Edit tour

Windows Analysis Report
1513570779.svg

Overview

General Information

Sample name:	1513570779.svg
Analysis ID:	1647621
MD5:	06afa7ff339723165feb610c1a530c46
SHA1:	ea1706a8cf0f257ad55dd29bde7b0fb5c89bb14f
SHA256:	f2c28cb84714032ebf92bafe4e8341a9f3d1d8aedca7f8831617692e4d1771b5
Infos:

Detection

HTMLPhisher

Score:	64
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Yara detected HtmlPhish80

AI detected suspicious Javascript

Yara detected JavaScript embedded in SVG

Creates files inside the system directory

Deletes files inside the Windows folder

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Classification

Process Tree

System is w11x64_office

chrome.exe (PID: 7304 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: DBE43C1D0092437B88CFF7BD9ABC336C)

chrome.exe (PID: 7500 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1900,i,7674019935859693911,8940468471667833695,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2024 /prefetch:11 MD5: DBE43C1D0092437B88CFF7BD9ABC336C)

chrome.exe (PID: 7180 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\1513570779.svg" MD5: DBE43C1D0092437B88CFF7BD9ABC336C)

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
1513570779.svg	JoeSecurity_JavaScriptembeddedinSVG	Yara detected JavaScript embedded in SVG	Joe Security
1513570779.svg	JoeSecurity_HtmlPhish_80	Yara detected HtmlPhish_80	Joe Security

Joe Sandbox Signatures

• AV Detection
• Phishing
• Compliance
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://cxxziu8prd.moydow.de/favicon.ico

Avira URL Cloud: Label: malware

Phishing

Yara detected HtmlPhish80

Source: Yara match

File source: 1513570779.svg, type: SAMPLE

AI detected suspicious Javascript

Source: 0.1..script.csv

Joe Sandbox AI: Detected suspicious JavaScript with source url: data:application/ecmascript;base64,dHJ5IHsKICAgIGZ... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The `duruwo` function appears to be decoding a heavily encoded string, which could be used to redirect the user to a malicious website or execute arbitrary code. Additionally, the script attempts to modify the DOM by setting the `href` and `style.display` properties of an element, which could be part of a phishing or malware attack. Overall, this script demonstrates a high level of suspicious activity and should be treated with caution.

Yara detected JavaScript embedded in SVG

Source: Yara match

File source: 1513570779.svg, type: SAMPLE

Source: https://cxxziu8prd.moydow.de/D5qmCsYRa4AyKq1MHAdqCZWDCKqVGosJvmtaXK0aZAuNJ0GSOaIWHHnt6uSolXqRVZyirTfT1p0ulLBg9ic4WC1nHRwfK6GJWwbVrSnPMcocZ7BjMcNJGSZGkDKfnEnMMt7k7qHQt60y1Tgx3rFkNaT0oxsHX7uwzzXa0mWOi3nn6MWgF0ZnP8NwepxfytbTijysheCr/DhYxXgJevvewAViTS56m5AEibJHNBEpkcypO689njZtk0pEDCNSo8kEojcK70yR7MZXEM9LDKQD22J93PKVoZMLuerENrfsgMTj86n49jiOu4GyD5BwRnPoHfYztT5Cqibv9LrsbAZ333dR0pOUmBf32ABtqHzjMBc2znFknWSW9beCn1qszwWN5h7lyct3lToMyCs0j/samantha.hemingway@evolutionmining.com.au

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 142.250.176.196:443 -> 192.168.2.24:60838 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.176.196:443 -> 192.168.2.24:60838 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.13.170:443 -> 192.168.2.24:60844 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.24:60845 version: TLS 1.2

Source: global traffic

HTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application%2Fx-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=c498711f02654edca8a715ca6e1cb4d4-dc31da17-845c-4cca-84e5-547d05dad708-6945&upload-time=1742871123063&w=0&anoncknm=al_app_anon&NoResponseBody=true HTTP/1.1Accept-Encoding: gzip, deflateContent-Length: 3656Content-Type: application/json; charset=UTF-8Host: browser.events.data.msn.cnConnection: Keep-AliveCache-Control: no-cache

Source: Joe Sandbox View

IP Address: 104.21.13.170 104.21.13.170

Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.176.221
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.176.221
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.176.221
Source: unknown	TCP traffic detected without corresponding DNS query: 208.89.73.31
Source: unknown	TCP traffic detected without corresponding DNS query: 208.89.73.31
Source: unknown	TCP traffic detected without corresponding DNS query: 208.89.73.31
Source: unknown	TCP traffic detected without corresponding DNS query: 23.219.36.143
Source: unknown	TCP traffic detected without corresponding DNS query: 23.219.36.143
Source: unknown	TCP traffic detected without corresponding DNS query: 23.219.36.143
Source: unknown	TCP traffic detected without corresponding DNS query: 23.219.36.143
Source: unknown	TCP traffic detected without corresponding DNS query: 23.219.36.143
Source: unknown	TCP traffic detected without corresponding DNS query: 23.219.36.143
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.69.3
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.69.3
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.69.3
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.69.3
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.69.3
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.69.3
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /D5qmCsYRa4AyKq1MHAdqCZWDCKqVGosJvmtaXK0aZAuNJ0GSOaIWHHnt6uSolXqRVZyirTfT1p0ulLBg9ic4WC1nHRwfK6GJWwbVrSnPMcocZ7BjMcNJGSZGkDKfnEnMMt7k7qHQt60y1Tgx3rFkNaT0oxsHX7uwzzXa0mWOi3nn6MWgF0ZnP8NwepxfytbTijysheCr/DhYxXgJevvewAViTS56m5AEibJHNBEpkcypO689njZtk0pEDCNSo8kEojcK70yR7MZXEM9LDKQD22J93PKVoZMLuerENrfsgMTj86n49jiOu4GyD5BwRnPoHfYztT5Cqibv9LrsbAZ333dR0pOUmBf32ABtqHzjMBc2znFknWSW9beCn1qszwWN5h7lyct3lToMyCs0j/samantha.hemingway@evolutionmining.com.au HTTP/1.1Host: cxxziu8prd.moydow.deConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: cxxziu8prd.moydow.deConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cxxziu8prd.moydow.de/D5qmCsYRa4AyKq1MHAdqCZWDCKqVGosJvmtaXK0aZAuNJ0GSOaIWHHnt6uSolXqRVZyirTfT1p0ulLBg9ic4WC1nHRwfK6GJWwbVrSnPMcocZ7BjMcNJGSZGkDKfnEnMMt7k7qHQt60y1Tgx3rFkNaT0oxsHX7uwzzXa0mWOi3nn6MWgF0ZnP8NwepxfytbTijysheCr/DhYxXgJevvewAViTS56m5AEibJHNBEpkcypO689njZtk0pEDCNSo8kEojcK70yR7MZXEM9LDKQD22J93PKVoZMLuerENrfsgMTj86n49jiOu4GyD5BwRnPoHfYztT5Cqibv9LrsbAZ333dR0pOUmBf32ABtqHzjMBc2znFknWSW9beCn1qszwWN5h7lyct3lToMyCs0j/samantha.hemingway@evolutionmining.com.auAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: browser.events.data.msn.cn
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: cxxziu8prd.moydow.de
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com

Source: unknown

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 25 Mar 2025 02:52:17 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeLast-Modified: Sun, 09 Mar 2025 09:49:27 GMTcf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qz96Z6tjNcPuyuRVMDhJPUEfwZFDR3PHJvvjxITSKw4F6B%2BH927Zk1M1tKNh6BzTkM6%2FHN9B4YJ%2BUBzvAESwVZWykks7fZNiM8L7RdK6ttMtMMlri3ytM7Vm4SdSjEXLs%2FjPgsw0SQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 925b1c801c9c5e67-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=97070&min_rtt=97013&rtt_var=20550&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2818&recv_bytes=1693&delivery_rate=38337&cwnd=218&unsent_bytes=0&cid=208cf8f6c667a764&ts=334&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 25 Mar 2025 02:52:18 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeLast-Modified: Sun, 09 Mar 2025 09:49:27 GMTCache-Control: max-age=14400CF-Cache-Status: MISSReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lnBtCsllJCGPsQGkXAdsbop3F6dN%2BdaGtRIiMr9mVJ7vsuZmAEEwV%2BCOZiy1H6tYe8TGk4qa89C3Cgt9PfALcqiTyGU8qe7ADsrzd7gY95HkS6aZZK6KKtlCJUEk1%2BlwU9ppvacLsw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 925b1c847a331839-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=96702&min_rtt=96617&rtt_var=20511&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2818&recv_bytes=1640&delivery_rate=38452&cwnd=212&unsent_bytes=0&cid=0ecd412ca9c57d57&ts=336&x=0"

