.80.1192.168.2.24
                                              Mar 25, 2025 03:53:18.043309927 CET60860443192.168.2.2435.190.80.1
                                              Mar 25, 2025 03:53:18.043340921 CET4436086035.190.80.1192.168.2.24
                                              Mar 25, 2025 03:53:18.043596983 CET60860443192.168.2.2435.190.80.1
                                              Mar 25, 2025 03:53:18.043602943 CET4436086035.190.80.1192.168.2.24
                                              Mar 25, 2025 03:53:18.043632030 CET60860443192.168.2.2435.190.80.1
                                              Mar 25, 2025 03:53:18.043636084 CET4436086035.190.80.1192.168.2.24
                                              Mar 25, 2025 03:53:18.247828960 CET4436086035.190.80.1192.168.2.24
                                              Mar 25, 2025 03:53:18.247936964 CET4436086035.190.80.1192.168.2.24
                                              Mar 25, 2025 03:53:18.247991085 CET60860443192.168.2.2435.190.80.1
                                              Mar 25, 2025 03:53:18.248286009 CET60860443192.168.2.2435.190.80.1
                                              Mar 25, 2025 03:53:18.248301029 CET4436086035.190.80.1192.168.2.24
                                              Mar 25, 2025 03:53:25.932986021 CET44360857142.250.176.196192.168.2.24
                                              Mar 25, 2025 03:53:25.933056116 CET44360857142.250.176.196192.168.2.24
                                              Mar 25, 2025 03:53:25.933137894 CET60857443192.168.2.24142.250.176.196
                                              Mar 25, 2025 03:53:27.776110888 CET60857443192.168.2.24142.250.176.196
                                              Mar 25, 2025 03:53:27.776190042 CET44360857142.250.176.196192.168.2.24
                                              Mar 25, 2025 03:53:43.649188042 CET60818443192.168.2.2423.219.36.143
                                              Mar 25, 2025 03:53:43.738920927 CET4436081823.219.36.143192.168.2.24
                                              Mar 25, 2025 03:53:43.738948107 CET4436081823.219.36.143192.168.2.24
                                              Mar 25, 2025 03:53:43.739125013 CET60818443192.168.2.2423.219.36.143
                                              Mar 25, 2025 03:53:43.739125967 CET60818443192.168.2.2423.219.36.143
                                              Mar 25, 2025 03:53:45.353984118 CET60821443192.168.2.2423.219.36.143
                                              Mar 25, 2025 03:53:45.443393946 CET4436082123.219.36.143192.168.2.24
                                              Mar 25, 2025 03:53:45.443470001 CET60821443192.168.2.2423.219.36.143
                                              Mar 25, 2025 03:53:45.443505049 CET4436082123.219.36.143192.168.2.24
                                              Mar 25, 2025 03:53:45.443553925 CET60821443192.168.2.2423.219.36.143
                                              Mar 25, 2025 03:53:49.649780989 CET60825443192.168.2.24184.31.69.3
                                              Mar 25, 2025 03:53:49.739244938 CET44360825184.31.69.3192.168.2.24
                                              Mar 25, 2025 03:53:49.739269972 CET44360825184.31.69.3192.168.2.24
                                              Mar 25, 2025 03:53:49.739362001 CET60825443192.168.2.24184.31.69.3
                                              Mar 25, 2025 03:53:49.739408970 CET60825443192.168.2.24184.31.69.3
                                              Mar 25, 2025 03:53:50.181075096 CET60826443192.168.2.24184.31.69.3
                                              Mar 25, 2025 03:53:50.271173954 CET44360826184.31.69.3192.168.2.24
                                              Mar 25, 2025 03:53:50.271230936 CET44360826184.31.69.3192.168.2.24
                                              Mar 25, 2025 03:53:50.271429062 CET60826443192.168.2.24184.31.69.3
                                              Mar 25, 2025 03:53:50.271534920 CET60826443192.168.2.24184.31.69.3
                                              Mar 25, 2025 03:54:15.790678978 CET60867443192.168.2.24142.250.176.196
                                              Mar 25, 2025 03:54:15.790738106 CET44360867142.250.176.196192.168.2.24
                                              Mar 25, 2025 03:54:15.790853024 CET60867443192.168.2.24142.250.176.196
                                              Mar 25, 2025 03:54:15.791034937 CET60867443192.168.2.24142.250.176.196