Source: chromecache_48.1.dr

String found in binary or memory: http://hwsrv-1278837.hostwindsdns.com/

Source: unknown	Network traffic detected: HTTP traffic on port 60825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60838
Source: unknown	Network traffic detected: HTTP traffic on port 60821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60859
Source: unknown	Network traffic detected: HTTP traffic on port 60867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60857
Source: unknown	Network traffic detected: HTTP traffic on port 60847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60828
Source: unknown	Network traffic detected: HTTP traffic on port 60818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60846
Source: unknown	Network traffic detected: HTTP traffic on port 60828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60821

Source: unknown	HTTPS traffic detected: 142.250.176.196:443 -> 192.168.2.24:60838 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.176.196:443 -> 192.168.2.24:60838 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.13.170:443 -> 192.168.2.24:60844 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.24:60845 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir7304_1925727679

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir7304_1925727679

Jump to behavior

Source: classification engine

Classification label: mal64.phis.winSVG@24/4@9/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1900,i,7674019935859693911,8940468471667833695,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2024 /prefetch:11
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\1513570779.svg"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1900,i,7674019935859693911,8940468471667833695,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2024 /prefetch:11	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://cxxziu8prd.moydow.de/favicon.ico	100%	Avira URL Cloud	malware
http://hwsrv-1278837.hostwindsdns.com/	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
a.nel.cloudflare.com	35.190.80.1	true	false	high
cxxziu8prd.moydow.de	104.21.13.170	true	false	unknown
www.google.com	142.250.176.196	true	false	high
onedscolprdwus16.westus.cloudapp.azure.com	20.189.173.23	true	false	high
browser.events.data.msn.cn	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://browser.events.data.msn.cn/OneCollector/1.0?cors=true&content-type=application%2Fx-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=c498711f02654edca8a715ca6e1cb4d4-dc31da17-845c-4cca-84e5-547d05dad708-6945&upload-time=1742871123063&w=0&anoncknm=al_app_anon&NoResponseBody=true	false		high
https://cxxziu8prd.moydow.de/favicon.ico	false	Avira URL Cloud: malware	unknown
https://a.nel.cloudflare.com/report/v4?s=lnBtCsllJCGPsQGkXAdsbop3F6dN%2BdaGtRIiMr9mVJ7vsuZmAEEwV%2BCOZiy1H6tYe8TGk4qa89C3Cgt9PfALcqiTyGU8qe7ADsrzd7gY95HkS6aZZK6KKtlCJUEk1%2BlwU9ppvacLsw%3D%3D	false		high
https://cxxziu8prd.moydow.de/D5qmCsYRa4AyKq1MHAdqCZWDCKqVGosJvmtaXK0aZAuNJ0GSOaIWHHnt6uSolXqRVZyirTfT1p0ulLBg9ic4WC1nHRwfK6GJWwbVrSnPMcocZ7BjMcNJGSZGkDKfnEnMMt7k7qHQt60y1Tgx3rFkNaT0oxsHX7uwzzXa0mWOi3nn6MWgF0ZnP8NwepxfytbTijysheCr/DhYxXgJevvewAViTS56m5AEibJHNBEpkcypO689njZtk0pEDCNSo8kEojcK70yR7MZXEM9LDKQD22J93PKVoZMLuerENrfsgMTj86n49jiOu4GyD5BwRnPoHfYztT5Cqibv9LrsbAZ333dR0pOUmBf32ABtqHzjMBc2znFknWSW9beCn1qszwWN5h7lyct3lToMyCs0j/samantha.hemingway@evolutionmining.com.au	false		unknown
https://a.nel.cloudflare.com/report/v4?s=qz96Z6tjNcPuyuRVMDhJPUEfwZFDR3PHJvvjxITSKw4F6B%2BH927Zk1M1tKNh6BzTkM6%2FHN9B4YJ%2BUBzvAESwVZWykks7fZNiM8L7RdK6ttMtMMlri3ytM7Vm4SdSjEXLs%2FjPgsw0SQ%3D%3D	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://hwsrv-1278837.hostwindsdns.com/	chromecache_48.1.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.176.196	www.google.com	United States	15169	GOOGLEUS	false
104.21.13.170	cxxziu8prd.moydow.de	United States	13335	CLOUDFLARENETUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.24

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1647621
Start date and time:	2025-03-25 03:51:11 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 13s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	1513570779.svg
Detection:	MAL
Classification:	mal64.phis.winSVG@24/4@9/5
Cookbook Comments:	Found application associated with file extension: .svg

Warnings

Exclude process from analysis (whitelisted): SystemSettingsBroker.exe, SIHClient.exe, appidcertstorecheck.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 199.232.210.172, 142.251.40.227, 142.251.40.206, 142.250.65.238, 64.233.180.84, 142.250.176.206, 142.250.65.206, 142.250.81.238, 142.251.35.174, 142.251.41.10, 142.250.65.234, 142.250.72.106, 142.251.40.234, 142.250.80.106, 142.250.65.170, 142.250.64.74, 142.250.176.202, 142.251.40.202, 142.251.32.106, 142.250.80.74, 142.250.65.202, 142.250.81.234, 142.251.40.170, 142.250.64.106, 142.250.80.42, 142.251.40.238, 142.250.80.99, 142.251.40.99, 142.251.32.110, 142.250.80.110, 172.217.165.142, 172.202.163.200
Excluded domains from analysis (whitelisted): clients1.google.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, www.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com, c.pki.goog
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
104.21.13.170	https://jjwnqc57oa.moydow.de/OurwTNnCrV6tWwLFmIi6r01G2wh3iXEPBcvLfaU4bI3dINoKYDsy8DPip8eUPK818NHnY7W260XuQXgUMWNf9wvBwK2UzrLtF7P3ei3aqnS4BV80Y9bO7FmA7mCD3MY9B4cYlwgEzQmQ6MHvuqx1ZrBwwaRC237A6GjmKC57pnsMK8Dmx4dJQyz6eoCHXRnwaWkrv0eY/0LMlDHhmtYT07OntFIMX71Hf2EPAEm5dCQv96aB0YBqTPsS2EGdF7HRHIqWbdQKTe6KvQof0sVGuJnfwXYfBDdWn5TpG9hgyZrpVIWAvuHZRDoMWSumcdJOgNJO44QXHUf10mTao958pd0iHLCinIRVQVKp8VGxwtZWlZ3zb9JyGoTEIvEaLLLTqmZc4PxGsMAEALOfW/john.walker@gmail.com	Get hash	malicious	Unknown	Browse
	6650304952_.svg	Get hash	malicious	HTMLPhisher	Browse
	6650304952_.svg	Get hash	malicious	HTMLPhisher	Browse
	6650304952_.svg	Get hash	malicious	HTMLPhisher	Browse
	message__0XSkcQEiS5ehXOfhSk9JKw_geopod_ismtpd_30_.eml	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse
	https://vwj9ymusjv9xeh65cf602u2rmsnkbyf2u7lxtnawlaim1gvceu.moydow.de/5417971987/6327230191/#bnBkL3NmdW9mZGJvYnlmdUFob2p0Ymlkc3ZxJTBsU3RkM0cwdnMvbmJmeXN1VGZ1ekMvezJsdWZxUFhXV0wyNVRmOXZqWkk5eUZbbXJie04xTTZIREp2cGN5dTlRMzplOFZkVEQwMDt0cXV1aQ==	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse
	e8iuAWz9pB.exe	Get hash	malicious	Glupteba, Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT	Browse
	Ux0uyPZABV.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine, zgRAT	Browse
	g2nXBEjfVF.exe	Get hash	malicious	Glupteba, Mars Stealer, Stealc, Vidar	Browse
	SecuriteInfo.com.Win32.TrojanX-gen.1033.1898.exe	Get hash	malicious	Amadey, Mars Stealer, PureLog Stealer, RisePro Stealer, SmokeLoader, Stealc, Vidar	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	https://jainiklifesciences.com/proposals	Get hash	malicious	HTMLPhisher	Browse	104.19.229.21
	https://jainiklifesciences.com/proposals	Get hash	malicious	Unknown	Browse	104.19.230.21
	https://jainiklifesciences.com/proposals	Get hash	malicious	HTMLPhisher	Browse	104.19.230.21
	https://jainiklifesciences.com/proposals	Get hash	malicious	Unknown	Browse	104.19.230.21
	rShippingDocumentsCopies.exe	Get hash	malicious	FormBook	Browse	104.21.75.153
	https://url.us.m.mimecastprotect.com/s/nZZ9Crkg3MtnDD2GHzh7U48vkg?domain=orangeconnection.org	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	104.17.25.14
	SWIFT MT103.Pdf.exe	Get hash	malicious	FormBook	Browse	104.21.96.1
	https://sallybarmescounsellor.co.uk/pad4.pdf	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	104.21.112.1
	P.O.exe	Get hash	malicious	FormBook	Browse	104.21.112.1
	http://nicholsoncop.com/	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	172.67.194.216

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	1465
Entropy (8bit):	5.213319658132415
Encrypted:	false
SSDEEP:	24:hM0mIh5f0ARJsUYMD5zt7lODbdYO517l0jzRlw+w+w2w/fVE28QMU6d/iG80TV:lmIbf0A8UYMbQnr+zbH1TSi8MUsf
MD5:	0644CF2088F5C5358F47F6BCDBB41AD9
SHA1:	A08446D8D08464D3C9E240DD218F3C9475A1DC01
SHA-256:	163B55065C83DABC5EF88ABB0521B0BAF14B354BF0CE55B4A363568114A41183
SHA-512:	CE602AE36CC139CCAC71AE2C6344D5556E6CA7ED3093B88EA47A58AD77BE673D5EB6D3523892708410478629D8C094802621A5B8673D85193C930E6DE1B99CED
Malicious:	false
Reputation:	low
URL:	https://cxxziu8prd.moydow.de/favicon.ico
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">.<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head>. <title>404 — Not Found</title>. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>. <meta name="description" content="Sorry, page not found"/>. <style type="text/css">. body {font-size:14px; color:#777777; font-family:arial; text-align:center;}. h1 {font-size:180px; color:#99A7AF; margin: 70px 0 0 0;}. h2 {color: #DE6C5D; font-family: arial; font-size: 20px; font-weight: bold; letter-spacing: -1px; margin: -3px 0 39px;}. p {width:320px; text-align:center; margin-left:auto;margin-right:auto; margin-top: 30px }. div {width:320px; text-align:center; margin-left:auto;margin-right:auto;}. a:link {color: #34536A;}. a:visited {color: #34536A;}. a:active {color: #34536A;}. a:hover {color: #34536A;}. </style>.</h

Chrome Cache Entry: 49

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	1465
Entropy (8bit):	5.213319658132415
Encrypted:	false
SSDEEP:	24:hM0mIh5f0ARJsUYMD5zt7lODbdYO517l0jzRlw+w+w2w/fVE28QMU6d/iG80TV:lmIbf0A8UYMbQnr+zbH1TSi8MUsf
MD5:	0644CF2088F5C5358F47F6BCDBB41AD9
SHA1:	A08446D8D08464D3C9E240DD218F3C9475A1DC01
SHA-256:	163B55065C83DABC5EF88ABB0521B0BAF14B354BF0CE55B4A363568114A41183
SHA-512:	CE602AE36CC139CCAC71AE2C6344D5556E6CA7ED3093B88EA47A58AD77BE673D5EB6D3523892708410478629D8C094802621A5B8673D85193C930E6DE1B99CED
Malicious:	false
Reputation:	low
URL:	https://cxxziu8prd.moydow.de/D5qmCsYRa4AyKq1MHAdqCZWDCKqVGosJvmtaXK0aZAuNJ0GSOaIWHHnt6uSolXqRVZyirTfT1p0ulLBg9ic4WC1nHRwfK6GJWwbVrSnPMcocZ7BjMcNJGSZGkDKfnEnMMt7k7qHQt60y1Tgx3rFkNaT0oxsHX7uwzzXa0mWOi3nn6MWgF0ZnP8NwepxfytbTijysheCr/DhYxXgJevvewAViTS56m5AEibJHNBEpkcypO689njZtk0pEDCNSo8kEojcK70yR7MZXEM9LDKQD22J93PKVoZMLuerENrfsgMTj86n49jiOu4GyD5BwRnPoHfYztT5Cqibv9LrsbAZ333dR0pOUmBf32ABtqHzjMBc2znFknWSW9beCn1qszwWN5h7lyct3lToMyCs0j/samantha.hemingway@evolutionmining.com.au
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">.<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head>. <title>404 — Not Found</title>. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>. <meta name="description" content="Sorry, page not found"/>. <style type="text/css">. body {font-size:14px; color:#777777; font-family:arial; text-align:center;}. h1 {font-size:180px; color:#99A7AF; margin: 70px 0 0 0;}. h2 {color: #DE6C5D; font-family: arial; font-size: 20px; font-weight: bold; letter-spacing: -1px; margin: -3px 0 39px;}. p {width:320px; text-align:center; margin-left:auto;margin-right:auto; margin-top: 30px }. div {width:320px; text-align:center; margin-left:auto;margin-right:auto;}. a:link {color: #34536A;}. a:visited {color: #34536A;}. a:active {color: #34536A;}. a:hover {color: #34536A;}. </style>.</h

Static File Info

General

File type:	HTML document, ASCII text, with very long lines (3399)
Entropy (8bit):	5.641109808890761
TrID:
File name:	1513570779.svg
File size:	4'174 bytes
MD5:	06afa7ff339723165feb610c1a530c46
SHA1:	ea1706a8cf0f257ad55dd29bde7b0fb5c89bb14f
SHA256:	f2c28cb84714032ebf92bafe4e8341a9f3d1d8aedca7f8831617692e4d1771b5
SHA512:	9bb90dcf75075ecc34cd4f5b8560beac0f896dabff41a7f633ade229838793d7a6573cafaa3b96faa2cd176b96e9722653caba2c3aff7bb26e09fed4726c32eb
SSDEEP:	96:A451Zh5qEvErGOkjWcIbOnSdUwJhHNdpIzFxo15u:AkewErGOMWHOUUwHb6Fv
TLSH:	DF8123604C9F4E2C037441C3ECDD10CACB59E7D73A81E78DB68EAAF4A76652654CB4C9
File Content Preview:	The explorer composed a beautiful painting in the desert. -->.<svg xmlns="http://www.w3.org/2000/svg" width="100%" height="100%">. The child painted a curious thought while sailing across the seas. -->. <foreignObject width="100%" heig