                                              Mar 25, 2025 03:54:15.791057110 CET44360867142.250.176.196192.168.2.24
                                              Mar 25, 2025 03:54:15.977682114 CET44360867142.250.176.196192.168.2.24
                                              Mar 25, 2025 03:54:15.980850935 CET60867443192.168.2.24142.250.176.196
                                              Mar 25, 2025 03:54:15.980885983 CET44360867142.250.176.196192.168.2.24
                                              Mar 25, 2025 03:54:24.024432898 CET443608172.19.122.66192.168.2.24
                                              Mar 25, 2025 03:54:24.024456978 CET443608172.19.122.66192.168.2.24
                                              Mar 25, 2025 03:54:24.024504900 CET60817443192.168.2.242.19.122.66
                                              Mar 25, 2025 03:54:24.024542093 CET60817443192.168.2.242.19.122.66
                                              Mar 25, 2025 03:54:24.024641037 CET60817443192.168.2.242.19.122.66
                                              Mar 25, 2025 03:54:24.336563110 CET60817443192.168.2.242.19.122.66
                                              Mar 25, 2025 03:54:24.501794100 CET443608172.19.122.66192.168.2.24
                                              Mar 25, 2025 03:54:25.980698109 CET44360867142.250.176.196192.168.2.24
                                              Mar 25, 2025 03:54:25.980835915 CET44360867142.250.176.196192.168.2.24
                                              Mar 25, 2025 03:54:25.980932951 CET60867443192.168.2.24142.250.176.196
                                              Mar 25, 2025 03:54:26.650559902 CET60867443192.168.2.24142.250.176.196
                                              Mar 25, 2025 03:54:26.650600910 CET44360867142.250.176.196192.168.2.24
                                              TimestampSource PortDest PortSource IPDest IP
                                              Mar 25, 2025 03:52:03.584721088 CET6058453192.168.2.241.1.1.1
                                              Mar 25, 2025 03:52:03.725406885 CET53605841.1.1.1192.168.2.24
                                              Mar 25, 2025 03:52:11.408480883 CET53595671.1.1.1192.168.2.24
                                              Mar 25, 2025 03:52:11.520581007 CET53587071.1.1.1192.168.2.24
                                              Mar 25, 2025 03:52:12.181665897 CET53622751.1.1.1192.168.2.24
                                              Mar 25, 2025 03:52:15.667737961 CET5723453192.168.2.241.1.1.1
                                              Mar 25, 2025 03:52:15.668062925 CET6229853192.168.2.241.1.1.1
                                              Mar 25, 2025 03:52:15.765319109 CET53622981.1.1.1192.168.2.24
                                              Mar 25, 2025 03:52:15.765892029 CET53572341.1.1.1192.168.2.24
                                              Mar 25, 2025 03:52:16.663542032 CET5380753192.168.2.241.1.1.1
                                              Mar 25, 2025 03:52:16.663891077 CET6508753192.168.2.241.1.1.1
                                              Mar 25, 2025 03:52:16.675079107 CET5836353192.168.2.241.1.1.1
                                              Mar 25, 2025 03:52:16.675246000 CET6210053192.168.2.241.1.1.1
                                              Mar 25, 2025 03:52:16.878369093 CET53621001.1.1.1192.168.2.24
                                              Mar 25, 2025 03:52:16.894759893 CET53650871.1.1.1192.168.2.24
                                              Mar 25, 2025 03:52:16.899982929 CET53583631.1.1.1192.168.2.24
                                              Mar 25, 2025 03:52:16.900099993 CET53538071.1.1.1192.168.2.24
                                              Mar 25, 2025 03:52:17.450901031 CET5893053192.168.2.241.1.1.1
                                              Mar 25, 2025 03:52:17.451076984 CET6196353192.168.2.241.1.1.1
                                              Mar 25, 2025 03:52:17.548238039 CET53619631.1.1.1192.168.2.24
                                              Mar 25, 2025 03:52:17.551007032 CET53589301.1.1.1192.168.2.24
                                              Mar 25, 2025 03:52:29.201492071 CET53516031.1.1.1192.168.2.24
                                              Mar 25, 2025 03:52:36.086090088 CET137137192.168.2.24192.168.2.255
                                              Mar 25, 2025 03:52:36.836823940 CET137137192.168.2.24192.168.2.255
                                              Mar 25, 2025 03:52:37.586757898 CET137137192.168.2.24192.168.2.255
                                              Mar 25, 2025 03:52:41.034796953 CET53580471.1.1.1192.168.2.24
                                              Mar 25, 2025 03:52:48.313322067 CET53652131.1.1.1192.168.2.24
                                              Mar 25, 2025 03:53:10.720727921 CET53530471.1.1.1192.168.2.24
                                              Mar 25, 2025 03:53:11.161798000 CET53592711.1.1.1192.168.2.24
                                              Mar 25, 2025 03:53:14.008979082 CET53603831.1.1.1192.168.2.24
                                              Mar 25, 2025 03:53:41.750225067 CET53586011.1.1.1192.168.2.24
                                              Mar 25, 2025 03:54:26.756145954 CET53587641.1.1.1192.168.2.24
                                              Mar 25, 2025 03:54:26.922734976 CET138138192.168.2.24192.168.2.255
                                              TimestampSource IPDest IPChecksumCodeType
                                              Mar 25, 2025 03:52:16.900249958 CET192.168.2.241.1.1.1c21e(Port unreachable)Destination Unreachable
                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                              Mar 25, 2025 03:52:03.584721088 CET192.168.2.241.1.1.10x2d1dStandard query (0)browser.events.data.msn.cnA (IP address)IN (0x0001)false
                                              Mar 25, 2025 03:52:15.667737961 CET192.168.2.241.1.1.10xd39fStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                              Mar 25, 2025 03:52:15.668062925 CET192.168.2.241.1.1.10x837dStandard query (0)www.google.com65IN (0x0001)false
                                              Mar 25, 2025 03:52:16.663542032 CET192.168.2.241.1.1.10x7990Standard query (0)cxxziu8prd.moydow.deA (IP address)IN (0x0001)false
                                              Mar 25, 2025 03:52:16.663891077 CET192.168.2.241.1.1.10xc814Standard query (0)cxxziu8prd.moydow.de65IN (0x0001)false
                                              Mar 25, 2025 03:52:16.675079107 CET192.168.2.241.1.1.10x6b9aStandard query (0)cxxziu8prd.moydow.deA (IP address)IN (0x0001)false
                                              Mar 25, 2025 03:52:16.675246000 CET192.168.2.241.1.1.10xf34Standard query (0)cxxziu8prd.moydow.de65IN (0x0001)false
                                              Mar 25, 2025 03:52:17.450901031 CET192.168.2.241.1.1.10x84fcStandard query (0)a.nel.cloudflare.comA (IP address)IN (0x0001)false
                                              Mar 25, 2025 03:52:17.451076984 CET192.168.2.241.1.1.10x2859Standard query (0)a.nel.cloudflare.com65IN (0x0001)false
                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                              Mar 25, 2025 03:52:03.725406885 CET1.1.1.1192.168.2.240x2d1dNo error (0)browser.events.data.msn.cnglobal.asimov.events.data.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                              Mar 25, 2025 03:52:03.725406885 CET1.1.1.1192.168.2.240x2d1dNo error (0)global.asimov.events.data.trafficmanager.netonedscolprdwus16.westus.cloudapp.azure.comCNAME (Canonical name)IN (0x0001)false
                                              Mar 25, 2025 03:52:03.725406885 CET1.1.1.1192.168.2.240x2d1dNo error (0)onedscolprdwus16.westus.cloudapp.azure.com20.189.173.23A (IP address)IN (0x0001)false
                                              Mar 25, 2025 03:52:15.765319109 CET1.1.1.1192.168.2.240x837dNo error (0)www.google.com65IN (0x0001)false
                                              Mar 25, 2025 03:52:15.765892029 CET1.1.1.1192.168.2.240xd39fNo error (0)www.google.com142.250.176.196A (IP address)IN (0x0001)false
                                              Mar 25, 2025 03:52:16.878369093 CET1.1.1.1192.168.2.240xf34No error (0)cxxziu8prd.moydow.de65IN (0x0001)false
                                              Mar 25, 2025 03:52:16.894759893 CET1.1.1.1192.168.2.240xc814No error (0)cxxziu8prd.moydow.de65IN (0x0001)false
                                              Mar 25, 2025 03:52:16.899982929 CET1.1.1.1192.168.2.240x6b9aNo error (0)cxxziu8prd.moydow.de104.21.13.170A (IP address)IN (0x0001)false
                                              Mar 25, 2025 03:52:16.899982929 CET1.1.1.1192.168.2.240x6b9aNo error (0)cxxziu8prd.moydow.de172.67.200.219A (IP address)IN (0x0001)false