File Icon


Icon Hash:	173149cccc490307

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 124
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 25, 2025 03:52:03.728663921 CET	60828	443	192.168.2.24	20.189.173.23
Mar 25, 2025 03:52:03.728710890 CET	443	60828	20.189.173.23	192.168.2.24
Mar 25, 2025 03:52:03.728830099 CET	60828	443	192.168.2.24	20.189.173.23
Mar 25, 2025 03:52:03.731106997 CET	60828	443	192.168.2.24	20.189.173.23
Mar 25, 2025 03:52:03.731127024 CET	443	60828	20.189.173.23	192.168.2.24
Mar 25, 2025 03:52:04.254158020 CET	443	60828	20.189.173.23	192.168.2.24
Mar 25, 2025 03:52:04.254329920 CET	60828	443	192.168.2.24	20.189.173.23
Mar 25, 2025 03:52:04.266537905 CET	60828	443	192.168.2.24	20.189.173.23
Mar 25, 2025 03:52:04.266556025 CET	443	60828	20.189.173.23	192.168.2.24
Mar 25, 2025 03:52:04.268853903 CET	443	60828	20.189.173.23	192.168.2.24
Mar 25, 2025 03:52:04.268953085 CET	60828	443	192.168.2.24	20.189.173.23
Mar 25, 2025 03:52:04.274266958 CET	60828	443	192.168.2.24	20.189.173.23
Mar 25, 2025 03:52:04.274370909 CET	443	60828	20.189.173.23	192.168.2.24
Mar 25, 2025 03:52:04.274429083 CET	60828	443	192.168.2.24	20.189.173.23
Mar 25, 2025 03:52:04.274451971 CET	443	60828	20.189.173.23	192.168.2.24
Mar 25, 2025 03:52:04.274497032 CET	60828	443	192.168.2.24	20.189.173.23
Mar 25, 2025 03:52:04.274677992 CET	60828	443	192.168.2.24	20.189.173.23
Mar 25, 2025 03:52:04.274801016 CET	60828	443	192.168.2.24	20.189.173.23
Mar 25, 2025 03:52:04.274840117 CET	443	60828	20.189.173.23	192.168.2.24
Mar 25, 2025 03:52:04.276237011 CET	60828	443	192.168.2.24	20.189.173.23
Mar 25, 2025 03:52:04.276299953 CET	443	60828	20.189.173.23	192.168.2.24
Mar 25, 2025 03:52:04.276364088 CET	60828	443	192.168.2.24	20.189.173.23
Mar 25, 2025 03:52:15.767205954 CET	60838	443	192.168.2.24	142.250.176.196
Mar 25, 2025 03:52:15.767236948 CET	443	60838	142.250.176.196	192.168.2.24
Mar 25, 2025 03:52:15.767328978 CET	60838	443	192.168.2.24	142.250.176.196
Mar 25, 2025 03:52:15.767762899 CET	60838	443	192.168.2.24	142.250.176.196
Mar 25, 2025 03:52:15.767774105 CET	443	60838	142.250.176.196	192.168.2.24
Mar 25, 2025 03:52:15.961306095 CET	443	60838	142.250.176.196	192.168.2.24
Mar 25, 2025 03:52:15.961422920 CET	60838	443	192.168.2.24	142.250.176.196
Mar 25, 2025 03:52:15.962733030 CET	60838	443	192.168.2.24	142.250.176.196
Mar 25, 2025 03:52:15.962743998 CET	443	60838	142.250.176.196	192.168.2.24
Mar 25, 2025 03:52:15.962979078 CET	443	60838	142.250.176.196	192.168.2.24
Mar 25, 2025 03:52:16.010215998 CET	60838	443	192.168.2.24	142.250.176.196
Mar 25, 2025 03:52:16.907763004 CET	60844	443	192.168.2.24	104.21.13.170
Mar 25, 2025 03:52:16.907793999 CET	443	60844	104.21.13.170	192.168.2.24
Mar 25, 2025 03:52:16.907994032 CET	60844	443	192.168.2.24	104.21.13.170
Mar 25, 2025 03:52:16.908236980 CET	60844	443	192.168.2.24	104.21.13.170
Mar 25, 2025 03:52:16.908246994 CET	443	60844	104.21.13.170	192.168.2.24
Mar 25, 2025 03:52:17.115549088 CET	443	60844	104.21.13.170	192.168.2.24
Mar 25, 2025 03:52:17.115696907 CET	60844	443	192.168.2.24	104.21.13.170
Mar 25, 2025 03:52:17.116941929 CET	60844	443	192.168.2.24	104.21.13.170
Mar 25, 2025 03:52:17.116945982 CET	443	60844	104.21.13.170	192.168.2.24
Mar 25, 2025 03:52:17.117160082 CET	443	60844	104.21.13.170	192.168.2.24
Mar 25, 2025 03:52:17.119373083 CET	60844	443	192.168.2.24	104.21.13.170
Mar 25, 2025 03:52:17.164313078 CET	443	60844	104.21.13.170	192.168.2.24
Mar 25, 2025 03:52:17.436999083 CET	443	60844	104.21.13.170	192.168.2.24
Mar 25, 2025 03:52:17.437040091 CET	443	60844	104.21.13.170	192.168.2.24
Mar 25, 2025 03:52:17.437114000 CET	443	60844	104.21.13.170	192.168.2.24
Mar 25, 2025 03:52:17.437226057 CET	60844	443	192.168.2.24	104.21.13.170
Mar 25, 2025 03:52:17.437226057 CET	60844	443	192.168.2.24	104.21.13.170
Mar 25, 2025 03:52:17.440325975 CET	60844	443	192.168.2.24	104.21.13.170
Mar 25, 2025 03:52:17.440346956 CET	443	60844	104.21.13.170	192.168.2.24
Mar 25, 2025 03:52:17.551871061 CET	60845	443	192.168.2.24	35.190.80.1
Mar 25, 2025 03:52:17.551918983 CET	443	60845	35.190.80.1	192.168.2.24
Mar 25, 2025 03:52:17.551979065 CET	60845	443	192.168.2.24	35.190.80.1
Mar 25, 2025 03:52:17.552722931 CET	60845	443	192.168.2.24	35.190.80.1
Mar 25, 2025 03:52:17.552733898 CET	443	60845	35.190.80.1	192.168.2.24
Mar 25, 2025 03:52:17.610816956 CET	60846	443	192.168.2.24	104.21.13.170
Mar 25, 2025 03:52:17.610872984 CET	443	60846	104.21.13.170	192.168.2.24
Mar 25, 2025 03:52:17.610960007 CET	60846	443	192.168.2.24	104.21.13.170
Mar 25, 2025 03:52:17.611357927 CET	60846	443	192.168.2.24	104.21.13.170
Mar 25, 2025 03:52:17.611376047 CET	443	60846	104.21.13.170	192.168.2.24
Mar 25, 2025 03:52:17.739835024 CET	443	60845	35.190.80.1	192.168.2.24
Mar 25, 2025 03:52:17.739897013 CET	60845	443	192.168.2.24	35.190.80.1
Mar 25, 2025 03:52:17.765163898 CET	60845	443	192.168.2.24	35.190.80.1
Mar 25, 2025 03:52:17.765202999 CET	443	60845	35.190.80.1	192.168.2.24
Mar 25, 2025 03:52:17.765466928 CET	443	60845	35.190.80.1	192.168.2.24
Mar 25, 2025 03:52:17.766102076 CET	60845	443	192.168.2.24	35.190.80.1
Mar 25, 2025 03:52:17.812325001 CET	443	60845	35.190.80.1	192.168.2.24
Mar 25, 2025 03:52:17.813015938 CET	443	60846	104.21.13.170	192.168.2.24
Mar 25, 2025 03:52:17.813925028 CET	60846	443	192.168.2.24	104.21.13.170
Mar 25, 2025 03:52:17.813939095 CET	443	60846	104.21.13.170	192.168.2.24
Mar 25, 2025 03:52:17.814502001 CET	60846	443	192.168.2.24	104.21.13.170
Mar 25, 2025 03:52:17.814508915 CET	443	60846	104.21.13.170	192.168.2.24
Mar 25, 2025 03:52:17.945297956 CET	443	60845	35.190.80.1	192.168.2.24
Mar 25, 2025 03:52:17.945369959 CET	443	60845	35.190.80.1	192.168.2.24
Mar 25, 2025 03:52:17.945420027 CET	60845	443	192.168.2.24	35.190.80.1
Mar 25, 2025 03:52:17.948904037 CET	60845	443	192.168.2.24	35.190.80.1
Mar 25, 2025 03:52:17.948930025 CET	443	60845	35.190.80.1	192.168.2.24
Mar 25, 2025 03:52:17.949891090 CET	60847	443	192.168.2.24	35.190.80.1
Mar 25, 2025 03:52:17.949928045 CET	443	60847	35.190.80.1	192.168.2.24
Mar 25, 2025 03:52:17.950001001 CET	60847	443	192.168.2.24	35.190.80.1
Mar 25, 2025 03:52:17.950140953 CET	60847	443	192.168.2.24	35.190.80.1
Mar 25, 2025 03:52:17.950153112 CET	443	60847	35.190.80.1	192.168.2.24
Mar 25, 2025 03:52:18.134262085 CET	443	60847	35.190.80.1	192.168.2.24
Mar 25, 2025 03:52:18.137485027 CET	60847	443	192.168.2.24	35.190.80.1
Mar 25, 2025 03:52:18.137499094 CET	443	60847	35.190.80.1	192.168.2.24
Mar 25, 2025 03:52:18.140686989 CET	60847	443	192.168.2.24	35.190.80.1
Mar 25, 2025 03:52:18.140692949 CET	443	60847	35.190.80.1	192.168.2.24
Mar 25, 2025 03:52:18.142187119 CET	443	60846	104.21.13.170	192.168.2.24
Mar 25, 2025 03:52:18.142234087 CET	443	60846	104.21.13.170	192.168.2.24
Mar 25, 2025 03:52:18.142287016 CET	60846	443	192.168.2.24	104.21.13.170
Mar 25, 2025 03:52:18.142302036 CET	443	60846	104.21.13.170	192.168.2.24
Mar 25, 2025 03:52:18.142366886 CET	443	60846	104.21.13.170	192.168.2.24
Mar 25, 2025 03:52:18.142417908 CET	60846	443	192.168.2.24	104.21.13.170
Mar 25, 2025 03:52:18.169084072 CET	60846	443	192.168.2.24	104.21.13.170
Mar 25, 2025 03:52:18.169115067 CET	443	60846	104.21.13.170	192.168.2.24
Mar 25, 2025 03:52:18.346885920 CET	443	60847	35.190.80.1	192.168.2.24
Mar 25, 2025 03:52:18.346937895 CET	443	60847	35.190.80.1	192.168.2.24
Mar 25, 2025 03:52:18.346998930 CET	60847	443	192.168.2.24	35.190.80.1
Mar 25, 2025 03:52:18.347446918 CET	60847	443	192.168.2.24	35.190.80.1
Mar 25, 2025 03:52:18.347487926 CET	443	60847	35.190.80.1	192.168.2.24
Mar 25, 2025 03:52:23.026024103 CET	60817	443	192.168.2.24	2.19.122.66
Mar 25, 2025 03:52:23.026139021 CET	60817	443	192.168.2.24	2.19.122.66
Mar 25, 2025 03:52:23.026170015 CET	60817	443	192.168.2.24	2.19.122.66
Mar 25, 2025 03:52:23.193572044 CET	443	60817	2.19.122.66	192.168.2.24
Mar 25, 2025 03:52:23.194010019 CET	443	60817	2.19.122.66	192.168.2.24
Mar 25, 2025 03:52:23.194025040 CET	443	60817	2.19.122.66	192.168.2.24
Mar 25, 2025 03:52:23.441596985 CET	443	60817	2.19.122.66	192.168.2.24
Mar 25, 2025 03:52:23.441673040 CET	60817	443	192.168.2.24	2.19.122.66
Mar 25, 2025 03:52:23.480377913 CET	443	60817	2.19.122.66	192.168.2.24
Mar 25, 2025 03:52:23.480396032 CET	443	60817	2.19.122.66	192.168.2.24