                                              Mar 25, 2025 03:52:16.900099993 CET1.1.1.1192.168.2.240x7990No error (0)cxxziu8prd.moydow.de104.21.13.170A (IP address)IN (0x0001)false
                                              Mar 25, 2025 03:52:16.900099993 CET1.1.1.1192.168.2.240x7990No error (0)cxxziu8prd.moydow.de172.67.200.219A (IP address)IN (0x0001)false
                                              Mar 25, 2025 03:52:17.551007032 CET1.1.1.1192.168.2.240x84fcNo error (0)a.nel.cloudflare.com35.190.80.1A (IP address)IN (0x0001)false
                                              • browser.events.data.msn.cn
                                              • cxxziu8prd.moydow.de
                                              • a.nel.cloudflare.com
                                              Session IDSource IPSource PortDestination IPDestination Port
                                              0192.168.2.246082820.189.173.23443
                                              TimestampBytes transferredDirectionData
                                              2025-03-25 02:52:04 UTC473OUTPOST /OneCollector/1.0?cors=true&content-type=application%2Fx-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=c498711f02654edca8a715ca6e1cb4d4-dc31da17-845c-4cca-84e5-547d05dad708-6945&upload-time=1742871123063&w=0&anoncknm=al_app_anon&NoResponseBody=true HTTP/1.1
                                              Accept-Encoding: gzip, deflate
                                              Content-Length: 3656
                                              Content-Type: application/json; charset=UTF-8
                                              Host: browser.events.data.msn.cn
                                              Connection: Keep-Alive
                                              Cache-Control: no-cache
                                              2025-03-25 02:52:04 UTC3656OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 53 65 72 76 65 72 4c 6f 67 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 63 34 39 38 37 31 31 66 30 32 36 35 34 65 64 63 61 38 61 37 31 35 63 61 36 65 31 63 62 34 64 34 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 35 2d 30 33 2d 32 35 54 30 32 3a 35 31 3a 35 33 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 64 61 74 61 22 3a 7b 22 70 61 67 65 22 3a 7b 22 70 72 6f 64 75 63 74 22 3a 22 65 6e 74 77 69 6e 64 6f 77 73 64 61 73 68 22 2c 22 61 70 70 54 79 70 65 22 3a 22 77 69 6e 57 69 64 67 65 74 73 22 2c 22 6e 61 6d 65 22 3a 22 77 69 6e 70 32 62 61 63 6b 69 6e 67 61 70 70 22 2c 22 69 73 4d 6f 63 6b 45 6e 76 22 3a 66 61 6c 73 65 2c 22 68 6f 73 74 56 65 72 22 3a 22 35 32 34 2e 33 30 35 30 32 2e 33 30 2e 30 22 2c 22
                                              Data Ascii: {"name":"MS.News.Web.ServerLog","iKey":"o:c498711f02654edca8a715ca6e1cb4d4","time":"2025-03-25T02:51:53Z","ver":"4.0","data":{"page":{"product":"entwindowsdash","appType":"winWidgets","name":"winp2backingapp","isMockEnv":false,"hostVer":"524.30502.30.0","


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              1192.168.2.2460844104.21.13.1704437500C:\Program Files\Google\Chrome\Application\chrome.exe
                                              TimestampBytes transferredDirectionData
                                              2025-03-25 02:52:17 UTC1099OUTGET /D5qmCsYRa4AyKq1MHAdqCZWDCKqVGosJvmtaXK0aZAuNJ0GSOaIWHHnt6uSolXqRVZyirTfT1p0ulLBg9ic4WC1nHRwfK6GJWwbVrSnPMcocZ7BjMcNJGSZGkDKfnEnMMt7k7qHQt60y1Tgx3rFkNaT0oxsHX7uwzzXa0mWOi3nn6MWgF0ZnP8NwepxfytbTijysheCr/DhYxXgJevvewAViTS56m5AEibJHNBEpkcypO689njZtk0pEDCNSo8kEojcK70yR7MZXEM9LDKQD22J93PKVoZMLuerENrfsgMTj86n49jiOu4GyD5BwRnPoHfYztT5Cqibv9LrsbAZ333dR0pOUmBf32ABtqHzjMBc2znFknWSW9beCn1qszwWN5h7lyct3lToMyCs0j/samantha.hemingway@evolutionmining.com.au HTTP/1.1
                                              Host: cxxziu8prd.moydow.de
                                              Connection: keep-alive
                                              Upgrade-Insecure-Requests: 1
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                              sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                              sec-ch-ua-mobile: ?0
                                              sec-ch-ua-platform: "Windows"
                                              Sec-Fetch-Site: cross-site
                                              Sec-Fetch-Mode: navigate
                                              Sec-Fetch-Dest: document
                                              Accept-Encoding: gzip, deflate, br, zstd
                                              Accept-Language: en-US,en;q=0.9