Mar 25, 2025 03:52:23.480542898 CET	60817	443	192.168.2.24	2.19.122.66
Mar 25, 2025 03:52:23.486706972 CET	60817	443	192.168.2.24	2.19.122.66
Mar 25, 2025 03:52:23.651647091 CET	443	60817	2.19.122.66	192.168.2.24
Mar 25, 2025 03:52:23.691634893 CET	443	60817	2.19.122.66	192.168.2.24
Mar 25, 2025 03:52:23.691816092 CET	60817	443	192.168.2.24	2.19.122.66
Mar 25, 2025 03:52:23.692418098 CET	443	60817	2.19.122.66	192.168.2.24
Mar 25, 2025 03:52:23.692471981 CET	60817	443	192.168.2.24	2.19.122.66
Mar 25, 2025 03:52:23.693259001 CET	60817	443	192.168.2.24	2.19.122.66
Mar 25, 2025 03:52:23.858804941 CET	443	60817	2.19.122.66	192.168.2.24
Mar 25, 2025 03:52:23.960494995 CET	443	60817	2.19.122.66	192.168.2.24
Mar 25, 2025 03:52:23.960652113 CET	60817	443	192.168.2.24	2.19.122.66
Mar 25, 2025 03:52:23.974195004 CET	443	60817	2.19.122.66	192.168.2.24
Mar 25, 2025 03:52:23.974272966 CET	60817	443	192.168.2.24	2.19.122.66
Mar 25, 2025 03:52:26.006078959 CET	443	60838	142.250.176.196	192.168.2.24
Mar 25, 2025 03:52:26.006207943 CET	443	60838	142.250.176.196	192.168.2.24
Mar 25, 2025 03:52:26.006342888 CET	60838	443	192.168.2.24	142.250.176.196
Mar 25, 2025 03:52:27.303198099 CET	60838	443	192.168.2.24	142.250.176.196
Mar 25, 2025 03:52:27.303226948 CET	443	60838	142.250.176.196	192.168.2.24
Mar 25, 2025 03:52:45.796128988 CET	80	60820	23.203.176.221	192.168.2.24
Mar 25, 2025 03:52:45.796226978 CET	60820	80	192.168.2.24	23.203.176.221
Mar 25, 2025 03:52:45.796264887 CET	60820	80	192.168.2.24	23.203.176.221
Mar 25, 2025 03:52:46.102071047 CET	60820	80	192.168.2.24	23.203.176.221
Mar 25, 2025 03:52:46.191451073 CET	80	60820	23.203.176.221	192.168.2.24
Mar 25, 2025 03:52:54.268898010 CET	80	60819	208.89.73.31	192.168.2.24
Mar 25, 2025 03:52:54.269023895 CET	60819	80	192.168.2.24	208.89.73.31
Mar 25, 2025 03:52:54.269100904 CET	60819	80	192.168.2.24	208.89.73.31
Mar 25, 2025 03:52:54.571548939 CET	60819	80	192.168.2.24	208.89.73.31
Mar 25, 2025 03:52:54.665515900 CET	80	60819	208.89.73.31	192.168.2.24
Mar 25, 2025 03:53:15.731424093 CET	60857	443	192.168.2.24	142.250.176.196
Mar 25, 2025 03:53:15.731518030 CET	443	60857	142.250.176.196	192.168.2.24
Mar 25, 2025 03:53:15.731606007 CET	60857	443	192.168.2.24	142.250.176.196
Mar 25, 2025 03:53:15.731875896 CET	60857	443	192.168.2.24	142.250.176.196
Mar 25, 2025 03:53:15.731911898 CET	443	60857	142.250.176.196	192.168.2.24
Mar 25, 2025 03:53:15.927942991 CET	443	60857	142.250.176.196	192.168.2.24
Mar 25, 2025 03:53:15.928284883 CET	60857	443	192.168.2.24	142.250.176.196
Mar 25, 2025 03:53:15.928311110 CET	443	60857	142.250.176.196	192.168.2.24
Mar 25, 2025 03:53:17.456861973 CET	60859	443	192.168.2.24	35.190.80.1
Mar 25, 2025 03:53:17.456907988 CET	443	60859	35.190.80.1	192.168.2.24
Mar 25, 2025 03:53:17.457000971 CET	60859	443	192.168.2.24	35.190.80.1
Mar 25, 2025 03:53:17.459916115 CET	60859	443	192.168.2.24	35.190.80.1
Mar 25, 2025 03:53:17.459935904 CET	443	60859	35.190.80.1	192.168.2.24
Mar 25, 2025 03:53:17.644263029 CET	443	60859	35.190.80.1	192.168.2.24
Mar 25, 2025 03:53:17.644510031 CET	60859	443	192.168.2.24	35.190.80.1
Mar 25, 2025 03:53:17.644532919 CET	443	60859	35.190.80.1	192.168.2.24
Mar 25, 2025 03:53:17.644668102 CET	60859	443	192.168.2.24	35.190.80.1
Mar 25, 2025 03:53:17.644674063 CET	443	60859	35.190.80.1	192.168.2.24
Mar 25, 2025 03:53:17.856889963 CET	443	60859	35.190.80.1	192.168.2.24
Mar 25, 2025 03:53:17.857081890 CET	443	60859	35.190.80.1	192.168.2.24
Mar 25, 2025 03:53:17.857187986 CET	60859	443	192.168.2.24	35.190.80.1
Mar 25, 2025 03:53:17.857449055 CET	60859	443	192.168.2.24	35.190.80.1
Mar 25, 2025 03:53:17.857465029 CET	443	60859	35.190.80.1	192.168.2.24
Mar 25, 2025 03:53:17.857474089 CET	60859	443	192.168.2.24	35.190.80.1
Mar 25, 2025 03:53:17.857723951 CET	60859	443	192.168.2.24	35.190.80.1
Mar 25, 2025 03:53:17.858409882 CET	60860	443	192.168.2.24	35.190.80.1
Mar 25, 2025 03:53:17.858453989 CET	443	60860	35.190.80.1	192.168.2.24
Mar 25, 2025 03:53:17.858571053 CET	60860	443	192.168.2.24	35.190.80.1
Mar 25, 2025 03:53:17.858897924 CET	60860	443	192.168.2.24	35.190.80.1
Mar 25, 2025 03:53:17.858912945 CET	443	60860	35.190.80.1	192.168.2.24
Mar 25, 2025 03:53:18.042943954 CET	443	60860	35.190.80.1	192.168.2.24
Mar 25, 2025 03:53:18.043309927 CET	60860	443	192.168.2.24	35.190.80.1
Mar 25, 2025 03:53:18.043340921 CET	443	60860	35.190.80.1	192.168.2.24
Mar 25, 2025 03:53:18.043596983 CET	60860	443	192.168.2.24	35.190.80.1
Mar 25, 2025 03:53:18.043602943 CET	443	60860	35.190.80.1	192.168.2.24
Mar 25, 2025 03:53:18.043632030 CET	60860	443	192.168.2.24	35.190.80.1
Mar 25, 2025 03:53:18.043636084 CET	443	60860	35.190.80.1	192.168.2.24
Mar 25, 2025 03:53:18.247828960 CET	443	60860	35.190.80.1	192.168.2.24
Mar 25, 2025 03:53:18.247936964 CET	443	60860	35.190.80.1	192.168.2.24
Mar 25, 2025 03:53:18.247991085 CET	60860	443	192.168.2.24	35.190.80.1
Mar 25, 2025 03:53:18.248286009 CET	60860	443	192.168.2.24	35.190.80.1
Mar 25, 2025 03:53:18.248301029 CET	443	60860	35.190.80.1	192.168.2.24
Mar 25, 2025 03:53:25.932986021 CET	443	60857	142.250.176.196	192.168.2.24
Mar 25, 2025 03:53:25.933056116 CET	443	60857	142.250.176.196	192.168.2.24
Mar 25, 2025 03:53:25.933137894 CET	60857	443	192.168.2.24	142.250.176.196
Mar 25, 2025 03:53:27.776110888 CET	60857	443	192.168.2.24	142.250.176.196
Mar 25, 2025 03:53:27.776190042 CET	443	60857	142.250.176.196	192.168.2.24
Mar 25, 2025 03:53:43.649188042 CET	60818	443	192.168.2.24	23.219.36.143
Mar 25, 2025 03:53:43.738920927 CET	443	60818	23.219.36.143	192.168.2.24
Mar 25, 2025 03:53:43.738948107 CET	443	60818	23.219.36.143	192.168.2.24
Mar 25, 2025 03:53:43.739125013 CET	60818	443	192.168.2.24	23.219.36.143
Mar 25, 2025 03:53:43.739125967 CET	60818	443	192.168.2.24	23.219.36.143
Mar 25, 2025 03:53:45.353984118 CET	60821	443	192.168.2.24	23.219.36.143
Mar 25, 2025 03:53:45.443393946 CET	443	60821	23.219.36.143	192.168.2.24
Mar 25, 2025 03:53:45.443470001 CET	60821	443	192.168.2.24	23.219.36.143
Mar 25, 2025 03:53:45.443505049 CET	443	60821	23.219.36.143	192.168.2.24
Mar 25, 2025 03:53:45.443553925 CET	60821	443	192.168.2.24	23.219.36.143
Mar 25, 2025 03:53:49.649780989 CET	60825	443	192.168.2.24	184.31.69.3
Mar 25, 2025 03:53:49.739244938 CET	443	60825	184.31.69.3	192.168.2.24
Mar 25, 2025 03:53:49.739269972 CET	443	60825	184.31.69.3	192.168.2.24
Mar 25, 2025 03:53:49.739362001 CET	60825	443	192.168.2.24	184.31.69.3
Mar 25, 2025 03:53:49.739408970 CET	60825	443	192.168.2.24	184.31.69.3
Mar 25, 2025 03:53:50.181075096 CET	60826	443	192.168.2.24	184.31.69.3
Mar 25, 2025 03:53:50.271173954 CET	443	60826	184.31.69.3	192.168.2.24
Mar 25, 2025 03:53:50.271230936 CET	443	60826	184.31.69.3	192.168.2.24
Mar 25, 2025 03:53:50.271429062 CET	60826	443	192.168.2.24	184.31.69.3
Mar 25, 2025 03:53:50.271534920 CET	60826	443	192.168.2.24	184.31.69.3
Mar 25, 2025 03:54:15.790678978 CET	60867	443	192.168.2.24	142.250.176.196
Mar 25, 2025 03:54:15.790738106 CET	443	60867	142.250.176.196	192.168.2.24
Mar 25, 2025 03:54:15.790853024 CET	60867	443	192.168.2.24	142.250.176.196
Mar 25, 2025 03:54:15.791034937 CET	60867	443	192.168.2.24	142.250.176.196
Mar 25, 2025 03:54:15.791057110 CET	443	60867	142.250.176.196	192.168.2.24
Mar 25, 2025 03:54:15.977682114 CET	443	60867	142.250.176.196	192.168.2.24
Mar 25, 2025 03:54:15.980850935 CET	60867	443	192.168.2.24	142.250.176.196
Mar 25, 2025 03:54:15.980885983 CET	443	60867	142.250.176.196	192.168.2.24
Mar 25, 2025 03:54:24.024432898 CET	443	60817	2.19.122.66	192.168.2.24
Mar 25, 2025 03:54:24.024456978 CET	443	60817	2.19.122.66	192.168.2.24
Mar 25, 2025 03:54:24.024504900 CET	60817	443	192.168.2.24	2.19.122.66
Mar 25, 2025 03:54:24.024542093 CET	60817	443	192.168.2.24	2.19.122.66
Mar 25, 2025 03:54:24.024641037 CET	60817	443	192.168.2.24	2.19.122.66
Mar 25, 2025 03:54:24.336563110 CET	60817	443	192.168.2.24	2.19.122.66
Mar 25, 2025 03:54:24.501794100 CET	443	60817	2.19.122.66	192.168.2.24
Mar 25, 2025 03:54:25.980698109 CET	443	60867	142.250.176.196	192.168.2.24
Mar 25, 2025 03:54:25.980835915 CET	443	60867	142.250.176.196	192.168.2.24
Mar 25, 2025 03:54:25.980932951 CET	60867	443	192.168.2.24	142.250.176.196
Mar 25, 2025 03:54:26.650559902 CET	60867	443	192.168.2.24	142.250.176.196
Mar 25, 2025 03:54:26.650600910 CET	443	60867	142.250.176.196	192.168.2.24

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 25, 2025 03:52:03.584721088 CET	60584	53	192.168.2.24	1.1.1.1
Mar 25, 2025 03:52:03.725406885 CET	53	60584	1.1.1.1	192.168.2.24
Mar 25, 2025 03:52:11.408480883 CET	53	59567	1.1.1.1	192.168.2.24
Mar 25, 2025 03:52:11.520581007 CET	53	58707	1.1.1.1	192.168.2.24
Mar 25, 2025 03:52:12.181665897 CET	53	62275	1.1.1.1	192.168.2.24
Mar 25, 2025 03:52:15.667737961 CET	57234	53	192.168.2.24	1.1.1.1
Mar 25, 2025 03:52:15.668062925 CET	62298	53	192.168.2.24	1.1.1.1
Mar 25, 2025 03:52:15.765319109 CET	53	62298	1.1.1.1	192.168.2.24
Mar 25, 2025 03:52:15.765892029 CET	53	57234	1.1.1.1	192.168.2.24
Mar 25, 2025 03:52:16.663542032 CET	53807	53	192.168.2.24	1.1.1.1
Mar 25, 2025 03:52:16.663891077 CET	65087	53	192.168.2.24	1.1.1.1
Mar 25, 2025 03:52:16.675079107 CET	58363	53	192.168.2.24	1.1.1.1
Mar 25, 2025 03:52:16.675246000 CET	62100	53	192.168.2.24	1.1.1.1
Mar 25, 2025 03:52:16.878369093 CET	53	62100	1.1.1.1	192.168.2.24
Mar 25, 2025 03:52:16.894759893 CET	53	65087	1.1.1.1	192.168.2.24
Mar 25, 2025 03:52:16.899982929 CET	53	58363	1.1.1.1	192.168.2.24
Mar 25, 2025 03:52:16.900099993 CET	53	53807	1.1.1.1	192.168.2.24
Mar 25, 2025 03:52:17.450901031 CET	58930	53	192.168.2.24	1.1.1.1
Mar 25, 2025 03:52:17.451076984 CET	61963	53	192.168.2.24	1.1.1.1
Mar 25, 2025 03:52:17.548238039 CET	53	61963	1.1.1.1	192.168.2.24
Mar 25, 2025 03:52:17.551007032 CET	53	58930	1.1.1.1	192.168.2.24
Mar 25, 2025 03:52:29.201492071 CET	53	51603	1.1.1.1	192.168.2.24
Mar 25, 2025 03:52:36.086090088 CET	137	137	192.168.2.24	192.168.2.255
Mar 25, 2025 03:52:36.836823940 CET	137	137	192.168.2.24	192.168.2.255
Mar 25, 2025 03:52:37.586757898 CET	137	137	192.168.2.24	192.168.2.255
Mar 25, 2025 03:52:41.034796953 CET	53	58047	1.1.1.1	192.168.2.24
Mar 25, 2025 03:52:48.313322067 CET	53	65213	1.1.1.1	192.168.2.24
Mar 25, 2025 03:53:10.720727921 CET	53	53047	1.1.1.1	192.168.2.24
Mar 25, 2025 03:53:11.161798000 CET	53	59271	1.1.1.1	192.168.2.24
Mar 25, 2025 03:53:14.008979082 CET	53	60383	1.1.1.1	192.168.2.24
Mar 25, 2025 03:53:41.750225067 CET	53	58601	1.1.1.1	192.168.2.24
Mar 25, 2025 03:54:26.756145954 CET	53	58764	1.1.1.1	192.168.2.24
Mar 25, 2025 03:54:26.922734976 CET	138	138	192.168.2.24	192.168.2.255