                                              2025-03-25 02:52:17 UTC863INHTTP/1.1 404 Not Found
                                              Date: Tue, 25 Mar 2025 02:52:17 GMT
                                              Content-Type: text/html
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              Last-Modified: Sun, 09 Mar 2025 09:49:27 GMT
                                              cf-cache-status: DYNAMIC
                                              vary: accept-encoding
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qz96Z6tjNcPuyuRVMDhJPUEfwZFDR3PHJvvjxITSKw4F6B%2BH927Zk1M1tKNh6BzTkM6%2FHN9B4YJ%2BUBzvAESwVZWykks7fZNiM8L7RdK6ttMtMMlri3ytM7Vm4SdSjEXLs%2FjPgsw0SQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 925b1c801c9c5e67-EWR
                                              alt-svc: h3=":443"; ma=86400
                                              server-timing: cfL4;desc="?proto=TCP&rtt=97070&min_rtt=97013&rtt_var=20550&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2818&recv_bytes=1693&delivery_rate=38337&cwnd=218&unsent_bytes=0&cid=208cf8f6c667a764&ts=334&x=0"
                                              2025-03-25 02:52:17 UTC506INData Raw: 35 62 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 26 6d 64 61 73 68 3b 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e
                                              Data Ascii: 5b9<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <title>404 &mdash; Not Found</title> <meta http-equiv="Con
                                              2025-03-25 02:52:17 UTC966INData Raw: 20 63 6f 6c 6f 72 3a 23 39 39 41 37 41 46 3b 20 6d 61 72 67 69 6e 3a 20 37 30 70 78 20 30 20 30 20 30 3b 7d 0a 20 20 20 20 20 20 20 20 68 32 20 7b 63 6f 6c 6f 72 3a 20 23 44 45 36 43 35 44 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 61 72 69 61 6c 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 20 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 2d 31 70 78 3b 20 6d 61 72 67 69 6e 3a 20 2d 33 70 78 20 30 20 33 39 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 70 20 7b 77 69 64 74 68 3a 33 32 30 70 78 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 3b 20 6d 61 72 67 69 6e 2d 74 6f 70 3a
                                              Data Ascii: color:#99A7AF; margin: 70px 0 0 0;} h2 {color: #DE6C5D; font-family: arial; font-size: 20px; font-weight: bold; letter-spacing: -1px; margin: -3px 0 39px;} p {width:320px; text-align:center; margin-left:auto;margin-right:auto; margin-top:
                                              2025-03-25 02:52:17 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              2192.168.2.246084535.190.80.14437500C:\Program Files\Google\Chrome\Application\chrome.exe
                                              TimestampBytes transferredDirectionData
                                              2025-03-25 02:52:17 UTC559OUTOPTIONS /report/v4?s=qz96Z6tjNcPuyuRVMDhJPUEfwZFDR3PHJvvjxITSKw4F6B%2BH927Zk1M1tKNh6BzTkM6%2FHN9B4YJ%2BUBzvAESwVZWykks7fZNiM8L7RdK6ttMtMMlri3ytM7Vm4SdSjEXLs%2FjPgsw0SQ%3D%3D HTTP/1.1
                                              Host: a.nel.cloudflare.com
                                              Connection: keep-alive
                                              Origin: https://cxxziu8prd.moydow.de
                                              Access-Control-Request-Method: POST
                                              Access-Control-Request-Headers: content-type
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                              Accept-Encoding: gzip, deflate, br, zstd
                                              Accept-Language: en-US,en;q=0.9
                                              2025-03-25 02:52:17 UTC336INHTTP/1.1 200 OK
                                              Content-Length: 0
                                              access-control-max-age: 86400
                                              access-control-allow-methods: OPTIONS, POST
                                              access-control-allow-origin: *
                                              access-control-allow-headers: content-type, content-length
                                              date: Tue, 25 Mar 2025 02:52:17 GMT
                                              Via: 1.1 google
                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                              Connection: close


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              3192.168.2.2460846104.21.13.1704437500C:\Program Files\Google\Chrome\Application\chrome.exe