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Mar 25, 2025 03:52:16.900249958 CET	192.168.2.24	1.1.1.1	c21e	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 25, 2025 03:52:03.584721088 CET	192.168.2.24	1.1.1.1	0x2d1d	Standard query (0)	browser.events.data.msn.cn	A (IP address)	IN (0x0001)	false
Mar 25, 2025 03:52:15.667737961 CET	192.168.2.24	1.1.1.1	0xd39f	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 25, 2025 03:52:15.668062925 CET	192.168.2.24	1.1.1.1	0x837d	Standard query (0)	www.google.com	65	IN (0x0001)	false
Mar 25, 2025 03:52:16.663542032 CET	192.168.2.24	1.1.1.1	0x7990	Standard query (0)	cxxziu8prd.moydow.de	A (IP address)	IN (0x0001)	false
Mar 25, 2025 03:52:16.663891077 CET	192.168.2.24	1.1.1.1	0xc814	Standard query (0)	cxxziu8prd.moydow.de	65	IN (0x0001)	false
Mar 25, 2025 03:52:16.675079107 CET	192.168.2.24	1.1.1.1	0x6b9a	Standard query (0)	cxxziu8prd.moydow.de	A (IP address)	IN (0x0001)	false
Mar 25, 2025 03:52:16.675246000 CET	192.168.2.24	1.1.1.1	0xf34	Standard query (0)	cxxziu8prd.moydow.de	65	IN (0x0001)	false
Mar 25, 2025 03:52:17.450901031 CET	192.168.2.24	1.1.1.1	0x84fc	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Mar 25, 2025 03:52:17.451076984 CET	192.168.2.24	1.1.1.1	0x2859	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Mar 25, 2025 03:52:03.725406885 CET	1.1.1.1	192.168.2.24	0x2d1d	No error (0)	browser.events.data.msn.cn	global.asimov.events.data.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 25, 2025 03:52:03.725406885 CET	1.1.1.1	192.168.2.24	0x2d1d	No error (0)	global.asimov.events.data.trafficmanager.net	onedscolprdwus16.westus.cloudapp.azure.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 25, 2025 03:52:03.725406885 CET	1.1.1.1	192.168.2.24	0x2d1d	No error (0)	onedscolprdwus16.westus.cloudapp.azure.com		20.189.173.23	A (IP address)	IN (0x0001)	false
Mar 25, 2025 03:52:15.765319109 CET	1.1.1.1	192.168.2.24	0x837d	No error (0)	www.google.com			65	IN (0x0001)	false
Mar 25, 2025 03:52:15.765892029 CET	1.1.1.1	192.168.2.24	0xd39f	No error (0)	www.google.com		142.250.176.196	A (IP address)	IN (0x0001)	false
Mar 25, 2025 03:52:16.878369093 CET	1.1.1.1	192.168.2.24	0xf34	No error (0)	cxxziu8prd.moydow.de			65	IN (0x0001)	false
Mar 25, 2025 03:52:16.894759893 CET	1.1.1.1	192.168.2.24	0xc814	No error (0)	cxxziu8prd.moydow.de			65	IN (0x0001)	false
Mar 25, 2025 03:52:16.899982929 CET	1.1.1.1	192.168.2.24	0x6b9a	No error (0)	cxxziu8prd.moydow.de		104.21.13.170	A (IP address)	IN (0x0001)	false
Mar 25, 2025 03:52:16.899982929 CET	1.1.1.1	192.168.2.24	0x6b9a	No error (0)	cxxziu8prd.moydow.de		172.67.200.219	A (IP address)	IN (0x0001)	false
Mar 25, 2025 03:52:16.900099993 CET	1.1.1.1	192.168.2.24	0x7990	No error (0)	cxxziu8prd.moydow.de		104.21.13.170	A (IP address)	IN (0x0001)	false
Mar 25, 2025 03:52:16.900099993 CET	1.1.1.1	192.168.2.24	0x7990	No error (0)	cxxziu8prd.moydow.de		172.67.200.219	A (IP address)	IN (0x0001)	false
Mar 25, 2025 03:52:17.551007032 CET	1.1.1.1	192.168.2.24	0x84fc	No error (0)	a.nel.cloudflare.com		35.190.80.1	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

browser.events.data.msn.cn

cxxziu8prd.moydow.de

a.nel.cloudflare.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.24	60828	20.189.173.23	443

Timestamp	Bytes transferred	Direction	Data
2025-03-25 02:52:04 UTC	473	OUT	POST /OneCollector/1.0?cors=true&content-type=application%2Fx-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=c498711f02654edca8a715ca6e1cb4d4-dc31da17-845c-4cca-84e5-547d05dad708-6945&upload-time=1742871123063&w=0&anoncknm=al_app_anon&NoResponseBody=true HTTP/1.1 Accept-Encoding: gzip, deflate Content-Length: 3656 Content-Type: application/json; charset=UTF-8 Host: browser.events.data.msn.cn Connection: Keep-Alive Cache-Control: no-cache
2025-03-25 02:52:04 UTC	3656	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 53 65 72 76 65 72 4c 6f 67 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 63 34 39 38 37 31 31 66 30 32 36 35 34 65 64 63 61 38 61 37 31 35 63 61 36 65 31 63 62 34 64 34 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 35 2d 30 33 2d 32 35 54 30 32 3a 35 31 3a 35 33 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 64 61 74 61 22 3a 7b 22 70 61 67 65 22 3a 7b 22 70 72 6f 64 75 63 74 22 3a 22 65 6e 74 77 69 6e 64 6f 77 73 64 61 73 68 22 2c 22 61 70 70 54 79 70 65 22 3a 22 77 69 6e 57 69 64 67 65 74 73 22 2c 22 6e 61 6d 65 22 3a 22 77 69 6e 70 32 62 61 63 6b 69 6e 67 61 70 70 22 2c 22 69 73 4d 6f 63 6b 45 6e 76 22 3a 66 61 6c 73 65 2c 22 68 6f 73 74 56 65 72 22 3a 22 35 32 34 2e 33 30 35 30 32 2e 33 30 2e 30 22 2c 22 Data Ascii: {"name":"MS.News.Web.ServerLog","iKey":"o:c498711f02654edca8a715ca6e1cb4d4","time":"2025-03-25T02:51:53Z","ver":"4.0","data":{"page":{"product":"entwindowsdash","appType":"winWidgets","name":"winp2backingapp","isMockEnv":false,"hostVer":"524.30502.30.0","

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.24	60844	104.21.13.170	443	7500	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 02:52:17 UTC	1099	OUT	GET /D5qmCsYRa4AyKq1MHAdqCZWDCKqVGosJvmtaXK0aZAuNJ0GSOaIWHHnt6uSolXqRVZyirTfT1p0ulLBg9ic4WC1nHRwfK6GJWwbVrSnPMcocZ7BjMcNJGSZGkDKfnEnMMt7k7qHQt60y1Tgx3rFkNaT0oxsHX7uwzzXa0mWOi3nn6MWgF0ZnP8NwepxfytbTijysheCr/DhYxXgJevvewAViTS56m5AEibJHNBEpkcypO689njZtk0pEDCNSo8kEojcK70yR7MZXEM9LDKQD22J93PKVoZMLuerENrfsgMTj86n49jiOu4GyD5BwRnPoHfYztT5Cqibv9LrsbAZ333dR0pOUmBf32ABtqHzjMBc2znFknWSW9beCn1qszwWN5h7lyct3lToMyCs0j/samantha.hemingway@evolutionmining.com.au HTTP/1.1 Host: cxxziu8prd.moydow.de Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 02:52:17 UTC	863	IN	HTTP/1.1 404 Not Found Date: Tue, 25 Mar 2025 02:52:17 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Last-Modified: Sun, 09 Mar 2025 09:49:27 GMT cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qz96Z6tjNcPuyuRVMDhJPUEfwZFDR3PHJvvjxITSKw4F6B%2BH927Zk1M1tKNh6BzTkM6%2FHN9B4YJ%2BUBzvAESwVZWykks7fZNiM8L7RdK6ttMtMMlri3ytM7Vm4SdSjEXLs%2FjPgsw0SQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 925b1c801c9c5e67-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=97070&min_rtt=97013&rtt_var=20550&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2818&recv_bytes=1693&delivery_rate=38337&cwnd=218&unsent_bytes=0&cid=208cf8f6c667a764&ts=334&x=0"
2025-03-25 02:52:17 UTC	506	IN	Data Raw: 35 62 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 26 6d 64 61 73 68 3b 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e Data Ascii: 5b9<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <title>404 — Not Found</title> <meta http-equiv="Con
2025-03-25 02:52:17 UTC	966	IN	Data Raw: 20 63 6f 6c 6f 72 3a 23 39 39 41 37 41 46 3b 20 6d 61 72 67 69 6e 3a 20 37 30 70 78 20 30 20 30 20 30 3b 7d 0a 20 20 20 20 20 20 20 20 68 32 20 7b 63 6f 6c 6f 72 3a 20 23 44 45 36 43 35 44 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 61 72 69 61 6c 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 20 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 2d 31 70 78 3b 20 6d 61 72 67 69 6e 3a 20 2d 33 70 78 20 30 20 33 39 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 70 20 7b 77 69 64 74 68 3a 33 32 30 70 78 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 3b 20 6d 61 72 67 69 6e 2d 74 6f 70 3a Data Ascii: color:#99A7AF; margin: 70px 0 0 0;} h2 {color: #DE6C5D; font-family: arial; font-size: 20px; font-weight: bold; letter-spacing: -1px; margin: -3px 0 39px;} p {width:320px; text-align:center; margin-left:auto;margin-right:auto; margin-top:
2025-03-25 02:52:17 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.24	60845	35.190.80.1	443	7500	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 02:52:17 UTC	559	OUT	OPTIONS /report/v4?s=qz96Z6tjNcPuyuRVMDhJPUEfwZFDR3PHJvvjxITSKw4F6B%2BH927Zk1M1tKNh6BzTkM6%2FHN9B4YJ%2BUBzvAESwVZWykks7fZNiM8L7RdK6ttMtMMlri3ytM7Vm4SdSjEXLs%2FjPgsw0SQ%3D%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://cxxziu8prd.moydow.de Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 02:52:17 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: OPTIONS, POST access-control-allow-origin: * access-control-allow-headers: content-type, content-length date: Tue, 25 Mar 2025 02:52:17 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.24	60846	104.21.13.170	443	7500	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 02:52:17 UTC	1046	OUT	GET /favicon.ico HTTP/1.1 Host: cxxziu8prd.moydow.de Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://cxxziu8prd.moydow.de/D5qmCsYRa4AyKq1MHAdqCZWDCKqVGosJvmtaXK0aZAuNJ0GSOaIWHHnt6uSolXqRVZyirTfT1p0ulLBg9ic4WC1nHRwfK6GJWwbVrSnPMcocZ7BjMcNJGSZGkDKfnEnMMt7k7qHQt60y1Tgx3rFkNaT0oxsHX7uwzzXa0mWOi3nn6MWgF0ZnP8NwepxfytbTijysheCr/DhYxXgJevvewAViTS56m5AEibJHNBEpkcypO689njZtk0pEDCNSo8kEojcK70yR7MZXEM9LDKQD22J93PKVoZMLuerENrfsgMTj86n49jiOu4GyD5BwRnPoHfYztT5Cqibv9LrsbAZ333dR0pOUmBf32ABtqHzjMBc2znFknWSW9beCn1qszwWN5h7lyct3lToMyCs0j/samantha.hemingway@evolutionmining.com.au Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 02:52:18 UTC	865	IN	HTTP/1.1 404 Not Found Date: Tue, 25 Mar 2025 02:52:18 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Last-Modified: Sun, 09 Mar 2025 09:49:27 GMT Cache-Control: max-age=14400 CF-Cache-Status: MISS Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lnBtCsllJCGPsQGkXAdsbop3F6dN%2BdaGtRIiMr9mVJ7vsuZmAEEwV%2BCOZiy1H6tYe8TGk4qa89C3Cgt9PfALcqiTyGU8qe7ADsrzd7gY95HkS6aZZK6KKtlCJUEk1%2BlwU9ppvacLsw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 925b1c847a331839-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=96702&min_rtt=96617&rtt_var=20511&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2818&recv_bytes=1640&delivery_rate=38452&cwnd=212&unsent_bytes=0&cid=0ecd412ca9c57d57&ts=336&x=0"
2025-03-25 02:52:18 UTC	504	IN	Data Raw: 35 62 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 26 6d 64 61 73 68 3b 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e Data Ascii: 5b9<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <title>404 — Not Found</title> <meta http-equiv="Con
2025-03-25 02:52:18 UTC	968	IN	Data Raw: 78 3b 20 63 6f 6c 6f 72 3a 23 39 39 41 37 41 46 3b 20 6d 61 72 67 69 6e 3a 20 37 30 70 78 20 30 20 30 20 30 3b 7d 0a 20 20 20 20 20 20 20 20 68 32 20 7b 63 6f 6c 6f 72 3a 20 23 44 45 36 43 35 44 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 61 72 69 61 6c 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 20 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 2d 31 70 78 3b 20 6d 61 72 67 69 6e 3a 20 2d 33 70 78 20 30 20 33 39 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 70 20 7b 77 69 64 74 68 3a 33 32 30 70 78 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 3b 20 6d 61 72 67 69 6e 2d 74 6f Data Ascii: x; color:#99A7AF; margin: 70px 0 0 0;} h2 {color: #DE6C5D; font-family: arial; font-size: 20px; font-weight: bold; letter-spacing: -1px; margin: -3px 0 39px;} p {width:320px; text-align:center; margin-left:auto;margin-right:auto; margin-to
2025-03-25 02:52:18 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.24	60847	35.190.80.1	443	7500	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 02:52:18 UTC	534	OUT	POST /report/v4?s=qz96Z6tjNcPuyuRVMDhJPUEfwZFDR3PHJvvjxITSKw4F6B%2BH927Zk1M1tKNh6BzTkM6%2FHN9B4YJ%2BUBzvAESwVZWykks7fZNiM8L7RdK6ttMtMMlri3ytM7Vm4SdSjEXLs%2FjPgsw0SQ%3D%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 834 Content-Type: application/reports+json Origin: https://cxxziu8prd.moydow.de User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 02:52:18 UTC	834	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 31 32 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 37 36 33 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 32 31 2e 31 33 2e 31 37 30 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 63 78 78 7a 69 75 38 70 72 64 2e 6d 6f 79 64 Data Ascii: [{"age":12,"body":{"elapsed_time":763,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"","sampling_fraction":1.0,"server_ip":"104.21.13.170","status_code":404,"type":"http.error"},"type":"network-error","url":"https://cxxziu8prd.moyd
2025-03-25 02:52:18 UTC	214	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-allow-origin: * vary: Origin date: Tue, 25 Mar 2025 02:52:17 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.24	60859	35.190.80.1	443	7500	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 02:53:17 UTC	557	OUT	OPTIONS /report/v4?s=lnBtCsllJCGPsQGkXAdsbop3F6dN%2BdaGtRIiMr9mVJ7vsuZmAEEwV%2BCOZiy1H6tYe8TGk4qa89C3Cgt9PfALcqiTyGU8qe7ADsrzd7gY95HkS6aZZK6KKtlCJUEk1%2BlwU9ppvacLsw%3D%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://cxxziu8prd.moydow.de Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 02:53:17 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: POST, OPTIONS access-control-allow-origin: * access-control-allow-headers: content-type, content-length date: Tue, 25 Mar 2025 02:53:17 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.24	60860	35.190.80.1	443	7500	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 02:53:18 UTC	532	OUT	POST /report/v4?s=lnBtCsllJCGPsQGkXAdsbop3F6dN%2BdaGtRIiMr9mVJ7vsuZmAEEwV%2BCOZiy1H6tYe8TGk4qa89C3Cgt9PfALcqiTyGU8qe7ADsrzd7gY95HkS6aZZK6KKtlCJUEk1%2BlwU9ppvacLsw%3D%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 877 Content-Type: application/reports+json Origin: https://cxxziu8prd.moydow.de User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 02:53:18 UTC	877	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 35 39 33 30 36 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 35 33 33 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 63 78 78 7a 69 75 38 70 72 64 2e 6d 6f 79 64 6f 77 2e 64 65 2f 44 35 71 6d 43 73 59 52 61 34 41 79 4b 71 31 4d 48 41 64 71 43 5a 57 44 43 4b 71 56 47 6f 73 4a 76 6d 74 61 58 4b 30 61 5a 41 75 4e 4a 30 47 53 4f 61 49 57 48 48 6e 74 36 75 53 6f 6c 58 71 52 56 5a 79 69 72 54 66 54 31 70 30 75 6c 4c 42 67 39 69 63 34 57 43 31 6e 48 52 77 66 4b 36 47 4a 57 77 62 56 72 53 6e 50 4d 63 6f 63 5a 37 42 6a 4d 63 Data Ascii: [{"age":59306,"body":{"elapsed_time":533,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://cxxziu8prd.moydow.de/D5qmCsYRa4AyKq1MHAdqCZWDCKqVGosJvmtaXK0aZAuNJ0GSOaIWHHnt6uSolXqRVZyirTfT1p0ulLBg9ic4WC1nHRwfK6GJWwbVrSnPMcocZ7BjMc
2025-03-25 02:53:18 UTC	214	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-allow-origin: * vary: Origin date: Tue, 25 Mar 2025 02:53:17 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

Target ID:	0
Start time:	22:52:08
Start date:	24/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff64ad70000
File size:	3'384'928 bytes
MD5 hash:	DBE43C1D0092437B88CFF7BD9ABC336C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	1
Start time:	22:52:09
Start date:	24/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1900,i,7674019935859693911,8940468471667833695,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2024 /prefetch:11
Imagebase:	0x7ff64ad70000
File size:	3'384'928 bytes
MD5 hash:	DBE43C1D0092437B88CFF7BD9ABC336C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	6
Start time:	22:52:16
Start date:	24/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\1513570779.svg"
Imagebase:	0x7ff64ad70000
File size:	3'384'928 bytes
MD5 hash:	DBE43C1D0092437B88CFF7BD9ABC336C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 1513570779.svg

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Initial Sample

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 48

Chrome Cache Entry: 49

Static File Info

General

File Icon

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 7304, Parent PID: 3096

General

File Activities

File Opened

File Created

File Deleted

File Moved

Other File Operations

Windows Analysis Report
1513570779.svg