                                              TimestampBytes transferredDirectionData
                                              2025-03-25 02:52:17 UTC1046OUTGET /favicon.ico HTTP/1.1
                                              Host: cxxziu8prd.moydow.de
                                              Connection: keep-alive
                                              sec-ch-ua-platform: "Windows"
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                              sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                              sec-ch-ua-mobile: ?0
                                              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                              Sec-Fetch-Site: same-origin
                                              Sec-Fetch-Mode: no-cors
                                              Sec-Fetch-Dest: image
                                              Referer: https://cxxziu8prd.moydow.de/D5qmCsYRa4AyKq1MHAdqCZWDCKqVGosJvmtaXK0aZAuNJ0GSOaIWHHnt6uSolXqRVZyirTfT1p0ulLBg9ic4WC1nHRwfK6GJWwbVrSnPMcocZ7BjMcNJGSZGkDKfnEnMMt7k7qHQt60y1Tgx3rFkNaT0oxsHX7uwzzXa0mWOi3nn6MWgF0ZnP8NwepxfytbTijysheCr/DhYxXgJevvewAViTS56m5AEibJHNBEpkcypO689njZtk0pEDCNSo8kEojcK70yR7MZXEM9LDKQD22J93PKVoZMLuerENrfsgMTj86n49jiOu4GyD5BwRnPoHfYztT5Cqibv9LrsbAZ333dR0pOUmBf32ABtqHzjMBc2znFknWSW9beCn1qszwWN5h7lyct3lToMyCs0j/samantha.hemingway@evolutionmining.com.au
                                              Accept-Encoding: gzip, deflate, br, zstd
                                              Accept-Language: en-US,en;q=0.9
                                              2025-03-25 02:52:18 UTC865INHTTP/1.1 404 Not Found
                                              Date: Tue, 25 Mar 2025 02:52:18 GMT
                                              Content-Type: text/html
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              Last-Modified: Sun, 09 Mar 2025 09:49:27 GMT
                                              Cache-Control: max-age=14400
                                              CF-Cache-Status: MISS
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lnBtCsllJCGPsQGkXAdsbop3F6dN%2BdaGtRIiMr9mVJ7vsuZmAEEwV%2BCOZiy1H6tYe8TGk4qa89C3Cgt9PfALcqiTyGU8qe7ADsrzd7gY95HkS6aZZK6KKtlCJUEk1%2BlwU9ppvacLsw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 925b1c847a331839-EWR
                                              alt-svc: h3=":443"; ma=86400
                                              server-timing: cfL4;desc="?proto=TCP&rtt=96702&min_rtt=96617&rtt_var=20511&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2818&recv_bytes=1640&delivery_rate=38452&cwnd=212&unsent_bytes=0&cid=0ecd412ca9c57d57&ts=336&x=0"
                                              2025-03-25 02:52:18 UTC504INData Raw: 35 62 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 26 6d 64 61 73 68 3b 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e
                                              Data Ascii: 5b9<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <title>404 &mdash; Not Found</title> <meta http-equiv="Con
                                              2025-03-25 02:52:18 UTC968INData Raw: 78 3b 20 63 6f 6c 6f 72 3a 23 39 39 41 37 41 46 3b 20 6d 61 72 67 69 6e 3a 20 37 30 70 78 20 30 20 30 20 30 3b 7d 0a 20 20 20 20 20 20 20 20 68 32 20 7b 63 6f 6c 6f 72 3a 20 23 44 45 36 43 35 44 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 61 72 69 61 6c 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 20 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 2d 31 70 78 3b 20 6d 61 72 67 69 6e 3a 20 2d 33 70 78 20 30 20 33 39 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 70 20 7b 77 69 64 74 68 3a 33 32 30 70 78 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 3b 20 6d 61 72 67 69 6e 2d 74 6f
                                              Data Ascii: x; color:#99A7AF; margin: 70px 0 0 0;} h2 {color: #DE6C5D; font-family: arial; font-size: 20px; font-weight: bold; letter-spacing: -1px; margin: -3px 0 39px;} p {width:320px; text-align:center; margin-left:auto;margin-right:auto; margin-to
                                              2025-03-25 02:52:18 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              4192.168.2.246084735.190.80.14437500C:\Program Files\Google\Chrome\Application\chrome.exe
                                              TimestampBytes transferredDirectionData
                                              2025-03-25 02:52:18 UTC534OUTPOST /report/v4?s=qz96Z6tjNcPuyuRVMDhJPUEfwZFDR3PHJvvjxITSKw4F6B%2BH927Zk1M1tKNh6BzTkM6%2FHN9B4YJ%2BUBzvAESwVZWykks7fZNiM8L7RdK6ttMtMMlri3ytM7Vm4SdSjEXLs%2FjPgsw0SQ%3D%3D HTTP/1.1
                                              Host: a.nel.cloudflare.com
                                              Connection: keep-alive
                                              Content-Length: 834
                                              Content-Type: application/reports+json
                                              Origin: https://cxxziu8prd.moydow.de
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                              Accept-Encoding: gzip, deflate, br, zstd
                                              Accept-Language: en-US,en;q=0.9
                                              2025-03-25 02:52:18 UTC834OUTData Raw: 5b 7b 22 61 67 65 22 3a 31 32 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 37 36 33 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 32 31 2e 31 33 2e 31 37 30 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 63 78 78 7a 69 75 38 70 72 64 2e 6d 6f 79 64
                                              Data Ascii: [{"age":12,"body":{"elapsed_time":763,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"","sampling_fraction":1.0,"server_ip":"104.21.13.170","status_code":404,"type":"http.error"},"type":"network-error","url":"https://cxxziu8prd.moyd
                                              2025-03-25 02:52:18 UTC214INHTTP/1.1 200 OK
                                              Content-Length: 0
                                              access-control-allow-origin: *
                                              vary: Origin
                                              date: Tue, 25 Mar 2025 02:52:17 GMT
                                              Via: 1.1 google
                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                              Connection: close


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              5192.168.2.246085935.190.80.14437500C:\Program Files\Google\Chrome\Application\chrome.exe
                                              TimestampBytes transferredDirectionData
                                              2025-03-25 02:53:17 UTC557OUTOPTIONS /report/v4?s=lnBtCsllJCGPsQGkXAdsbop3F6dN%2BdaGtRIiMr9mVJ7vsuZmAEEwV%2BCOZiy1H6tYe8TGk4qa89C3Cgt9PfALcqiTyGU8qe7ADsrzd7gY95HkS6aZZK6KKtlCJUEk1%2BlwU9ppvacLsw%3D%3D HTTP/1.1
                                              Host: a.nel.cloudflare.com
                                              Connection: keep-alive
                                              Origin: https://cxxziu8prd.moydow.de
                                              Access-Control-Request-Method: POST
                                              Access-Control-Request-Headers: content-type
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                              Accept-Encoding: gzip, deflate, br, zstd
                                              Accept-Language: en-US,en;q=0.9
                                              2025-03-25 02:53:17 UTC336INHTTP/1.1 200 OK
                                              Content-Length: 0
                                              access-control-max-age: 86400
                                              access-control-allow-methods: POST, OPTIONS
                                              access-control-allow-origin: *
                                              access-control-allow-headers: content-type, content-length
                                              date: Tue, 25 Mar 2025 02:53:17 GMT
                                              Via: 1.1 google
                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                              Connection: close


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              6192.168.2.246086035.190.80.14437500C:\Program Files\Google\Chrome\Application\chrome.exe
                                              TimestampBytes transferredDirectionData
                                              2025-03-25 02:53:18 UTC532OUTPOST /report/v4?s=lnBtCsllJCGPsQGkXAdsbop3F6dN%2BdaGtRIiMr9mVJ7vsuZmAEEwV%2BCOZiy1H6tYe8TGk4qa89C3Cgt9PfALcqiTyGU8qe7ADsrzd7gY95HkS6aZZK6KKtlCJUEk1%2BlwU9ppvacLsw%3D%3D HTTP/1.1
                                              Host: a.nel.cloudflare.com
                                              Connection: keep-alive
                                              Content-Length: 877
                                              Content-Type: application/reports+json
                                              Origin: https://cxxziu8prd.moydow.de
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                              Accept-Encoding: gzip, deflate, br, zstd
                                              Accept-Language: en-US,en;q=0.9
                                              2025-03-25 02:53:18 UTC877OUTData Raw: 5b 7b 22 61 67 65 22 3a 35 39 33 30 36 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 35 33 33 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 63 78 78 7a 69 75 38 70 72 64 2e 6d 6f 79 64 6f 77 2e 64 65 2f 44 35 71 6d 43 73 59 52 61 34 41 79 4b 71 31 4d 48 41 64 71 43 5a 57 44 43 4b 71 56 47 6f 73 4a 76 6d 74 61 58 4b 30 61 5a 41 75 4e 4a 30 47 53 4f 61 49 57 48 48 6e 74 36 75 53 6f 6c 58 71 52 56 5a 79 69 72 54 66 54 31 70 30 75 6c 4c 42 67 39 69 63 34 57 43 31 6e 48 52 77 66 4b 36 47 4a 57 77 62 56 72 53 6e 50 4d 63 6f 63 5a 37 42 6a 4d 63
                                              Data Ascii: [{"age":59306,"body":{"elapsed_time":533,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://cxxziu8prd.moydow.de/D5qmCsYRa4AyKq1MHAdqCZWDCKqVGosJvmtaXK0aZAuNJ0GSOaIWHHnt6uSolXqRVZyirTfT1p0ulLBg9ic4WC1nHRwfK6GJWwbVrSnPMcocZ7BjMc
                                              2025-03-25 02:53:18 UTC214INHTTP/1.1 200 OK
                                              Content-Length: 0
                                              access-control-allow-origin: *
                                              vary: Origin
                                              date: Tue, 25 Mar 2025 02:53:17 GMT
                                              Via: 1.1 google
                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                              Connection: close


                                              050100150200s020406080100

                                              Click to jump to process

                                              050100150200s0.0050100MB

                                              Click to jump to process

                                              Target ID:0
                                              Start time:22:52:08
                                              Start date:24/03/2025
                                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              Wow64 process (32bit):false
                                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                                              Imagebase:0x7ff64ad70000
                                              File size:3'384'928 bytes
                                              MD5 hash:DBE43C1D0092437B88CFF7BD9ABC336C
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:moderate
                                              Has exited:false

                                              Target ID:1
                                              Start time:22:52:09
                                              Start date:24/03/2025
                                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              Wow64 process (32bit):false
                                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1900,i,7674019935859693911,8940468471667833695,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2024 /prefetch:11
                                              Imagebase:0x7ff64ad70000
                                              File size:3'384'928 bytes
                                              MD5 hash:DBE43C1D0092437B88CFF7BD9ABC336C
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:moderate
                                              Has exited:false

                                              Target ID:6
                                              Start time:22:52:16
                                              Start date:24/03/2025
                                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              Wow64 process (32bit):false
                                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\1513570779.svg"
                                              Imagebase:0x7ff64ad70000
                                              File size:3'384'928 bytes
                                              MD5 hash:DBE43C1D0092437B88CFF7BD9ABC336C
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:moderate
                                              Has exited:true

                                              No disassembly